Solved: FTP of ISE backup (passive mode) failing.

Anthony O'Reilly · ‎01-06-2022

Hi,

I have two customers, one on ISE 2.7 and the other one on ISE3.0

ISE 2.7 has Patch 6 installed which can FTP backups over to a 3rd party successfully.

ISE 3.0 cannot FTP backups over to the same 3rd party. The control channel on tcp port 21 was successful. When the data is transferred over FTP (passive mode) it does this on a high port number the backup fails. The traffic is getting denied due to a firewall rules which doesn't allow high port numbers

It looks like ISE 3.0 is using passive mode and not active mode.

Is the bug CSCvt91627 causing this issue?

Is there a way to get ISE 3.0 to backup via active mode as the customer doesn't want open high ports on their external firewalls?

Thanks Anthony.

Arne Bier · ‎01-09-2022

Changing from passive to active mode is not something that is user configurable in ISE.

View solution in original post

balaji.bandi · ‎01-06-2022

Maybe a bug, or due to plain FTP sometimes having issues with secure reasons, try any SFTP and see if that success?

Note: not used FTP any time before due to security reasons, SFTP works as expected for me

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Arne Bier · ‎01-09-2022

Changing from passive to active mode is not something that is user configurable in ISE.