Cisco Cisco Web Security Appliance S170 Guía Del Usuario
5-9
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 5 Web Proxy Services
Working with FTP Connections
•
You configure FTP Proxy settings that apply to native FTP connections. For
more information, see
more information, see
.
•
You can configure which welcome message users see in the FTP client when
they connect to an FTP server. Configure the welcome banner when you
configure the FTP Proxy settings.
they connect to an FTP server. Configure the welcome banner when you
configure the FTP Proxy settings.
•
You can define a custom message the FTP Proxy displays in IronPort FTP
notification messages when there is an error with FTP Proxy authentication.
For more information, see
notification messages when there is an error with FTP Proxy authentication.
For more information, see
.
•
When the FTP Proxy is configured to cache native FTP transactions, it only
caches content accessed by anonymous users.
caches content accessed by anonymous users.
•
You can configure the FTP Proxy to spoof the IP address of the FTP server.
You might want to do this when FTP clients do not allow passive data
connections when the source IP address of the data connection (FTP server)
is different than the source IP address of the control connection (FTP Proxy).
You might want to do this when FTP clients do not allow passive data
connections when the source IP address of the data connection (FTP server)
is different than the source IP address of the control connection (FTP Proxy).
•
If the connection between the FTP Proxy and the FTP server is slow,
uploading a large file may take a long time when IronPort Data Security
Filters are enabled. If the FTP client times out before the FTP Proxy uploads
the entire file, users may notice a failed transaction.
uploading a large file may take a long time when IronPort Data Security
Filters are enabled. If the FTP client times out before the FTP Proxy uploads
the entire file, users may notice a failed transaction.
Using Authentication with Native FTP
The FTP Proxy performs user authentication to control which users can make
native FTP requests. This user authentication determines which policy groups
apply to the native FTP transaction.
native FTP requests. This user authentication determines which policy groups
apply to the native FTP transaction.
However, due to the nature of FTP and FTP clients, only explicit forward
connections can authenticate users for native FTP transactions. Due to this
limitation, you must configure at least one Identity and Access Policy for native
FTP transactions that do not require authentication when the Web Proxy is
deployed in transparent mode. This allows FTP connections that are transparently
redirected to the Web Security appliance to work. If authentication is required for
all policy groups, transparently redirected native FTP transaction will fail.
connections can authenticate users for native FTP transactions. Due to this
limitation, you must configure at least one Identity and Access Policy for native
FTP transactions that do not require authentication when the Web Proxy is
deployed in transparent mode. This allows FTP connections that are transparently
redirected to the Web Security appliance to work. If authentication is required for
all policy groups, transparently redirected native FTP transaction will fail.
You can configure the authentication format the FTP Proxy uses when
communicating with FTP clients. The FTP Proxy supports the following formats
for proxy authentication:
communicating with FTP clients. The FTP Proxy supports the following formats
for proxy authentication:
•
Check Point. Uses the following formats: