Home Cisco Controlling Application Layer traffic on the Cisco ASA

Controlling Application Layer traffic on the Cisco ASA

Controlling-Application-Layer-traffic-on-the-Cisco-ASA

Controlling Application Layer traffic on the Cisco ASA :-

Firewalls are traditionally only as strong or as week as the policies you define. Today weakest link in the network security is application layer. Cisco ASA comes with inspection of Application layer protocols like FTP , HTTP, DNS etc. . like in my case i have a FTP server located in DMZ zone and i want to allow only copy the files but deletion of file is not allowed on the FTP server, However you have option to this job on FTP server itself but i want to this job through Cisco ASA. 🙂

http://youtu.be/BgbL9KprtnQ

let’s start, Open Cisco ASDM and navigate to Configuration > Firewall > Service Policy Rules and Select the Inspection-default-policy and click on the Edit option.

Controlling-Application-Layer-traffic-on-the-Cisco-ASA

then click on the ” Rule Actions ” tab and select the FTP protocol option and click on the Configure option.

Controlling-Application-Layer-traffic-on-the-Cisco-ASA

now select the Strict FTP option and click on the Add option.

Controlling-Application-Layer-traffic-on-the-Cisco-ASA

now enter your policy name and click on the details option and select the inspection option and click on the Add option.

Controlling-Application-Layer-traffic-on-the-Cisco-ASA1

now in the Criteria option select the ” Request Command ” option.

Controlling-Application-Layer-traffic-on-the-Cisco-ASA1

now you have option to select your command that you want to reset your connection. here select the DELE option .

Controlling-Application-Layer-traffic-on-the-Cisco-ASA1

After this when user try to delete files from FTP server, user will get the ” Disconnected from server – connection aborted ” option.

Controlling-Application-Layer-traffic-on-the-Cisco-ASA1

 

Play with these Inspection policies and secure your network like ninja. 🙂

https://youtu.be/NJMjSUg5Sng

LEAVE A REPLY

Please enter your comment!
Please enter your name here

six + five =

This site uses Akismet to reduce spam. Learn how your comment data is processed.