Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1061
Views
0
Helpful
2
Replies

FTP extended passive mode vs inspect

ROBERTO TACCON
Level 4
Level 4

‎05-27-2008 07:05 AM - edited ‎03-11-2019 05:50 AM

Does the inspection on Cisco PIX or ASA os (7/8) support the FTP extended passive mode

http://en.wikipedia.org/wiki/Ftp

"In extended passive mode, the FTP server operates exactly the same as passive mode, however it only transmits the port number (not broken into high and low bytes) and the client is to assume that it connects to the same IP address that was originally connected to. Extended passive mode was added by RFC 2428 in September 1998."

Thanks in advance.

RT

Labels:
0 Helpful
2 Replies 2

Syed Iftekhar Ahmed
Level 8
Level 8

‎05-27-2008 11:50 PM

Its supported in code 7.0 and later.

6.x code doesnt support it

Syed

0 Helpful

Utair Corporation
Level 3
Level 3
In response to Syed Iftekhar Ahmed

‎09-10-2013 11:55 PM

What about IOS?

7201 with IOS c7200p-adventerprisek9-mz.150-1.M8.bin

Zone Based Firewall

match protocol ftp

inspect

Had to disable EPRT and EPSV on the server, but it's not good idea, all new ftp clients tend to prefer them.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card