Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
534
Views
0
Helpful
6
Replies

Application layer filtering (FTP) on ASA5505

Amos Kafwembe
Level 1
Level 1

‎03-03-2014 11:51 PM - edited ‎03-11-2019 08:53 PM

                  Friends,

I have my webserver set up in the DMZ on my ASA5505 but am facing a challenge with my users who i suspect are uploading malicious files through FTP. my webserver in running linux and cannot execute the same files, but when i try to open certain sites with my windows machine, my anti virus flags off. please advise on how i can configure application layer filtering on my ASA 5505.

thanks.

Labels:
0 Helpful
6 Replies 6

chetansharma2
Level 1
Level 1

‎03-04-2014 12:02 AM

Which FTP service u are using//

Active or Passive

if u r using Passive, than add FTp service in Inspection... so that it can open dynamically ports automatically

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎03-04-2014 05:03 AM

Hello Amos,

So basically you have a DMZ HTTP server that is being used as the destination of some files that u do not want? Right?

If this is the case you can simply configure an ACL allowing only HTTP traffic to it and then deny the rest.

What do you think?

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Amos Kafwembe
Level 1
Level 1
In response to Julio Carvajal

‎03-05-2014 03:09 AM

Hi,

yes i have a webserver, it is hosting websites for various clients. clients FTP into it and update their sites. the thing is, i think clients upload viruses during this process and thats why i would like to inspect the FTP connections to make sure any malicious codes are detected during this FTP

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Amos Kafwembe

‎03-05-2014 04:47 AM

Hello Amos,

So you want to allow FTP traffic to it??

Cause if this is an HTTP webserver only you could deny all FTP traffic to it, what do u think?

If not, well we will need to play with the FTP inspection a little.

Here are some of the options we have available to customize our FTP DPI:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/inspect_basic.html#wp1234738

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Amos Kafwembe
Level 1
Level 1
In response to Julio Carvajal

‎03-05-2014 07:15 AM

Hi Julio,

yes it is an HTTP webserver and it is hosting websites for vatious clients. they use FTP to upload content and all, i want to inspect FTP traffic to the webserver.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Amos Kafwembe

‎03-05-2014 07:16 AM

Hello,

Then follow the document I sent you,

Regards,

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card