Because the Internet environment lead to USG2100(UTM)fail to upgrade online

Publication Date:  2012-10-31 Views:  136 Downloads:  0
Issue Description
Products upgrading related configuration has finished, but when update prompt that:
2010-11-01 10:51:09 USG2100 %%01UPDATE/4/UPDATE(l): module=IPS version=0.0 status=manual-update result=failed details='Exception error'
Debugging main information is as follows:
*0.1390340 USG2100 UPDATE/7/DBG:[event] 9090 HTTP server responsed: incr-featurelist( num=0 max-ver=0.0 ) major-feature( ver= ) ftp-info( url=sec-downloadserver1.huaweisymantec.com port=21 ) others( msg-code=100 active-code=0WcQwYe61KEXRCYILOHhb7i5EGrLgsI/pZCRczEzeVETPlEAkVMc34YAvZdpNs0lmXa0TDsoJVcvXZCGG24k4IhCNGvIue2aYsENZE1q8SEMn6FugTNjzBBGbfGO4DqoLTI4DgYRk5pqr4yd/nKm5RGWjepCvoe4V32rzj6TUTm6m+p15VE8Hv0EHO4KHGH3 ).

*0.1398520 USG2100 UPDATE/7/DBG:[data] 2768 HTTP server responsed: incr-featurelist( num=0 max-ver=0.0 ) major-feature( ver= ) ftp-info( url=sec-downloadserver1.huaweisymantec.com port=21 ) others( msg-code=100 active-code=0WcQwYe61KEXRCYILOHhb7i5EGrLgsI/pZCRczEzeVETPlEAkVMc34YAvZdpNs0lmXa0TDsoJVcvXZCGG24k4IhCNGvIue2aYsENZE1q8SEMn6FugTNjzBBGbfGO4DqoLTI4DgYRk5pqr4yd/nKm5RGWjepCvoe4V32rzj6TUTm6m+p15VE8Hv0EHO4KHGH3 ).
Alarm Information
none
Handling Process
Through this phenomenon immediately think of that when upgrade UTM, it is used FTP passive mode, data port is a random returned by the server, probably because the firewall of the export place do not open ASPF functions, leading to fail to download.
Open firewall ASPF function, and the problem is solved.
Root Cause
1 Firstly think it is the upgrading website background problem, but communicate with the upgrade website maintenance personnel, he think from the website reply message code (MSG - code = 100) to see, UTM is succeed to connect to upgrading server. Upgrading website configuration is no problem.
2 After discuss to the research and development, combined with debugging information, think UTM device has pass the FTP protocol connection to the upgrading server, and the server also notice the UTM that need to download the signature database file, but later UTM fail to download signature database file.
3 through this phenomenon immediately think of that when upgrade UTM, it is used FTP passive mode, data port is a random returned by the server, probably because the firewall of the export place do not open ASPF functions, leading to fail to download.
Suggestions
When upgrade UTM, need check the Internet environment, if it is through the NAT to access to the Internet, then ensure ASPF function is open.

END