PR4100 behind Watchguard T15 - FTP startup switch?

My Cloud OS 3 Personal & Network Attached Storage My Cloud Pro Series
1

LAN on port 1 of firewall, NAS on port 2 in a DMZ. T15 is the DHCP server. Policies in place to allow the internal trusted traffic to access the NAS and it works fine. Policies are in place to allow a white listed IP group to access the NAS as optional traffic and they can connect but but not authenticate. T15 logs only show the optional traffic was “allowed” - no deny.

I assume my issue is that I refuse to open 3 million ports to allow the NAS FTP server to push T15 external traffic back to the client so…

Is there a switch I can run with the FTP server on startup to limit external traffic to, say, just the 50 ports I designate since we aren’t that large a company? Does this FTP server have a config file to limit activity?

2

Pure-FTPd is the built-in FTP server, which allows everything you describe. I’m sure there is a config file somewhere on the device, but I could not tell you where it’s hiding. One of the only thing that you can control from the web UI is the number of simultaneous users. How are you trying to connect to the FTP though? If authentication is failing, then you might not be using the correct connection type (for example, I’m using explicit SSL with Auth TLS, still over port 21).