Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Application layer filtering (FTP) on ASA5505

                  Friends,

I have my webserver set up in the DMZ on my ASA5505 but am facing a challenge with my users who i suspect are uploading malicious files through FTP. my webserver in running linux and cannot execute the same files, but when i try to open certain sites with my windows machine, my anti virus flags off. please advise on how i can configure application layer filtering on my ASA 5505.

thanks.

Everyone's tags (5)
6 REPLIES
New Member

Application layer filtering (FTP) on ASA5505

Which FTP service u are using//

Active or Passive

if u r using Passive, than add FTp service in Inspection... so that it can open dynamically ports automatically

Application layer filtering (FTP) on ASA5505

Hello Amos,

So basically you have a DMZ HTTP server that is being used as the destination of some files that u do not want? Right?

If this is the case you can simply configure an ACL allowing only HTTP traffic to it and then deny the rest.

What do you think?

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Application layer filtering (FTP) on ASA5505

Hi,

yes i have a webserver, it is hosting websites for various clients. clients FTP into it and update their sites. the thing is, i think clients upload viruses during this process and thats why i would like to inspect the FTP connections to make sure any malicious codes are detected during this FTP

Application layer filtering (FTP) on ASA5505

Hello Amos,

So you want to allow FTP traffic to it??

Cause if this is an HTTP webserver only you could deny all FTP traffic to it, what do u think?

If not, well we will need to play with the FTP inspection a little.

Here are some of the options we have available to customize our FTP DPI:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/inspect_basic.html#wp1234738

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Application layer filtering (FTP) on ASA5505

Hi Julio,

yes it is an HTTP webserver and it is hosting websites for vatious clients. they use FTP to upload content and all, i want to inspect FTP traffic to the webserver.

Application layer filtering (FTP) on ASA5505

Hello,

Then follow the document I sent you,

Regards,

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
136
Views
0
Helpful
6
Replies
CreatePlease login to create content