https://community.cisco.com/t5/network-access-control/ftp-of-ise-backup-passive-mode-failing/m-p/4527542#M572060 <P>Hi,</P><P>&nbsp;</P><P>I have two customers, one on ISE 2.7 and the other one on ISE3.0</P><P>&nbsp;</P><P>ISE 2.7 has Patch 6 installed which can FTP backups over to a 3rd party successfully.</P><P>&nbsp;</P><P>ISE 3.0 cannot FTP backups over to the same 3rd party. The control channel on tcp port 21 was successful. When the data is transferred over FTP (passive mode) it does this on a high port number the backup fails. The traffic is getting denied due to a firewall rules which doesn't allow high port numbers</P><P>&nbsp;</P><P>It looks like ISE 3.0 is using passive mode and not active mode.</P><P>&nbsp;</P><P>Is the bug CSCvt91627 causing this issue?</P><P>&nbsp;</P><P>Is there a way to get ISE 3.0 to backup via active mode as the customer doesn't want open high ports on their external firewalls?</P><P>&nbsp;</P><P>Thanks Anthony.</P> Thu, 06 Jan 2022 17:24:48 GMT Anthony O'Reilly 2022-01-06T17:24:48Z https://community.cisco.com/t5/network-access-control/ftp-of-ise-backup-passive-mode-failing/m-p/4527542#M572060 <P>Hi,</P><P>&nbsp;</P><P>I have two customers, one on ISE 2.7 and the other one on ISE3.0</P><P>&nbsp;</P><P>ISE 2.7 has Patch 6 installed which can FTP backups over to a 3rd party successfully.</P><P>&nbsp;</P><P>ISE 3.0 cannot FTP backups over to the same 3rd party. The control channel on tcp port 21 was successful. When the data is transferred over FTP (passive mode) it does this on a high port number the backup fails. The traffic is getting denied due to a firewall rules which doesn't allow high port numbers</P><P>&nbsp;</P><P>It looks like ISE 3.0 is using passive mode and not active mode.</P><P>&nbsp;</P><P>Is the bug CSCvt91627 causing this issue?</P><P>&nbsp;</P><P>Is there a way to get ISE 3.0 to backup via active mode as the customer doesn't want open high ports on their external firewalls?</P><P>&nbsp;</P><P>Thanks Anthony.</P> Thu, 06 Jan 2022 17:24:48 GMT https://community.cisco.com/t5/network-access-control/ftp-of-ise-backup-passive-mode-failing/m-p/4527542#M572060 Anthony O'Reilly 2022-01-06T17:24:48Z https://community.cisco.com/t5/network-access-control/ftp-of-ise-backup-passive-mode-failing/m-p/4527605#M572062 <P>Maybe a bug, or due to plain FTP sometimes having issues with secure reasons, try any SFTP and see if that success?</P> <P>&nbsp;</P> <P>Note: not used FTP any time before due to security reasons, SFTP works as expected for me</P> <P>&nbsp;</P> Thu, 06 Jan 2022 20:10:13 GMT https://community.cisco.com/t5/network-access-control/ftp-of-ise-backup-passive-mode-failing/m-p/4527605#M572062 balaji.bandi 2022-01-06T20:10:13Z https://community.cisco.com/t5/network-access-control/ftp-of-ise-backup-passive-mode-failing/m-p/4528550#M572094 <P>Changing from passive to active mode is not something that is user configurable in ISE.&nbsp;</P> Sun, 09 Jan 2022 20:57:40 GMT https://community.cisco.com/t5/network-access-control/ftp-of-ise-backup-passive-mode-failing/m-p/4528550#M572094 Arne Bier 2022-01-09T20:57:40Z