FTP Protocol Agent
One of the most common ways to transfer files across networks is using FTP. An FTP session starts with a control connection (by default, TCP port 21), and the data connection continues using a dynamically allocated port.
The Protocol Agent tracks the actual ports used so that ports can be opened only as needed for specific connections. This way, the whole range of possible dynamic ports does not need to be allowed in the policy.
The FTP Protocol Agent inspects protocol validity. There are two selectable levels of inspection: loose (default) and strict.
- In loose mode, the Protocol Agent tries to identify information for opening the data connection. Loose mode is needed with some non-standard FTP applications.
- With strict mode, protocol integrity can be enforced. All connections with commands that do not comply with the RFC 959 FTP standard are dropped.
The FTP Protocol Agent can change payload data, if necessary. The change can be required to handle NAT correctly.
The FTP Protocol Agent can also redirect traffic to a proxy service.
This Protocol Agent has parameters you can set in the Service properties.