The PacketShaper can’t seem to recognize passive FTP any more, so I removed the complicated FTP classifications.

We had 6 FTP classes, corresponding to inbound and outbound clients, servers, and general. The general was not allowed, and the servers were limited to those on a host list and some subnets in CS. However, passive FTP was getting classified under the general class, since it looked like active FTP to an internal server not in the host list. Until the PacketShaper recognizes passive FTP again, we’re simply allowing all FTP and giving it the policy that the client and server FTP classes had.