Verifying And Monitoring Ftp Inspection - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
FTP Inspection
You can specify multiple class or match commands in the policy map. For information about the order
of class and match commands, see the
page
To configure parameters that affect the inspection engine, perform the following steps:
Step 7
a.
b.
c.
Before submitting a username and password, all FTP users are presented with a greeting banner. By
default, this banner includes version information useful to hackers trying to identify weaknesses in a
system. The following example shows how to mask this banner:
hostname(config)# policy-map type inspect ftp mymap
hostname(config-pmap)# parameters
hostname(config-pmap-p)# mask-banner
hostname(config)# class-map match-all ftp-traffic
hostname(config-cmap)# match port tcp eq ftp
hostname(config)# policy-map ftp-policy
hostname(config-pmap)# class ftp-traffic
hostname(config-pmap-c)# inspect ftp strict mymap
hostname(config)# service-policy ftp-policy interface inside
Verifying and Monitoring FTP Inspection
FTP application inspection generates the following log messages:
•
•
•
•
Cisco Security Appliance Command Line Configuration Guide
25-30
The reset keyword drops the packet, closes the connection, and sends a TCP reset to the server
and/or client.
The log keyword, which you can use alone or with one of the other keywords, sends a system log
message.
The rate-limit message_rate argument limits the rate of messages.
21-10.
To enter parameters configuration mode, enter the following command:
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
To mask the greeting banner from the FTP server, enter the following command:
hostname(config-pmap-p)# mask-banner
To mask the reply to syst command, enter the following command:
hostname(config-pmap-p)# mask-syst-reply
An Audit record 302002 is generated for each file that is retrieved or uploaded.
The FTP command is checked to see if it is RETR or STOR and the retrieve and store commands
are logged.
The username is obtained by looking up a table providing the IP address.
The username, source IP address, destination IP address, NAT address, and the file operation are
logged.
Chapter 25
Configuring Application Layer Protocol Inspection
"Defining Actions in an Inspection Policy Map" section on
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
