FTP behind NAT is not supported by NSX-T
search cancel

FTP behind NAT is not supported by NSX-T

book

Article ID: 330588

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

This article discusses the limitation and support when using FTP via NAT in NSX-T

Symptoms:
When using Active FTP Client behind NAT in NSX-T, user may able to login FTP server but unable to retrieve data.

Environment

VMware NSX-T Data Center

Cause

The issues with Active FTP arise from the fact that after the control session is opened by the client, the server needs to open a second data connection using a different source and destination port. In NSX-T, FTP payload data is not translated beyond NAT.  And this feature is not on the roadmap due to security concerns.

Resolution


None

Workaround:
Configure a 1:1 NAT rule for FTP client and choose FTP software that support public IP address in settings such as FileZilla .