Configuring Policy-Specific Properties; Configuring Firewall Objects - Nortel Secure 4134 Configuration

Variable
{ {forward-direction |
reverse-direction} {tcp
| udp} <start-port>
<end-port>}
[timeout <timeout>]
[status {enable |
disable}]
Configuring policy-specific properties
Configuring firewall objects
With firewall objects, you can assign a set of policy parameters to an object
entity, and then apply these configured parameters to one or more policies.
The ability to differentiate and name different sets of parameters can make
your policies easier to write and, when applied, understand.
You can configure objects globally or for a specific firewall zone. When
configured globally, configured objects can be applied to any number of
policies in any map. When configured for a specific map, the object is
available for that map only.
Procedure steps
Step
1
2
3
4
Copyright © 2007, Nortel Networks
.
Value
Specifies the protocol (TCP or UDP) and the port
numbers (start and end port) to open in the same
direction (forward-direction) or opposite direction
(reverse-direction) as the established control
connection.
Port trigger timeout. Default: 600
Enables or disables same-direction or
reverse-direction conduits through the firewall.
(default: enable)
Action
To enter configuration mode, enter:
configure terminal
To specify the map name to configure, or global firewall configuration,
enter:
firewall [global | <map-name>]
To specify firewall objects configuration, enter:
object
To configure the firewall objects, enter:
[no] [address <object-name> <ipaddress>]
[ftp-filter <object-name> {permit | deny | log}
<ftp-commands>]
[http-filter <object-name> {deny | log} <web-extension
s>]
[nat-pool <object-name> {static | dynamic | pat}
<NAT-startip> <NAT-endip>]
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600 01.02 Standard
10.0 3 August 2007
Configuring policy-specific properties 95