I have some standard text files that fail to ftp through the firewall to an ftp server in the a dmz. I have confirmed that I can ftp the files successfully to another ftp server on the inside of the network where the traffic does not pass through the firewall. The text files are generated automatically as part of a process that runs on server. I have been experiencing problems randomly one or twice every three or four months were some of the files will ftp through the pix and others will not. Looking at a sniff of the packets being sent I have been able to see that there maybe some odd formatting that occurs occasionally in the text files that fail. Due to the nature of the data in the files I can not supply one for testing.

Has anyone ever had this experience.

PIX Debug log:

305011: Built dynamic TCP translation from inside:192.168.200.198/2271 to dmzint02:192.168.206.254/23949

303002: 192.168.200.198 Stored 192.168.206.24:bad__PB_00013511.txt

302013: Built outbound TCP connection 250581788 for dmzint02:192.168.206.24/20 (192.168.206.24/20) to inside:192.168.200.198/2271 (192.168.206.254/23949)

302014: Teardown TCP connection 250581788 for dmzint02:192.168.206.24/20 to inside:192.168.200.198/2271 duration 0:00:01 bytes 153720 Deny

106015: Deny TCP (no connection) from 192.168.200.198/2271 to 192.168.206.24/20 flags ACK on interface inside

106015: Deny TCP (no connection) from 192.168.200.198/2271 to 192.168.206.24/20 flags ACK on interface inside

106023: Deny tcp src dmzint02:192.168.206.24/20 dst inside:192.168.206.254/23949 by access-group "dmzint02_access_in"

106023: Deny tcp src dmzint02:192.168.206.24/20 dst inside:192.168.206.254/23949 by access-group "dmzint02_access_in"

106015: Deny TCP (no connection) from 192.168.200.198/2271 to 192.168.206.24/20 flags ACK on interface inside