FTP download issues

Advanced search

[rockysam39]

We are facing this issue since last few months. When we try to download any drivers from the Dell or HP websites , the download is getting re-directed to one of their FTP sites and then the download fails with either 'Page cannot be displayed' error or continues to try opening the page for eternity...
When I check the logs on the firewall ( SmartView Tracker ) I see all the FTP traffic from the source machine is passing the Firewall, and not dropped/rejected (not even by the Smartdefense). However , veryfew packets are getting dropped. One such log detail is as follows:-



Number:         177797
Date:               5Jul2008
Time:              5:40:36
Product:          VPN-1 Power/UTM
Interface:        eth1
Origin:            INITC_FW_01
Type:              Log
Action:            Drop
Protocol:         tcp
Service:          ftp (21)
Source:           10.108.8.32
Destination:    pla-ftp.nai.com (216.143.70.11)
Source Port:   1697
Information:    TCP packet out of state: First packet isn't SYN
                       tcp_flags: ACK
Policy Info:     Policy Name: INITC_FW_01-20071108-DH
                       Created at: Fri Jul 04 13:44:14 2008
                       Installed from: SmartCenter-1
The Firewall rule for Internet is set to allow FTP traffic.
I have tried to check for logs of traffic coming from these FTP sites (i.e., inbound ftp traffic ) but I dont see any traffic at all.

I'm trying to figure out if there is any blockage on the Firewall or not, though I believe there is none.

Can anyone help me with any ideas to research this from the Firewall end or a better way to analyze these traffic?
Is there anything else I may check to see if the FTP download is getting blocked by the Firewall or Smartdefense.

[juve]

You can try to disable state checking for ftp by adding the following in the user.def file :

deffunc user_accept_non_syn() {
( /* allow ftp connections to start with a non-SYN packet */
(dport=21, sport=21) or 0
)
};


Do other ftp connections work or not?

[rockysam39]

Thanks for the suggestion Juve.
This might sound silly but I dont seem to be able to find the user.def file

Can you please let me know the path for this file?

[juve]

Hi,

The file is located in $FWDIR/lib

Normally, you can make the change on the management server and push the policy to the firewall afterwards.

• Articles
• Knowledge base