Chapter 37
Configuring Inspection of Basic Internet Protocols
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
FTP Inspection
This section describes the FTP inspection engine. This section includes the following topics:
•
•
•
•
•
•
•
FTP Inspection Overview
The FTP application inspection inspects the FTP sessions and performs four tasks:
•
•
•
•
FTP application inspection prepares secondary channels for FTP data transfer. Ports for these channels
are negotiated through PORT or PASV commands. The channels are allocated in response to a file
upload, a file download, or a directory listing event.
OL-20339-01
Action—Shows the action if the match condition is met.
–
Log—Shows the log state.
–
Add—Opens the Add DNS Inspect dialog box to add a DNS inspection.
–
Edit—Opens the Edit DNS Inspect dialog box to edit a DNS inspection.
–
Delete—Deletes a DNS inspection.
–
Move Up—Moves an inspection up in the list.
–
Move Down—Moves an inspection down in the list.
–
Security Context
Transparent Single
•
•
FTP Inspection Overview, page 37-13
Using Strict FTP, page 37-14
Select FTP Map, page 37-15
FTP Class Map, page 37-15
Add/Edit FTP Traffic Class Map, page 37-16
Add/Edit FTP Match Criterion, page 37-16
FTP Inspect Map, page 37-18
Prepares dynamic secondary data connection
Tracks the FTP command-response sequence
Generates an audit trail
Translates the embedded IP address
Multiple
Context
System
—
•
Cisco ASA 5500 Series Configuration Guide using ASDM
FTP Inspection
37-13