Connection Fails (FTP)

Owned by Jakob Melnyk
Last updated: Nov 14, 2023 by Jes Alring CPR
2 min read

Problem

Your FTP connection fails to connect and/or you receive a timeout error

Solution

Your connection may be getting blocked by your own or CPR’s firewall or CPR’s access rules.

Your internal firewall may be blocking your connection

Verify that a, if any, local firewall allows outbound traffic in accordance with https://cprservicedesk.atlassian.net/l/c/ixGoCdEs

Please also note that the firewall must be open for outbound traffic in the port interval stated in “passive ports”.

Solution: Have your firewall team open for outbound traffic in accordance with https://cprservicedesk.atlassian.net/l/c/ixGoCdEs

Your IP address may be blocked by geolocation rules

Only source IP-addresses that are resolved to be located in the EU are per default allowed. If your source IP is resolved to a non-EU location (the UK is accepted) it will be blocked.

If your firewall and network team are certain that your network traffic is not blocked by local firewall or routing rules it might be because CPR resolves your source IP to be located in a non-EU country.

Solution: Contact CPR support.

https://cprservicedesk.atlassian.net/l/c/QtCgB1XJ

Solution: Update your FTP-client and/or OS in order to support supported protocols and ciphers.

The FTP server supports both SFTP andFTPS, and it is fairly easy to mistake the two protocols.

FTPS: You are using a username and password to login.

SFTP: You have provided CPR with your SSH certificate, and have received a message stating that the certificate have been added to the CPR ftp certificate store.

Note: If you are not an it-professional it is not recommended to use SFTP.

Endpoints for both SFTP and FTPS are listed here: https://cprservicedesk.atlassian.net/l/c/RSzJQpAF

Solution: Configure your ftp-client to use the right protocol.

You can log in successfully and your firewall team says that your firewall is open outbound on the FTP port. However, it is likely that your firewall is not open outbound for the ports used for the data transfers.

Passive ports are not opened for outbound traffic.

 

Passive FTP is always used and the FTP servers are set to use a fixed interval of ports.
See https://cprservicedesk.atlassian.net/l/c/RSzJQpAF

Solution: On the FTP client-side it must be secured that the firewall is open (outbound) for the interval of ports.

Explanation of FTP active/passive modes: https://en.wikipedia.org/wiki/File_Transfer_Protocol#Communication_and_data_transfer