FTP QUIT Command problem

Trinity01 · ‎02-12-2008

Hi all,

I am having a rare problem with 2 of our Solaris FTP servers that sits behind the Cisco FWSM.

Scenerio: when users ftp from or to this boxes within LAN and over WAN all ftp transaction done O.K, but when

user type QUIT/BYE, it takes over 60secs before the FTP session connection closed.

When I move these server out of the FWSM, all FTP commands works fine.

Any thought please.

Below is an example from my Desktop:

C:\Documents and Settings\aolusanya>

C:\Documents and Settings\aolusanya>ftp mixxprodxxx1

Connected to mixxxprodxx1.xx-gnet.com.

220 mixxxprodxxx1 FTP server ready.

User (mixxxprodxx1.xxxxx.com:(none)): fxxxxx

331 Password required for fip.

Password:

230 User fip logged in.

ftp>

ftp> ls

200 PORT command successful.

150 Opening ASCII mode data connection for file list.

sfftables

spool

tables

226 Transfer complete.

ftp: 91 bytes received in 0.00Seconds 91000.00Kbytes/sec.

ftp>

ftp> bye

221-You have transferred 0 bytes in 0 files. #(reply takes 62secs)

hoffa2000 · ‎02-13-2008

Might be how your FWSM handles active or passive FTP. Also do you have the FTP inspection engine enabled?

I had the same problem involving load balanced FTP and the 60sec delay might be the time it takes for the session to time out in the FWSM.

/Fredrik

jroth · ‎08-01-2008

We are actually seeing the same issue with some of our Sun servers behind and FWSM. Did you happen to find a resolution to this?