FTP fails when using fully-qualified domain names (FQDN) in an explicit proxy deployment.
FTP is successful when using the origin content server (OCS)/FTP server's IP address. Connecting directly to the Internet also works when either IP address or FQDN is used.
Note: When this issue occurred, authentication was enabled and the ProxySG appliance username was defined in Raptor login syntax.
Use the appliance's packet capture utility (PCAP) to compare packet captures from when FTP worked with captures from when FTP failed.
You could use the following PCAP filter expressions:
ip host <client IP>
ip host <FTP server IP>
host <FQDN of FTP server>
Troubleshoot the issue depending on the information in the packet captures. The following are possible causes of the issue and examples of troubleshooting steps:
Cause 1: The IP address used when FTP works is not the same one that DNS resolves when FTP fails. Resolution:Correct DNS server/resolution issues.
Cause 2: The username intended for the appliance is being sent to the OCS. Possible resolution: The presence of an FQDN trigger can cause the username defined in Raptor login syntax to be sent to the OCS/FTP server; as a result, the appliance would not be able to consume the username information. To determine if this is the case, perform a policy trace to locate the rule (see 000011446 for instructions).You can then create a rule above this rule to authenticate the FQDN.
Imported Document ID: 000009564
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.