cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
349
Views
0
Helpful
6
Replies

Application layer filtering (FTP) on ASA5505

Amos Kafwembe
Beginner
Beginner

                  Friends,

I have my webserver set up in the DMZ on my ASA5505 but am facing a challenge with my users who i suspect are uploading malicious files through FTP. my webserver in running linux and cannot execute the same files, but when i try to open certain sites with my windows machine, my anti virus flags off. please advise on how i can configure application layer filtering on my ASA 5505.

thanks.

6 Replies 6

chetansharma2
Beginner
Beginner

Which FTP service u are using//

Active or Passive

if u r using Passive, than add FTp service in Inspection... so that it can open dynamically ports automatically

Julio Carvajal
Advisor
Advisor

Hello Amos,

So basically you have a DMZ HTTP server that is being used as the destination of some files that u do not want? Right?

If this is the case you can simply configure an ACL allowing only HTTP traffic to it and then deny the rest.

What do you think?

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi,

yes i have a webserver, it is hosting websites for various clients. clients FTP into it and update their sites. the thing is, i think clients upload viruses during this process and thats why i would like to inspect the FTP connections to make sure any malicious codes are detected during this FTP

Hello Amos,

So you want to allow FTP traffic to it??

Cause if this is an HTTP webserver only you could deny all FTP traffic to it, what do u think?

If not, well we will need to play with the FTP inspection a little.

Here are some of the options we have available to customize our FTP DPI:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/inspect_basic.html#wp1234738

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi Julio,

yes it is an HTTP webserver and it is hosting websites for vatious clients. they use FTP to upload content and all, i want to inspect FTP traffic to the webserver.

Hello,

Then follow the document I sent you,

Regards,

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers