You can configure FortiWeb to monitor FTP traffic and protect servers that handle FTP. You can set restrictions for the FTP commands that clients are able to use, scan files for viruses, send files to FortiSandbox for analysis, and create rules based on source IP and IP reputation.
Before you can begin configuring FTP security rules and policies in FortiWeb, you have to enable it. By default, FTP security is disabled.
- Go to System > Config > Feature Visibility.
- Locate Security Features.
- Enable FTP Security.
- Click Apply.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.
To configure FTP security, create an FTP Security Inline Profile that can include:
- FTP Command Restriction rules (see To create an FTP command restriction rule)
- FTP File Check rules (see To create an FTP file check rule)
- IP List rules (see "To configure policies for individual source IPs" on page 1)
- Geo IP rules (see "To configure blocking by geography" on page 1)
- IP Reputation intelligence (see "To configure an IP reputation policy" on page 1)
For details about creating an FTP Security Inline Profile, see Configuring an FTP security inline profile.
You can use existing IP List and Geo IP rules from a Web Protection Profile for an HTTP server policy in an FTP Security Inline Profile.
You'll also need to create:
- A virtual server so that FortiWeb can receive FTP traffic (see Configuring virtual servers on your FortiWeb).
- An FTP server pool; you must specify the server(s) that handle FTP traffic (see Creating an FTP server pool).
- An FTP server policy; to enforce an FTP Security Inline Profile, you must select it in a server policy that handles FTP traffic (see Creating an FTP server policy).
FTP security is available only in Reverse Proxy mode.