Cisco PIX 525 Specifikace Strana 340

  • Stažení
  • Přidat do mých příruček
  • Tisk
  • Strana
    / 604
  • Tabulka s obsahem
  • ŘEŠENÍ PROBLÉMŮ
  • KNIHY
  • Hodnocené. / 5. Na základě hodnocení zákazníků
Zobrazit stránku 339
21-14
Cisco Security Appliance Command Line Configuration Guide
OL-6721-01
Chapter 21 Applying Application Layer Protocol Inspection
Managing FTP Inspection
B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
E - outside back connection, F - outside FIN, f - inside FIN,
G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
i - incomplete, J - GTP, j - GTP data, k - Skinny media,
M - SMTP data, m - SIP media, O - outbound data, P - inside back connection,
q - SQL*Net data, R - outside acknowledged FIN,
R - UDP RPC, r - inside acknowledged FIN, S - awaiting inside SYN,
s - awaiting outside SYN, T - SIP, t - SIP transient, U - up
Managing FTP Inspection
This section describes how the FTP inspection engine works and how you can change its configuration.
This section includes the following topics:
FTP Inspection Overview, page 21-14
Using the strict Option, page 21-14
Configuring FTP Inspection, page 21-15
Verifying and Monitoring FTP Inspection, page 21-18
FTP Inspection Overview
The FTP application inspection inspects the FTP sessions and performs four tasks:
Prepares dynamic secondary data connection
Tracks ftp command-response sequence
Generates an audit trail
NATs embedded IP address
FTP application inspection prepares secondary channels for FTP data transfer. The channels are
allocated in response to a file upload, a file download, or a directory listing event and must be
pre-negotiated. The port is negotiated through the PORT or PASV commands.
Note If you disable FTP inspection engines with the no inspect ftp command, outbound users can start
connections only in passive mode, and all inbound FTP is disabled.
Using the strict Option
The strict option increases the security of protected networks by preventing web browsers from sending
embedded commands in FTP requests.
Note To specify FTP commands that are not permitted to pass through the security appliance, create an FTP
map and enter the request-command deny command in FTP map configuration mode.
Zobrazit stránku 339
1 2 ... 335 336 337 338 339 340 341 342 343 344 345 ... 603 604

Komentáře k této Příručce

Žádné komentáře