<< Back to man.ChinaUnix.net


The FTP proxy is only available as transparent proxy. As such it intercepts each ftp connection on port 21 made to the outside, scans the received contents against virii and handles it instead of the client.


If you configure your FTP clients or browsers to use the HTTP proxy also for the FTP protocol, this FTP proxy will be bypassed!


The FTP proxy does not support tickling. This means that the proxy needs to download the entire file before the virus scanner can scan it. The FTP client get's data on the control connection in order to not time out, but get no data on the data connection. The effect is, that the user does not see any progress during download and gets all the data at once after the proxy scanned the file.

Figure 7.60. FTP proxy administration page

FTP proxy administration page

Since the FTP proxy is supported only basically you do not have much configuration options. They are:

Enabled on zone

This enables the FTP proxy on the specified zone.

Firewall logs outgoing connections

Tick this on if you want the firewall to log all outgoing connections made through the proxy. Note that in some countris this may be illegal.


With some FTP clients such as Web browsers, the FTP proxy has problems with authentication. If you need to authenticate against external FTP servers, use real FTP clients or disable the FTP proxy.