D. Traffic from an internal interface needs to be NATed through the public IPv4 address:
gw-world:/> add IPRule Action=NAT
SourceInterface=dmz
SourceNetwork=dmznet
DestinationInterface=core
DestinationNetwork=wan_ip
Service=ftp-inbound-service
NATAction=UseInterfaceAddress
Name=NAT-ftp
E. Allow incoming connections (SAT requires an associated Allow rule):
gw-world:/> add IPRule Action=Allow
SourceInterface=any
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
Service=ftp-inbound-service
Name=Allow-ftp
Web Interface
A. Define the ALG:
(The ALG
ftp-inbound
is already predefined by NetDefendOS but in this example we will show
how it can be created from scratch.)
1.
Go to: Objects > ALG > Add > FTP ALG
2.
Enter Name: ftp-inbound
3.
Check Allow client to use active mode
4.
Uncheck Allow server to use passive mode
5.
Click OK
B. Define the Service:
1.
Go to: Objects > Services > Add > TCP/UDP Service
2.
Enter the following:
•
Name: ftp-inbound-service
•
Type: select TCP from the list
•
Destination: 21 (the port the FTP server resides on)
•
ALG: select
ftp-inbound
created above
3.
Click OK
C. Define a SAT rule allowing connections to the public IP on port 21 and forwarded to the
FTP server:
1.
Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
Chapter 6: Security Mechanisms
442
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...