Cisco Cisco Web Security Appliance S660 Guida Utente
4-15
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 4 Intercepting Web Requests
FTP Proxy Services
Related Topics
•
•
.
Enabling and Configuring the FTP Proxy
Step 1
Choose Security Services > FTP Proxy.
Step 2
Click Enable and Edit Settings (if the only available option is Edit Settings then the FTP proxy is
already enabled).
already enabled).
Step 3
(Optional) Configure the basic FTP Proxy settings.
Property
Description
Proxy Listening Port
The port that the FTP Proxy will listen to for FTP control connections.
Clients should use this port when configuring an FTP proxy (not as the port
for connecting to FTP servers, which normally use port 21).
Clients should use this port when configuring an FTP proxy (not as the port
for connecting to FTP servers, which normally use port 21).
Caching
Whether of not data connections from anonymous users are cached.
Note
Data from non-anonymous users is never cached.
Server Side IP Spoofing Allows the FTP Proxy to imitate the FTP server’s IP address. This supports
FTP clients that do not allow transactions when the IP address is different for
the control and data connections.
the control and data connections.
Authentication Format
Allows a choice of authentication format the FTP Proxy can use when com-
municating with FTP clients.
municating with FTP clients.
Passive Mode Data
Port Range
Port Range
The range of TCP ports that FTP clients should use to establish a data con-
nection with the FTP Proxy for passive mode connections.
nection with the FTP Proxy for passive mode connections.
Active Mode Data
Port Range
Port Range
The range of TCP ports FTP servers should use to establish a data connection
with the FTP Proxy for active mode connections. This setting applies to both
native FTP and FTP over HTTP connections.
with the FTP Proxy for active mode connections. This setting applies to both
native FTP and FTP over HTTP connections.
Increasing the port range accommodates more requests from the same FTP
server. Because of the TCP session TIME-WAIT delay (usually a few
minutes), a port does not become available again for the same FTP server im-
mediately after being used. As a result, any given FTP server cannot connect
to the FTP Proxy in active mode more than n times in a short period of time,
where n is the number of ports specified in this field.
server. Because of the TCP session TIME-WAIT delay (usually a few
minutes), a port does not become available again for the same FTP server im-
mediately after being used. As a result, any given FTP server cannot connect
to the FTP Proxy in active mode more than n times in a short period of time,
where n is the number of ports specified in this field.
Welcome Banner
The welcome banner that appears in FTP clients during connection. Choose
from:
from:
•
FTP server message. The message will be provided by the destination
FTP server. This option is only available when the web proxy is config-
ured for transparent mode, and only applies for transparent connections.
FTP server. This option is only available when the web proxy is config-
ured for transparent mode, and only applies for transparent connections.
•
Custom message. When selected, this custom message is displayed for
all native FTP connections. When not selected, this is still used for
explicit forward native FTP connections.
all native FTP connections. When not selected, this is still used for
explicit forward native FTP connections.