Forum Discussion

syedimam_147051's avatar
syedimam_147051
Icon for Nimbostratus rankNimbostratus
Feb 26, 2016

Passive FTP failing, F5 send TCP RST after receiving Entering Passive mode from server

Hi Pretty standard setup Passive FTP Control port 10021 Data ports 50251-50500   Configuration   VIP: 192.168.152.8 (Open for all ports) Auto SNAT (interface and pool members on same vlan) Pro...
application delivery
BIG-IP
LTM
tatmotiv's avatar
tatmotiv
Icon for Cirrostratus rankCirrostratus
Feb 29, 2016

Try creating a non-default ftp profile and allow ANY data port.

Per default, only port 20 is allowed: 

    list ltm profile ftp /Common/ftp all-properties 
   ltm profile ftp /Common/ftp { 
       app-service none 
       defaults-from none    
       description none 
       inherit-parent-profile disabled 
       log-profile none 
       log-publisher none 
       partition Common 
       --> port ftp-data <-- 
       security disabled 
       translate-extended enabled 
    }

try using this instead: 

ltm profile ftp ftp_dataport_any { 
    app-service none 
    defaults-from /Common/ftp 
    --> port any <-- 
}

With this profile, you also should not need to enable the virtual on any port, but on the desired ftp-control port only (in your case 10021).

HTH Martin