Failure in the Client Using the USG5300 to Access the TFTP Server
Publication Date: 2012-07-25Views: 75Downloads: 0
The TFTP server in the DMZ is inaccessible to the client from the Trust Zone.
1. TFTP is a multi-channel protocol. The control channel uses UDP port 69 and the data channel is obtained by auto-negotiation. Therefore, the problem lies in that strict packet filtering policy is configured between two Zones and that ASPF is not enabled.
2. Enable user-define function of ASPF between DMZ and Trust Zone.
[USG5300]acl num 3000
[USG5300-acl-adv-3000]rule per udp destination-port eq 69
[USG5300-interzone-dmz-untrust]detect user-define 3000