2.
Now enter:
•
Name: SAT-ftp-inbound
•
Action: SAT
•
Service: ftp-inbound-service
3.
For Address Filter enter:
•
Source Interface: any
•
Destination Interface: core
•
Source Network: all-nets
•
Destination Network: wan_ip (assuming the external interface has been defined as
this)
4.
For SAT check Translate the Destination IP Address
5.
Enter To: New IP Address: ftp-internal
6.
New Port: 21
7.
Click OK
D. Traffic from an internal interface needs to be NATed through the public IPv4 address:
1.
Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2.
Now enter:
•
Name: NAT-ftp
•
Action: NAT
•
Service: ftp-inbound-service
3.
For Address Filter enter:
•
Source Interface: dmz
•
Destination Interface: core
•
Source Network: dmznet
•
Destination Network: wan_ip
4.
For NAT check Use Interface Address
5.
Click OK
E. Allow incoming connections (SAT requires an associated Allow rule):
1.
Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2.
Now enter:
•
Name: Allow-ftp
443
Chapter 6: Security Mechanisms