FTP inspecion

Unanswered Question
Jan 21st, 2008

Dear sir,

i have two PIXs v7.2 in two sites and there is connection between them, i want two istaplish FTP connection between these sites, but this log occure:

406002: FTP port command different address:

becouse the client connect to the first FTP server in the first site, and then connect to the second FTP server in the other side and try to transfer files between the two servers

i think the inspection process in the firewall inspect the PORT ftp command and find that the address in the PORT ftp command is differ from the IP of the client, so it drop the session.

so how i can allow this process by the firewall

please help me


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Fri, 01/25/2008 - 09:20

This occurs when PIX sees a FTP connection being initated back to the originating host. If you want server - server file transfer , I suggest you to use FXP. For this to happen make sure the firewall allows TCP/ UDP 286 for this to happen. But check how it works for security concerns.


This Discussion