Cisco Cisco Web Security Appliance S170 사용자 가이드
6-8
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 6 Web Proxy Services
Working with FTP Connections
You can use spaces and the @ character in FTP user names. However, you must precede these characters
with a backslash character (\).
with a backslash character (\).
Note
Be careful when requiring authentication for native FTP transactions. FTP is inherently insecure because
data (including the authentication credentials) is transmitted directly over the wire without encryption.
data (including the authentication credentials) is transmitted directly over the wire without encryption.
Working with Native FTP in Transparent Mode
When the Web Security appliance is deployed in transparent mode, FTP clients typically are not
explicitly configured to use the FTP Proxy. Native FTP connections are transparently redirected to the
FTP Proxy and then processed.
explicitly configured to use the FTP Proxy. Native FTP connections are transparently redirected to the
FTP Proxy and then processed.
When a native FTP request is transparently redirected to the FTP Proxy, it contains no hostname
information for the FTP server, only its IP address. Because of this, the FTP Proxy only matches native
FTP transactions with IP addresses configured in the Access Policies.
information for the FTP server, only its IP address. Because of this, the FTP Proxy only matches native
FTP transactions with IP addresses configured in the Access Policies.
The predefined URL categories and Web Reputation Filters block by hostname and IP address, but for
some servers, they may only have hostname information and not the server’s IP address. For example, if
the “News” predefined URL category contains the cnn.com, but not the corresponding IP address for that
server, and if that URL category is configured to block, then native FTP connections to cnn.com will
successfully connect instead of being blocked. Therefore, to make sure the FTP Proxy blocks native FTP
connections to certain sites, you must create custom URL categories and enter the IP addresses in the
list of sites to block or in the regular expression field.
some servers, they may only have hostname information and not the server’s IP address. For example, if
the “News” predefined URL category contains the cnn.com, but not the corresponding IP address for that
server, and if that URL category is configured to block, then native FTP connections to cnn.com will
successfully connect instead of being blocked. Therefore, to make sure the FTP Proxy blocks native FTP
connections to certain sites, you must create custom URL categories and enter the IP addresses in the
list of sites to block or in the regular expression field.
Configuring FTP Proxy Settings
The FTP Proxy settings apply to native FTP connections. To configure proxy settings that apply to FTP
over HTTP connections, configure the Web Proxy. For more information, see
over HTTP connections, configure the Web Proxy. For more information, see
To configure the FTP Proxy settings:
Step 1
Navigate to the Security Services > FTP Proxy page, and click Edit Settings.