I am having a bit of a 'mare trying to get secure ftp setup over port 990 using Syncplify through a pfsense firewall.
If I drop to standard unencrypted ftp, over port 21, I can get it to work using AD integrated logins, however as soon as try and implement a more secure environment it fails to connect.
I have set the External IP for PASV connections using one of our external IPs, then created a NAT rule from any IP using any port through our external interface on port 990 and then onto the local system on the same port. In this configuration I get "Server sent passive reply to unroutable address. Using server address instead". The issue here is that the server address is a local LAN IP so not directly accessible over the internet.
I have specified a port range in the Syncplify application and created a firewall rule to allow these ports....