We have adjusted our ACL and removed permitting tcp any any gt 1023 and replaced it with the any any established command but this broke ftp. The ACL is applied out on the ethernet interface into the local network. How do I securely add FTP?
permit tcp any any established
Maybe this link should help.
Also what we do is define a range of ports for passive ftp. For example 6000 to 6100.
So instead you use
access-list 100 permit tcp any host 192.168.1.100 gt 1023
You should use
access-list 100 permit tcp any host 192.168.1.100 range 6000 6100
But, in my opinion, from the server's view, active FTP is more secure than passive.
Hope this helps