There are a number of commands that FTP uses to manage files. You can configure rules to put limits on some FTP commands.
To control the commands that can be used on an FTP server protected by your Firebox, you can configure the FTP-Server proxy action. By default, the FTP-Server proxy action configuration allows these commands:
| ABOR* | HELP* | PASS* | REST* | STAT* | USER* |
| APPE* | LIST* | PASV* | RETR* | STOR* | XCUP* |
| CDUP* | MKD* | PORT* | RMD* | STOU* | XCWD* |
| CWD* | NLST* | PWD* | RNFR* | SYST* | XMKD* |
| DELE* | NOOP* | QUIT* | RNTO* | TYPE* | XRMD* |
The FTP-Server proxy action denies all other FTP commands by default.
To put limits on the commands that users protected by the Firebox can use when they connect to external FTP servers, modify the FTP-Client proxy action. The default configuration of the FTP-Client is to allow all FTP commands.
You can add, delete, or modify rules. We recommend that you do not block these commands, because they are necessary for the FTP protocol to work correctly:
| Protocol Command | Client Command | Description |
|---|---|---|
|
USER |
n/a | Sent with login name |
| PASS | n/a | Sent with password |
| PASV | pasv | Select passive mode for data transfer |
| SYST | syst | Print the server's operating system and version. FTP clients use this information to correctly interpret and show a display of server responses. |
To add, delete, or modify rules:
- In the Proxy Action configuration, select the Commands tab.
- Add, Change, or Delete Rules.
- To change settings for another category in this proxy, see the topic for that category.
- Save the settings.
If you modified a predefined proxy action, when you save the changes you are prompted to clone (copy) your settings to a new action.
For more information on predefined proxy actions, go to About Proxy Actions.