Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
853
Views
0
Helpful
1
Replies

ASA V7.2 how to deny ftp/get command

ivan.chien
Level 1
Level 1

‎07-04-2007 03:55 AM - edited ‎03-11-2019 03:39 AM

Hi,

I normally use the configuration below to block the ftp/get command on my ASA v7.1. But, after upgrade to v7.2, the 'ftp-map' command has been deprecated. We need to use Use 'policy-map type inspect ftp' instead. I found the only actions to ftp command are 'reset' and 'log'. But I only need to block ftp/get command, not to reset the ftp connection. How can I do with v7.2? Thanks

This is my old configuration in v7.1:

ftp-map deny_get

request-cmd deny get

policy-map global_policy

class inspection_default

inspect ftp strict deny_get

Labels:
0 Helpful
1 Reply 1

aghaznavi
Level 5
Level 5

‎07-10-2007 08:39 AM

I think you will have to first select the traffic using the class-map commands, then decide the actions on basis of policy-map and then apply it to the interface as per the need using service-policy command. Following link may help you

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1234738

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card