06-10-2022 08:40 AM
Ok, I'm at my wit's end with TAC.. after 7 months of explaining the issues, collecting logs, and then starting over when a new agent takes the case, I'm hoping the community can help me.
I've had inbound decryption set up for our FTP server for some time. We noticed an issue after updating to 10.0.8 (we're now on 10.1.5-h1 ) where people seemed to not be able to connect anymore. After investigating, it appears that in Filezilla they are actually able to connect but it looks like they aren't because a TLS error occurs and the LIST command fails. Right-clicking on the remote side and hitting Refresh several times will often eventually complete the directory listing. This is with FTPS set to "Require explicit FTP over TLS" and with the Transfer Method set to Default (which I think may be Passive). This issue appears to be intermittent and sometimes it seems to connect fine.
Further investigation also showed the following:
It looks like someone else has run into an issue like this before with Passive FTP and it was related to an issue with the content packs
https://live.paloaltonetworks.com/t5/general-topics/passive-ftp/td-p/11573
Anyone else having any issues or have any experience in what I can do to resolve this?
Thanks!
07-03-2022 05:52 AM
Hi @jsalmans
What was the last version when it was working? How does the decryption profile and rule look like that you cobfigured? How did you prepare the certificate file that you used for the inbound decryption? According to the error message you placed the intermediate certificate authority file at the wrong location in the file. Are there any decryption errors in the log on the paloalto firewall? What did TAC do so far with troubleshooting and whar were the results?
I think this issue should be solvable but I need some more information and more details about the steps taken and current config.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!