Support User Manuals

Kerio Tech Firewall6 Network Router User Manual

Open as PDF

of 398

Chapter 10 HTTP and FTP ﬁltering

156

If undesirable, this rule can be disabled. This is not recommended as it might jeopar-

dize scanning reliability. However, there is a more secure way to limit this behavior:

create a rule which will allow unlimited connections to a particular FTP server. The

rule will take eﬀect only if it is placed before the Resume rule.

For details on antivirus scan of FTP protocol, refer to chapter 11.3.

FTP Rules Deﬁnition

To create a new rule, select a rule after which the new rule will be added, and click Add.

You can later use the arrow buttons to reorder the rule list.

Checking the box next to the rule can be used to disable the rule. Rules can be disabled

temporarily so that it is not necessary to remove rules and create identical ones later.

Note: FTP traﬃc which does not match any FTP rule is allowed (any traﬃc permitted

by default). To allow accessing only a speciﬁc group of FTP servers and block access to

other web pages, a rule denying access to all FTP servers must be placed at the end of

the rule list.

FTP rule dialog:

Open the General tab to set general rules and actions to be taken.

Description

Description of the rule (information for the administrator).

If user accessing the FTP server is

Select which users this rule will be applied on:

• any user — the rule will be applied on all users (regardless whether authenti-

cated on the ﬁrewall or not).

• any user authenticated on the ﬁrewall — applied on all authenticated users.

• selected user(s) — applied on selected users or/and user groups.

Click on the Set button to select users or groups (hold the Ctrl and the Shift keys

to select more that one user /group at once).

Note: Rules designed for selected users (or all authenticated users) are irrelevant

unless combined with a rule that denies access of non-authenticated users.

And the FTP server is

Specify FTP servers on which this rule will be applied:

• any server —any FTP server

• server — IP address of DNS name of a particular FTP server.

If an FTP server is deﬁned through a DNS name, WinRoute will automatically

perform IP address resolution from DNS. The IP address will be resolved imme-

diately when settings are conﬁrmed by the OK button (for all rules where the

FTP server was deﬁned by a DNS name).

previous next