Unable to upload access log to FTP server after upgrading to SGOS 6.5

Article Id: 168462
Status: Published
Updated On: 13-05-2017 11:44
Legacy Id: TECH245102
Products:
Asset Management Solution , ProxySG Software - SGOS
Issue/Introduction:

FTP access log upload does not work after upgrading from SGOS 6.2 to 6.5.

A PCAP shows that the client is able to login to the FTP server on port 21:

1258    2014-12-30 15:01:27.291207    172.16.0.4    10.10.10.3    FTP    Request: USER admin
1259    2014-12-30 15:01:27.292279    10.10.10.3    172.16.0.4    FTP    Response: 331 Password required for admin
1260    2014-12-30 15:01:27.293091    172.16.0.4    10.10.10.3    FTP    Request: PASS admin
1261    2014-12-30 15:01:27.294384    10.10.10.3    172.16.0.4    FTP    Response: 230 Logged on

The FTP server tells the client to initiate the data connection to port 444 (1*256 + 188).

1266    2014-12-30 15:01:27.297470    172.16.0.4    10.10.10.3    FTP    Request: PASV
1267    2014-12-30 15:01:27.299362    10.10.10.3    172.16.0.4    FTP    Response: 227 Entering Passive Mode (10,10,10,3,1,188)

After that the ProxySG appliance does not initiate any traffic on port 444.

 

Resolution:

Configure the FTP server to use a passive FTP port that is higher than 1023.