F5 vs. NetScaler - Outbound FTP traffic load balancing

Question

Hello guys,&nbsp;
Me again. Please&nbsp;
Please, I would like to figure out what is happening in a NetScaler to F5 migration environment. Everything was fine until a FTP issue was reported. People inside the network were not able to transfer files via FTP towards servers in the Internet. I have a 0.0.0.0/0:0 wildcard server to load balance outbound traffic to the Internet across three ISPs. There is no device between the Internet routers and the F5 HA (11.2.1) deployment. I think that there is no issue in connectivity due to the user can open a session in the FTP server by using command line; indeed, the port can be opened from the workstation inside the network. But, there is no chance to transfer files by using an FTP app. I have sniffed the FTP traffic in the firewall and the F5 HA system and compared the .cap files to the NetScaler captures. I have seen that with NetScaler the client sends the PASV command and the connection is established and everything works fine. On the other hand, with F5 the client tries to establish the connection in active mode and it always do that. First, I thought that there is an application layer issue, but I changed my mind when I saw the captures and realized that the PASV command was not being sent when using F5 whereas in NetScaler such command is sent.&nbsp;
Do I need to configure an 0.0.0.0/0:21 virtual server to overcome this as it said in http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0/21.html ? It is supposed that the wildcard (0.0.0.0/0:0) must handle this kind of traffic without problems. &nbsp;
Thanks in advance for your help.&nbsp;
Regards&nbsp;
George&nbsp;

giltjr · Answer

Did you follow:&nbsp;
http://support.f5.com/kb/en-us/solutions/public/8000/000/sol8021.html&nbsp;

jmanya_44531 · Answer

Hello friend,&nbsp;
I did not follow such article. I would have liked to test it. It was an error closing my mind with the idea of the wildcard virtual server and due to I was able to open the 21 port in the server. I am very conscious that I must not compare NetScaler and F5 as if they were the same due to the advantages that F5 has. But, in the end, the main "basic" function I needed to be performed is "load balancing" by using a 0.0.0.0/0:0 virtual server. I have no idea why the FTP app changes its behavior with one and other load balancer.&nbsp;
Just saying, I have an SNAT with IPs of each ISP, so the outbound packet will get such addresses as a source IP. I see that this will not be a problem.&nbsp;
Thanks a lot and regards.&nbsp;
George&nbsp;

Forum Discussion

F5 vs. NetScaler - Outbound FTP traffic load balancing

Recent Discussions

iRule command to allow IP range to access specific URL

When user goes through LB the server page has stripped information

HIGHLY RECOMMENDED LOST CRYPTOCURRENCY RECOVERY SERVICE/ DIGITAL TECH GUARD RECOEVRY

Help with an I-rule rewrite

When adding new GTM(DNS) to the existing group, if software version is not same, what will happen?

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Citrix Netscaler to F5 BIG-IP

Transparent load balancing in Azure, Part 2

Coordinated Vulnerability Disclosure: A Balanced Approach

NGINXaaS for Azure: Load Balancing