On UTM mode, the signature and the virus database can update online successfully in site A. But the updates will be fail if we delete the rules directory under the flash and demo the equipment to the site B.
At the exit of customers, find the NAT device and open the inter-domain NAT ALG on the device.
[sysname] display interzone trust untrust
interzone trust untrust
The UTM signature and characteristics database download through active FTP connection to a secure server. The UTM devices access the internet through our company’s NAT security products, there will be situations below if the inter-domain is not turned on the NAT alg enable FTP.
1 The UTM device uses port N(N>1024) to connect to the server on port 21;
2 UTM appliances start listening port N+1;
3 Server port 21 response the port N;
4 UTM appliances use port N send port N+1 to the server;
5 Server port 21 performs initialization to the port N+1 data link;
6 As the UTM device is behind in our company safety equipment and it only do the port monitor action, the N+1 table entry is not established in our company safety equipment, so the message will be failed to reach the UTM device and the data link establishment failure.
There will be the situation that can access the internet normally but unable to update the signature and virus database.
After open NAT ALG function, the signature and virus database upgrade successfully.