HP VPN Firewall Appliances Attack Protection Configuration Guide
110
NOTE:
• POP3 filtering policies created in system view belong to the default VD.
• POP3 filtering policies created in VD view belong to the corresponding VD.
Configuring an FTP filtering policy
You can specify multiple filtering entries for filtering FTP packets in an FTP filtering policy. Packets that
match any filtering entry are dropped.
An FTP filtering policy can contain different types of filtering entries and each type can contain multiple
filtering entries.
To configure an FTP filtering policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD view.
switchto vd vd-name
This command is required for
entering the system view of a
non-default VD.
3. Create an FTP filtering
policy and enter its view.
content-filtering ftp-policy
policy-name
By default, no FTP filtering policy
exists.
4. Specify a keyword filtering
entry for command word
filtering.
command-filtering keyword-entry
keyword-entry-name
Optional.
By default, no keyword filtering entry
is specified for command word
filtering.
5. Specify a filename filtering
entry for upload filename
filtering.
upload-filename-filtering
filename-entry filename-entry-name
Optional.
By default, no filename filtering entry
is specified for upload filename
filtering.
6. Specify a filename filtering
entry for download
filename filtering.
download-filename-filtering
filename-entry filename-entry-name
Optional.
By default, no filename filtering entry
is specified for download filename
filtering.
7. Enable FTP filtering
logging.
logging enable
Optional.
By default, FTP filtering logging is
disabled.
FTP filtering logging takes effect only
when interzone policy rule logging is
enabled.
NOTE:
• FTP filtering policies created in system view belong to the default VD.
• FTP filtering policies created in VD view belong to the corresponding VD.
Configuring a Telnet filtering policy
You can specify multiple filtering entries for filtering Telnet packets in a Telnet filtering policy. Packets that
match any filtering entry are dropped.