https://community.cisco.com/t5/network-security/ftp-and-sqlnet-issue-after-migrating-to-ftd-4100/m-p/3715302#M1039462 <P>I don't know about SQL, but we had and still have issues with FTP.&nbsp; Are you using active or passive FTP.&nbsp; There seems to be a bug that prevents active FTP from working correctly when being sent through snort.&nbsp; This is even the case when we have inspect FTP configured in the policy map using flexconfig.&nbsp; Passive FTP works fine though.&nbsp; So we used this as a workaround, using passive FTP instead of active FTP.</P> Fri, 28 Sep 2018 20:51:15 GMT Marius Gunnerud 2018-09-28T20:51:15Z https://community.cisco.com/t5/network-security/ftp-and-sqlnet-issue-after-migrating-to-ftd-4100/m-p/3714704#M1039461 <P>Hi,</P> <P>Recently we have migrated from ASA 5585 to FTD 4110 . After migration we are facing problem with FTP and sqlnet traffic. Earlier it used to work properly but after migration some times its working and some times connection time out.</P> <P>We used the packet capture and packet tracer to analyze the issue but it shows that the server is initiating the reset flag,</P> <P>Fast path seems to be working for the traffic&nbsp; . Using fast path we are bypassing the snort check . But even without the fast path in the packet tracer we can see that the snort verdict is showing as pass.</P> <P>Hence we need to&nbsp;understand what exactly is happening with the traffic if the fast path is not enabled.</P> <P>&nbsp;</P> <P>Thanks and regards</P> <P>&nbsp;</P> <P>Pushpak</P> Fri, 21 Feb 2020 16:17:34 GMT https://community.cisco.com/t5/network-security/ftp-and-sqlnet-issue-after-migrating-to-ftd-4100/m-p/3714704#M1039461 pushpak.lele 2020-02-21T16:17:34Z https://community.cisco.com/t5/network-security/ftp-and-sqlnet-issue-after-migrating-to-ftd-4100/m-p/3715302#M1039462 <P>I don't know about SQL, but we had and still have issues with FTP.&nbsp; Are you using active or passive FTP.&nbsp; There seems to be a bug that prevents active FTP from working correctly when being sent through snort.&nbsp; This is even the case when we have inspect FTP configured in the policy map using flexconfig.&nbsp; Passive FTP works fine though.&nbsp; So we used this as a workaround, using passive FTP instead of active FTP.</P> Fri, 28 Sep 2018 20:51:15 GMT https://community.cisco.com/t5/network-security/ftp-and-sqlnet-issue-after-migrating-to-ftd-4100/m-p/3715302#M1039462 Marius Gunnerud 2018-09-28T20:51:15Z https://community.cisco.com/t5/network-security/ftp-and-sqlnet-issue-after-migrating-to-ftd-4100/m-p/3715383#M1039463 <P>Hi,</P> <P>Thanks, i will try with the passive FTP and let you know.</P> <P>&nbsp;</P> <P>Thanks and regards</P> <P>&nbsp;</P> <P>Pushpak</P> Sat, 29 Sep 2018 00:41:34 GMT https://community.cisco.com/t5/network-security/ftp-and-sqlnet-issue-after-migrating-to-ftd-4100/m-p/3715383#M1039463 pushpak.lele 2018-09-29T00:41:34Z