1.
Select: my_lw_http_alg
2.
Select User-Agent Filter
3.
Select Add and enter the following to allow Firefox:
•
User-Agent: *Firefox/*
•
Click OK
4.
Select Add and enter the following to allow Chrome:
•
User-Agent: *Chrome/*
•
Click OK
5.
Click OK
Now, create a service object and associate it with this new ALG:
1.
Go to: Local Objects > Services > Add > TCP/UDP service
2.
Enter the following:
•
Name: my_http_service
•
Type: TCP
•
Destination Port: 80,443
•
ALG: my_lw_http_alg
Finally, modify the NAT IP rule to use the new service:
1.
Go to: Policies > Firewalling > Main IP Rules
2.
Select the IP rule called int_to_ext_http
3.
Go to: Service
4.
Select my_http_service from the Service list
5.
Click OK
6.2.4. The FTP ALG
Overview
File Transfer Protocol (FTP) is a TCP/IP-based protocol for exchanging files between a client and a
server. The client initiates the connection by connecting to the FTP server. Normally the client
needs to authenticate itself by providing a predefined login and password. After granting access,
the server will provide the client with a file/directory listing from which it can download/upload
files (depending on access rights). The FTP ALG is used to manage FTP connections through the
NetDefend Firewall.
435
Chapter 6: Security Mechanisms