Data Loss Prevention (DLP) Network Monitor does not detect File Transfer Protocol (FTP) traffic using the Extended Passive Mode (ESPV) extension. Network traffic may also be using IPv6 mode in some environments. No incidents are being generated by the DLP Network monitor if the ESPV FTP extension is enabled on the FTP server.
Currently the DLP Network Monitor versions 12.0.1 and prior do not support monitoring IPv6 traffic or the Extended Passive Mode (ESPV) FTP extension. Defect has been filed regarding IPv6 network traffic detection and FTP using the ESPV mode.
The DLP 12.5 Network Monitor has added support for monitoring IPv6 network traffic including the ESPV and EPRT Extensions. Upgrade the DLP Network Monitor to version 12.5 or higher to detect FTP traffic using the ESPV extension.
The environment may consist of an Windows 2008 64bit Server, SuSE Linux Servers, or Redhat Enterprise Linux (RHEL 5). Data Loss Prevention Network Monitor may be running on an RHEL 5 server.
Imported Document ID: TECH225171
Subscribing will provide email updates when this Article is updated. Login is required.