User`s guide

2.11 FTP Policy Conﬁguration

Requirements

FTP usage will be limited by the following restrictions:

• transmission of music ﬁles in the MP3 format will be denied

• transmission of video ﬁles (

.AVI) will be denied within working hours

• uploads (storing ﬁles at FTP servers) will be denied — protection of important com-

pany information

FTP restrictions speciﬁed by predeﬁned rules

Go to Conﬁguration → Content Filtering → FTP Policy to set FTP limitations. The following

rules are predeﬁned rules and can be used for all intended restrictions:

• Rules Forbid *.mpg, *.mp3 and *.mpeg ﬁles and Forbid upload are ready to use.

• Modify the Forbid *.avi ﬁles rule by going to the Advanced tab and setting the time

when the rule is valid in the Working hours range (see chapter 2.9).

• To make it possible for all ﬁles transferred by FTP to be checked by the antivirus thor-

oughly, it is also recommended to enable the Forbid resume due to antivirus scanning

rule.

FTP server in local network

?In the following example, we intend to enable the local FTP server from the Internet. The

Forbid upload rule denies even upload to this server which is not always desirable. For this

reason we must add a rule that would enable upload to this server before the Forbid upload

rule:

• On the General tab set the following condition: “if any user acesses FTP server

192.168.1.10, then allow.”

• On the Advanced tab, set the operation type to Upload and use the wildcard for any

ﬁle (

Notes:

1. The IP address of the host where the appropriate FTP service is running must be used to

deﬁne the FTP server’s IP address. It is not possible to use an outbound IP address of the

ﬁrewall that the FTP server is mapped from (unless the FTP server runs on the ﬁrewall)! IP

addresses are translated before the content ﬁltering rules are applied.

2. The same method can be also applied to enable upload to a particular FTP server in the

Internet whereas upload to other FTP servers will be forbidden.