Had a client that wanted to use the new URL filtering features of R80.30.
Upgraded them on Monday morning (yesterday morning early) they are a media house and they do alot of file transfers for their content to get printed and posted etc (yes I know it should be encrypted with ftps or scp rather but that is another discussion) and R80.30 seemed to break this entirely.
First after a couple of hours of troubleshooting I resorted to allowing any service/any port from the servers sending the ftp traffic - this seemed to quell the issue for a short time but they still had intermittent failures yesterday afternoon. Furthermore no changing of active/passive ftp types on the client side made any difference.
Today alot more was not working and the IT guys were getting alot of heat which was being passed down to us.
I tried to log a high ticket with TAC etc but after 2 hours of no traction and the any service /any port allow not being a viable workaround we have to revert to the R80.20 snapshots.
As soon as R80.20 snapshots reverted all the FTP's from all the servers worked instantly.
So not sure if anyone else out there has R80.30 running and have issues with FTP traffic - let me know .
(I did install R80.30 in our lab and try and recreate the problem in the live environment - but could not. The client is using ISP redundancy with Load Sharing - perhaps this is causing the issue but no way of knowing now .)
(Also the drop reasons were for the dynamic ports as if the firewall did not understand the FTP protocol or the ports it was dynamically assigning . or some cryptic fwpslglue_chain Reason: PSL Drop: xxx yyy xxx yyy . That was not usual or searchable on the knowledgebase or in CheckMates.)
I am a bit sad that my first R80.30 in production was so short lived 😞
.png){kind=link}