Active FTP ALG transfer issue



  • Hi guys,

    I’m facing an issue while transferring some files via FTP through a SRX3600; the transfer is done in active FTP, and uses the ftp ALG as you can see below (from request support information - only the rule is shown)

    Policy: FTP, action-type: permit, State: enabled, Index: XXX, Scope Policy: 0
      Policy Type: Configured
      Sequence number: XX
      From zone: OUT, To zone: FTP
      Source addresses:
        CLIENT_SUBNET/24
      Destination addresses:
        FTP_SERVER/32
      Application: junos-ftp
        IP protocol: tcp, ALG: ftp, Inactivity timeout: 1800
          Source port range: [0-0]
          Destination port range: [21-21]

    • The client connects to the FTP server in active mode to get some files; the X first ones are OK (server pushes them from port 20 to client active port)

    • The X+1 file transfer is not : the server opens a new connection from port 20 to a new port on the client, and fails (I see the drops from server’s port 20 to client’s port in the logs

    The box (clustered) is running JunOS 10.2S5.3; have any of you experienced the same issue? Maybe fixed it by upgrading / forcing passive FTP?

    Thanks in advance!


 

57
Online

38.4k
Users

12.7k
Topics

44.5k
Posts