Here you go, I relied on Google translate.
Here is a ruleset which grants access to the FTP proxy based on client IP. Only IPs in the list "Allowed FTP Subnets" are allowed to use the FTP Proxy. All others are blocked. The ruleset criteria is "Connection.Protocol equals FTP".
See attached ruleset. Let me know if I misunderstood the request.
Hello Jon Scholten,
thank you very much for your answer. That helps :-)
Like your picture says, there is no implicit deny at the end and the admin has to block all other IPs at the end with an own rule.