02-11-2014 09:16 AM
Hi Team!
I have a problem with ftp application in PAN-OS 6.0 after upgrading from 5.9.
Passive ftp is stop working correctly.
Temporary resolved by creating an application override rule.
Any ideas?
Thank you
02-20-2014 09:22 AM
This is a known bug 61387 and the engineering is currently working towards the fix.
02-11-2014 09:29 AM
I saw that too
seems to be bug, because downgraded to solve the issue.
02-11-2014 01:07 PM
Can you please check if the session application is not changing to your-freedom in discard state after trying to initiate ftp connection ?
show session all filter state discard
I had same issue and rebuilding the content fixed the issue i.e. downgrade to content version or upgrade to latest content version (if not already on the latest)
02-11-2014 01:12 PM
I tried it , but it didn't help me... It was working with latest content update, but on 5.0.9
02-11-2014 06:28 PM
Try changing the service to application default instead of any. Sometimes this prevents the need for an application override rule.
Do be sure to open a case so the bug gets logged and into the process for a future update.
02-11-2014 09:23 PM
I would recommend you to try upgrading to the latest content which got release today 418. If it still does not resolve the issue you are facing open a case with the support collecting
1. Packet captures of the traffic displaying the issue on the client and on the firewall.
2. Traffic logs during the time of the issue.
3. What kind of ftp server and client is being used. Version of the client.
4. Steps to reproduce the issue.
This will help the support is determining the issue faster. Hope this helps.
Thank you
Numan
02-12-2014 06:56 AM
I'll try to test it ASAP
02-13-2014 09:21 AM
Hi There,
Application override rule not helps for 100%, some sites can't communicate..... It doesn't works on mainframe client (unix based)
So...
Only downgrade?
02-13-2014 06:11 PM
Yes, if the application override does not work to solve the issue, then a downgrade would be necessary.
Be sure you create the application override for the most specific traffic possible and in both directions first.
Also before downgrading follow the steps outlined by mbutt above and get packet captures on both sides of the Palo Alto for the failed traffic. This way support will identify which bug is your issue and can notify you when the fix is being released for the bug.
Steve
02-14-2014 07:04 AM
I've opened a case in PA TechSupp
02-20-2014 09:22 AM
This is a known bug 61387 and the engineering is currently working towards the fix.
02-26-2014 06:45 AM
It will be fixed in 6.0.2 release.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
