FTP Policy

To define rules for access to FTP servers go to Configuration / Content Filtering / FTP Rules.

Rules in this section are tested from the top of the list downwards (you can order the list entries using the arrow buttons at the right side of the dialog window). Testing is stopped when the first convenient rule is met. If the query does not match any rule, access to the FTP server is implicitly allowed.

Notes:

  1. The default WinRoute configuration includes a set of predefined rules for FTP traffic. These rules are disabled by default. These rules are available to the WinRoute administrators.

  2. A rule which blocks completion of interrupted download processes (so called resume function executed by the REST FTP command). This function is essential for proper functionality of the antivirus control: for reliable scanning, entire files must be scanned.

    If undesirable, this rule can be disabled. This is not recommended as it might jeopardize scanning reliability. However, there is a more secure way to limit this behavior: create a rule which will allow unlimited connections to a particular FTP server. The rule will take effect only if it is placed before the Resume rule.

Use the Add button to define a new FTP rule.

General conditions and actions that are to be taken can be defined in the General tab.

Description

Description of the rule (information for the administrator).

If user accessing the FTP server is

Select which users this rule will be applied on:

  • any user the rule will be applied on all users (regardless whether authenticated on the firewall or not).

  • any user authenticated on the firewall applied on all authenticated users.

  • selected user(s) applied on selected users or/and user groups.

    Click on the Set button to select users or groups (hold the Ctrl and the Shift keys to select more that one user/group at once).

Note: Rules designed for selected users (or all authenticated users) are irrelevant unless combined with a rule that denies access of non-authenticated users.

And the FTP server is

Specify FTP servers on which this rule will be applied:

  • any server any FTP server

  • server IP address of DNS name of a particular FTP server.

    If an FTP server is defined through a DNS name, WinRoute will automatically perform IP address resolution from DNS. The IP address will be resolved immediately when settings are confirmed by the OK button (for all rules where the FTP server was defined by a DNS name).

    Warning: Rules are disabled unless a corresponding IP address is found!

  • IP address from group selection of IP addresses of FTP servers that will be either denied or allowed.

    Click on the Edit button to edit IP groups (for details see chapter Address Groups).

Action

Select an action that will be taken when requirements for users and the FTP server are met:

  • Allow WinRoute allows connection to selected FTP servers under conditions set in the Advanced tab see below).

  • Deny WinRoute will block certain FTP commands or FTP connections (according to the settings within the Advanced tab).

Use the Log option to log all FTP access attempts that have met this rule into the Filter log (see chapter Filter Log).

Go to the Advanced tab to define other conditions that must be met for the rule to be applied and to set advanced options for FTP communication.


Valid at time interval

Selection of the time interval during which the rule will be valid (apart from this interval the rule will be ignored). Use the Edit button to edit time intervals (for details see chapter Time Ranges).

Valid for IP address group

Selection of IP address group on which the rule will be applied. Client (source) addresses are considered). Use the Any option to make the rule independent of clients.

Use the Edit button to edit IP groups (for details see chapter Address Groups).

Content

Advanced options for FTP traffic content.

Use the Type option to set a filtering method:

  • Download, Upload, Download / Upload transport of files in one or both directions.

    If any of these options is chosen, you can specify names of files on which the rule will be applied using the File name entry. Wildcard matching can be used to specify a file name (i.e. *.exe for executables).

  • FTP command selection of commands for the FTP server on which the rule will be applied

  • Any denies all traffic (any connection or command use)

Scan content for viruses according to scanning rules

Use this option to enable/disable scanning for viruses for FTP traffic which meet this rule.

This option is available only for allowing rules it is meaningless to apply antivirus check to denied traffic.

New rules will be added below the rule marked before using the Add button. Use the arrow buttons at the right side of the dialog window to move the rule within the list.

Use matching fields next to appropriate rules to switch rules off. Ticked rules will be ignored. Due to this function it is not necessary to remove rules and define them again later.

Note: Access to FTP servers that do not meet any rules are implicitly allowed. To allow access to a limited number of FTP servers and block other pages, add a new rule (using the wildcard "*") that will deny access to any URL to the end of the list.

Additional Links

Search

Support

Documentation

Authorization

 
Forgot your password?
Register

Subscribe

Subscribe to company news