SRX Services Gateway
SRX Services Gateway

Enable FTP ALG for a specific Security Policy

[ Edited ]
‎11-08-2019 10:05 AM

Hello everyone, hoping someone can help me out. We recently had to disable the FTP ALG and I have been trying to enable it with a custom application on a couple of security policies.


Most of the documentation I have seen is for when you are hosting the FTP server. In my case we are the FTP client. 


How do I need to go about enabling the ALG here? 


  SRX320 JUNOS Software Release [15.1X49-D45]

SRX Services Gateway
Accepted by topic author _Mike
‎11-12-2019 01:09 PM

Re: Enable FTP ALG for a specific Security Policy

‎11-09-2019 04:19 AM

To use the ALG on some policies but not others you will need to turn the ALG overall back on again.


For normal ftp you write the specific policy, in your case trust to untrust, with ftp selected as the application so that the alg is then engaged for the traffic.


On the policy you currently have active that was broken with the alg engaged you will need to create a custom application for ftp with the property of application-ignore as part of the custom app definition.  then change the policy this traffic hits to use that new application ignoring the alg.


Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)