EasyManuals Logo

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1119 background imageLoading...
Page #1119 background image
1-13
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Inspection of Basic Internet Protocols
FTP Inspection
Where the regex_name is the regular expression you created in Step 1. The class regex_class_name
is the regular expression class map you created in Step 2.
d. (Optional) To match a file type for FTP transfer, enter the following command:
hostname(config-cmap)# match [not] filetype regex [regex_name |
class regex_class_name]
Where the regex_name is the regular expression you created in Step 1. The class regex_class_name
is the regular expression class map you created in Step 2.
e. (Optional) To disallow specific FTP commands, use the following command:
hostname(config-cmap)# match [not] request-command ftp_command [ftp_command...]
Where ftp_command with one or more FTP commands that you want to restrict. See Table 1-1 for a
list of the FTP commands that you can restrict.
.
f. (Optional) To match an FTP server, enter the following command:
hostname(config-cmap)# match [not] server regex [regex_name | class regex_class_name]
Where the regex_name is the regular expression you created in Step 1. The class regex_class_name
is the regular expression class map you created in Step 2.
g. (Optional) To match an FTP username, enter the following command:
hostname(config-cmap)# match [not] username regex [regex_name |
class regex_class_name]
Where the regex_name is the regular expression you created in Step 1. The class regex_class_name
is the regular expression class map you created in Step 2.
Step 4 Create an FTP inspection policy map, enter the following command:
hostname(config)# policy-map type inspect ftp policy_map_name
hostname(config-pmap)#
Table 1-1 FTP Map request-command deny Options
request-command deny Option Purpose
appe Disallows the command that appends to a file.
cdup Disallows the command that changes to the parent directory of the
current working directory.
dele Disallows the command that deletes a file on the server.
get Disallows the client command for retrieving a file from the server.
help Disallows the command that provides help information.
mkd Disallows the command that makes a directory on the server.
put Disallows the client command for sending a file to the server.
rmd Disallows the command that deletes a directory on the server.
rnfr Disallows the command that specifies rename-from filename.
rnto Disallows the command that specifies rename-to filename.
site Disallows the command that are specific to the server system.
Usually used for remote administration.
stou Disallows the command that stores a file using a unique file name.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
ModelASA 5505
InterfacesVaries by model (Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, etc.)
High AvailabilityActive/Standby or Active/Active (varies by model)
Power SupplyVaries by model
Form FactorVaries by model
Operating SystemCisco ASA Software
IPsec VPNSupported
SSL VPNSupported
IPS ThroughputVaries by model

Related product manuals