Table of Contents
Advertisement
plugin is indispensable when allowing FTP traffic to pass through the firewall and to dynamically
manage FTP data connections.
Automatically detect
and inspect the
protocol
Authentication
Allow SSL
authentication
Do not scan the FTP
authentication phase
Size of elements (in bytes)
Imposing a maximum size for elements (in bytes) allows countering buffer overflow attacks.
Username
User password
Path (directory +
filename)
SITE command
Other commands
Support
Disable intrusion
prevention
Log each FTP request Enables or disables the reporting of FTP logs.
"Proxy" tab
Filter the welcome
banner sent by the FTP
server
Block FTP bounce
Connection
Keep original source IP
address
Page 266/448
If this protocol has been enabled, it will automatically be used for discovering
corresponding packets in filter rules.
Enables SSL authentication for the protocol (FTP only). By selecting this option,
personal data such as the login and password may be encrypted and therefore,
protected.
No data scans will be performed
Maximum number of characters that a user name can contain. This value must be
between 10 and 2048 bytes.
Maximum number of characters for the FTP password. This value must be between 10
and 2048 bytes.
Maximum number of characters of the path taken by the program execution, or the
path taken in the directory to reach the FTP file. This value must be between 10 and
2048 bytes.
Maximum number of characters that the SITE command can contain (between 10 and
2048 bytes).
Maximum number of characters that additional commands can contain (between 10
and 2048 bytes)
When this option is selected, the scan of the FTP protocol will be disabled and traffic
will be authorized if the filter policy allows it.
If this option is selected, the server's banner will no longer be sent during an FTP
connection.
Allows the prevention of IP address spoofing. By executing the PORT command and by
specifying an internal IP address, an external host may access confidential data by
exploiting vulnerabilities in an FTP server or a host that is vulnerable to bounces.
When a request is made by a web client (browser) to the server, the firewall will
intercept it and check that the request complies with URL filter rules and then relays
the request.
If this option is selected, the new request will use the original source IP address of the
web client that sent the packet. Otherwise, the firewall's address will be used.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
PROTOCOLS
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
