Cisco Cisco Web Security Appliance S660 Mode D'Emploi
78
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
Passive Mode Data Port
Range
Range
Specify a range of TCP ports FTP clients should use to establish a data
connection with the FTP Proxy for passive mode connections.
Default is 11000-11009.
connection with the FTP Proxy for passive mode connections.
Default is 11000-11009.
Active Mode Data Port
Range
Range
Specify a range of TCP ports FTP servers should use to establish a data
connection with the FTP Proxy for active mode connections.
Default is 12000-12009.
You might want to increase the port range in this field to
accommodate more requests from the same FTP server. Because of the
TCP session TIME-WAIT delay (usually a few minutes), a port does not
become available again for the same FTP server immediately after
being used. As a result, any given FTP server cannot connect to the
FTP Proxy in active mode more than n times in a short period of time,
where n is the number of ports specified in this field.
connection with the FTP Proxy for active mode connections.
Default is 12000-12009.
You might want to increase the port range in this field to
accommodate more requests from the same FTP server. Because of the
TCP session TIME-WAIT delay (usually a few minutes), a port does not
become available again for the same FTP server immediately after
being used. As a result, any given FTP server cannot connect to the
FTP Proxy in active mode more than n times in a short period of time,
where n is the number of ports specified in this field.
Active Mode Failover
When this option is enabled, the FTP Proxy will attempt an active
mode connection with the FTP server when passive mode fails.
mode connection with the FTP server when passive mode fails.
Welcome Banner
Choose which welcome message should be displayed in FTP clients:
• FTP server message. The FTP server message only displays for
• FTP server message. The FTP server message only displays for
transparently redirected connections. When a native FTP
connection is explicitly sent to the FTP Proxy, the FTP client
displays a message predefined by the FTP Proxy.
connection is explicitly sent to the FTP Proxy, the FTP client
displays a message predefined by the FTP Proxy.
• Custom message. Enter a message to display for all native FTP
connections.
Control Connection
Timeouts
Timeouts
Enter how long the FTP Proxy waits for more communication in the
control connection from an idle FTP client or FTP server when the
current transaction has not been completed.
For example, if an FTP client opens a control connection and sends
some requests, the FTP Proxy waits for the amount of time specified
for the client side control connection timeout for the next request
before closing the open connection.
• Client side. The maximum number of seconds the FTP Proxy keeps
control connection from an idle FTP client or FTP server when the
current transaction has not been completed.
For example, if an FTP client opens a control connection and sends
some requests, the FTP Proxy waits for the amount of time specified
for the client side control connection timeout for the next request
before closing the open connection.
• Client side. The maximum number of seconds the FTP Proxy keeps
a control connection open with an idle client.
• Server side. The maximum number of seconds the FTP Proxy keeps
a control connection open with an idle FTP server.
Default is 300 seconds for both client and server side control
connection timeouts.
connection timeouts.
Table 5-2 FTP Proxy Settings (Continued)
Property
Description