Passive FTP assistance

Unanswered Question
Mar 24th, 2008


Pix is running version 7.2(2)


Pix inside:

Pix outside:


static (inside,outside) netmask

access-list External permit icmp any host log

access-list External permit tcp any host eq 21 log

access-group External in interface outside

Is it possible to allow ONLY passive FTP through the firewall? In other words,

FTP_client can only do passive ftp with the

server. Active FTP will be rejected by the


If it is possible, how does one go about

doing it?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cisco24x7 Tue, 03/25/2008 - 14:16

Anyone know the work-around on the firewall

for this? Thanks.

gbudd12345 Thu, 03/27/2008 - 09:02

If you remove the FTP inspection and opened access to your server on port 21 and might prevent passive FTP

--Gavin Budd


This Discussion