Cisco Cisco Web Security Appliance S160 User Guide
Chapter 5 Web Proxy Services
Working with FTP Connections
5-8
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Working with FTP Connections
The Web Security appliance Web Proxy provides proxy services for the File
Transfer Protocol (FTP) as well as HTTP. FTP is a protocol used to transfer data
between computers over a network. The Web Proxy can handle the following FTP
transactions:
Transfer Protocol (FTP) as well as HTTP. FTP is a protocol used to transfer data
between computers over a network. The Web Proxy can handle the following FTP
transactions:
•
FTP over HTTP. Most web browsers support FTP transactions, but
sometimes the transactions are encoded inside an HTTP transaction. All
policies and configuration options that apply to HTTP transactions also apply
to FTP over HTTP transactions.
sometimes the transactions are encoded inside an HTTP transaction. All
policies and configuration options that apply to HTTP transactions also apply
to FTP over HTTP transactions.
•
Native FTP. FTP clients use FTP to transfer data without invoking an HTTP
connection. Native FTP connections are treated and handled differently than
HTTP connections.
connection. Native FTP connections are treated and handled differently than
HTTP connections.
The component of the Web Proxy that handles native FTP transactions is referred
to as the FTP Proxy.
to as the FTP Proxy.
Native FTP connections can be served when the Web Proxy is deployed in either
transparent or explicit forward mode.
transparent or explicit forward mode.
Computers that transfer data using FTP create two connections between them.
The control connection is used to send and receive FTP commands, such as RETR
and STOR, and to communicate other information, such as the connection mode
and file properties. The data connection is used to transfer the data itself.
Typically, computers use port 21 for the control connection, and use a randomly
assigned port (usually greater than 1023) for the data connection.
The control connection is used to send and receive FTP commands, such as RETR
and STOR, and to communicate other information, such as the connection mode
and file properties. The data connection is used to transfer the data itself.
Typically, computers use port 21 for the control connection, and use a randomly
assigned port (usually greater than 1023) for the data connection.
The FTP Proxy supports the following connection modes:
•
Passive. In passive mode, the FTP server chooses the port used for the data
connection and communicates this assignment to the FTP client. Passive
mode is typically favored in most network environments where the FTP client
is located behind a firewall and inbound connections (such as from an FTP
server) are blocked. The default for the FTP Proxy is passive mode.
connection and communicates this assignment to the FTP client. Passive
mode is typically favored in most network environments where the FTP client
is located behind a firewall and inbound connections (such as from an FTP
server) are blocked. The default for the FTP Proxy is passive mode.
•
Active. In active mode, the FTP client chooses the port used for the data
connection and communicates this assignment to the FTP server.
connection and communicates this assignment to the FTP server.
Consider the following rules and guidelines when working with native FTP
connections:
connections:
•
You can define which Identity groups apply to native FTP transactions.