https://community.cisco.com/t5/network-security/ftp/m-p/1641552#M594948 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The ASA can be configured with an FTP map to provide application inspection and instruct the ASA to allow only certain type of commands, and other restrictions.</P><P>This is creating a Layer 7 Policy MAP and class MAP for FTP.</P><P></P><P>Federico.</P></BODY></HTML> Fri, 07 Jan 2011 17:24:58 GMT Federico Coto Fajardo 2011-01-07T17:24:58Z https://community.cisco.com/t5/network-security/ftp/m-p/1641551#M594946 <P>hi,</P><P></P><P></P><P>I want to know if I have FTP Server and I want to configure something on firewall or Routers so Client or user have only read-only access to FTP server or user can not upload or download the data from FTP server??</P> Mon, 11 Mar 2019 19:31:48 GMT https://community.cisco.com/t5/network-security/ftp/m-p/1641551#M594946 abhi-adte 2019-03-11T19:31:48Z https://community.cisco.com/t5/network-security/ftp/m-p/1641552#M594948 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The ASA can be configured with an FTP map to provide application inspection and instruct the ASA to allow only certain type of commands, and other restrictions.</P><P>This is creating a Layer 7 Policy MAP and class MAP for FTP.</P><P></P><P>Federico.</P></BODY></HTML> Fri, 07 Jan 2011 17:24:58 GMT https://community.cisco.com/t5/network-security/ftp/m-p/1641552#M594948 Federico Coto Fajardo 2011-01-07T17:24:58Z https://community.cisco.com/t5/network-security/ftp/m-p/1641553#M594950 <HTML><HEAD></HEAD><BODY><P>You are talking abt the FPM or MPF..??&nbsp;&nbsp;&nbsp;&nbsp; </P></BODY></HTML> Sun, 09 Jan 2011 22:17:26 GMT https://community.cisco.com/t5/network-security/ftp/m-p/1641553#M594950 abhi-adte 2011-01-09T22:17:26Z https://community.cisco.com/t5/network-security/ftp/m-p/1641554#M594952 <HTML><HEAD></HEAD><BODY><P>Well...</P><P>FPM is on IOS and MPF is either on IOS or ASAs.</P><P></P><P>Federico.</P></BODY></HTML> Mon, 10 Jan 2011 00:15:07 GMT https://community.cisco.com/t5/network-security/ftp/m-p/1641554#M594952 Federico Coto Fajardo 2011-01-10T00:15:07Z https://community.cisco.com/t5/network-security/ftp/m-p/1641555#M594954 <HTML><HEAD></HEAD><BODY><P>this is ok and good; but some one told me it can done via ACL so I tried but its not done from me if u get some thing about it pls share with me...</P></BODY></HTML> Wed, 12 Jan 2011 13:51:41 GMT https://community.cisco.com/t5/network-security/ftp/m-p/1641555#M594954 abhi-adte 2011-01-12T13:51:41Z https://community.cisco.com/t5/network-security/ftp/m-p/1641556#M594956 <HTML><HEAD></HEAD><BODY><P>Abhinay,</P><P>If you want the users to have only read-only permission on the ftp server then, this needs to be done on the ftp server. Firewall has no knowledge of whether you have read-only, full-control, change or write permission to a folder. All it knows is IP address and ports. If the acl allows it it will allow the connection.</P><P></P><P>Unless you are talking about strict ftp inspection where you can block certain ftp commands like mkdir, put can be dropped and reset when sent via ftp protocol via MPF (modular policy framework)</P><P></P><P>-KS</P></BODY></HTML> Wed, 12 Jan 2011 14:09:02 GMT https://community.cisco.com/t5/network-security/ftp/m-p/1641556#M594956 Kureli Sankar 2011-01-12T14:09:02Z https://community.cisco.com/t5/network-security/ftp/m-p/1641557#M594959 <HTML><HEAD></HEAD><BODY><P>Exactly.</P><P>What I'm saying is that an ''advanced'' Layer 7 Policy Map for FTP could include more detailed restrictions (application access) as to specify read-only or write-access, which commands are allowed, etc... (definitely not with an ACL).</P><P></P><P>You can check this here:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/inspect_basic.html#wp1810407">http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/inspect_basic.html#wp1810407</A></P><P></P><P>Federico.</P></BODY></HTML> Wed, 12 Jan 2011 14:12:18 GMT https://community.cisco.com/t5/network-security/ftp/m-p/1641557#M594959 Federico Coto Fajardo 2011-01-12T14:12:18Z https://community.cisco.com/t5/network-security/ftp/m-p/1641558#M594961 <HTML><HEAD></HEAD><BODY><P>Thanks to all...</P></BODY></HTML> Wed, 12 Jan 2011 14:50:08 GMT https://community.cisco.com/t5/network-security/ftp/m-p/1641558#M594961 abhi-adte 2011-01-12T14:50:08Z