Example: preventing active mode FTP with a Protocol Agent

Company A has an FTP server that allows access from the Internet. The Firewall must only allow users to make passive mode FTP connections.

The administrators:
  1. Create a Service element for passive FTP.
  2. Attach the FTP Protocol Agent to the Service.
  3. Change the active mode FTP setting to No in the Service properties.
  4. Create an Access rule that allows users to connect to the FTP server using their custom-made Service element.
  5. Refresh the policy on the IPS engine.