Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CSPM and Passive FTP definition

If I define a rule in CSPM to allow passive FTP it creates a rule allowing port 21 and ports 49152 -> 65535. Does anyone know if it possible to change the range of high ports? Even though I can create new services (e.g. MYFTPPassive with a range 1024 -> 65535) I can not associate this with the FTP application. Does this mean that the fixup won't be applied?

Thanks in advance

1 REPLY
Bronze

Re: CSPM and Passive FTP definition

Fixup is actually only done on the control port 21. When cbac/pix notices the traffic, it watches for the return port and allows the traffic. I would think that could be anything >1024. Probably worth running by a Cisco engineer.

90
Views
0
Helpful
1
Replies
CreatePlease to create content