Unanswered Question
Aug 22nd, 2008

Whats the equivalent of application ftp-control command in ACE configuration. I have a user whose passive ftp is not working. The firewall is allowing passive ports.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Syed Iftekhar Ahmed Fri, 08/22/2008 - 08:51

ftp inspect.

You need something in line with the following config

class-map match-all FTP-Traffic

2 match port tcp eq ftp

policy-map multi-match xyz

class FTP-Traffic

inspect ftp

Syed Iftekhar Ahmed

kirit_patel Fri, 08/22/2008 - 10:34

what does inspect ftp command do for me. can u explain it in detail?

Syed Iftekhar Ahmed Fri, 08/22/2008 - 11:06

Same as in any state full firewall FTP Inspect analyzes the PASSIVE MODE command to find out what the negotiated inbound port is, and automatically 'opens' this port from the FTP client through the ACE to the FTP Server.

You can alos use strict feature of ftp inspect to filter out specific control commands



This Discussion