Cisco PIX 520 - PIX Firewall 520 Online Help Manual page 198

System Properties>Advanced>FixUp>FTP
The FTP panel allows you to enable or disable the PIX Firewall to look into the payload of the
channel and apply the Adaptive Security Algorithm (ASA). You can specify the port(s) at which the PIX Firewall
listens for FTP traffic. FTP FixUp is enabled for port 21 by default.
The following sections are included in this Help topic:
Important Notes
Field Descriptions
Disabling FTP FixUp
Enabling FTP FixUp
Changing the FTP FixUp Port Numbers
Resetting to Last Applied Settings
Important Notes
The FTP port can be changed; however if you change the default of port 21 to something like 2021, all FTP
clients must use port 2021 to send data, and FTP control connections on port 21 will no longer work.
If you disable FTP FixUp, internal users can FTP to external servers only in passive mode.
For more information about the protocols used in the FixUp panels, refer to the
Cisco Secure PIX Firewall Version
Field Descriptions
The FTP panel displays the following fields:
FTP table
Low Port—Displays the port number or lower port number range for the FTP Fixup.
High Port—Displays the upper port number range (if applicable) for the FTP Fixup.
Strict—Displays whether the "strict" option (see the Strict check box description) is in effect for
this FTP Fixup.
Add—Opens the Add dialog box.
Low port—Enter a port number or lower port number range for addition to the FTP table.
High port (optional)—Enter an upper port number range for addition to the FTP table.
Strict—Select the Strict check box to prevent web browsers from sending embedded commands in FTP
requests. Each FTP command must be acknowledged before a new command is allowed. Clear the Strict
x.x.
FTP control
Configuration Guide for the