6.2.3. The FTP ALG
Example 6.3. Protecting FTP Clients
In this scenario shown below the NetDefend Firewall is protecting a workstation that will connect to FTP servers
on the Internet.
To make it possible to connect to these servers from the internal network using the FTP ALG, the FTP ALG and
rules should be configured as follows:
Web Interface
A. Create the FTP ALG:
1.
Go to Objects > ALG > Add > FTP ALG
2.
Enter Name: ftp-outbound
3.
Uncheck Allow client to use active mode
4.
Check Allow server to use passive mode
5.
Click OK
B. Create the Service:
1.
Go to Objects > Services > Add > TCP/UDP Service
2.
Now enter:
•
Name: ftp-outbound
•
Type: select TCP from the dropdown list
•
Destination: 21 (the port the ftp server resides on)
•
ALG: select the newly created ftp-outbound
3.
Click OK
216
Chapter 6. Security Mechanisms