GMS98

When I tried to find out how to create a new service on the firewall, I found that SFTP was in fact passing through port 115. So I validated the connection with this port and created a new service specifically for my needs. And it works perfectly like that. Thank you very much for your perseverance.

Here's the SFTP configuration. Note that SFTP doesn't work on SSH either. Shouldn't the rule contain the port number? It really only works when opening to all services. The next step is Wireshark, I suppose.

No, there is no information on this subject. What I've been able to get from the ASUS forum suggests that only one port is required. That's really strange. I'm going to try the SFTP connection over SSH again. The first test was inconclusive.

So obviously the SFTP transfer solution isn't ideal because I have to leave all the ports open (no specific settings for the NAS SFTP server). And it would therefore be possible to mount a share via SMB and propagate a virus in the production network. In fact, I don't really see how I can achieve this separation between…

That's progress. The problem comes from the SFTP limitation for the service. When I switch to any, the connection is established. Normally with SFTP you only need one port. What do you recommend? Add an extra policy control rule? Which one?

Thank you for your reply. I went to Configuration > Security Rule > Control Policy and added a new rule. From: DMZ TO: LAN1 Source : Any Destination: LAN1_SUBNET Service:SFTP User:anay Schedule:none Action:allow Corresponding traffic log:log UTM Anti-virus:EZMODE_AV The SFTP connection does not work. I have a timeout…