ftp (Security ALG)
Syntax
ftp {
allow-mismatch-ip-address;
disable;
ftps-extension;
line-break-extension;
traceoptions {
flag {
all {
extensive
}
}
}
}
Hierarchy Level
[edit logical-systems name security alg], [edit logical-systems name tenants name security alg], [edit security alg], [edit services alg], [edit tenants name security alg]
Description
Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.
Configure the ftp function to Specify the File Transfer Protocol (FTP) Application Layer Gateway (ALG) on the device.
Options
-
allow-mismatch-ip-address—Control commands in FTP, such as PORT and EPRT, contain IP addresses internally. If the IP address does not match the source IP at Packet Layer 3, which is the client's IP, the packets are discarded. However, when the allow-mismatch-ip-address option is enabled, these packets are accepted. disable—Disable the FTP ALG. By default, the FTP ALG is enabled. You can enable or disable FTP ALG for both IPV4 and IPV6 mode.ftps-extension—Enable secure FTP and FTP SSL protocols.line-break-extension—Enable line-break-extension. This option will enable the FTP ALG to recognize the LF as line break in addition to the standard CR+LF (carriage return, followed by line feed).traceoptions—Configure FTP ALG tracing options. To specify more than one trace operation, include multiple flag statements.flag—Trace operation to perform.all—Trace all events.extensive—(Optional) Display extensive amount of data.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement modified in Junos OS Release 11.4.
The tenant option is introduced in Junos
OS Release 18.3R1.