Background
By default, when you create a new Firewall Policy with
the FTP protocol included, this access rule will only
permit to download from any FTP site, but
will not allow you to upload ( write ) to these FTP sites.
Configuration
-
Open ISA Management Console
- Create a new Access rule, Right click
Firewall
Policy , then click on New then choose Access Rule
( If you already have a Firewall
Policy for the FTP Protocol, then skip these
steps and jump to step 14)

This also can be done from the Right Pane,
under the Tasks bar :

-
The New Access Rule Wizard will be launched,
give a name to your new rule , in this example we
will name it Allow FTP R/W
( Read/ Write ), then click
Next

-
In the Rule Action page, we choose which
action we want to grant for our users, in this
example we want to grant them the FTP
access, so we choose Allow, then click
Next
-
In the Protocols page, From the drop down
list of This Rule Applies To, choose
Selected Protocols
,

click on Add button, the Add Protocol
page will open, choose the FTP protocol and click
on Add , then click Close

The FTP Protocol will be selected , click Next

On the Access Rule Sources page, click the
Add button. In the Add Network Entities
dialog box, click on the Networks folder.
Double click on the Internal network, then
click the Close button in the Add Network
Entities dialog box. Click Next in the
Access Rule Sources dialog box.

Click the Add button on the Access Rule
Destinations page. In the Add Network
Entities dialog box, click the Networks
folder. Double click the External entry and
click Close in the Add Network Entities
dialog box. Click Next on the Access
Rule Destinations page.

On the User Sets page, accept the default
setting of All Users.

Review your settings and click Finish on the
Completing the New Access Rule Wizard page.

Click the Apply button to save the changes
and update the firewall policy. This button is
located at the top of the Details pane
(the middle pane) of the console.

Your rule will look this :
The rule you have just created will only permit your
to download anything from the FTP sites you visit,
but will not allow you to upload, in order to have
the ability to upload, follow the following steps
Right click your FTP Rule, then click on
Configure FTP

In this page, remove the tick beside the
Read
Only, then click OK

Click the Apply button to save the changes
and update the firewall policy.

Summary
In
this article, we learned how to create a new Access Rule
to allow FTP through ISA server, we also learned why by default we can not upload to any
ftp site and how to enable
FTP uploads.
Related Links
How
the FTP protocol Challenges Firewall Security