•
Action: Allow
•
Service: ftp-inbound-service
3.
For Address Filter enter:
•
Source Interface: any
•
Destination Interface: core
•
Source Network: all-nets
•
Destination Network: wan_ip
4.
Click OK
Example 6.4. Protecting FTP Clients
This example shows how to protect an FTP client behind a NetDefend Firewall that is connecting
to FTP servers on the Internet. The diagram below illustrates this scenario.
The FTP ALG restrictions are as follows.
•
Disable the Allow client to use active mode FTP ALG option so clients can only use passive
mode. This is much safer for the client.
•
Enable the Allow server to use passive mode FTP ALG option. This allows clients on the
inside to connect to FTP servers that support active and passive mode across the Internet.
Command-Line Interface
A. Define the ALG:
gw-world:/> add ALG ALG_FTP ftp-outbound
AllowClientActive=Yes
AllowServerPassive=Yes
444
Chapter 6: Security Mechanisms