De acordo com a Wikipédia , o FTPS tem algumas incompatibilidades de firewall:
Because FTP utilizes a dynamic secondary port (for data channels), many firewalls were designed to snoop FTP protocol control messages in order to determine which secondary data connections they need to allow. However, if the FTP control connection is encrypted using TLS/SSL, the firewall cannot determine the TCP port number of a data connection negotiated between the client and FTP server. Therefore, in many firewalled networks, an FTPS deployment will fail when an unencrypted FTP deployment will work. This problem can be solved with the use of a limited range of ports for data and configuring the firewall to open these ports.
No entanto, outra pergunta no Stackexchange Serverfault lista algumas maneiras de resolver seu problema:
To know exactly what ports you will need to open, you will need to either:
a) talk to the vendor to get specifics about how their system has been configured.
b) Use a protocol analyzer, such as tcpdump or wireshark, to look at the traffic, both from outside your firewall and inside your firewall
You need to find out which port is the Control Connection. You list 3, which seems odd to me. Assuming the server only works in PASV (passive) mode, you need to figure out how the server is configured to allocated DATA ports. Have they locked down the DATA channel to a single inbound port? Have they locked down the DATA channel to a small range or ports?
With these answers, you can start configuring your firewall.
(respondido por pcapademic em 21 de maio de 2009, às 20:28).