Cisco 7604 Configuration Manual page 449
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 22
Applying Application Layer Protocol Inspection
where begin_port_number is the lowest port in the range of FTP ports and end_port_number is the
highest port.
(Optional) If you want FTP inspection to do the following:
Step 4
Allow FTP servers to reveal their system type to FTP clients.
•
Limit the allowed FTP commands.
•
then create and configure an FTP map. To do so, perform the following steps.
Create an FTP map that contains the additional parameters of FTP inspection. Use the ftp-map
a.
command to do so, as follows.
hostname(config-cmap)# ftp-map map_name
hostname(config-ftp-map)#
where map_name is the name of the FTP map. The CLI enters FTP map configuration mode.
(Optional) If you want to allow FTP servers from revealing their system type to FTP clients in
b.
responses to SYST messages, use the no form of the mask-syst-reply command, as follows:
hostname(config-ftp-map)# no mask-syst-reply
hostname(config-ftp-map)#
Note
(Optional) If you want to disallow specific FTP commands, use the request-command deny
c.
command and specify each FTP command that you want to disallow, as follows:
hostname(config-ftp-map)# request-command deny ftp_command [ftp_command...]
hostname(config-ftp-map)#
where ftp_command with one or more FTP commands that you want to restrict. See
a list of the FTP commands that you can restrict.
Step 5
Create a policy map or modify an existing policy map that you want to use to apply the FTP inspection
engine to FTP traffic. To do so, use the policy-map command, as follows.
hostname(config-cmap)# policy-map policy_map_name
hostname(config-pmap)#
where policy_map_name is the name of the policy map. The CLI enters the policy map configuration
mode and the prompt changes accordingly.
Specify the class map, created in
Step 6
as follows.
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
where class_map_name is the name of the class map you created in
map class configuration mode and the prompt changes accordingly.
Enable FTP application inspection with the options you want. To do so, do one of the following.
Step 7
If you want to enable strict FTP inspection, use the inspect ftp command with the strict keyword,
•
as follows:
hostname(config-pmap-c)# inspect ftp strict
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
By default, when FTP inspection is enabled, responses to SYST messages are masked. If you
disable SYST response masking, you can reenable it with the mask-syst-response command.
Step
2, that identifies the FTP traffic. Use the class command to do so,
FTP Inspection
Table 22-3
Step
2. The CLI enters the policy
for
22-33
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
