Configuring FTP policy

FTP policy overview

Kerio Control provides a wide range of filters for FTP protocol. You can block access to undesirable servers, block certain types of files with this tool.

Here are the main purposes of FTP content filtering:

  • access to certain FTP servers is denied
  • limitations based on or filenames
  • transfer of files is limited to one direction only (i.e. download only)
  • certain FTP commands are blocked

Conditions for FTP filtering

For FTP content filtering, the following conditions must be met:

  1. Traffic must be controlled by a FTP protocol inspector. The FTP protocol inspector is activated automatically unless its use is denied by traffic rules.
  2. Secured FTP traffic (FTPS) cannot be filtered.
  3. FTP rules are applied also when the Kerio Control's proxy server is used. However, FTP protocol cannot be filtered if the parent proxy server is used. In such a case, FTP rules are not applied.

Enabling FTP rules

  1. In the administration interface, go to FTP Policy.
  2. Enable predefined rules:
  • Forbid resume due to antivirus scanning — blocks download resumption after interruption. This rule can increase effectivity of the antivirus control (each file will be checked as a whole). However, if larger files are transferred, it can be counterproductive — repeating of the whole transfer would burden Internet connection redundantly.
  • Forbid upload — blocks uploading files to FTP servers. This is one of the methods that can be used to avoid leak of fragile information from the local network.
  • Two rules that block audio and video files downloads — these files are usually large and their download burdens Internet connection.
  1. Click Apply.

Creating a FTP rule

The usage will be better understood through the following example that describes a rule allowing selected user John Smith to send files without antivirus scanning from server example.com:

  1. In the administration interface, go to FTP Policy.
  2. Click Add and type a name of the rule.
  3. Double-click Action and select Allow.
  4. In the Properties column, select Skip antivirus scanning.
  5. Double-click Server, select the server option and type example.com.
  6. Double-click Users and select user John Smith.
  7. Click Apply.