Table of Contents
Advertisement
The FTP ALG restrictions will be set as follows:
•
Enable the Allow client to use active mode FTP ALG option so clients can use both active
and passive modes.
•
Disable the Allow server to use passive mode FTP ALG option. This is more secure for the
server as it will never receive passive mode data. The FTP ALG will handle all conversion if a
client connects using passive mode.
Assume the private IPv4 address of the FTP server is already defined in the address book and has
the name ftp-internal.
Command-Line Interface
A. Define the ALG:
gw-world:/> add ALG ALG_FTP ftp-inbound
B. Define the Service:
gw-world:/> add Service ServiceTCPUDP ftp-inbound-service
C. Define a SAT rule allowing connections to the public IP on port 21 and forwarded to the
FTP server:
gw-world:/> add IPRule Action=SAT
AllowClientActive=Yes
AllowServerPassive=Yes
DestinationPorts=21
Type=TCP
ALG=ftp-inbound
Service=ftp-inbound-service
SourceInterface=any
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
SATTranslate=DestinationIP
SATTranslateToIP=ftp-internal
Name=SAT-ftp-inbound
441
Chapter 6: Security Mechanisms
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the NetDefendOS and is the answer not in the manual?