"inspect ftp" the culprit for HTTP to FTP downloading timeout

Unanswered Question
May 5th, 2008

Hi,

When I removed the "inspect ftp" from the default global policy in my PIX, the HTTP to FTP redirection works and I can download files from HP.

But if it's there, it times out and I get a dialog box in Firefox that says:

"The connection to the server was reset while the page is loading."

At this particular time, the "Connect to ftp.hp.com" starts to show in the lower left corner of the Firefox browser.

What's the pros and cons of removing the inspect ftp?

Any other solution without removing this line?

PIX ver. 7.2(2)

TIA,

Archie

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Fri, 05/09/2008 - 08:03

FTP application inspection prepares secondary channels for FTP data transfer. Ports for these channels are negotiated through PORT or PASV commands. The channels are allocated in response to a file upload, a file download, or a directory listing event.If double-encoding is used in the URL then it may cause this issue with "FTP Inspection" enabled.So it will work after disabling the inspection.

Refer the URL listed below for more information on FTP inspection:

1)FTP--http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1234738

Actions

This Discussion