FTP - Recommended Configuration

Ipswitch recommends sites adhere to the following recommended configuration. This "passive, implicit" setup has been shown to be the most problem-free of any FTPS configuration at a number of large MOVEit sites.

• MOVEit DMZ FTP Server
  • Enable "Require Passive Mode"
  • Set "Explicit Port" to "21"
  • Set "Implicit Port" to "990"
  • Restrict Passive Ports on "3000" to "3003" (or some other range)
• IPSec Policy (FTP Rule Filters)
  • Allow TCP from AnyIP, AnyPort to MyIP, Port 21
  • Allow TCP from AnyIP, AnyPort to MyIP, Port 990
  • Allow TCP from AnyIP, AnyPort to MyIP, Port 3000
  • Allow TCP from AnyIP, AnyPort to MyIP, Port 3001
  • Allow TCP from AnyIP, AnyPort to MyIP, Port 3002
  • Allow TCP from AnyIP, AnyPort to MyIP, Port 3003
• Firewall Rules
  • Allow TCP from AnyIP, AnyPort to MOVEitDMZ, Port 21
  • Allow TCP from AnyIP, AnyPort to MOVEitDMZ, Port 990
  • Allow TCP from AnyIP, AnyPort to MOVEitDMZ, Port 3000
  • Allow TCP from AnyIP, AnyPort to MOVEitDMZ, Port 3001
  • Allow TCP from AnyIP, AnyPort to MOVEitDMZ, Port 3002
  • Allow TCP from AnyIP, AnyPort to MOVEitDMZ, Port 3003
• Client Configuration
  • Passive Transfer Mode (a.k.a. "Firewall Friendly")
  • Implicit Connection Mode