Dec 10, 2024 
Support Center » Knowledgebase » Kerio Control » FTP Policy Configuration
 FTP Policy Configuration
Solution WinRoute Firewall

FTP Policy Configuration

Requirements

FTP usage will be limited by the following restrictions:

  • transmission of music files in the MP3 format will be denied

  • transmission of video files (*.avi) will be denied during labor time

  • uploads (storing files at FTP servers) will be denied protection of important company information

Predefined FTP Rules

Go to Configuration / Content Filtering / FTP Policy to set FTP limitations. The following rules are predefined rules and can be used for all intended restrictions.

Forbid resume due antivirus scanning

This rule denies resuming interrupted data transfer (e.g. caused by a network error). If files transmitted by FTP are scanned, it is recommended to enable this rule (files transmitted in pieces cannot be reliably scanned).

Forbid upload

Deny storing data at FTP servers this rule is already defined and it is satisfactory to switch it on if you intend to use it.

Forbid *.mpg, *.mp3 and *.mpeg files

This option denies transmission of sound files of the listed formats. This rule is already available and it can be enabled easily.

Forbid *.avi files

This rule will deny transmission of video files. Enable this rule, use the Edit button to open the appropriate dialog and define the Labor time time range in the Advanced tab.

Warning: The FTP policy refers to all FTP traffic that is processed by the FTP protocol inspector.

In the following example, we intend to enable the local FTP server from the Internet. The Forbid upload rule denies even upload to this server which is not always desirable. For this reason we must add a rule that would enable upload to this server before the Forbid upload rule.

Notes:

  1. The IP address of the host where the appropriate FTP service is running must be used to define the FTP server\'s IP address. It is not possible to use only the firewall\'s external IP address from which the FTP server is mapped (IP translation is performed before content filtering rules are applied)!

  2. The same method can be applied to enable upload to a particular FTP server in the Internet whereas upload to other FTP servers will be forbidden.



Article Details
Article ID: 19
Created On: Jun 14, 2004 02:03 PM

 This answer was helpful  This answer was not helpful

 Back
 Login [Lost Password] 
Email:
Password:
Remember Me:
 
 Search
 Article Options
Home | Register | Submit a Ticket | Knowledgebase | News | Downloads
Language: