SRX: ICMP redirect might not work for FTP traffic

On SRX100, SRX110, SRX210, and SRX220 devices with FTP ALG enabled, ICMP redirect might not work for FTP traffic.

When FTP ALG is enabled on SRX100, SRX110, SRX210 and SRX220, ICMP redirect does not work.
However, It only affect FTP traffic and Ping or other traffic will work without any problem.
Once Ping packet is through, FTP connection will be success.
Without ping or other traffic, FTP connection will not success.

This is software bug that SRX should generated a ICMP redirect packet to the source, but the ICMP redirect packet is not generated.

This issue only affects SRX100, SRX110, SRX210 and SRX220 platforms with FTP ALG is enabled (Enabled by default).
Affected version:
11.4R9 12.1X44-D20 12.1X45-D15 12 or lower.

About the author

James Palmer

Leave a Comment