SRX

Expand all | Collapse all

Enable FTP ALG for a specific Security Policy

Jump to Best Answer
  • 1.  Enable FTP ALG for a specific Security Policy

    Posted 11-08-2019 10:06

    Hello everyone, hoping someone can help me out. We recently had to disable the FTP ALG and I have been trying to enable it with a custom application on a couple of security policies.

     

    Most of the documentation I have seen is for when you are hosting the FTP server. In my case we are the FTP client. 

     

    How do I need to go about enabling the ALG here? 

     

      SRX320 JUNOS Software Release [15.1X49-D45]



  • 2.  RE: Enable FTP ALG for a specific Security Policy
    Best Answer

     
    Posted 11-09-2019 04:19

    To use the ALG on some policies but not others you will need to turn the ALG overall back on again.

     

    For normal ftp you write the specific policy, in your case trust to untrust, with ftp selected as the application so that the alg is then engaged for the traffic.

     

    On the policy you currently have active that was broken with the alg engaged you will need to create a custom application for ftp with the property of application-ignore as part of the custom app definition.  then change the policy this traffic hits to use that new application ignoring the alg.

     

    https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/applications-edit-application-protocol.html