Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 14726 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

use application control to Block Ftp upload fail

ChuChien Wei

Hi All,

Use App control to block ftp upload fail
Did someone have this issue??

(SFOS 16.05.3 MR-3)

IPS and Application signatures
3.13.63



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Can you share some pictures of the configured application policy for blocking FTP? Also, make sure that the FTP traffic flows through the same fw-rule within which the configured application policy is defined. You can monitor the traffic using the packet capture utility. Finally, if everything is good then check micro-app discovery option in the application policy.

    Any help?

  • 0 in reply to sachingurung

    Hi sachingurung,

     

    the ftp traffic is pass through the rule ID4

     

    config is as fig

     

     

     

     

     

     

  • 0 in reply to ChuChien Wei

    Hi,

    The configurations look good, try to do an FTP upload and check in Log Viewer | Application filter if there is any FTP request blocked. If not, show us the picture of IPS settings, take SSH to XG and go to option 4. Device Console and execute the following command: show

    show ips-settings

    Thanks

  • 0 in reply to sachingurung

    Hi,

     

    -------

    console> sh ips-settings
    -------------IPS Settings-------------
            stream on
            lowmem on
            maxsesbytes 0
            maxpkts 8
            mmap on
            enable_appsignatures on
            http_response_scan_limit  65535


    -------------IPS Instances------------
    IPS CPU
     1  0

    ------

    the default is maxpkts 8 can not block ftp upload  

     

    and when i try to set ips maxpkts 80  or set ips maxpkts all
    I found the first time upload file can be block

    but, after a file download finish then block ftp upload will fail.

     
    Henry
Reply
  • 0 in reply to sachingurung

    Hi,

     

    -------

    console> sh ips-settings
    -------------IPS Settings-------------
            stream on
            lowmem on
            maxsesbytes 0
            maxpkts 8
            mmap on
            enable_appsignatures on
            http_response_scan_limit  65535


    -------------IPS Instances------------
    IPS CPU
     1  0

    ------

    the default is maxpkts 8 can not block ftp upload  

     

    and when i try to set ips maxpkts 80  or set ips maxpkts all
    I found the first time upload file can be block

    but, after a file download finish then block ftp upload will fail.

     
    Henry
Children
No Data