Failure in the Client Using the USG5300 to Access the TFTP Server

Publication Date:  2012-07-25 Views:  101 Downloads:  0
Issue Description
The TFTP server in the DMZ is inaccessible to the client from the Trust Zone.
Alarm Information
None.
Handling Process
1. TFTP is a multi-channel protocol. The control channel uses UDP port 69 and the data channel is obtained by auto-negotiation. Therefore, the problem lies in that strict packet filtering policy is configured between two Zones and that ASPF is not enabled.
2. Enable user-define function of ASPF between DMZ and Trust Zone.
[USG5300]acl num 3000
[USG5300-acl-adv-3000]rule per udp destination-port eq 69
[USG5300-interzone-dmz-untrust]detect user-define 3000
Root Cause
Configuration issues.
Suggestions
None

END