ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

DLP Network Monitor Not detecting FTP ESPV Protocol

book

Article ID: 161237

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor

Issue/Introduction

Data Loss Prevention (DLP) Network Monitor does not detect File Transfer Protocol (FTP) traffic using the Extended Passive Mode (ESPV) extension. Network traffic may also be using IPv6 mode in some environments. No incidents are being generated by the DLP Network monitor if the ESPV FTP extension is enabled on the FTP server. 

Cause

Currently the DLP Network Monitor versions 12.0.1 and prior do not support monitoring IPv6 traffic or the Extended Passive Mode (ESPV) FTP extension. Defect has been filed regarding IPv6 network traffic detection and FTP using the ESPV mode. 

Resolution

The DLP 12.5 Network Monitor has added support for monitoring IPv6 network traffic including the ESPV and EPRT Extensions. Upgrade the DLP Network Monitor to version 12.5 or higher to detect FTP traffic using the ESPV extension.


Applies To

The environment may consist of an Windows 2008 64bit Server, SuSE Linux Servers, or Redhat Enterprise Linux (RHEL 5). Data Loss Prevention Network Monitor may be running on an RHEL 5 server.