Exposing FTP server to the internet on a NGFW Firepower 1010

thediscountgeeks · ‎12-29-2021

I have a firepower 1010 managed with FDM and have been trying to expose my ftp server to the web and cant get it out there for nothing.

I have allowed access from the ftp server to the outside interface on port 21 and vice versa.

Then i setup NAT to translate the ftp server to the outside interface and vice versa but no luck.

Its a freeNAS server with the FTP service on and its works fine internally.

I also have my ISP fiber modem in passthru mode.

What could I be missing here? (Screenshots attached for reference)

Marvin Rhoads · ‎01-02-2022

When traffic is initiated fro man outside host it will be from an ephemeral port (1025-65534), not tcp/21. So allow any source port destined for the FTP server's address.

thediscountgeeks · ‎01-02-2022

that didnt work either, also nmap says my host is not up and no ports are open. Is there something that is blocking it inheritly? This is a new setup from default

thediscountgeeks · ‎01-11-2022

Additionally, I cannot ping my public IP either. I have my ATT modem in passthru mode. If I use the ATT modem I can set everything up and use port forwarding and it will work but I will have to move the entire network onto the ATT device and lose the firepower security features