User guide

Configuring an FTP Proxy Service

User Guide 119

Configuring an FTP Proxy Service

The FTP proxy service enables you to access another computer (on a

separate network) for the purposes of browsing directories and copying

files. Consequently, FTP is inherently dangerous. If configured

incorrectly, the FTP service allows intruders to access your network and

important information such as passwords and configuration files. FTP is

also potentially dangerous outbound because it enables users on your

network to copy virtually anything from outside the network to a location

behind their firewall.

Therefore, it is important to make the FTP service as restrictive as

possible. Ideally, try to isolate the inbound FTP servers to a single host (or

hosts) on your Optional network. Make sure you protect your Trusted

network from FTP requests from the host or hosts on the Optional

network as well. Like SMTP, the FTP proxy includes customized features

that provide more complete control over the traffic that passes through

your firewall.

For detailed information about the FTP proxy, see the following FAQ:

https://support.watchguard.com/advancedfaqs/proxy_ftp.asp

For troubleshooting information for the FTP proxy, see the following FAQ:

https://support.watchguard.com/advancedfaqs/proxy_ftptrouble.asp

From Policy Manager:

1 If you have not done so already, use the Add Service button to add

the FTP proxy service. Expand the Proxies tree and double-click the

FTP service icon.

2 Click the Properties tab. Click Settings.

The Settings information appears as shown in the following figure.

3 Enable FTP proxy properties according to your security policy

preferences.

For a description of each control, right-click it, and then select What’s This?. You

can also refer to the “Field Definitions” chapter in the Reference Guide.

4 Click OK.