FTP server best practices

T20 v12.6.1

Planning to setup a new FTP server, I plan to put the FTP server on a different subnet on a different port (maybe optional?) than the trusted one. What's the best practice in setting up on the firebox? Also, I would like to have an option to access the FTP server from the trusted subnet. If anyone can chime in on what would be the best practice on setting a new FTP server and be secured on the firebox. Thank you and I appreciate your advise.


  • Options

    Best practice for devices in a DMZ is that devices on trusted interface can access them, but devices in the DMZ shouldn't be able to access devices on trusted interfaces.

  • Options

    Thanks Bruce, in the policy manager how can I make it trusted interface be able to access the DMZ devices in this case FTP device.

  • Options

    Policies with From: Any-trusted To: Optional or the interface name or the subnet on that interface

  • Options


Sign In to comment.