use application control to Block Ftp upload fail

Hi All,

I open a case ane the support let me using custom signature on ips to do this.

ticket number 7318990

1) Create a custom signature and name them as FTPUPLOAD and FTPDOWNLOAD
2) Add the signature respectively
FTP Download :
flow:to_server,established;content:"RETR|20|";rawbytes;offset:0;
FTP Upload :
flow:to_server,established;content:"STOR|20|";rawbytes;offset:0;

3) Create a IPS policy FTPtest and those signature in it.
4) Now Apply the same IPs policy to firewall rule from which you FTP traffic is passing.

Henry

Hi All,

I open a case ane the support let me using custom signature on ips to do this.

ticket number 7318990

1) Create a custom signature and name them as FTPUPLOAD and FTPDOWNLOAD
2) Add the signature respectively
FTP Download :
flow:to_server,established;content:"RETR|20|";rawbytes;offset:0;
FTP Upload :
flow:to_server,established;content:"STOR|20|";rawbytes;offset:0;

3) Create a IPS policy FTPtest and those signature in it.
4) Now Apply the same IPs policy to firewall rule from which you FTP traffic is passing.

Henry

But this still doesn't explain why has Application Filter failed to block ftp upload.

Does this mean I have to get a ticket to have a customized IPS signature for every customer who wants to block ftp upload through application filter?

As a partner I find this solution unacceptable unless I am missing something here.

po