When using an external firewall, apply the following rules.

For the firewall (if any) between the Internet and the Gateway Server, permit inbound connections on the following ports:

  • Port 21 (FTPS Explicit)
  • Port 22 (SSH/SFTP)
  • Port 443 (HTTPS)
  • Port 80 (HTTP) - optional - needed only if redirects from port 80 to port 443 are desired.
  • Port 990 (FTPS Implicit)
  • Port 2443 (HTTPS with client certificates)
  • Ports 4000-4100 (FTPS Data)

For the firewall (if any) between the Gateway Server and MOVEit Transfer, permit inbound connections to Gateway on Port 10022 (SSH Tunnel). This should be permitted only from the IP address of the MOVEit Transfer server.

If you will never be accessing MOVEit Transfer directly and instead will always go through MOVEit Gateway, for the external firewall (if any) between the Gateway Server and MOVEit Transfer, refuse all inbound connections to MOVEit Transfer. (All inbound connections will be through the tunnel.) If the firewall is not an external firewall, but rather is an operating system-based firewall like Windows Firewall that is aware of private networks, then this rule should apply only to public networks.

Next, return to Configure the Firewall, Step 3: Verify Firewall Rules.