2 Replies Latest reply on May 30, 2013 9:42 AM by dbsitms

    Scheduled Config Backup Failing Randomly

      Hi,  I have an HA pair of Sidewinders each running software version  I have a Scheduled Configuration Backup doing an SCP on port 22 to a remote FTP server.  The job runs successfully for a random number of days at the scheduled time (0615) and then fails due to Permission Denied.  Interrogation of the FTP server suggests that the Sidewinder has attempted to login with an incorrect FTP user password and the FTP user locks out after 3 attempts.  On clearing the failed attempts from the FTP server the Sidewinder will then backup successfully for another random number of days before this happens again.


      As the FTP server accepts logins once the failed attempts have been cleared I am confident that the password on the FTP server has not changed.  As the firewall will also backup successfully once the FTP server failed attempts have been cleared I am also confident that the password on the firewall is also unchanged.


      Can anyone suggest why on a random occasion the Sidewinder seems to attempt a login with a corrupt (?) password and locks out my FTP user account?

        • 1. Re: Scheduled Config Backup Failing Randomly



          I have not heard of this before. Are you certain it is the firewall that is using the incorrect password and getting the user locked out? Perhaps it's another device doing this?


          Does the firewall have any other scheduled jobs or backups that might be locking out the user?



          • 2. Re: Scheduled Config Backup Failing Randomly



            Logs from the remote server show that it is only the firewalls making a call to the ftp user in question and at the expected times.  Logs also show that the first firewall connects and completes its backup successfully at 0600, but when the second firewall attempts its backup at 0615 the operation fails with 'failed password' and 'failed login' messages.  Sendmail then issues mail that confirms an incorrect password attempt with 'permission denied' messages.  Resetting the ftp account then allows the scheduled backup to run on both firewalls without any changes so I'm confident that there is no discrepancy in the passwords stored on either of the firewalls.


            Struggling to pin down what could possibly change in the space of 15 minutes!


            There are a number of other processes running on the ftp server simultaneously but nothing else to the same ftp user.  Pretty certain that the server is not low on resource and impacting the ftp user for some reason but as a test I have moved the 0615 backup earlier to when the server is quieter......guesswork mostly.