Configure Sophos UTM to work with Filezilla FTP Server

Learn how to Configure Sophos UTM to work with Filezilla FTP Server

If you are running Sophos UTM at home and would like to use FileZilla FTP server, there are a few things that you need to setup to allow FTP communication with your internal server.  My internal server at home is a Windows 2012 R2 box running as a VM inside of ESXi.  Let’s take a look at how to configure sophos UTM to work with Filezilla FTP Server and pass traffic through.

Installing FileZilla

Below we have the installation of FileZilla on our Server.  I am using a Windows 2012 R2 Standard box with patches, etc.



FileZilla and Windows Firewall config

There are a couple of things that we need to do to ensure that communication happens with the Windows firewall if you choose to leave it in play.

Set the Passive mode settings to use custom port range and set a range of ports of your choosing…in my case from 5600 to 5650.



From the Windows Firewall side, we will create a couple of rules to encompass the FTP traffic and the passive ports.  If you decide to turn off Windows firewall of course, you may skip the steps below.

Allowing the standard ports 21,22 here…


Allowing Passive ports here…



Sophos NAT rule configuration

On the Sophos side, we can simply add a DNAT rule to pass traffic destined for the outside WAN address for the FTP service to change the destination to our internal server IP address.  You would setup your rule similar to the following:

As you can see, we have traffic coming from Any since we are going to allow FTP traffic from any outside IP address.  The service is FTP which you can use the built in service for this.  Then select your External WAN address for the Going to field.

We then need to Change the destination to and here you will enter the IP address or network definition host that you have already built in this field.  Keep the service as FTP.  Be sure to select the Automatic Firewall rule as this will take care of the corresponding firewall rule to allow FTP traffic to and from your host.


Once you have finished building your DNAT, hit the Save button and your rule will look similar to the following:



Be sure to slide the little “green” slider to the right so that it turns green.  This indicates the rule is now active.

Final Thoughts

For getting FileZilla working in Sophos UTM, there isn’t a whole lot of configuration that needs to be done.  However, just make sure you have all of your rules in place including the Windows firewall rules if you choose to leave Windows firewall turned on.

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.