No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Unable to Update the Signature Database or Virus Library in UTM Mode When the USG Device is Moved to Another Network

Publication Date:  2012-07-18 Views:  470 Downloads:  0

Issue Description

At site A, the signature database or virus library of the USG device in UTM mode was successfully updated. Remove the rule directory in the flash and move the USG device to site B. The signature database or virus library failed to be updated in UTM mode

Alarm Information


Handling Process

Find the NAT device at the egress of the customer network, and enable interzone NAT ALG on the NAT device.
[sysname] display interzone trust untrust
interzone trust untrust
detect ftp

Root Cause

The UTM signature database or virus library is downloaded automatically from the security server by using FTP. If the UTM device connects to the network through the USG device and the interzone NAT ALG is not enabled, the situation is as follows:
1.      The UTM device is connected to port 21 of the server through port N (N > 1024).
2.      The UTM device starts to monitor port N 1.
3.      Port 21 responds to port N.
4.      The UTM device sends port N 1 to the server through port N.
5.      Port 21 of the server performs data link initialization for port N 1.
6.      The UTM device is deployed in the downstream of the USG device, and is only configured with port monitoring. The NAT entry for port N 1 has not been established on the USG device. As a result, the packet cannot reach the UTM device, and the data link fails to be established.
The USG device can connect to the Internet but cannot update the signature database or virus library.


After the NAT ALG function is enabled, the signature database or virus library is successfully updated.