This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
FTP Data connection broken, need help
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- Re: FTP Data connection broken, need help
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-17-2013 08:58 AM
ta, Im having a heck of a problem.
One zone out to an ftp server is working frie but from another zone the conputers can connect but they cant get file listings of xfer data ata ll. Routing is fine, obviously, the rules they are hitting is ok, NAT and Sec.
Both connections go through two VRs to get out to the ftp server. One zone hits two rules, the other only hits one.
Im running out of ideas of things to check.
Anyone else here have this problem in the past? What was the issue? Thanks.
14 REPLIES 14
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-18-2013 12:43 PM
5.x:
set deviceconfig setting tcp asymmetric-path bypass bypass-exceed-oo-queue yes
Here are all the options under asymmetric-path:
admin@PA-200# set deviceconfig setting tcp asymmetric-path bypass
+ bypass-exceed-oo-queue whether to skip inspection of session if out-of-order packets limit is exceeded
+ check-timestamp-option whether to drop packets with invalid timestamp option
+ urgent-data clear urgent flag in TCP header
<Enter> Finish input
admin@PA-200#
prior versions:
set deviceconfig setting tcp asymmetric-path bypass yes
This disables the sliding window and sequence number checking. Looks like you are doing asymetric routing and the firewall is dropping tcp out of sequence packets.
Hope that helps.
-chadd.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-18-2013 01:25 PM
ok, thanks, im going to try turning that off then.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-18-2013 02:43 PM
thank you sweet lord problem solved. thanks very much for all the help. man that was a doozey.
show counter global filter packet-filter yes delta yes
thats one hell of a command and im going to make sure i make good use of it in the furture.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-06-2013 07:11 PM
Hello cchristiansen,
Its command could be applied after system rebooted? right? or applied immediately when commanding on CLI?
Thanks.
Regards,
Roh
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-07-2013 01:38 AM
You're in configure mode and it will work immediately as I know.And also it will stay after reboot.
Related Content
- PANOS Integrated UserID with WINRM in General Topics
- Two ISP Connection with some of my inside network going out one of the two in General Topics
- Server Monitoring of User-ID agent set-up shows Authentication failed /Connection refused error in General Topics
- USB connectivity in XQL in Endpoint (Traps) Discussions
- Where to see graphs of peak bandwidth usage? in Next-Generation Firewall Discussions
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks