I have a problem to create the following policy for ftp access. Not the ftp access via http, but the passive ftp access via ftp client.
My current policy can only allow or prohibit the access from individual IP addresses to all FTP Servers.
I want to create a policy for ftp access only by certain users on certain servers. For all other users the ftp access should be forbidden.
you may look at rfc959 (FTP Protocol description). Native FTP does not support inline authentication, it is always done between the FTP Server and the endpoint (from my point of information).
You can use FTP authentication with MWG, this is also possible using the command line FTP from windows. The user has to connect to the FTP Server in another way. Here is an example:
ftp> open proxy.mycompany.com 1234
Connected to proxy.mycompany.com
220 FTP proxy ready
User (proxy.mycompany.com: (none)): User667@www.destinationftpserver.info
331-FTP Server ready.
331 Password required for User667.
Hope this helps,