FTP transfer fails from behind watchguard sometimes

rknevitt used Ask the Experts™
We have a FTP upload which runs autoamtically from a windows FTP client, from behind a X750e, (1-1NAT)

This connects to a FTP server running behind another X750e, via  a passive transfer.

Sometimes this connection fails, the FTP server has no log that the client ever connected.

However 3 minutes later, it connects fine. Here are the two log entrys:

2010-01-29 10:23:05 Deny ***.**.23.98 ftp/tcp 4555 21 100-GWL unknown denied (outgoing route unknown) 48 128 (Unhandled Internal Packet-00)  tcpinfo=''offset 7 S 376071735 win 65535'' rc=''101''       Traffic

2010-01-29 10:26:25 Allow ***.**.23.98 ftp/tcp 4591 21 100-GWL 0-External allowed, mss not exceeding 1460, idle timeout=43205 sec 48 128 (FTP-00)  src_ip_nat=''***.**.23.136'' tcpinfo=''offset 7 S 1242970715 win 65535'' rc=''100''       Traffic

I see no error on the other firewall, and the FTP server has nothing in the log to say its connected, the FTP client doesnt make a log of its activity.

Can anyone shed some light on what might be going on?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
your are using multi wan with round robin enabled ?
using multi wan with round robin

then enable policy based routing for FTP and then try


noo single WAN, the 2 fierwalls are completley seperate (however on the same external subnet)

OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

may any interruption in wan link have monitored this becoz route unknown says there is no link from how lon you are experiencing this problem?

are you using any management station software?
Top Expert 2007

In the first entry, it says:
>> unknown denied (outgoing route unknown)

Second entry reads:
>> 0-External allowed

Appears that the WAN service was unavailable during first attempt.

Can you ensure that WAN connectivity is not the issue here.

Thank you.


Good point, I will.

but as far as we can see, its only affecting outgoing FTP connections.

On this same firewall we have 5 terminal servers, some of which are continusly accessed remotley via the the WAN link.

If this was a connectivity issue on this interface, i would expect us to have recieved support calls for RDP drop outs?

I shall check anyway.
Top Expert 2007
I agree RDP service should also have been affected.
No route indicates that for some reason FB was not able to decide which interface to send out the packet to as there were no active routes [it is not ISP network issue because FB is not able to decide outbound interface for the packet; however, if the link was down then surely is ISP issue! ;) (hope have not confused you)].
Another thing to check is do you have auto-block enabled; also, do you see any website in System Manager->Blocked sites.

Also, if this happens in real time and you are logged on to box, then please look at Firebox system manager->Status report; please look at interface status, routing and ARP table.

This would give some clue as to what is happening.

Thank you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial