FTP extended passive mode vs inspect

Unanswered Question
May 27th, 2008
User Badges:

Does the inspection on Cisco PIX or ASA os (7/8) support the FTP extended passive mode


"In extended passive mode, the FTP server operates exactly the same as passive mode, however it only transmits the port number (not broken into high and low bytes) and the client is to assume that it connects to the same IP address that was originally connected to. Extended passive mode was added by RFC 2428 in September 1998."

Thanks in advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Syed Iftekhar Ahmed Tue, 05/27/2008 - 23:50
User Badges:
  • Blue, 1500 points or more

Its supported in code 7.0 and later.

6.x code doesnt support it


Utair Corporation Tue, 09/10/2013 - 23:55
User Badges:

What about IOS?

7201 with IOS c7200p-adventerprisek9-mz.150-1.M8.bin

Zone Based Firewall

match protocol ftp


Had to disable EPRT and EPSV on the server, but it's not good idea, all new ftp clients tend to prefer them.


This Discussion