cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SFTP session disconnecting

SOLVED
Highlighted
Getting noticed

SFTP session disconnecting

All,

 

I've set up a port forwarding rule to allow TCP 22 to a particular server, in order to support an SFTP server.

 

The connection is successfully being made, user logs in, but file transfers disconnect after transferring only a few kb.  

 

Error code in the sftp server is: Winsock error - 10054  which indicates the remote client is disconnecting.

 

Error code in the client indicates something similiar, the connection is being interrupted.  

 

I've used several different clients and even at one point changed SFTP server software.  I'm getting the same results.

 

As such, I've concluded it must be something related to my Meraki MX unit but I don't know where to find logs or what I would even check.

 

Any ideas would be appreciated

 

Zane D - IT Manager in Sin City NV
1 ACCEPTED SOLUTION

Accepted Solutions
Head in the Cloud

Re: SFTP session disconnecting

I see I must have whitelisted that a long time ago and forgot.  So that explains why it worked for me 😉

 

Screen Shot 2019-06-05 at 11.54.57 AM.png

View solution in original post

7 REPLIES 7
Highlighted
Head in the Cloud

Re: SFTP session disconnecting

I have an SFTP server behind my MX and have no issue.  Have you done a packet capture to look at it?

 

My rule is TCP 20-22 to an internal server because I have to support some FTP too.

 

 

 

 

Highlighted
Getting noticed

Re: SFTP session disconnecting

yes, I have run a pcap but it doesn't show anything obvious.

 

I've also run a connection locally from a client on the same LAN as the server to eliminate the firewall connect.  When I do it this way, I get no disconnection.

 

If I use the same client but connect using the public IP address and back in via the MX unit, disconnect errors.

 

I also have another external business partner connecting remotely and also getting the same disconnect problem.  Its  looking like the MX unit as the issue

Zane D - IT Manager in Sin City NV
Highlighted
Kind of a big deal

Re: SFTP session disconnecting

Highlighted
Getting noticed

Re: SFTP session disconnecting

great call!  I found this in the logs: IDS Alert SSH_EVENT_RESPOVERFLOW

 

 

Zane D - IT Manager in Sin City NV
Head in the Cloud

Re: SFTP session disconnecting

I see I must have whitelisted that a long time ago and forgot.  So that explains why it worked for me 😉

 

Screen Shot 2019-06-05 at 11.54.57 AM.png

View solution in original post

Highlighted
Getting noticed

Re: SFTP session disconnecting

crap, i already have it whitelisted as well but it's still appearing

Zane D - IT Manager in Sin City NV
Highlighted
Kind of a big deal

Re: SFTP session disconnecting

In my experience whitelisting these ID events doesn't work very well or quickly.

 

Your best bet is start by changing the ruleset to balanced instead of security. The next option is change the mode to detection. Then it pinpoints which part of ID is detecting/causing it.

 

The other thing you might check is AMP settings.

 

Also if you can provide the SNORT link to the vulnerability it is detecting

 

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.