D. Traffic from an internal interface needs to be NATed through the public IPv4 address:
gw-world:/> add IPRule Action=NAT
SourceInterface=dmz
SourceNetwork=dmznet
DestinationInterface=core
DestinationNetwork=wan_ip
Service=ftp-inbound-service
NATAction=UseInterfaceAddress
Name=NAT-ftp
E. Allow incoming connections (SAT requires an associated Allow rule):
gw-world:/> add IPRule Action=Allow
SourceInterface=any
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
Service=ftp-inbound-service
Name=Allow-ftp
Web Interface
A. Define the ALG:
(The ALG ftp-inbound is already predefined by NetDefendOS but in this example we will show
how it can be created from scratch.)
1. Go to: Objects > ALG > Add > FTP ALG
2. Enter Name: ftp-inbound
3. Check Allow client to use active mode
4. Uncheck Allow server to use passive mode
5. Click OK
B. Define the Service:
1. Go to: Objects > Services > Add > TCP/UDP Service
2. Enter the following:
• Name: ftp-inbound-service
• Type: select TCP from the list
• Destination: 21 (the port the FTP server resides on)
• ALG: select ftp-inbound created above
3. Click OK
C. Define a SAT rule allowing connections to the public IP on port 21 and forwarded to the
FTP server:
1. Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
Chapter 6: Security Mechanisms
442
To Next Page
Loading...
