FTP

The FTP proxy is only available as transparent proxy. As such it intercepts each ftp connection on port 21 made to the outside, scans the received contents against virii and handles it instead of the client.

Warning

If you configure your FTP clients or browsers to use the HTTP proxy also for the FTP protocol, this FTP proxy will be bypassed!

Note

The FTP proxy does not support tickling. This means that the proxy needs to download the entire file before the virus scanner can scan it. The FTP client will get data on the control connection in order not to time out, but get no data on the data connection. The effect is, that the user does not see any progress during download and gets all the data at once after the file has been scanned by the proxy.

Figure 7.46. FTP proxy administration page

FTP proxy administration page

Since the FTP proxy is supported only basically you do not have many configuration options. They are:

Enabled on zone

This enables the FTP proxy on the specified zone.

Firewall logs outgoing connections

Tick this on if you want the firewall to log all outgoing connections made through the proxy. Note that in some countries this may be illegal.

Warning

With some FTP clients such as Web browsers, the FTP proxy can have some trouble with the authentication. If you need to authenticate against external FTP servers, use real FTP clients or disable the FTP proxy.