This solution replies to:
- NG Firewall firmware versions 4.2.x,5.0.x, 5.2.x
- netfence firmware versions 4.2.x
When using the NG proxy engine, the connection to some FTP servers, such as ftp://ftp.asus.com or ftp://ftp.model.com, times out.
Proxy NG asks the FTP server if a data connection high port can be handled with EPSV or EPRT. Some firewalls between the NG Firewall gateway and the FTP server seem to block the chosen high port, so the data connection fails.
Up to firmware 4.2.11 you may switch back to the proxy engine Normal.
With firmware 4.2.12 or later extended passive (EPSV) and extended port (EPRT) mode can be disabled in the http proxy configuration.