Configuring FTP policy
FTP policy overview
Available in Kerio Control 8.1 and older. FTPFile Transfer Protocol - Protocol for transferring computer files from a server. policy is included in the new content filter.
Kerio Control provides a wide range of filters for FTP protocol. You can block access to undesirable servers, block certain types of files with this tool.
Here are the main purposes of FTP content filtering:
- access to certain FTP servers is denied
- limitations based on or filenames
- transfer of files is limited to one direction only (i.e. download only)
- certain FTP commands are blocked
Conditions for FTP filtering
For FTP content filtering, the following conditions must be met:
- Traffic must be controlled by a FTP protocol inspector. The FTP protocol inspector is activated automatically unless its use is denied by traffic rules.
- Secured FTP traffic (FTPS) cannot be filtered.
- FTP rules are applied also when the Kerio Control's proxy server is used. However, FTP protocol cannot be filtered if the parent proxy server is used. In such a case, FTP rules are not applied.
Enabling FTP rules
- In the administration interface, go to FTP Policy.
- Enable predefined rules:
- Forbid resume due to antivirus scanning — blocks download resumption after interruption. This rule can increase effectivity of the antivirus control (each file will be checked as a whole). However, if larger files are transferred, it can be counterproductive — repeating of the whole transfer would burden Internet connection redundantly.
- Forbid upload — blocks uploading files to FTP servers. This is one of the methods that can be used to avoid leak of fragile information from the local network.
- Two rules that block audio and video files downloads — these files are usually large and their download burdens Internet connection.
- Click Apply.
Creating a FTP rule
The usage will be better understood through the following example that
describes a rule allowing selected user John Smith to send files without
antivirus scanning from server example.com
:
- In the administration interface, go to FTP Policy.
- Click Add and type a name of the rule.
- Double-click Action and select Allow.
- In the Properties column, select Skip antivirus scanning.
- Double-click Server, select the
server option and type
example.com
. - Double-click Users and select user John Smith.
- Click Apply.