Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
902
Views
0
Helpful
5
Replies

ftp intermittent problems in firewall module

Go to solution
Norberto Salgado
Level 1
Level 1

‎11-20-2009 10:18 AM - edited ‎03-11-2019 09:41 AM

Hi,

we have an WS-SVC-FWM-1 in a 6506 chassis. With an IOS version: 12.2(18)SXF12a and a software version 3.2(2).

Sometimes and without any apparent reason the ftp connections stop to work. To the ftp connections start to work again we have to take off the "inspect ftp" and put it again.

Anyone already had this problem or can suggest troubleshooting for it?

Thank you.

Best regards,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to Norberto Salgado

‎11-24-2009 12:26 PM

I am 100% sure this is the defect that you are running into.

upgrade the code at the next opportunity.

Good luck.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎11-20-2009 05:58 PM

How long does it work before failing? When it breaks and before you toggle inspect ftp have you looked at the syslogs to see what may be happening?

I have not heard of this issue but, would certainly like to investigate this further.

pls. enable logging

conf t

logging on

logging buffer 7

sh logg | i 10.10.10.1

where 10.10.10.1 is the IP address in question.

Let us know what you see when it breaks.

0 Helpful

Go to solution
Norberto Salgado
Level 1
Level 1
In response to Kureli Sankar

‎11-24-2009 09:17 AM

Hi Kusankar,

thank you for your reply.

The problem it's a bit different that what I reported you first.

The ftp don't stop to work, only the "quit" command does.

It seems that it stops to receive the flag "F", when the command "quit" it's issued by the client. The ftp client need to kill the process, to the ftp connection be closed.Or we have to take off the "inspect ftp".

The problem it's that we have machines with ftp scripts configured, and then the machines stay full of ftp connections and processes running.


I will add some logs later. Can I use tcp time-out as workaround?

Thank you.

Best regards,

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to Norberto Salgado

‎11-24-2009 09:45 AM

Does this break after the FWSM module has been up for more than 50 days?

CSCsi27512 You may be running into this issue.

Resolved in 004.000(000.037)          003.002(005.001)          003.001(010)          003.001(009.005)

Does the issue get resolved if you failover?

0 Helpful

Go to solution
Norberto Salgado
Level 1
Level 1
In response to Kureli Sankar

‎11-24-2009 12:15 PM

That makes sense...

The FWSM it's up at almost 1 year.

I didn't try the failover, cause the client need to schedule an intervention to do this.

In the client I didn't saw all this sequence after the quit:

221-  You have transferred 0 bytes in 0 files.

221-  Total traffic for this session was 2551 bytes in 1 transfers.

221-  Thank you for using the FTP service on orbi.

221-  Goodbye

I only see:

You have transferred 0 bytes in 0 files.

I will try to disable the 221 multiline and disable the TCP normalizer, and I let you know the results.

Thank you!

Best regards,

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to Norberto Salgado

‎11-24-2009 12:26 PM

I am 100% sure this is the defect that you are running into.

upgrade the code at the next opportunity.

Good luck.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card