Security

Configure Sophos UTM to work with Filezilla FTP Server

If you are running Sophos UTM at home and would like to use FileZilla FTP server, there are a few things that you need to setup to allow FTP communication with your internal server.  My internal server at home is a Windows 2012 R2 box running as a VM inside of ESXi.  Let’s take a look at how to configure sophos UTM to work with Filezilla FTP Server and pass traffic through.

Installing FileZilla

Below we have the installation of FileZilla on our Server.  I am using a Windows 2012 R2 Standard box with patches, etc.

filezilla01
filezilla02
filezilla03
filezilla04
filezilla05
filezilla06

 

FileZilla and Windows Firewall config

There are a couple of things that we need to do to ensure that communication happens with the Windows firewall if you choose to leave it in play.

Set the Passive mode settings to use custom port range and set a range of ports of your choosing…in my case from 5600 to 5650.

filezilla08

 

From the Windows Firewall side, we will create a couple of rules to encompass the FTP traffic and the passive ports.  If you decide to turn off Windows firewall of course, you may skip the steps below.

Allowing the standard ports 21,22 here…

ftpfw01

Allowing Passive ports here…


ftpfw02

 

Sophos NAT rule configuration

On the Sophos side, we can simply add a DNAT rule to pass traffic destined for the outside WAN address for the FTP service to change the destination to our internal server IP address.  You would setup your rule similar to the following:

As you can see, we have traffic coming from Any since we are going to allow FTP traffic from any outside IP address.  The service is FTP which you can use the built in service for this.  Then select your External WAN address for the Going to field.

We then need to Change the destination to and here you will enter the IP address or network definition host that you have already built in this field.  Keep the service as FTP.  Be sure to select the Automatic Firewall rule as this will take care of the corresponding firewall rule to allow FTP traffic to and from your host.

ftpNAT02

Once you have finished building your DNAT, hit the Save button and your rule will look similar to the following:

ftpNAT01

 

Be sure to slide the little “green” slider to the right so that it turns green.  This indicates the rule is now active.

Final Thoughts

For getting FileZilla working in Sophos UTM, there isn’t a whole lot of configuration that needs to be done.  However, just make sure you have all of your rules in place including the Windows firewall rules if you choose to leave Windows firewall turned on.

Back to top button