I've established a lan-to-lan VPN tunnel to a remote site and and want to allow only Ping and FTP down that tunnel. I've created a filter and applied the ICMP rules and noticed there are no FTP rules. So I created FTP data & cntrl rules, ports 20 & 21, to forward both inbound and outbound and assigned them to the filter. But only ping works. I can not get an FTP connection. Am I creating the filter correctly? Is there a way to monitor is a filter is working? In the filter 'action' I've applied 'forward and log' but I don't get any thing in the log.