Cisco Cisco Web Security Appliance S170 사용자 가이드
76
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
Working with Native FTP in Transparent Mode
When the Web Security appliance is deployed in transparent mode, FTP clients typically are
not explicitly configured to use the FTP Proxy. Native FTP connections are transparently
redirected to the FTP Proxy and then processed.
not explicitly configured to use the FTP Proxy. Native FTP connections are transparently
redirected to the FTP Proxy and then processed.
When a native FTP request is transparently redirected to the FTP Proxy, it contains no
hostname information for the FTP server, only its IP address. Because of this, the FTP Proxy
only matches native FTP transactions with IP addresses configured in the Access Policies.
hostname information for the FTP server, only its IP address. Because of this, the FTP Proxy
only matches native FTP transactions with IP addresses configured in the Access Policies.
The predefined URL categories and Web Reputation Filters block by hostname and IP address,
but for some servers, they may only have hostname information and not the server’s IP
address. For example, if the “News” predefined URL category contains the cnn.com, but not
the corresponding IP address for that server, and if that URL category is configured to block,
then native FTP connections to cnn.com will successfully connect instead of being blocked.
Therefore, to make sure the FTP Proxy blocks native FTP connections to certain sites, you
must create custom URL categories and enter the IP addresses in the list of sites to block or in
the regular expression field.
but for some servers, they may only have hostname information and not the server’s IP
address. For example, if the “News” predefined URL category contains the cnn.com, but not
the corresponding IP address for that server, and if that URL category is configured to block,
then native FTP connections to cnn.com will successfully connect instead of being blocked.
Therefore, to make sure the FTP Proxy blocks native FTP connections to certain sites, you
must create custom URL categories and enter the IP addresses in the list of sites to block or in
the regular expression field.
Configuring FTP Proxy Settings
The FTP Proxy settings apply to native FTP connections. To configure proxy settings that apply
to FTP over HTTP connections, configure the Web Proxy. For more information, see
“Configuring the Web Proxy” on page 70.
to FTP over HTTP connections, configure the Web Proxy. For more information, see
“Configuring the Web Proxy” on page 70.
To configure the FTP Proxy settings:
1. Navigate to the Security Services > FTP Proxy Settings page, and click Edit Settings.