GOOD, This is very simple and straightforward, So it's a basic thing. What I want is for them to connect from the internet to my internal network, to my FTP server (21 TCP), that is, that whoever connects to my public IP address enters my FTP server only through the port 21.

The first thing is to create a virtual server, We're going to “Firewall” > “Virtual IP” and there we create one by pressing “Create New”.

In “Name” We give it a name, e.g. FTP or FTP Server. In “External Interface” to the external interface that is going to connect WAN1 or WAN2. In “Type” Put “Static NAT”. In “External IP Address/Range” we set the public IP of our WAN, in “Mapped IP Address/Range” it is to the server that they are going to connect from our network, as we set the IP of the FTP server. We enable the “Port Forwarding”. And whatever type of protocol it is, normally “TCP”, in “External Service Port” it is the external port to which users are going to connect from the internet to our public IP, We can put the one we want, but the normal thing is to put both the same in both. And in “Map to Port” as to the port that will be connected from the internal server, usually the actual port, since to mislead in the “External Service Port” We can put any one so that they do not easily know that the 21 is an FTP and we put the 8521 (For example). We give “OK”.

Now we need to create a policy in the firewall to accept this incoming traffic, So let's “Firewall” > “Policy” and we create a new one from “Create New”,

In the original part “Source”, we select from which interface the traffic will enter us, in “Interface/Zone”, in “Address Name” Put “all”; At the destination, Where the connections go, Well, where is our FTP server, the normal or “DMZ or Internal”, in “Addess Name” we select the Virtual IP that we have created in the previous step; in “Schedule” “Always”; in Service the port we are going to use “FTP” (if our port or service does not depart here, we have to create it in “Firewall” > “Service” and give it a name and port); in “Action” “ACCEPT” to accept these kinds of connections and giving “OK” This will work for us.