2. Now enter:
• Name: SAT-ftp-inbound
• Action: SAT
• Service: ftp-inbound-service
3. For Address Filter enter:
• Source Interface: any
• Destination Interface: core
• Source Network: all-nets
• Destination Network: wan_ip (assuming the external interface has been defined as
this)
4. For SAT check Translate the Destination IP Address
5. Enter To: New IP Address: ftp-internal
6. New Port: 21
7. Click OK
D. Traffic from an internal interface needs to be NATed through the public IPv4 address:
1. Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2. Now enter:
• Name: NAT-ftp
• Action: NAT
• Service: ftp-inbound-service
3. For Address Filter enter:
• Source Interface: dmz
• Destination Interface: core
• Source Network: dmznet
• Destination Network: wan_ip
4. For NAT check Use Interface Address
5. Click OK
E. Allow incoming connections (SAT requires an associated Allow rule):
1. Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2. Now enter:
• Name: Allow-ftp
Chapter 6: Security Mechanisms
443
To Next Page
Loading...
