Cisco SR520 - open up for FTP server

Unanswered Question
Oct 4th, 2009


How do I open up for my inside FTP server ( from the outside interface on my Cisco SR520?


Henrik Meyer

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Glenn Quesenberry Wed, 10/07/2009 - 13:37


     You can use CCA and set it up in a DMZ under "Configure>Security>Firewall & DMZ".  From there you can Add a DMZ service, you'll be asked for the IP address and server type (FTP is in the drop-down list).

Hope this Helps!


Henrik Meyer Wed, 10/07/2009 - 23:29


Thanks. :)

I found out, when I tried with the CCA.. (I'm a CLI kind a guy) - but the FTP is on the Inside, not the DMZ - and that the CCA does not support.

Another thing - how do I open up for SSH and ICMP reply on the outside interface?

best regards


Glenn Quesenberry Thu, 10/08/2009 - 15:03


     Thanks for the responses you've provided today.  I asked which version you were using because I believe due to the complexity of your issues regarding the SR520-Ethernet,  you would be best served by reaching out to TAC if you haven't already, and open a case to get the answers you're looking for.  The TAC support engineers would be your best resource on the phone to help you out on these issues.

Best Regards,


Glenn Quesenberry Thu, 10/08/2009 - 08:06


     From your response then, I assume you are not using CCA to configure the SR520?  With that said you'll have to configure Access List to allow the FTP and ICMP traffic.  A good reference for that can be found by clicking here.  As far as SSH is concerned, instructions to configure that can be found by clicking here.  Keep in mind however, that making configuration changes with CCA MAY impact changes you've made with CLI and vice-versa, but it sounds like you would rather stick to CLI.  BTW, SSH should be configured for you with CCA by default I believe, but the CLI instructions are here for your reference.

Let me know if this helps!

Best Regards,


Henrik Meyer Thu, 10/08/2009 - 09:27

Hi Glenn,

Thanks again for a quick reply.

But sorry.. The links you have provided, is how you do "normal/old" ssh, access-list and so on.

SR520 uses Zone Based Firewall - and that is where my lack of knowledge starts.. I can do it the old way with blindfolds on.

I can use CCA to configure the DMZ/FTP thing and other basic things, so the Zone Based Firewall will work, but do I want to configure SSH or FTP/Inside, then the CCA can not do the trick and I have to use CLI - and I do not know how to make changes in the Zone Based Firewall configuration.

I Hope I do make my self clear :)




This Discussion