Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1392
Views
10
Helpful
3
Replies

FTP permitted by default

Gbgreat
Level 1
Level 1

‎06-07-2019 05:54 AM

I have a server on my DMZ that runs a service on FTP.

 

I do not have an access-list permitting traffic from outside to the DMZ on ftp.

FTP is not inspected on the global policy

 

 

But the FTP service is accessible from the outside network.

 

Is there any reason? and how can this be stopped.

 

Also note an access list has been configured to deny, however it still persist.

Labels:
0 Helpful
3 Replies 3

GRANT3779
Spotlight
Spotlight

‎06-07-2019 01:12 PM

Is this a publicly accessible server that sits on the DMZ via NAT?

We would really need to see some config otherwise it would all be guess work.

Some questions.. 

What are the security levels on the interfaces? 

You mention a deny ACL also.

Does this reference real/mapped address if NATd?

What interface and what direction is the ACL applied. 

 

Most helpful would be source / destination IP and config output. 

Mohammed al Baqari
Level 11
Level 11

‎06-08-2019 12:29 AM

What is the security level assigned to dmz and outside interface. Most
likely outside security is higher than dmz. Or they are same and
same-security inter interface is enabled.
0 Helpful

Martin L
VIP
VIP

‎06-08-2019 11:17 AM

disable it/ block it
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card