You want to view the control and data sessions associated with an FTP transfer.
Figure 11-1 shows the Orion host and the Phoenix FTP server communicating through the
Figure 11-1. FTP ALG
Internal_FW ScreenOS gateway has the following configuration, permitting FTP traffic from Orion to Phoenix:
set address Trust orion 192.168.4.10/32Internal_FW->
set address Transit phoenix 192.168.9.30/32Internal_FW->
set policy from Trust to Transit orion phoenix ftp permit log
External_FW ScreenOS gateway has the following configuration, permitting FTP traffic from Orion to Phoenix:
set address Transit orion 192.168.4.30/32External_FW->
set address DMZ phoenix 192.168.9.10/32External_FW->
set policy from Transit to DMZ orion phoenix FTP permit log
When an FTP session is initiated from Orion to Phoenix, the control (parent) session is viewed as follows on the
Internal_FW ScreenOS gateway:
get session src-ip 192.168.4.10 dst-ip 192.168.9.30 dst-port 21
When Orion requests and starts to receive a file via an active FTP from Phoenix, a separate FTP data (child) session is opened on the firewalls. You can view this session as follows on the
get session src-ip 192.168.9.30 dst-ip 192.168.4.10 src-port ...