WSM User Guide - WatchGuard Technologies
WSM User Guide - WatchGuard Technologies WSM User Guide - WatchGuard Technologies
Configuring the FTP Proxy2 For information on fields in the Proxy/AV Alarm Configuration section, see “Using dialog boxes foralarms, log messages, and notification” on page 164.Configuring the FTP ProxyFile Transfer Protocol (FTP) is the protocol used to move files on the Internet. Like SMTP and HTTP, FTPuses TCP/IP protocols to enable data transfer. You usually use FTP to download a file from a server on theInternet or to upload a file to a server.1 Add the FTP proxy to Policy Manager. To learn how to add policies to Policy Manager, see “AddingPolicies” on page 146.2 Double-click the FTP icon and select the Policy tab.3 Select Allowed from the FTP proxy connections are drop-down list.4 Select the Properties tab.5 In the Proxy drop-down list, select to configure the proxy action for FTP-Client or FTP-Server.6 Click the View/Edit Proxy icon.Configuring general settingsYou use the General fields to configure basic FTP parameters including maximum user name length.1 From the Categories section, select General.2 To set limits for FTP parameters, select the applicable check boxes. These settings help to protectyour network from buffer overflow attacks. If you set a check box to 0 bytes, the Firebox® does notuse the parameter. Use the arrows to set the limits:Maximum user name lengthSets a maximum length for user names on FTP sites.Maximum password lengthSets a maximum length for passwords used to log in to FTP sites.172 WatchGuard System Manager
Configuring the FTP ProxyMaximum file name lengthSets the maximum file name length for files to upload or download.Maximum command line lengthSets the maximum length for command lines used on FTP sites.3 For each setting, you can set or clear the Auto-block check box next to it. If someone tries toconnect to an FTP site and exceeds a limit whose Auto-block check box is selected, the computerthat sent the commands is added to the temporary Blocked Sites list.4 To create a log message for each transaction, select the Send a log message with summaryinformation for each transaction check box.Defining commands rules for FTPFTP has a number of commands to manage files. You can write rules to put limits on some FTP commands.Use the FTP-Server proxy action to put limits on commands that can be used on an FTP serverprotected by the Firebox. Use the FTP-Client proxy action to put limits on commands that users protectedby the Firebox can use when they connect to external FTP servers. The default configuration ofthe FTP-Client is to allow all FTP commands.1 From the Categories section, select Commands.2 Do the steps used to create rules. For more information, see “Defining Rules” on page 161.Setting download rules for FTPDownload rules control the file names, extensions, or URL paths that users can use FTP to download.Use the FTP-Server proxy action to control download rules for an FTP server protected by the Firebox.Use the FTP-Client proxy action to set download rules for users connecting to external FTP servers. Toadd download rulesets:1 From the Categories section, select Download.2 Do the steps used to create rules. For more information, see “Defining Rules” on page 161.Setting upload rules for FTPUpload rulesets control the file names, extensions, or URL paths that users can use FTP to upload. Usethe FTP-Server proxy action to control upload rules for an FTP server protected by the Firebox. Use theFTP-Client proxy action to set upload rules for users connecting to external FTP servers. The default configurationof the FTP-Client is to allow all files to be uploaded. To create upload rulesets:1 From the Categories section, select Upload.2 Do the steps used to create rules. For more information, see “Defining Rules” on page 161.Enabling intrusion prevention for FTPAlthough you can use the proxy definition screens to activate and configure IPS, it is easier to use theTasks menu in Policy Manager to do this. For more information on how to do this, or to use the IPSscreens in the proxy definition, see the chapter “Using Signature-Based Security Services.”User Guide 173
