Hello Security Expert Team,
I am using the Cisco ASA 5510/ver 8.2(1) and I am doing some the basic deep inspection for FTP traffic config:
regex REG_C26XX "^c26.*"
regex REG_C28XX "^c28.*"
match port tcp eq ftp
class-map type regex match-any deny_files
match regex RE_C26XX
match regex RE_C28XX
class-map type inspect ftp match-all deny_commands
match request-command site dele rmd
policy-map type inspect ftp ftp_inspect
match filename regex class deny_files
inspect ftp strict ftp_inspect
service-policy outside interface outside
test regex c2600.bin ^c26.*
And I did some test in this case:
1. I have Connected to FTP Server
2. I have got successfully the c2600.bin file
3. show service-policy interface outside inspect ftp ( I didn't see drop/reset packets here)
I have double-checked running configuration and I did not know why ? Could you please help me to find out this issue in thic case?
Thank you very much,