You deploy Microsoft Forefront Threat Management Gateway 2010 as an Edge Firewall network topology.
You create an access rule that enables FTP connections from the internal network to the external network.
You configure the FTP application filter properties to enable active FTP access.
From an internal client computer that uses the Microsoft Forefront Threat Management Gateway Client, you try to access an FTP server that is located on the external network. This FTP server is configured to do FTP Active connections. This means that the FTP data channel will be established from the FTP Server to the FTP client.
In this scenario, you notice that the Active FTP data channel cannot be established. For example, you cannot retrieve directory content when you send the LIST FTP command.
Note This problem does not occur if the client computer uses secure network address translation (SecureNAT) instead of Forefront Threat Management Gateway Client or if Passive FTP is used instead of Active FTP.
To resolve this problem, install the hotfix rollup that is described in the following Microsoft Knowledge Base article:
2616324 A hotfix rollup is available for Forefront Threat Management Gateway Client
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about Firewall client computers, visit the following Microsoft TechNet website: