Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  FTP

    Posted 01-12-2009 06:28

    Hi
    How can i configure my SSG 20 so that my intrnal users can access all outside servers with the condition that when they use FTP-Get they will get permission from SSG 20 without authentication but if they try to use FTP-Put then my SSG 20 would ask for authentication?

     

    I have created two virtual routers with trust and untrust and untrust vr is connected with outside router and so now my internal user which are connected with trust-vr want the above condition so can anybody help ?

     

    Thanks



  • 2.  RE: FTP
    Best Answer

    Posted 01-12-2009 06:31

    Hi Bourne,

    Start with using this objects in two seperated policies (its a copy paste from gui policy objects):

    FTP-Get TCP src port 0-65535, dst port:21 Same as FTP if used in DENY/REJECT policies; FTP download only if used in PERMIT/TUNNEL policies(upload blocked)
    FTP-Put TCP src port 0-65535, dst port:21 Same as FTP if used in DENY/REJECT policies; FTP upload only if used in PERMIT/TUNNEL policies(download blocked)

    On the FTP PUT you configure firewall authentication.

     

    You must define local users or a authenticationserver first.

     

    Gavrilo