FTP Outbound Proxy: Control Connection Uses WAN IP Instead of NAT IP

[a.walega]

Hello,

I'm facing the following situation: For my DMZ, I've set up an outbound NAT in hybrid mode, using a /28 network. For the FTP proxy (configured according to the documentation), I've specified the same (virtual) IP address in the "Source Address" field that is used for the outbound NAT.

However, in the logs I see that the FTP control connection on port 21 is being established using the WAN IP address, while the data connections are using the virtual IP from the outbound NAT.
As a result, the connection doesn't work due to statefulness issues.

If I disable outbound NAT (with the virtual IP) and let everything go through the WAN address, the FTP outbound proxy works fine. But I would prefer to use the virtual IP. I entered the IP as a plain address (without a subnet mask or similar).

Is there something I missed, or how is the "Source IP" field supposed to work exactly?

Thanks for any help!