The FTP commands and the output are logged on the server and are checked by a script for the return FTP code 226. Something in the FW seems to process this retransmission in a strange way. When the packet starts on the outbound path it has dropped from 120 byte to 67 bytes, the TCP flags have changed and the FTP data has been truncated to be a single character (I believe it is a newline character) We see this 3 times as it is inbound on the firewall: We then see a retransmission of this response packet enter the firewall. We see the original FTP response packet enter the firewall and pass correctly.Īfter this packet there is a normal ACK back. I am using cppcap to capture the packets so the packets are seen 6 times as the traverse the firewall. The FW is altering this packet, which cause the FTP transfers to stop unexpectedly early. It looks like a retransmission is happening with one FTP packets occasionally. We have put a FTP server behind a Security Gateway (R80.40) and this is causing the FTP scripts on the server to fail.
0 kommentar(er)
