Security

Configure Sophos UTM to work with Filezilla FTP Server

Brandon LeeJuly 8, 2015Last Updated: January 11, 2021
2 minutes read
ftpNAT02
ftpNAT02

If you are running Sophos UTM at home and would like to use FileZilla FTP server, there are a few things that you need to setup to allow FTP communication with your internal server.  My internal server at home is a Windows 2012 R2 box running as a VM inside of ESXi.  Let’s take a look at how to configure sophos UTM to work with Filezilla FTP Server and pass traffic through.

Installing FileZilla

Below we have the installation of FileZilla on our Server.  I am using a Windows 2012 R2 Standard box with patches, etc.

filezilla01
 filezilla02
 filezilla03
 filezilla04
 filezilla05
 filezilla06

 

FileZilla and Windows Firewall config

There are a couple of things that we need to do to ensure that communication happens with the Windows firewall if you choose to leave it in play.

Set the Passive mode settings to use custom port range and set a range of ports of your choosing…in my case from 5600 to 5650.

filezilla08

 

From the Windows Firewall side, we will create a couple of rules to encompass the FTP traffic and the passive ports.  If you decide to turn off Windows firewall of course, you may skip the steps below.

Allowing the standard ports 21,22 here…

ftpfw01

Allowing Passive ports here…


 ftpfw02

 

Sophos NAT rule configuration

On the Sophos side, we can simply add a DNAT rule to pass traffic destined for the outside WAN address for the FTP service to change the destination to our internal server IP address.  You would setup your rule similar to the following:

As you can see, we have traffic coming from Any since we are going to allow FTP traffic from any outside IP address.  The service is FTP which you can use the built in service for this.  Then select your External WAN address for the Going to field.

We then need to Change the destination to and here you will enter the IP address or network definition host that you have already built in this field.  Keep the service as FTP.  Be sure to select the Automatic Firewall rule as this will take care of the corresponding firewall rule to allow FTP traffic to and from your host.

ftpNAT02

Once you have finished building your DNAT, hit the Save button and your rule will look similar to the following:

ftpNAT01

 

Be sure to slide the little “green” slider to the right so that it turns green.  This indicates the rule is now active.

Final Thoughts

For getting FileZilla working in Sophos UTM, there isn’t a whole lot of configuration that needs to be done.  However, just make sure you have all of your rules in place including the Windows firewall rules if you choose to leave Windows firewall turned on.

Brandon LeeJuly 8, 2015Last Updated: January 11, 2021
2 minutes read

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Photo of Brandon Lee

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Settings-contained-in-the-Encryption-Oracle-Remediation-Fix

Windows 10 RDP CredSSP Encryption Oracle Remediation Error Fix

May 10, 2018
npslog04

Windows 2012 R2 NPS log files location configuration

April 22, 2016
Cyber,Security,,Data,Protection,,Information,Privacy.,Internet,And,Technology,Concept.

Top 20 Open Source Cyber Security Monitoring Tools in 2023

May 9, 2023
Top 20 Open Source Vulnerability Scanner Tools in 2023

Top 20 Open Source Vulnerability Scanner Tools in 2023

July 5, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  |