Active FTP ALG transfer issue
blackswan last edited by
I’m facing an issue while transferring some files via FTP through a SRX3600; the transfer is done in active FTP, and uses the ftp ALG as you can see below (from request support information - only the rule is shown)
Policy: FTP, action-type: permit, State: enabled, Index: XXX, Scope Policy: 0
Policy Type: Configured
Sequence number: XX
From zone: OUT, To zone: FTP
IP protocol: tcp, ALG: ftp, Inactivity timeout: 1800
Source port range: [0-0]
Destination port range: [21-21]
The client connects to the FTP server in active mode to get some files; the X first ones are OK (server pushes them from port 20 to client active port)
The X+1 file transfer is not : the server opens a new connection from port 20 to a new port on the client, and fails (I see the drops from server’s port 20 to client’s port in the logs
The box (clustered) is running JunOS 10.2S5.3; have any of you experienced the same issue? Maybe fixed it by upgrading / forcing passive FTP?
Thanks in advance!