It is assumed that a single NAT IP rule is already configured which allows traffic from the internal
network to the Internet. This rule is called int_to_ext_http
Command-Line Interface
First, create an LW-HTTP ALG object:
gw-world:/> add ALG ALG_LWHTTP my_lw_http_alg
AllowProtocolUpgrade=Yes
UserAgentFilterMode=AllowSelected
Change the CLI context to be the new ALG:
gw-world:/> cc ALG ALG_LWHTTP my_lw_http_alg
Add the User-Agent filter that will allow Firefox:
gw-world:/my_lw_http_alg> add ALG_HTTP_UA UserAgent=*Firefox/*
Add the User-Agent filter that will allow Chrome:
gw-world:/my_lw_http_alg> add ALG_HTTP_UA UserAgent=*Chrome/*
Return to the default CLI context:
gw-world:/my_lw_http_alg> cc
gw-world:/>
Now, create a service object and associate it with this new ALG:
gw-world:/> add Service ServiceTCPUDP my_http_service
Type=TCP
DestinationPorts=80,443
ALG=my_lw_http_alg
Finally, modify the NAT IP rule to use the new service.
gw-world:/> set IPRule int_to_ext_http Service=my_http_service
Web Interface
First, create an LW-HTTP ALG object:
1. Go to: Objects > ALG > Add > LW-HTTP ALG
2. Now enter:
• Name: my_lw_http_alg
• Allow Protocol Upgrade: Enable
• User-Agent Filter Mode: Allow Selected
3. Click OK
Edit the LW-HTTP ALG just created:
Chapter 6: Security Mechanisms
434
To Next Page
Loading...
