I have my webserver set up in the DMZ on my ASA5505 but am facing a challenge with my users who i suspect are uploading malicious files through FTP. my webserver in running linux and cannot execute the same files, but when i try to open certain sites with my windows machine, my anti virus flags off. please advise on how i can configure application layer filtering on my ASA 5505.
So basically you have a DMZ HTTP server that is being used as the destination of some files that u do not want? Right?
If this is the case you can simply configure an ACL allowing only HTTP traffic to it and then deny the rest.
What do you think?
yes i have a webserver, it is hosting websites for various clients. clients FTP into it and update their sites. the thing is, i think clients upload viruses during this process and thats why i would like to inspect the FTP connections to make sure any malicious codes are detected during this FTP
So you want to allow FTP traffic to it??
Cause if this is an HTTP webserver only you could deny all FTP traffic to it, what do u think?
If not, well we will need to play with the FTP inspection a little.
Here are some of the options we have available to customize our FTP DPI:
Then follow the document I sent you,