When I installed our new Pix with OS 7.0.4, I noted that the new protocol inspection seems not to work correctly for ftp.
When an internet user connects in passive mode to our internal ftp server and starts to upload a large file, two connections are opened: one to port 21 of the internal server and one to port 20 of the same server. During file transfer I can see that the byte count for connection to port 20 is increasing while byte count for connection to port 21 is not increasing and the idle time is growing. I believe this is a mistake and maybe a bug in Pix OS; in fact a user transferring a very large file can be disconnected during upload because of connection timeout on port 21. I could verify that it actually happens after 1 hour, the default global timeout for all tcp connections.
I tried downgrading PIX to OS 6.3.5 using "fixup protocol ftp" and so the ftp connections work without expiring the time out: the idle time count for connection on port 21 does not increase and stay to 0 during until the transfer completes.
It seems that there's no way to submit a bug to Cisco without a Smartnet contract and we haven't associated our contracts to our profile, so now I can only post what I discovered on this forum, hoping that someone could verify it and someone at Cisco could submit it to the right people.
If anyone wants to contact me for further information or suggestions I'll be glad to read answers to this post.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :