https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80583#M80784 <P>Hello,</P><P>I am looking at how to support FTP on a non-standard port. I found a related SK,but it does not mention and version in the R80 version.</P><P>Does anyone have experience with FTP on non-standard ports in R80. Do we still need to apply all the steps in this SK? I would like to avoid having to open up high ports for the FTP data connection.&nbsp; This SK specific mentions having to manually update files on each Security Gateway to configure&nbsp;<SPAN>the Security Gateway to listen to FTP connections on the desired port&nbsp;</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="FTP.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5318i94BD24064618903C/image-size/large?v=v2&amp;px=999" role="button" title="FTP.png" alt="FTP.png" /></span>Many thanks,</P><P>Michael</P><P>&nbsp;</P> Thu, 02 Apr 2020 09:48:10 GMT Michael_Horne 2020-04-02T09:48:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80583#M80784 <P>Hello,</P><P>I am looking at how to support FTP on a non-standard port. I found a related SK,but it does not mention and version in the R80 version.</P><P>Does anyone have experience with FTP on non-standard ports in R80. Do we still need to apply all the steps in this SK? I would like to avoid having to open up high ports for the FTP data connection.&nbsp; This SK specific mentions having to manually update files on each Security Gateway to configure&nbsp;<SPAN>the Security Gateway to listen to FTP connections on the desired port&nbsp;</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="FTP.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5318i94BD24064618903C/image-size/large?v=v2&amp;px=999" role="button" title="FTP.png" alt="FTP.png" /></span>Many thanks,</P><P>Michael</P><P>&nbsp;</P> Thu, 02 Apr 2020 09:48:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80583#M80784 Michael_Horne 2020-04-02T09:48:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80604#M80785 <P>&nbsp;This sk only shows how to handle this situation using an added Service in Dashboard and a new line in&nbsp;<CODE>$FWDIR/conf/fwauthd.conf</CODE><SPAN> file. Not so hard&nbsp;</SPAN>to try and may work in R80.xx, too.</P> Thu, 02 Apr 2020 12:40:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80604#M80785 G_W_Albrecht 2020-04-02T12:40:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80613#M80786 <P>I would start with creating a new TCP service, select FTP protocol and specify a custom port.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2020-04-02_15-38-46.png" style="width: 520px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5325i224382032D3F166C/image-size/large?v=v2&amp;px=999" role="button" title="2020-04-02_15-38-46.png" alt="2020-04-02_15-38-46.png" /></span></P> Thu, 02 Apr 2020 13:44:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80613#M80786 RickHoppe 2020-04-02T13:44:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80616#M80787 <P>I'm pretty sure you don't need to update fwauthd.conf unless you are doing some kind of legacy User/Session/Client authentication for FTP.&nbsp; However an FTP service on a non-standard port needs to be set up correctly so the firewall can properly sniff PORT commands and pinhole open the necessary data ports.&nbsp; This is why FTP control connections (port 21) always go F2F (but the data connections can be accelerated by SecureXL). What you should be able to do is clone the existing FTP service, then edit the name and port number like this:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ftp_999.jpg" style="width: 544px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5326i38BDC94B481D8F10/image-size/large?v=v2&amp;px=999" role="button" title="ftp_999.jpg" alt="ftp_999.jpg" /></span></P> <P>Use this new service explicitly in your Network rules and you should be good to go.</P> Fri, 03 Apr 2020 12:54:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80616#M80787 Timothy_Hall 2020-04-03T12:54:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80690#M80788 These instructions involve the FTP Security Server which, unless you still have rules with Action: User Auth in your rulebase, is completely irrelevant.<BR />Create a service as Rick Hoppe suggests. Fri, 03 Apr 2020 00:28:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80690#M80788 PhoneBoy 2020-04-03T00:28:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80902#M80789 <P>Hello All,</P><P>&nbsp;</P><P>It would appear that you would only need to create the custom FTP service. I added a feedback comment to the SK and Checkpoint have come back to say that this SK is not relevant to R80.x. I take this to meant that nothing extra needs to be done beyond the customer service.</P> Mon, 06 Apr 2020 07:13:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/FTP-on-non-standard-port-sk43597/m-p/80902#M80789 Michael_Horne 2020-04-06T07:13:13Z