Firewall rules set up
Issue 4 May 2005
169
FTP-Proxy does have some issues when operating within a NAT gateway. A protected FTP
server must have a routable address, and the router on the unprotected side of the gateway
must have static route to it the security gateway interface address is the route. Because this is a
proxy application, FTP (TCP) packets destined for external FTP servers or clients will typically
have as source address the address of the interface to which the FTP-Proxy rule was applied.
This shows that FTP-Proxy employs some internal address translation.
Note:
Note:
FTP-Ctrl, Active-FTP, Passive-FTP, and FTP-Proxy services are intended for use
with the ‘keep-state’ firewall rule option.
To add a new firewall rule for FTP-control or passive FTP
1. Complete Steps
1
through
12
, for adding a new rule. Enter the required firewall information
in the wizard.
Note:
Note:
Be sure to define the firewall rule at the interfaces and directions that the FTP
server opens a data connection to the client. For example, if the FTP client is on
the private side of the security gateway and the FTP server is on the public side
of the security gateway, define the interface and direction as Public/In or
Private/Out.
2. Click Next, to display the Source Network Objects dialog. Select FTP Client.
3. Click Next to display the Destination Network Objects dialog. Select the FTP Server.
4. Click Next to display the Services dialog. Select FTP Control and select Passive FTP.
5. Click Finish, to complete the set up of the firewall rules. Click Save.
To add a new firewall rule for active FTP
1. Complete Steps
1
through
12
, for adding a new rule. Enter the required firewall information
in the wizard.
2. Click Next, to display the Source Network Objects dialog. Select FTP Server.
3. Click Next to display the Destination Network Objects dialog. Select the FTP Client.
4. Click Next to display the Services dialog. Select Active FTP.
5. Click Finish, to complete the set up of the firewall rules. Click Save.
Firewall templates
VPNmanager includes predefined firewall templates; high, medium, and low; allowing network
administrators to conveniently build secure policies and use the templates as the security
foundation in many different network locations.
Administrators can also create their own user-defined templates.
Summary of Contents for 3.7
Page 1: ...VPNmanager Configuration Guide Release 3 7 670 100 600 Issue 4 May 2005...
Page 4: ......
Page 20: ...Preface 20 Avaya VPNmanager Configuration Guide Release 3 7...
Page 32: ...Overview of implementation 32 Avaya VPNmanager Configuration Guide Release 3 7...
Page 53: ...Preferences Issue 4 May 2005 53 Figure 16 Tunnel End Point Policy...
Page 54: ...Using VPNmanager 54 Avaya VPNmanager Configuration Guide Release 3 7...
Page 244: ...Using advanced features 244 Avaya VPNmanager Configuration Guide Release 3 7...
Page 292: ...Upgrading firmware and licenses 292 Avaya VPNmanager Configuration Guide Release 3 7...