2.11  FTP Policy Configuration
Prev Chapter 2  Headquarters configuration Next

2.11  FTP Policy Configuration

Requirements

FTP usage will be limited by the following restrictions:

  • transmission of music files in the MP3 format will be denied

  • transmission of video files (*.avi) will be denied during labor time

  • uploads (storing files at FTP servers) will be denied — protection of important company information

Predefined FTP Rules

Go to Configuration → Content Filtering → FTP Policy to set FTP limitations. The following rules are predefined rules and can be used for all intended restrictions.

Predefined FTP Rules

Figure 2.35. Predefined FTP Rules


Forbid resume due antivirus scanning

This rule denies resuming interrupted data transfer (e.g. caused by a network error). If files transmitted by FTP are scanned, it is recommended to enable this rule (files transmitted “in pieces” cannot be reliably scanned).

Forbid upload

Deny storing data at FTP servers — this rule is already defined and it is satisfactory to switch it on if you intend to use it.

Forbid *.mpg, *.mp3 and *.mpeg files

This option denies transmission of sound files of the listed formats. This rule is already available and it can be enabled easily.

Forbid *.avi files

This rule will deny transmission of video files. Enable this rule, use the Edit button to open the appropriate dialog and define the Labor time range in the Advanced tab.

The Forbid *.avi files rule — setting time interval when the rule will be applied

Figure 2.36. The Forbid *.avi files rule — setting time interval when the rule will be applied


Warning: The FTP policy refers to all FTP traffic that is processed by the FTP protocol inspector.

?In the following example, we intend to enable the local FTP server from the Internet. The Forbid upload rule denies even upload to this server which is not always desirable. For this reason we must add a rule that would enable upload to this server before the Forbid upload rule.

FTP rule — allowing uploads to the corporate FTP server

Figure 2.37. FTP rule — allowing uploads to the corporate FTP server


FTP rule — allowing upload of any file

Figure 2.38. FTP rule — allowing upload of any file


Notes:

  1. The IP address of the host where the appropriate FTP service is running must be used to define the FTP server's IP address. It is not possible to use an outbound IP address of the firewall that the FTP server is mapped from (unless the FTP server runs on the firewall)! IP addresses are translated before the content filtering rules are applied.

  2. The same method can be applied to enable upload to a particular FTP server in the Internet whereas upload to other FTP servers will be forbidden.

Prev Up Next
2.10  Web Rules Definition Contents 2.12  Antivirus Scanning Configuration