waf ftp-protection-profile
Use this command to configure an FTP security inline profile.
FTP security inline profiles combine previously-configured rules, profiles, and policies in a comprehensive set that can be applied in an FTP server policy. Apply the profile in an FTP server policy. For details, see server-policy policy.
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the traroutegrp
area. For details, see Permissions.
Before creating an FTP security inline profile
Prior to creating an FTP security inline profile, you should create and configure the rules, profiles, and policies that you plan to add to the FTP security inline profile. You can include the following:
- FTP Command Restriction rules (see waf ftp-command-restriction-rule)
- FTP File Check rules (see waf ftp-file-security)
- IP Reputation intelligence (see waf ip-intelligence)
- Geo IP rules (see waf geo-block-list)
- IP List rules (see waf ip-list)
If |
Syntax
config waf ftp-protection-profile
edit "<policy_name>"
set ftp-file-check "<rule_name>"
set ftp-ip-check "<rule_name>"
set ftp-ip-intelligence {enable | disable}
set ftp-restriction-command-type "<rule_name>"
Variable | Description | Default |
Enter a unique name that can be referenced in other parts of the configuration. Don't use spaces or special characters. The maximum length is 63 characters. |
No default. |
|
Enter the name of an FTP file check rule that you previously created. If you haven't created an FTP file check rule to include in this profile yet, see waf ftp-file-security for instructions about creating one. |
No default. |
|
Enter the name of a geo IP block policy that you previously created. If you haven't created a geo IP block policy to include in this profile yet, see waf geo-block-list for instructions about creating one. |
No default. |
|
Enter the name of an IP List that you previously created. If you haven't created an IP List rule to include in this profile yet, see waf ip-list for instructions about creating one. |
No default. |
|
Enable to include the active IP reputation policy in this profile. If you haven't created an IP reputation policy to include in this profile yet, see To configure an IP reputation policy for instructions about creating one. |
disable |
|
Enter the name of an FTP command restriction rule that you previously created. If you haven't created an FTP command restriction rule to include in this profile yet, see waf ip-intelligence for instructions about creating one. |
No default. |