Link to Cisco Bug Toolkit
Will need CCO Login
CSCsi27512 Bug Details
| FTP with multiline 221 lines closes the connection too early | |
| Symptom: FTP client / server do not close their connection in some cases when the server uses multiline 221 closure sequence. Conditions: When some OS is used (not all of them, not identified properly) and the server uses multi line 221 closure sequence like: 221-You have transferred 0 bytes in 0 files. 221-Total traffic for this session was 2551 bytes in 1 transfers. 221-Thank you for using the FTP service on orbi. 221 Goodbye. instead of the classic 221 Goodbye; Workaround: 1. Disable ftp inspection OR disable 221 mutliline. or 2. if running a version of FWSM code where the command is supported, you can disable the TCP Normalizer feature which has minimal impact. Disable the normalizer with the command: "no control-point tcp-normalizer" or 3. If running in an active/standby failover mode setup, a forced switchover should alleviate the problem. If not running a failover mode that is if there i no failover pair, but have failover enabled, then a "no failover" and "failover" [i.e disabling and enabling failover] should help. | |
2 comments:
Hi Craig,
I think I'm hitting the same bug. What did you used as workaround? disable multiline 221?
We actually used option 3 in the post to failover the firewall in the evening, as we were operating a failover pair. This may or may not help you.
If you have the ability to disable FTP Multiline, I would suspect that would be your best option. This was not an option for us as the FTP Server was with another company through a dedicated connection.
Post a Comment