Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2847
Views
5
Helpful
3
Replies

Upgrade of FMC to 6.1 breaks my FTP

Go to solution
hoffa2000
Level 3
Level 3

‎10-24-2016 11:25 PM - edited ‎02-21-2020 05:56 AM

Hi

I made a transition of my virtual FMC from 5.4 to 6.1 but kept 5.4.x on my ASA Firepower for a while. Nothing has changed in the rule set while I upgraded from 5.4 to 6.1 but the day after I applied the 6.1 config to my Firepower modules I started getting reports of broken FTP transfers.

It's a passive FTP transfer between two servers on two different subnets inspected by ASA Firepower. The ASA log reports the file has been stored on the receiving server but the sending application reports a transfer error and only half the file is in fact stored.

If I omit the flow from Firepower all together the FTP works. I've tried a few Firepower rules with or without IPS, file inspection and plain "allow all" but nothing works.

I am still using the old ASA FTP inspection services which I suspect is interfering. What do you folks think?

Edit: I've done some trial and erroring and it seems the ASA FTP inspections has no effect, it's all about the Firepower. If I create a Trust rule for the specific flow the FTP transfer works. Allow with or without IPS, File inspection or any other features breaks the transfer.

Regards

Fredrik

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Alex Sierra
Level 1
Level 1

‎10-27-2016 11:58 AM

I opened a TAC case and the only workaround is putting a trust rule for that FTP server. The other two options are not viable.

Here is the bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb55994

View solution in original post

3 Replies 3

Go to solution
Oliver Kaiser
Level 7
Level 7

‎10-27-2016 11:45 AM

Hi Fredrik,

This is a known bug. I have experienced the same issue using FTD 6.1. The bug is currently not customer visible

kind regards

Oliver

0 Helpful

Go to solution
Alex Sierra
Level 1
Level 1

‎10-27-2016 11:58 AM

I opened a TAC case and the only workaround is putting a trust rule for that FTP server. The other two options are not viable.

Here is the bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb55994

Go to solution
clive.hodgetts
Level 1
Level 1

‎03-08-2018 11:33 AM

Hi, as mentioned the bug is not public even with a valid CCO. Could you confirm if the issue is fixed by upgrading to 6.2 or 6.2.2?

 

Might save me logging it out to TAC

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card