Using firewalls with WS_FTP Server

When you use a NAT (Network Address Translation) firewall, you may encounter problems when trying to use SSL encryption. A possible fix to this issue is to enter information on the Firewall - Passive Connection Settings page. The settings on this page set the file transfer host to respond to a PASV command by returning the IP address and port range of the NAT firewall. In many cases, this lets you use SSL through a NAT firewall.

To change firewall settings:

  1. From the top menu, select Host > Host Settings > Firewall Settings. The Firewall - Passive Connection Settings page opens.

  2. Set the appropriate options.
    • IP address. The IP Address to be used in response to a PASV request. This will be sent to the client instead of the host IP address. This should be the IP address of the NAT firewall.
    • Port/Port Range. The Port or Ports to be used with the IP address in response to a PASV request. Enter a single port number or a range of port numbers specified by #-# or #, #, #. In the #-# example, all ports between the two numbers are available for use. In the #, #, # example, only the specific ports are available. You can also use a combination of both port specification methods to specify multiple port ranges or ranges and specific ports.

      Note: If you specify an IP address and not a port, the server will use any available port above 1024, but will still use the specified IP address in the response. If you specify a port or port range and not an IP address, the server will use its own IP address and only the specified ports.

  3. Click Save.