Hi
I made a transition of my virtual FMC from 5.4 to 6.1 but kept 5.4.x on my ASA Firepower for a while. Nothing has changed in the rule set while I upgraded from 5.4 to 6.1 but the day after I applied the 6.1 config to my Firepower modules I started getting reports of broken FTP transfers.
It's a passive FTP transfer between two servers on two different subnets inspected by ASA Firepower. The ASA log reports the file has been stored on the receiving server but the sending application reports a transfer error and only half the file is in fact stored.
If I omit the flow from Firepower all together the FTP works. I've tried a few Firepower rules with or without IPS, file inspection and plain "allow all" but nothing works.
I am still using the old ASA FTP inspection services which I suspect is interfering. What do you folks think?
Edit: I've done some trial and erroring and it seems the ASA FTP inspections has no effect, it's all about the Firepower. If I create a Trust rule for the specific flow the FTP transfer works. Allow with or without IPS, File inspection or any other features breaks the transfer.
Regards
Fredrik
