The Tftp Alg - D-Link DFL-1660 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
6.2.4. The TFTP ALG
•
Source Interface: lan
•
Destination Interface: wan
•
Source Network: lannet
•
Destination Network: all-nets
4.
Check Use Interface Address
5.
Click OK
Setting Up FTP Servers with Passive Mode
An important point about FTP server setup needs to be made if the FTP ALG is being used along
with passive mode.
Usually, the FTP server will be protected behind the NetDefend Firewall and NetDefendOS will
SAT-Allow connections to it from external clients that are connecting across the public Internet. If
FTP Passive mode is allowed and a client connects with this mode then the FTP server must return
an IP address and port to the client on which it can set up the data transfer connection.
This IP address is normally manually specified by the administrator in the FTP server software and
the natural choice is to specify the external IP address of the interface on the firewall that connects
to the Internet. This is, however, wrong if the FTP ALG is being used.
Instead, the local, internal IP address of the FTP server should be specified when setting up the FTP
server.
6.2.4. The TFTP ALG
Trivial File Transfer Protocol (TFTP) is a much simpler version of FTP with more limited
capabilities. Its purpose is to allow a client to upload files to or download files from a host system.
TFTP data transport is based on the UDP protocol and therefore it supplies its own transport and
session control protocols which are layered onto UDP.
TFTP is widely used in enterprise environments for updating software and backing up
configurations on network devices. TFTP is recognized as being an inherently insecure protocol and
its usage is often confined to internal networks. The NetDefendOS ALG provides an extra layer of
security to TFTP in being able to put restrictions on its use.
General TFTP Options
Allow/Disallow Read
Allow/Disallow Write
Remove Request Option
Allow Unknown Options
The TFTP GET function can be disabled so that files cannot
be retrieved by a TFTP client. The default value is Allow.
The TFTP PUT function can be disabled so that files cannot
be written by a TFTP client. The default value is Allow.
Specifies if options should be removed from request. The
default is False which means "do not remove".
If this option is not enabled then any option in a request other
than the blocksize, the timeout period and the file transfer size
is blocked. The setting is disabled by default.
285
Chapter 6. Security Mechanisms
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
