Source-Port Filtering

The <src_port_filtering> option in aspera.conf enables or disables source-port filtering (true or false). By default, source-port filtering is disabled (false).

When Source-Port Filtering is Enabled (true)

When source-port filtering is enabled, reverse proxy restricts client connections to only those UDP source ports specified internally by each transfer session. Enabling source-port filtering allows the reverse proxy to use UDP ports as dictated by network connections between clients and servers. Use this option only if there are network address translation (NAT) devices between the client and the reverse proxy that require the ports set up by the UDP sockets remain intact and unchanged. Setting this option to true requires changes to any firewalls in front of your reverse proxy to allow for the different UDP ports.

When Source-Port Filtering is Disabled (false)

In cases where client-side firewalls change the specified source port in transit, source-port filtering must be disabled to allow the connection to be established. When disabling source-port filtering, make sure the UDP ports specified by <proxy_port> are allowed on the external firewall.

One indication that source-port filtering may need to be disabled is when client connections fail with a timeout such as “Error establishing UDP connection (check UDP port and firewall)”. Aspera transfer logs on either the client or server side will also show "Client unable to connect to server (check UDP port and firewall)” or “Server unable to hear from client (check UDP port and firewall)”. If the same timeout errors still occur when source-port filtering is disabled, this generally indicates that traffic is being blocked at a firewall. For related information, see UDP Port and Firewall Timeout Errors.

Note: Disabling source-port filtering relaxes reverse proxy security and therefore should be used only when necessary.