Bug ID 867177: Outbound TFTP and Active FTP no longer work by default over the management port

Last Modified: Apr 29, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 16.0.0,, 16.0.1,,

Opened: Jan 07, 2020

Severity: 3-Major


When attempting to use TFTP or Active FTP at the BIG-IP management port to transfer files to a remote system, the connection eventually times out and the file is not transferred. This is expected behavior resulting from the enhancement made in BIG-IP v14.1.0: "Support for network firewall rules on the management port" :: https://techdocs.f5.com/kb/en-us/products/BIG-IP_ltm/releasenotes/product/relnote-bigip-14-1-0.html#rn_ltm-tmos_1410_new. When attempting to use TFTP and Active FTP via tmm interfaces will work as it has the necessary Algorithm capabilities to set up return listeners.


Unable to use TFTP or Active FTP to transfer files to/from the BIG-IP system over management port


- BIG-IP v14.1.0 or greater. - Attempt to initiate TFTP or Active FTP from the BIG-IP management port through command line.


Consider using encrypted transport (sftp, scp, etc.) in order to avoid the exposure of sensitive data, including passwords. Manually load connection tracking for the necessary protocol(s) from the command line with: modprobe nf_conntrack_ftp modprobe nf_conntrack_tftp

Fix Information


Behavior Change

Beginning in v14.1.0, you cannot use TFTP or Active FTP to transfer files to/from the BIG-IP system over management port. You should consider alternatives (sftp, scp, etc.) using encrypted transport for these operations.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips