rknevitt
asked on
FTP transfer fails from behind watchguard sometimes
We have a FTP upload which runs autoamtically from a windows FTP client, from behind a X750e, (1-1NAT)
This connects to a FTP server running behind another X750e, via a passive transfer.
Sometimes this connection fails, the FTP server has no log that the client ever connected.
However 3 minutes later, it connects fine. Here are the two log entrys:
2010-01-29 10:23:05 Deny 10.4.1.32 ***.**.23.98 ftp/tcp 4555 21 100-GWL unknown denied (outgoing route unknown) 48 128 (Unhandled Internal Packet-00) tcpinfo=''offset 7 S 376071735 win 65535'' rc=''101'' Traffic
2010-01-29 10:26:25 Allow 10.4.1.32 ***.**.23.98 ftp/tcp 4591 21 100-GWL 0-External allowed, mss not exceeding 1460, idle timeout=43205 sec 48 128 (FTP-00) src_ip_nat=''***.**.23.136
I see no error on the other firewall, and the FTP server has nothing in the log to say its connected, the FTP client doesnt make a log of its activity.
Can anyone shed some light on what might be going on?
This connects to a FTP server running behind another X750e, via a passive transfer.
Sometimes this connection fails, the FTP server has no log that the client ever connected.
However 3 minutes later, it connects fine. Here are the two log entrys:
2010-01-29 10:23:05 Deny 10.4.1.32 ***.**.23.98 ftp/tcp 4555 21 100-GWL unknown denied (outgoing route unknown) 48 128 (Unhandled Internal Packet-00) tcpinfo=''offset 7 S 376071735 win 65535'' rc=''101'' Traffic
2010-01-29 10:26:25 Allow 10.4.1.32 ***.**.23.98 ftp/tcp 4591 21 100-GWL 0-External allowed, mss not exceeding 1460, idle timeout=43205 sec 48 128 (FTP-00) src_ip_nat=''***.**.23.136
I see no error on the other firewall, and the FTP server has nothing in the log to say its connected, the FTP client doesnt make a log of its activity.
Can anyone shed some light on what might be going on?
NarendraG
your are using multi wan with round robin enabled ?
using multi wan with round robin
then enable policy based routing for FTP and then try
then enable policy based routing for FTP and then try
ASKER
noo single WAN, the 2 fierwalls are completley seperate (however on the same external subnet)
Rob
Rob
may any interruption in wan link have monitored this becoz route unknown says there is no link from how lon you are experiencing this problem?
are you using any management station software?
are you using any management station software?
In the first entry, it says:
>> unknown denied (outgoing route unknown)
Second entry reads:
>> 0-External allowed
Appears that the WAN service was unavailable during first attempt.
Can you ensure that WAN connectivity is not the issue here.
Thank you.
>> unknown denied (outgoing route unknown)
Second entry reads:
>> 0-External allowed
Appears that the WAN service was unavailable during first attempt.
Can you ensure that WAN connectivity is not the issue here.
Thank you.
ASKER
Good point, I will.
but as far as we can see, its only affecting outgoing FTP connections.
On this same firewall we have 5 terminal servers, some of which are continusly accessed remotley via the the WAN link.
If this was a connectivity issue on this interface, i would expect us to have recieved support calls for RDP drop outs?
I shall check anyway.
but as far as we can see, its only affecting outgoing FTP connections.
On this same firewall we have 5 terminal servers, some of which are continusly accessed remotley via the the WAN link.
If this was a connectivity issue on this interface, i would expect us to have recieved support calls for RDP drop outs?
I shall check anyway.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.