Controlling Application Layer traffic on the Cisco ASA :-
Firewalls are traditionally only as strong or as week as the policies you define. Today weakest link in the network security is application layer. Cisco ASA comes with inspection of Application layer protocols like FTP , HTTP, DNS etc. . like in my case i have a FTP server located in DMZ zone and i want to allow only copy the files but deletion of file is not allowed on the FTP server, However you have option to this job on FTP server itself but i want to this job through Cisco ASA. 🙂
http://youtu.be/BgbL9KprtnQ
let’s start, Open Cisco ASDM and navigate to Configuration > Firewall > Service Policy Rules and Select the Inspection-default-policy and click on the Edit option.
then click on the ” Rule Actions ” tab and select the FTP protocol option and click on the Configure option.
now select the Strict FTP option and click on the Add option.
now enter your policy name and click on the details option and select the inspection option and click on the Add option.
now in the Criteria option select the ” Request Command ” option.
now you have option to select your command that you want to reset your connection. here select the DELE option .
After this when user try to delete files from FTP server, user will get the ” Disconnected from server – connection aborted ” option.
Play with these Inspection policies and secure your network like ninja. 🙂
https://youtu.be/NJMjSUg5Sng
