Filter
Top Products
In this case, we will set the FTP ALG restrictions as follows.
• Enable the Allow client to use active mode FTP ALG option so clients can use both active and passive
modes.
• Disable the Allow server to use passive mode FTP ALG option. This is more secure for the server as it will
never receive passive mode data. The FTP ALG will handle all conversion if a client connects using passive
mode.
The configuration is performed as follows:
Web Interface
A. Define the ALG:
(The ALG ftp-inbound is already predefined by NetDefendOS but in this example we will show how it can be
created from scratch.)
1. Go to Objects > ALG > Add > FTP ALG
2. Enter Name: ftp-inbound
3. Check Allow client to use active mode
4. Uncheck Allow server to use passive mode
5. Click OK
B. Define the Service:
1. Go to Objects > Services > Add > TCP/UDP Service
2. Enter the following:
• Name: ftp-inbound-service
• Type: select TCP from the list
• Destination: 21 (the port the FTP server resides on)
6.2.3. The FTP ALG Chapter 6. Security Mechanisms
249