Control-M MFT supports both the Active Data Transfer Process, and the Passive Data Transfer Process, enabling it to work behind a firewall and connect to remote FTP servers. The FTP mode is defined in the Connection Profile utility, when you define the connection definition.
This procedure describes how to configure an FTP firewall in active and passive mode.
To configure an FTP firewall in active and passive mode:
Active mode can be problematic for FTP clients behind a firewall because the FTP client does not initiate the connection to the data port of the server; rather the server connects to the client port as defined in the PORT command. Usually an outside system initiating a connection to the client is blocked by the client firewall.
The FTP Passive Data Transfer mode was developed to resolve this issue. In Passive mode, the following sequence of events occurs:
Problems can occur if an FTP server is behind a firewall, when FTP clients try to use passive mode to connect to a temporary random port number on the FTP server machine. The most common of these is that the firewall blocks the connection from the client to the server.
When a restrictive firewall (one that denies a connection except for a few well known ports) exists on both the server and client sides, you should configure the firewall on the server side.Many FTP servers allow the administrator to specify a range of ports for the FTP server to use. The administrator can then limit the port range for the FTP server, and the firewall can then be configured to allow connection for the specified FTP server port range.
Parent Topic |