Thanks for the link. I have a client app that uses passive FTP with TLS extensions, needing high outbound ports open. If I understand it correctly I can create a custon FTP protocol definition with 0 inbound and 1025 -65534 outbound, and guve the user or PC access to it? We are intigrated mode using the firewall client.
OK, to access an external FTPS server you should be aware of some pitfalls!
It should work without problems if you use the Firewall client AND Implicit Security (FTP control connection on TCP port 990). It will NOT work with the Firewall client AND Explicit Security (FTP control connection on TCP port 21) unless you disable the FTP application filter. However, the latter breaks the normal FTP access for SecureNAT clients.
Thanks for the quick response, I need to further explain the client app I have resides on an inside PC and needs to access to an institution that runs the FTP server on the outside. So are packet filters in order on the ISA, or just give that PC access to the high ports? The App vendor says outbound high ports need to be open. Does passive FTP need both outbound and inbound on high ports?