If you are running Sophos UTM at home and would like to use FileZilla FTP server, there are a few things that you need to setup to allow FTP communication with your internal server. My internal server at home is a Windows 2012 R2 box running as a VM inside of ESXi. Let’s take a look at how to configure sophos UTM to work with Filezilla FTP Server and pass traffic through.
Below we have the installation of FileZilla on our Server. I am using a Windows 2012 R2 Standard box with patches, etc.
FileZilla and Windows Firewall config
There are a couple of things that we need to do to ensure that communication happens with the Windows firewall if you choose to leave it in play.
Set the Passive mode settings to use custom port range and set a range of ports of your choosing…in my case from 5600 to 5650.
From the Windows Firewall side, we will create a couple of rules to encompass the FTP traffic and the passive ports. If you decide to turn off Windows firewall of course, you may skip the steps below.
Allowing the standard ports 21,22 here…
Allowing Passive ports here…
Sophos NAT rule configuration
On the Sophos side, we can simply add a DNAT rule to pass traffic destined for the outside WAN address for the FTP service to change the destination to our internal server IP address. You would setup your rule similar to the following:
As you can see, we have traffic coming from Any since we are going to allow FTP traffic from any outside IP address. The service is FTP which you can use the built in service for this. Then select your External WAN address for the Going to field.
We then need to Change the destination to and here you will enter the IP address or network definition host that you have already built in this field. Keep the service as FTP. Be sure to select the Automatic Firewall rule as this will take care of the corresponding firewall rule to allow FTP traffic to and from your host.
Once you have finished building your DNAT, hit the Save button and your rule will look similar to the following:
Be sure to slide the little “green” slider to the right so that it turns green. This indicates the rule is now active.
For getting FileZilla working in Sophos UTM, there isn’t a whole lot of configuration that needs to be done. However, just make sure you have all of your rules in place including the Windows firewall rules if you choose to leave Windows firewall turned on.