Is it possible to do FTP thru a Meraki Z3

bxdobs
Here to help

Is it possible to do FTP thru a Meraki Z3

Have 2 Cameras that only provide FTP as an option to upload Motion Capture Events ... originally set a Port Foward to port 21 which I incorrectly believed was working (it passed the FTP connection Test on the Camera) ... I was wanting to review some videos Friday and was shocked that there were NO VIDEOS. This process had been in operation for several years but in June we added another Network meaning I now need to find some way to capture these videos. There is a Meraki "Help" page for this that shows how to set up for either Port or Pasv operation ... the Port is what I was using with the cameras on the same network but try as I might I cannot seem to get this to work thru the Z3 ... the PASV mode has some nasty unwanted side effects assuming because of opening a whack of ports, both Outlook and Teamviewer stop working properly ... regardless of the side effects this setting didn't work either. I was originally using an old version of Filezilla on a Windows 7 platform but they will only provide support for their latest version WHICH NO LONGER SUPPORTS WINDOWS 7. So loaded CoreFTPServer 64 bit which works for local connections but has the same issue thru the Z3  ... using Windows FTP, I can open and authenticate in either Port or PASV modes but the moment I attempt to do a cd or ls command the process locks down with 425 errors. I could just move the FTP Server to the other network and revert to local mode but was hoping to be able to review these files locally on the old network.

 

Thanks for any Ideas or Suggestions you can offer

3 Replies 3
KarstenI
Kind of a big deal
Kind of a big deal

There is no inspection for FTP on the MX as for example on the ASA. You should set the FTP server to a fixed range of ports for the file transfer and allow these on the forwarding section of the firewall.

Or alternatively, place a PC/raspberry Pi into the network that fetches the videos locally by FTP but provides them to the outside with a better protocol.

PhilipDAth
Kind of a big deal
Kind of a big deal

As @KarstenI says, you can use PASV.  You only need a port per concurrent transfer.  I typically open a range of just 10 ports.

 

Perhaps you could re-engineer this solution.  Could you perhaps build a site-to-site VPN to where the FTP server is located and do FTP over that?  Not only would it make your problem go away, but it would also be more secure.

 

Have you thought about getting cameras that don't require FTP?  An example is the Meraki MV12N.

https://meraki.cisco.com/product/security-cameras/indoor-security-cameras/mv12n/ 

 

Or you could put an FTP server on the same site as the cameras (a Synology NAS can do this ...), have it FTP to that, and then you could access the FTP server via VPN.

bxdobs
Here to help

Sadly, this appears to be ISP related ... added an SFTP server inside this new network and it has exactly the same issue in the opposite direction ... have resorted to pushing the FTP Server to this New Network where the Cameras reside, and will have to use Teamviewer to pull files as required.

 

Replacing Cameras at this point isn't an option PLUS RPi's are on backorder everywhere.

Get notified when there are additional replies to this discussion.