Not if there is an Access-list applied on the interface. Also if it is active FTP then it needs to recognize it as FTP in order to allow the opening of the data port.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Vybhav Ramachandran Sent: Monday, July 05, 2010 12:19 PM To: Kingsley Charles Cc: OSL Security Subject: Re: [OSL | CCIE_Security] Lab 16 task 1.5 MPF for FTP Hello Kings, But why do we need to inspect the FTP traffic.Don't we just need to allow hosts on the outside to access the FTP servers on the DMZ using an ACL. The return traffic will be permitted. Please correct me if i'm wrong, but isn't inspection needed if we are initiating the traffic from a higher to lower security? I'm confused :) Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
