I'm having real issues trying to get Passive FTP with explicit TLS working through the gateway.
The connection works fine over my broadband link but not through the Check Point.
FileZilla fails after the TLS accepts:
Status: Resolving address of ftp.adwaiseo.eu
Status: Connecting to 220.127.116.11:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Command: USER ftp_costal_erosion
Response: 331 Please specify the password.
Command: PASS ********
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server
Status: Waiting to retry...
There are no dropped logs in the Event monitor and no drops in the zdebug on the live gateway either.
I have tried various FTP setups, even ANY service, but currently have 2 rules:
first rule: ftp-pasv
second rule: port range 50000-51000 (which is the port range on the FTP server)
I can see logs for the first rule (all ACCEPT), but the logs never hit the second rule.
I assume the control packets are encrypted hence not passed by the gateway.
Any suggestions welcome.