Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
734
Views
0
Helpful
2
Replies

FWSM 2.3.1 and EPSV ftp problem

jbrauer
Level 1
Level 1

‎08-29-2005 12:55 AM - edited ‎03-09-2019 12:16 PM

Hi!

We have an FWSM on ver. 2.3.1. We have Suse Linux systems on the non-secure (outside) side running which have to do YAST (OS sw update) from non-secure to secure. YAST uses ftp under the covers however Suse's ftp uses the EPSV option to indicate passive ftp which the FWSM ftp fixup does not understand. Thus the ftp data session fails because it is blocked by the firewall.

Any ideas how I can get this solved? I d hate to open tcp ports 1024-65536 to get the ftp data sessions through the FWSM.

NOTE: Since the ftp server is not under my control I cannot change that one to respond to EPSV with "command not understood" so this is not an option for me.

N.B.: Has anyone else come across that problem? I ve been googling thru the internet however I haven't found any report similar to mine.

Thx.

Labels:
0 Helpful
2 Replies 2

ciscocsoc
Level 4
Level 4

‎08-30-2005 01:17 AM

Hi,

I had the same problem with another firewall - and the only way to get it to work was to open all the high TCP ports.

EPSV is an IPv6 extension and AFAIK neither the FWSM not the PIX handle it statefully yet.

Kind Regards

Cathy

0 Helpful

jbrauer
Level 1
Level 1
In response to ciscocsoc

‎08-30-2005 01:53 AM

Cathy, thx.

That s what I feared I have to do (open all high ports).

Well at least for the Suse Linux update (YAST) we ve found another solution: we can force YAST to work over http rather than ftp thus we can workaround the EPSV issue.

Cheers Joachim

0 Helpful
Customers Also Viewed These Support Documents