[ChrisA]

We're running CheckPoint NGX HFA02. We have a server that external folks connect to over non-standard FTP port 10021. All works fine. All sessions come through a VPN connection (SecureClient or site-to-site VPN).

One site cannot do 10021, for whatever reason, and asked that we perform nat so that they can do straight FTP and we xlate the service from FTP to 10021 at the firewall. It works, and the site can log in to the server, but any command (dir, ls, ..) gives "425 Can't build data connection: Connection timed out". The site tried passive mode but that didn't work either.

Any ideas?