KB Article | Forcepoint Support
Support
  1. Home
  2. Knowledgebase

Blocking FTP in general while allowing individual FTP sites

  • Article Number: 000011934
  • Products: Forcepoint URL Filtering, Forcepoint Web Security, TRITON AP-WEB, Web Filter & Security, Web Security and Web Filter
  • Version: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7, 7.6, 7.5, 7.0
  • Last Published Date: September 19, 2018

Problem Description

How do I allow users access to individual FTP sites, while blocking FTP protocol in general?

Resolution

Allowing users to access individual FTP sites, while blocking FTP protocol, requires the creation of a custom protocol. The following is the general procedure for creating a custom protocol. 

Important When defining a protocol on port 80 or 8080, Network Agent listens for Internet requests over these ports. Since custom protocols take precedence over Forcepoint protocols, if you define a custom protocol using port 80, all other protocols that use port 80 are filtered and logged like the custom protocol.
  1. Log on to Forcepoint Security Manager.
  2. Go to Web > Policy Management > Filter Components > Edit Protocols > Add
  3. Type a Protocol Name. The name cannot include any of the following characters:
* < > { } ~ ! $ % & @ # . " | \ & + = ? / ; : ,
 
Note A custom protocol can be assigned the same name as a Forcepoint-defined protocol, to extend the number of IP addresses or ports associated with the original protocol.
  1. Under Add protocol to this group select the appropriate group. The new protocol appears in this group in all protocol lists and filters.
  2. Add unique Protocol Identifier details.
    1. At least one criterion (port, IP address or transport type) must be unique for each protocol definition.
    2. If you select All Ports or All external IP addresses that criterion overlaps with any other ports or IP addresses entered in other protocol definitions.
    3. Port ranges or IP address ranges are not considered unique if they overlap. For example, the port range 80-6000 overlaps with the range 4000-9000.
  1. Under Default Action:
    1. Select Permit or Block.
    2. If it applies, select Log protocol data.
    3. If it applies, select Block with Bandwidth Optimizer.
  2. Click OK. The new protocol definition appears in the Protocols list.
  3. Click OK again to cache changes and then click Save All.
  4. Assign the custom protocol to a protocol filter.
  5. Assign the protocol filter to an internet filtering policy and apply to desired clients

Article Feedback



Thank you for the feedback and comments.

Want 24/7 Tech Support?

Learn more