ftp and PAN-OS 6.0 problem

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

ftp and PAN-OS 6.0 problem

L3 Networker

Hi Team!

I have a problem with ftp application in PAN-OS 6.0 after upgrading from 5.9.

Passive ftp is stop working correctly.

Temporary resolved by creating an application override rule.

Any ideas?

Thank you

1 accepted solution

Accepted Solutions

L3 Networker

This is a known bug 61387 and the engineering is currently working towards the fix.

View solution in original post

11 REPLIES 11

L6 Presenter

I saw that too

seems to be bug, because downgraded to solve the issue.

Can you please check if the session application is not changing to your-freedom in discard state after trying to initiate ftp connection ?

show session all filter state discard

I had same issue and rebuilding the content fixed the issue i.e. downgrade to content version or upgrade to latest content version (if not already on the latest)

I tried it , but it didn't help me... It was working with latest content update, but on 5.0.9

L7 Applicator

Try changing the service to application default instead of any.  Sometimes this prevents the need for an application override rule.

Do be sure to open a case so the bug gets logged and into the process for a future update.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

I would recommend you to try upgrading to the latest content which got release today 418. If it still does not resolve the issue you are facing open a case with the support collecting

1. Packet captures of the traffic displaying the issue on the client and on the firewall.

2. Traffic logs during the time of the issue.

3. What kind of ftp server and client is being used. Version of the client.

4. Steps to reproduce the issue.

This will help the support is determining  the issue faster. Hope this helps.

Thank you

Numan

I'll try to test it ASAP

L3 Networker

Hi There,

Application override rule not helps for 100%, some sites can't communicate..... It doesn't works on mainframe client (unix based)

So...

Only downgrade?

Yes, if the application override does not work to solve the issue, then a downgrade would be necessary.

Be sure you create the application override for the most specific traffic possible and in both directions first.

Also before downgrading follow the steps outlined by mbutt above and get packet captures on both sides of the Palo Alto for the failed traffic.  This way support will identify which bug is your issue and can notify you when the fix is being released for the bug.

Steve

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

I've  opened a case  in PA TechSupp

L3 Networker

This is a known bug 61387 and the engineering is currently working towards the fix.

L3 Networker

It will be fixed in 6.0.2 release.

  • 1 accepted solution
  • 5954 Views
  • 11 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!