Message Image

Skip main navigation (Press Enter).

SRX

View Only

last person joined: yesterday

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

Enable FTP ALG for a specific Security Policy

Jump to Best Answer

_Mike11-08-2019 10:06

Hello everyone, hoping someone can help me out. We recently had to disable the FTP ALG and I have been ...

spuluka11-09-2019 04:19Best Answer

To use the ALG on some policies but not others you will need to turn the ALG overall back on again. ...

1. Enable FTP ALG for a specific Security Policy

0 Recommend
_Mike
Posted 11-08-2019 10:06

Reply Reply Privately
Hello everyone, hoping someone can help me out. We recently had to disable the FTP ALG and I have been trying to enable it with a custom application on a couple of security policies.

Most of the documentation I have seen is for when you are hosting the FTP server. In my case we are the FTP client.

How do I need to go about enabling the ALG here?

SRX320 JUNOS Software Release [15.1X49-D45]
2. RE: Enable FTP ALG for a specific Security Policy
Best Answer

1 Recommend
spuluka
Posted 11-09-2019 04:19

Reply Reply Privately
To use the ALG on some policies but not others you will need to turn the ALG overall back on again.

For normal ftp you write the specific policy, in your case trust to untrust, with ftp selected as the application so that the alg is then engaged for the traffic.

On the policy you currently have active that was broken with the alg engaged you will need to create a custom application for ftp with the property of application-ignore as part of the custom app definition. then change the policy this traffic hits to use that new application ignoring the alg.

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/applications-edit-application-protocol.html

Powered by Higher Logic