- Page 140 and 141: How User Authentication Worksvent a
- Page 142 and 143: Configuring the Firebox as an Authe
- Page 144 and 145: Configuring the Firebox as an Authe
- Page 146 and 147: Configuring SecurID Authentication6
- Page 148 and 149: Configuring LDAP Authentication3 In
- Page 150 and 151: Configuring a Policy with User Auth
- Page 152 and 153: Configuring a Policy with User Auth
- Page 154 and 155: Using Default Packet Handling Optio
- Page 156 and 157: Setting Blocked Sitesconfigure the
- Page 158 and 159: Setting Blocked SitesUsing an exter
- Page 160 and 161: Blocking PortsBlocking PortsYou can
- Page 162 and 163: Blocking Ports144 WatchGuard System
- Page 164 and 165: Adding Policies• Attacks that use
- Page 166 and 167: Adding Policies4 Click Add.The New
- Page 168 and 169: Configuring Policy Properties- ESP-
- Page 170 and 171: Configuring Policy Properties2 To a
- Page 172 and 173: Configuring Policy PropertiesRepeat
- Page 174 and 175: Configuring Policy PropertiesSettin
- Page 176 and 177: Setting Policy Precedence2 Traffic
- Page 178 and 179: Setting Policy Precedence160 WatchG
- Page 180 and 181: Defining RulesThe fields you use fo
- Page 182 and 183: Customizing Logging and Notificatio
- Page 184 and 185: Configuring the SMTP ProxyConfiguri
- Page 186 and 187: Configuring the SMTP Proxyand 8-bit
- Page 188 and 189: Configuring the SMTP ProxyDefining
- Page 192 and 193: Configuring the HTTP ProxyConfiguri
- Page 194 and 195: Configuring the HTTP ProxyBrowsers
- Page 196 and 197: Configuring the HTTP ProxyThis rule
- Page 198 and 199: Configuring the DNS ProxyConfigurin
- Page 200 and 201: Configuring the DNS ProxyAdding a n
- Page 202 and 203: Configuring the TCP Proxy184 WatchG
- Page 204 and 205: Creating and Editing ReportsStartin
- Page 206 and 207: Setting Report Properties“yesterd
- Page 208 and 209: Exporting ReportsSetting report pro
- Page 210 and 211: Using Report FiltersExcludeTo make
- Page 212 and 213: Report Sections and Consolidated Se
- Page 214 and 215: Report Sections and Consolidated Se
- Page 216 and 217: WatchGuard Management Server Passph
- Page 218 and 219: Changing the Management Server Conf
- Page 220 and 221: Configuring the Certificate Authori
- Page 222 and 223: Backing up or Restoring the Managem
- Page 224 and 225: Moving the WatchGuard Management Se
- Page 226 and 227: Managing Devices with the Managemen
- Page 228 and 229: Managing Devices with the Managemen
- Page 230 and 231: Managing Devices with the Managemen
- Page 232 and 233: Adding Devices to the Management Se
- Page 234 and 235: Using the Device Management Page17
- Page 236 and 237: Using the Device Management PageCon
- Page 238 and 239: Monitoring VPNsAdding a Firebox VPN
Configuring the FTP Proxy2 For information on fields in the Proxy/AV Alarm Configuration section, see “Using dialog boxes foralarms, log messages, and notification” on page 164.Configuring the FTP ProxyFile Transfer Protocol (FTP) is the protocol used to move files on the Internet. Like SMTP and HTTP, FTPuses TCP/IP protocols to enable data transfer. You usually use FTP to download a file from a server on theInternet or to upload a file to a server.1 Add the FTP proxy to Policy Manager. To learn how to add policies to Policy Manager, see “AddingPolicies” on page 146.2 Double-click the FTP icon and select the Policy tab.3 Select Allowed from the FTP proxy connections are drop-down list.4 Select the Properties tab.5 In the Proxy drop-down list, select to configure the proxy action for FTP-Client or FTP-Server.6 Click the View/Edit Proxy icon.Configuring general settingsYou use the General fields to configure basic FTP parameters including maximum user name length.1 From the Categories section, select General.2 To set limits for FTP parameters, select the applicable check boxes. These settings help to protectyour network from buffer overflow attacks. If you set a check box to 0 bytes, the Firebox® does notuse the parameter. Use the arrows to set the limits:Maximum user name lengthSets a maximum length for user names on FTP sites.Maximum password lengthSets a maximum length for passwords used to log in to FTP sites.172 <strong>WatchGuard</strong> System Manager