Last Modified: Apr 17, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2
Opened: Jan 07, 2020 Severity: 3-Major
When attempting to use TFTP or Active FTP at the BIG-IP management port to transfer files to a remote system, the connection eventually times out and the file is not transferred. This is expected behavior resulting from the enhancement made in BIG-IP v14.1.0: "Support for network firewall rules on the management port" :: https://techdocs.f5.com/kb/en-us/products/BIG-IP_ltm/releasenotes/product/relnote-bigip-14-1-0.html#rn_ltm-tmos_1410_new. When attempting to use TFTP and Active FTP via tmm interfaces will work as it has the necessary Algorithm capabilities to set up return listeners.
Unable to use TFTP or Active FTP to transfer files to/from the BIG-IP system over management port
- BIG-IP v14.1.0 or greater. - Attempt to initiate TFTP or Active FTP from the BIG-IP management port through command line.
Consider using encrypted transport (sftp, scp, etc.) in order to avoid the exposure of sensitive data, including passwords. Manually load connection tracking for the necessary protocol(s) from the command line with: modprobe nf_conntrack_ftp modprobe nf_conntrack_tftp
None
Beginning in v14.1.0, you cannot use TFTP or Active FTP to transfer files to/from the BIG-IP system over management port. You should consider alternatives (sftp, scp, etc.) using encrypted transport for these operations.