Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jeff_Gao
Advisor

ftp protocol-download policy can not matched

Jump to solution

Dear 

I want to limit ftp client only download and can not upload,I try to configure policy as follow:

ftp.png

But the traffic from client to ftp server can not match the policy,it's matching the cleanup rule.

R55 is working well,I just configure the policy in R80.40 and same the R55,but no working,pls help!

 

0 Kudos
1 Solution

Accepted Solutions
Jeff_Gao
Advisor

I have solved it by two policy:

policy one:

                 source:ftp client      dest:ftp-server  services/applications:ftp porotocol-upload  action:drop

policy two:

                source:ftp client      dest:ftp-server  services/applications:ftp  action:allow

ftp.png

View solution in original post

0 Kudos
6 Replies
CPRQ
Contributor

We have some other ftp issue when move from R77 to R80.20. We used sk45085.

fw ctl get int fw_ftp_allow_double_parenthesis_termination
fw_ftp_allow_double_parenthesis_termination = 0

fw ctl set int fw_ftp_allow_double_parenthesis_termination 1

fw ctl get int fw_ftp_allow_double_parenthesis_termination
fw_ftp_allow_double_parenthesis_termination = 1

 

0 Kudos
Jeff_Gao
Advisor

but i no enable anti-virus,i just enable app&url .

0 Kudos
PhoneBoy
Admin
Admin

In R55, this was done using the Security Servers.
I’m guessing you are doing this with App Control.
Are you sure the FTP connection is not TLS encrypted?
That may make detection of this…problematic.

0 Kudos
Jeff_Gao
Advisor

yes,there is no tls encrypted,you can demo it.

0 Kudos
PhoneBoy
Admin
Admin

Recommend a TAC case.

0 Kudos
Jeff_Gao
Advisor

I have solved it by two policy:

policy one:

                 source:ftp client      dest:ftp-server  services/applications:ftp porotocol-upload  action:drop

policy two:

                source:ftp client      dest:ftp-server  services/applications:ftp  action:allow

ftp.png

View solution in original post

0 Kudos