ASA V7.2 how to deny ftp/get command

Unanswered Question
Jul 4th, 2007
User Badges:


I normally use the configuration below to block the ftp/get command on my ASA v7.1. But, after upgrade to v7.2, the 'ftp-map' command has been deprecated. We need to use Use 'policy-map type inspect ftp' instead. I found the only actions to ftp command are 'reset' and 'log'. But I only need to block ftp/get command, not to reset the ftp connection. How can I do with v7.2? Thanks

This is my old configuration in v7.1:

ftp-map deny_get

request-cmd deny get

policy-map global_policy

class inspection_default

inspect ftp strict deny_get

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion