Why does FTP hang when trying to connect to a FTP server protected by Firewall-1?
FTP uses two connections, port 21 for FTP commands and another port for data traffic. Some stateful packet filters such as Checkpoint’s Firewall-1 expect a fixed data port for the data connection. By default, the OS will assign an ephemeral port number for the data connection. If Firewall-1 is configured to allow only a fixed port number, then you can configure ftproxy to use a fixed data port with the client side data port directive (csdport). csdport = nnnnn The client side data port (csdport) directive forces ftproxy to bind to the specified port number for the data connection on the client side of the firewall. This option is required for interoperability with some stateful packet filters that expect a fixed port for the data connection. The port number must be larger than 1024 as the ftproxy is running without root authority.
