File download fails through Netscreen when using IE6 with Passive FTP
You may find when trying to download a file from your FTP server using Internet Explorer 6 with "Folder View Enabled" when using Passive FTP the file download transfer will fail after a short time period.
This can be down to Internet Explorer sending TCP packets with sequence numbers which are outside that of the current TCP window. This in turn causes the FTP file transfer to fail. This can be caused by vendors using non-RFC methods to verify a packets validity or the host sending back badly number packets expecting a return.
You can confirm whether the Netscreen is dropping packets due to this with the following command,
netscreen(M)-> get counter statistics | i (Total|seq)
Total flow counters for interface mgt:
tcp out of seq 0 | mac relearn 0 | no frag sess 0
Total flow counters for interface ethernet1/1:
tcp out of seq 38321 | mac relearn 0 | no frag sess 0
Total flow counters for interface ethernet1/2:
The Netscreen is working by design so you have 3 options :
- Disabling TCP sequence checking on the firewall using the command 'set flow no-tcp-seq-check'
- Use an alternative client for Passive FTP downloads.
- Use Active FTP