Skip to main content
Best answer by atakannatak

Hi @Marcos_FDS1012 ,

 

What you're describing appears to be a scenario where end users set up FTP servers on their personal phones and transfer data from company systems (such as servers or computers) to these FTP servers. If my understanding is incorrect, please feel free to clarify. For now, I'll provide comments based on this interpretation.

 

In this case, unfortunately, FortiWeb cannot provide a solution, as the FTP server is not under your control or management. Instead, such FTP access attempts can be blocked using FortiGate or any standard firewall. However, there are some limitations to be aware of:

 

  1. Same Network Segment: If the end user's phone and the system transferring data are on the same network segment (i.e., within the same Layer 2 broadcast domain), you won’t be able to apply firewall restrictions effectively, as the traffic doesn’t pass through the firewall.

  2. Non-Standard Ports: FTP services can operate on custom ports. If the FTP server on the phone is using a non-standard port, generic FTP blocking rules may not be effective. In such cases, you should identify the specific TCP/UDP port being used and apply access control based on port numbers rather than relying solely on application-level filtering.

BR.

 

If my answer provided a solution for you, please mark the reply as solved it so that others can get it easily while searching for similar scenarios.

 

CCIE #68781

1 reply

atakannatak
atakannatak
Explorer
April 7, 2025

Hi @Marcos_FDS1012 ,

 

Could you please elaborate on what exactly you’re trying to achieve? It would also be helpful if you could share your current configurations and screenshots from your testing process. With this information, we’ll be able to provide more accurate guidance.

 

In the meantime, you can watch the following video on FortiWeb regarding FTP security. While it covers the basics, it may still be useful in giving you some initial insight.

 

https://www.youtube.com/watch?v=ncSj84Gjft4&t=3s

 

BR.

 

If my answer provided a solution for you, please mark the reply as solved it so that others can get it easily while searching for similar scenarios.

 

CCIE #68781

    Marcos_FDS1012
    Marcos_FDS1012Author
    New Member
    April 8, 2025

    Hello

    Today I have some employees who are creating FTP servers on the cell phone, they are putting the address in the machine's browser to upload company files to this FTP created on the cell phone I wanted to find a way to block this, when he puts the address in the browser block this FTP from him.

    atakannatak
    atakannatakAnswer
    Explorer
    April 8, 2025

    Hi @Marcos_FDS1012 ,

     

    What you're describing appears to be a scenario where end users set up FTP servers on their personal phones and transfer data from company systems (such as servers or computers) to these FTP servers. If my understanding is incorrect, please feel free to clarify. For now, I'll provide comments based on this interpretation.

     

    In this case, unfortunately, FortiWeb cannot provide a solution, as the FTP server is not under your control or management. Instead, such FTP access attempts can be blocked using FortiGate or any standard firewall. However, there are some limitations to be aware of:

     

    1. Same Network Segment: If the end user's phone and the system transferring data are on the same network segment (i.e., within the same Layer 2 broadcast domain), you won’t be able to apply firewall restrictions effectively, as the traffic doesn’t pass through the firewall.

    2. Non-Standard Ports: FTP services can operate on custom ports. If the FTP server on the phone is using a non-standard port, generic FTP blocking rules may not be effective. In such cases, you should identify the specific TCP/UDP port being used and apply access control based on port numbers rather than relying solely on application-level filtering.

    BR.

     

    If my answer provided a solution for you, please mark the reply as solved it so that others can get it easily while searching for similar scenarios.

     

    CCIE #68781

      Terms & ConditionsAccessibility statement