Resolution
When the FTP server is outside and the client is inside, perform one of these steps:
- If the FTP application runs on standard ports, either issue the fixup protocol command (which dynamically opens the data channel).
For example:
fixup protocol ftp 21
- Alternatively, issue the access-list command in order to open the required ports.
When the FTP server is inside and the client is outside, the data channel is initiated from the server inside of the PIX Firewall. Therefore, no explicit rule is needed since the server is on a higher security zone and is permitted by default.