[c-nsp] ftp fixup on firewall service module
Peter Rathlev
peter at rathlev.dk
Wed May 5 15:10:33 EDT 2010
On Wed, 2010-05-05 at 11:20 -0600, B wrote:
> I don't think passive mode (from inside to outside) requires fixup. Both
> channels are outbound initiated. Does the control connection get
> established? Perhaps it's something else...
If you use a "default deny" strategy for outbound connections, you would
still need some fixup for the firewall to allow the outbound.
I would guess that the "inspect ftp" on FWSM 3.1 should handle this. I'm
rather confident that ASA 7.2 does.
That doesn't explain the error though. :-)
--
Peter
More information about the cisco-nsp
mailing list