FTP usage will be limited by the following restrictions:
transmission of music files in the MP3 format will be denied
transmission of video files (*.AVI
) will be denied within working hours
uploads (storing files at FTP servers) will be denied — protection of important company information
Go to Configuration → Content Filtering → FTP Policy to set FTP limitations. The following rules are predefined rules and can be used for all intended restrictions:
Rules Forbid *.mpg, *.mp3 and *.mpeg files and Forbid upload are ready to use.
Modify the Forbid *.avi files rule by going to the Advanced tab and setting the time when the rule is valid in the Working hours range (see chapter 2.10 Address Groups and Time Ranges).
?In the following example, we intend to enable the local FTP server from the Internet. The Forbid upload rule denies even upload to this server which is not always desirable. For this reason we must add a rule that would enable upload to this server before the Forbid upload rule:
On the General tab set the following condition: “if any user acesses FTP server 192.168.1.10
, then allow.”
On the Advanced tab, set the operation type to Upload and use the wildcard for any file (*
).
Notes:
The IP address of the host where the appropriate FTP service is running must be used to define the FTP server's IP address. It is not possible to use an outbound IP address of the firewall that the FTP server is mapped from (unless the FTP server runs on the firewall)! IP addresses are translated before the content filtering rules are applied.
The same method can be also applied to enable upload to a particular FTP server in the Internet whereas upload to other FTP servers will be forbidden.