Fortinet black logo

Administration Guide

Configuring FTP security

Configuring FTP security

You can configure FortiWeb to monitor FTP traffic and protect servers that handle FTP. You can set restrictions for the FTP commands that clients are able to use, scan files for viruses, send files to FortiSandbox for analysis, and create rules based on source IP and IP reputation.

Enabling FTP security

Before you can begin configuring FTP security rules and policies in FortiWeb, you have to enable it. By default, FTP security is disabled.

To enable FTP security:
  1. Go to System > Config > Feature Visibility.
  2. To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.

  3. Locate Security Features.
  4. Enable FTP Security.
  5. Click Apply.
To configure FTP security:

To configure FTP security, create an FTP Security Inline Profile that can include:

For details about creating an FTP Security Inline Profile, see Configuring an FTP security inline profile.

note icon

You can use existing IP List and Geo IP rules from a Web Protection Profile for an HTTP server policy in an FTP Security Inline Profile.

You'll also need to create:

  1. A virtual server so that FortiWeb can receive FTP traffic (see Configuring virtual servers on your FortiWeb).
  2. An FTP server pool; you must specify the server(s) that handle FTP traffic (see Creating an FTP server pool).
  3. An FTP server policy; to enforce an FTP Security Inline Profile, you must select it in a server policy that handles FTP traffic (see Creating an FTP server policy).

FTP security is available only in Reverse Proxy mode.

Configuring FTP security

You can configure FortiWeb to monitor FTP traffic and protect servers that handle FTP. You can set restrictions for the FTP commands that clients are able to use, scan files for viruses, send files to FortiSandbox for analysis, and create rules based on source IP and IP reputation.

Enabling FTP security

Before you can begin configuring FTP security rules and policies in FortiWeb, you have to enable it. By default, FTP security is disabled.

To enable FTP security:
  1. Go to System > Config > Feature Visibility.
  2. To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.

  3. Locate Security Features.
  4. Enable FTP Security.
  5. Click Apply.
To configure FTP security:

To configure FTP security, create an FTP Security Inline Profile that can include:

For details about creating an FTP Security Inline Profile, see Configuring an FTP security inline profile.

note icon

You can use existing IP List and Geo IP rules from a Web Protection Profile for an HTTP server policy in an FTP Security Inline Profile.

You'll also need to create:

  1. A virtual server so that FortiWeb can receive FTP traffic (see Configuring virtual servers on your FortiWeb).
  2. An FTP server pool; you must specify the server(s) that handle FTP traffic (see Creating an FTP server pool).
  3. An FTP server policy; to enforce an FTP Security Inline Profile, you must select it in a server policy that handles FTP traffic (see Creating an FTP server policy).

FTP security is available only in Reverse Proxy mode.