[membree]

As I mentioned in my previous post (2006-05-01) FTPS will not work using the standard FTP service. This is because the traffic is encrypted so the Firewall can't inspect it.

You must create a separate service for FTPS control traffic that either doesn't specify a protocol type (in Advanced service properties) or specifies "FTP_BASIC". Use "FTP_BASIC" if you want the service to also work with encrypted FTP (note that it doesn't enforce FTP protocol so this may not be a good idea), leave it blank if it is only for FTPS (also doesn't enforce FTP protocol but there is no other choice). You must also explicitly allow any required Data ports. I recommend that you only allow PASV mode FTPS and that you configure a specific range of PASV data ports on your FTPS server (100 ports would generally do) and only open them. Using standard (or PORT) mode FTPS requires that you allow any possible data ports to the client and is not a good idea.

If your FTPS server is NATed you have a problem unless the FTPS server can be configured to supply its NAT address rather than its real address in the PORT commands it returns to the client (some servers will allow this). Another possibility is that some servers can be configured to not supply an IP address in the PORT command but I don't know if all FTPS clients are compatible with this option.

I will add an additional post with some general FTPS info.