fir3net
PPS-Firenetbanner-780.5x190-30-03-17
  • Home
  • Articles
  • Firewalls
  • Juniper
  • File download fails through Netscreen when using IE6 with Passive FTP

File download fails through Netscreen when using IE6 with Passive FTP

You may find when trying to download a file from your FTP server using Internet Explorer 6 with "Folder View Enabled" when using Passive FTP the file download transfer will fail after a short time period.

This can be down to Internet Explorer sending TCP packets with sequence numbers which are outside that of the current TCP window. This in turn causes the FTP file transfer to fail. This can be caused by vendors using non-RFC methods to verify a packets validity or the host sending back badly number packets expecting a return.

You can confirm whether the Netscreen is dropping packets due to this with the following command,

netscreen(M)-> get counter statistics | i (Total|seq)
Total flow counters for interface mgt:

tcp out of seq 0 | mac relearn 0 | no frag sess 0
Total flow counters for interface ethernet1/1:

tcp out of seq 38321 | mac relearn 0 | no frag sess 0
Total flow counters for interface ethernet1/2:

Solution

The Netscreen is working by design so you have 3 options :

  1. Disabling TCP sequence checking on the firewall using the command 'set flow no-tcp-seq-check'
  2. Use an alternative client for Passive FTP downloads.
  3. Use Active FTP

Tags: FTP, Netscreen

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001