Let me add some more context.
Both the client and server are 6.1 iSeries behind unique FWs. We are using active mode FTP whenever the client is originating behind a FW. Passive or active will work when the client is originating from the LAN. Unsecure transmissions between FW to FW iSeries work just fine (port 20/21), and secure (port 989/990) work to either system when the client originates from the anywhere in the company LAN or when I initiate FTPS from a FW system to any other iSeries in the LAN. It only fails when I try to initiate FTPS from FW to FW iSeries. I am 100% sure this is a FW rule issue, but I don't know how to explain this to our FW team.
***********************************
Bradford Lovelady
Operating Systems Engineer
Technology Infrastructure Services
Wells Fargo Bank l 200 Wildwood Pkwy l Birmingham, AL 35209
MAC W2691-010
Tel 205-938-1999 l Cell 205-826-2834
brad.lovelady@xxxxxxxxxxxxxx
Wells Fargo Confidential
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Chris Bipes
Sent: Thursday, August 02, 2012 9:57 AM
To: 'midrange-l@xxxxxxxxxxxx'
Subject: RE: FTPS firewall compatibility
First to be clear your iSeries is acting as the client? The FTP server on the iSeries at V6R1 does not have any place to set passive mode parms which is your public IP and data port range.
If you are the client, can you connect from a PC client to the remote server? The remote server generally has 2 or more ports open for clients to establish connections. 990 is the implicit FTPS port. You can also connect to port 21 and issue the AUTH TLS command for an explicit FTPS connection.
Here is a link to a wiki on the subject:
http://en.wikipedia.org/wiki/File_Transfer_Protocol
-----Original Message-----
Thanks, how did you get it to use 991? I do have 990/989 opened through the FW, but I am not selecting 989, it's the active FTP transfer port that my iSeries is using by default. What is weird is I can see 989 open on the server system in NETSTAT, but it just sits there are never transfers data. I think the FW has logic that blows this up because it cannot "see" the packets.
***********************************
Bradford Lovelady
As an Amazon Associate we earn from qualifying purchases.