Skip to main content
Start a Conversation

Solved!

Go to Solution

JoonKyu Lee

1 Rookie

 • 

2 Posts

44

March 21st, 2024 02:26

Questions about Passive FTP when SCG connecting

Hi team,

Needs some help on Passive FTP to connect storage devices. 

According to Secure Connect Gateway 5.x Virtual Edition Support Matrix, PowerScale needs Passive FTP (Passive Port Range 21 and 5400 through 5413) for connect SCG.

The customer security team has some inquiries during the security policy review regarding the use of this Passive FTP.

Customer security team's questions about Passive FTP.

. changing Passive FTP to SFTP is possible?

. Authentication methods when using FTP connection. - ID/Password or Key-based authentication.

. If there is no authentication (anonymous access), is it possible to change authentication?

. Is it possible setting a firewall and access control rules on SCG to restrict access the storage’s IP and essential FTP ports only?


Thank you in advance.

Joonkyu Lee

HikingTrailsForFun

1 Rookie

 • 

15 Posts

March 26th, 2024 21:48

I don't have experience with PowerScale, but with other devices FTP is optional.

I would start with 9443 and 8118 (MFT) for outbound connections to the gateway(s).

Secure Connect Gateway 5.x — Virtual Edition Support Matrix | Dell US

Did I answer your query? Please click on ‘Mark as Accepted Answer’. ‘Thumbs up’ the posts you like!

DELL-Young E

Moderator

 • 

3.7K Posts

March 21st, 2024 06:54

Hello, thanks for choosing Dell and welcome to our community.
I'm afraid changing ftp to sftp it is a design issue and will not be executed on forum demand. Would you kindly raise an official ticket through here?https://dell.to/4csAj4s
In the meantime, you can have a read as well:
https://dell.to/4csAjBu
Respectfully,

HikingTrailsForFun

1 Rookie

 • 

15 Posts

March 25th, 2024 16:23

Unless you have a hard requirement to use FTP, it's easier to disable it. You will avoid all the internal questions regarding security and why you need to use FTP.

Using port 9443 (REST) for outbound connections to the gateway will provide the connectivity you need to egress from the PowerScale device.

Did I answer your query? Please click on ‘Mark as Accepted Answer’. ‘Thumbs up’ the posts you like!

JoonKyu Lee

1 Rookie

 • 

2 Posts

March 26th, 2024 09:01

Thank you very much for your answer.

So PowerScale doesn't need to outbound ftp port open for connecting SCG. Am I right?

Is Passive FTP (21 and 5400~5413) requirements in SCG Support Matrix just optional and 9443 is the only mandatory outbound port to send alert from PowerScale nodes?

View More

View All

No Events found!

Top