Fortinet black logo

Administration Guide

Configuring FTP security

Configuring FTP security

You can configure FortiWeb to monitor FTP traffic and protect servers that handle FTP. You can set restrictions for the FTP commands that clients are able to use, scan files for viruses, send files to FortiSandbox for analysis, and create rules based on source IP and IP reputation.

To configure FTP security, create an FTP Security Inline Profile that can include:

For details about creating an FTP Security Inline Profile, see Configuring an FTP security inline profile.

note icon

You can use existing IP List and Geo IP rules from a Web Protection Profile for an HTTP server policy in an FTP Security Inline Profile.

You'll also need to create:

  1. A virtual server so that FortiWeb can receive FTP traffic (see Configuring virtual servers on your FortiWeb).
  2. An FTP server pool; you must specify the server(s) that handle FTP traffic (see Creating an FTP server pool).
  3. An FTP server policy; to enforce an FTP Security Inline Profile, you must select it in a server policy that handles FTP traffic (see Creating an FTP server policy).

FTP security is available only in Reverse Proxy mode.

Enabling FTP security

Before you can begin configuring FTP security rules and policies in FortiWeb, you have to enable feature visibility for FTP security. By default, FTP security feature visibility is disabled, and you won't be able to configure FTP security without enabling feature visibility for it.

To enable FTP security feature visibility
  1. Go to System > Config > Feature Visibility.
  2. To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.

  3. Enable FTP Security.
  4. Click Apply.

Configuring FTP security

You can configure FortiWeb to monitor FTP traffic and protect servers that handle FTP. You can set restrictions for the FTP commands that clients are able to use, scan files for viruses, send files to FortiSandbox for analysis, and create rules based on source IP and IP reputation.

To configure FTP security, create an FTP Security Inline Profile that can include:

For details about creating an FTP Security Inline Profile, see Configuring an FTP security inline profile.

note icon

You can use existing IP List and Geo IP rules from a Web Protection Profile for an HTTP server policy in an FTP Security Inline Profile.

You'll also need to create:

  1. A virtual server so that FortiWeb can receive FTP traffic (see Configuring virtual servers on your FortiWeb).
  2. An FTP server pool; you must specify the server(s) that handle FTP traffic (see Creating an FTP server pool).
  3. An FTP server policy; to enforce an FTP Security Inline Profile, you must select it in a server policy that handles FTP traffic (see Creating an FTP server policy).

FTP security is available only in Reverse Proxy mode.

Enabling FTP security

Before you can begin configuring FTP security rules and policies in FortiWeb, you have to enable feature visibility for FTP security. By default, FTP security feature visibility is disabled, and you won't be able to configure FTP security without enabling feature visibility for it.

To enable FTP security feature visibility
  1. Go to System > Config > Feature Visibility.
  2. To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.

  3. Enable FTP Security.
  4. Click Apply.