Cisco ASA 5505 Configuration Manual page 799

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

Configuring Inspection of Basic Internet Protocols

Select FTP Map

The Select FTP Map dialog box is accessible as follows:

Add/Edit Service Policy Rule Wizard > Rule Actions > Protocol Inspection Tab >

Select FTP Map

The Select FTP Map dialog box lets you enable strict FTP application inspection, select an FTP map, or

create a new FTP map. An FTP map lets you change the configuration values used for FTP application

inspection.The Select FTP Map table provides a list of previously configured maps that you can select

for application inspection.

The following table shows the modes in which this feature is available:

Firewall Mode

FTP Class Map

The FTP Class Map dialog box is accessible as follows:Configuration > Global Objects > Class Maps

The FTP Class Map pane lets you configure FTP class maps for FTP inspection.

An inspection class map matches application traffic with criteria specific to the application. You then

identify the class map in the inspect map and enable actions. The difference between creating a class

map and defining the traffic match directly in the inspect map is that you can create more complex match

criteria and you can reuse class maps. The applications that support inspection class maps are DNS, FTP,

H.323, HTTP, IM, and SIP.

FTP Strict (prevent web browsers from sending embedded commands in FTP requests)—Enables

strict FTP application inspection, which causes the adaptive security appliance to drop the

connection when an embedded command is included in an FTP request.

Use the default FTP inspection map—Specifies to use the default FTP map.

Select an FTP map for fine control over inspection—Lets you select a defined application inspection

map or add a new one.

Add—Opens the Add Policy Map dialog box for the inspection.

Security Context

Transparent Single

Name—Shows the FTP class map name.

Match Conditions—Shows the type, match criterion, and value in the class map.

Match Type—Shows the match type, which can be a positive or negative match.

Criterion—Shows the criterion of the FTP class map.

Value—Shows the value to match in the FTP class map.

Cisco ASA 5500 Series Configuration Guide using ASDM

FTP Inspection

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 799

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents