FTP traffic on PIX

tyagivijay · ‎08-24-2004

Dear All ,

Can we implement download restrictions on PIX or Router, so that no one can download more than 10 MB of file in day time ?

gfullage · ‎08-24-2004

No, sorry, this is not possible.

You can use the "filter" command to filter FTP sites on an external WebSense server, and if the WebSense server has something like that then theoretically you could use it to deny the traffic thru the PIX.

See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/df.htm#wp1131454 for details.

spremkumar · ‎08-24-2004

Hi

Instead of file size hope u can control ur b/w utilisation used for downloading in ur router..

I would suggest to implement the same on the router ethernet or else in router wan port itself.

u can achieve the same using time-range feature avl in cisco ios in conjuction with ACL.

Try to create an Time-range like this

time-range download

absolute start mm:ss date month 2004

periodic 1000 to 1800

then bind this to ur ACL

access-list 101 permit ip any any time-range download

(if u know from any specific locations from wher they r downloading then u can match the ips accoringly in the ACL)(considering 128k b/w for downloading here)

then apply the same under u r interface with CAR

inter serial 0/0

rate-limit input access-group 101 128000 16000 16000 conform-action transmit exceed-action drop

rate-limit output access-group 101 128000 16000 16000 conform-action transmit exceed-action drop

i think this may do wht u wish to do

regds