FTP traffic blocked
Greetings: I am having a problem with simple FTP traffic. I have a TZ370 with the basic security package, A static IP address from my ISP. I manage my own websites and use an FTP connection to upload updates. It's all very plain vanilla. The last two days I am having FTP connection problems. The error is that it can't connect to the server. Up until now this has been a very stable connection and nothing has changed hardware or softwarewise. I have been in touch with my web host several times and getting mixed messages. One guy said there was a server problem and they are working on it, then I got connected for a few hours, then it went out again. Another guy said I was blacklisted and he "whitelisted" me. That didn't work. I checked with my ISP and they found no problem. I do use PCmatic and Windows defender, I turned them both off and still had no connection. I then cycled my Sonicwall off and on and I got connected for a short time, then no connection. I do have a second location with another TZ370 connected here with a VPN and when I try and FTP to my server it connects. We have two different ISP's and separate static IP's. So there has to be something wrong in my local network. I am not an expert on these Sonicwalls so any help is appreciated.
Answers
@Docwagner do a Packet-Monitor limited to the address of your web server and start from there. If anything gets blocked we can search for a reason. Check the System Log as well to make sure nothing gets blocked by any Security Service.
--Michael@BWC
@BWC Thanks for the reply. I set up the packet monitor and tried to do an FTP and the status on those connections says forwarded. I also checked my system log and could find no reference to anything being blocked although I get a recurrent message saying WXA Warning - The number of active connections has reached the licensed limits. Could that be the reason?
@Docwagner did you checked the Packet Monitor for the IP of your webserver with no filtering on the ports? Is there any chance that EPSV is involved, which does not explain that it worked just days before. EPSV should work by now, but who knows.
If FTP is unencrypted you can see the conversation between client and server in cleartext, maybe there is a hint in it.
--Michael@BWC
I can see the IP in the Packet Monitor and it's status is Forwarded. The system log shows no blocked connections and as of right now my FTP connection is working. I don't know what EPSV is. The number of licenses shouldn't be an issue, I looked and it says unlimited. I think I have gremlins in the system.
@Docwagner I would not rely only on the System Log, Packet Monitor is most helpful.
I guess you have to wait until it is not working again, then do the Packet Monitor again and inspect the conversation between your client and server (which is hopefully unencrypted for the sake of diagnostics).
EPSV was just a shot in the dark and probably not involved.
--Michael@BWC