How can I block FTP for uploading?

Author
maziar_ravanbakhsh@hotmail.com
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/11 23:06:15
  • Status: offline
2019/05/11 23:18:28 (permalink)
0

How can I block FTP for uploading?

Hi,
 
Recently I have run a FortiGate firewall  between clents and servers. Now I want to publish FTP  in a Read-Only way for a specific subnet. How can I mange this with FortiGate. It is appreciated in advance if anybody shed a light on.
 
Best regards.
#1

3 Replies Related Threads

    Nicholas Doropoulos
    Silver Member
    • Total Posts : 73
    • Scores: 2
    • Reward points: 0
    • Joined: 2018/05/03 13:49:11
    • Status: offline
    Re: How can I block FTP for uploading? 2019/05/12 03:26:06 (permalink)
    0
    Hi Maziar,
     
    Could you please clarify your request a little bit? Do you mean that you would like to block FTP uploads for a specific subnet? Or do you have an internal FTP server that you would like that subnet to be able to upload files to?
     
    Again, some more information would help a lot.
     
    Many thanks.
     

    NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3
    #2
    sw2090
    Gold Member
    • Total Posts : 312
    • Scores: 20
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: How can I block FTP for uploading? 2019/05/12 23:27:09 (permalink)
    0
    I don't think this is possible with any firewall since firewalls can only controll traffic from source to dest or vice versa.
    For functioning FTP you have to allow traffic in bothg direction.
    #3
    boneyard
    Gold Member
    • Total Posts : 124
    • Scores: 4
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: How can I block FTP for uploading? 2019/05/13 06:43:11 (permalink)
    0
    on itself an interesting request, though i don't believe this is possible with normal configuration. which is a little weird because the FortiGate should have the knowledge to make this decision. the application control feature can do this within certain cloud applications, so why not for something "simple" as FTP.
     
    i would say you have two options:
     
    1 - do something on the FTP server side. perhaps you can apply IP filters there in combination with commands.
     
    2 - do something with customer IPS signatures, which would block the PUT request. an example can be found here, but it isn't an easy solution: http://alstechcorner.blogspot.com/2013/10/how-to-block-anonymous-ftp-put-on.html
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5