beautypg.com

Foundry/configure, Foundry/configure/firewall corp, Foundry/configure/firewall corp# policy 1024 out – Foundry Networks AR3202-CL User Manual

Page 277: Foundry/configure/firewall corp# object, Foundry/configure/firewall corp/object# exit, Foundry/configure/firewall corp# exit, Foundry/configure# show firewall policy corp, R - rpc-filter, n - nat-ip/nat-pool, l - logging, E - policy enabled, m - smtp-filter, 1021 in any any any any any deny e

background image

Foundry AR-Series Router User Guide

15 - 52

© 2004 Foundry Networks, Inc.

June 2004

Step 5: Verify the firewall policy for Security Zone CORP:

Step 6: Verify that the HTTP filter object in Security Zone CORP is created as configured:

Step 7: Create policies for Security Zone DMZ that:

Create an object of type nat-pool with private IP address of FTP server

Create an object of type ftp-filter to deny put and mkdir commands

Create a firewall policy to allow inbound traffic to FTP server public IP address (193.168.94.221) of priority
100

Modify policy 100 to add NAT pool object to translate incoming traffic for FTP server from public IP to private
IP.

Modify policy 100 to add an FTP filter.

Foundry/configure#

Foundry/configure/firewall corp#

Foundry/configure/firewall corp#

Foundry/configure/firewall corp# policy 1024 out

Foundry/configure/firewall corp/policy 1024 out# exit

Foundry/configure/firewall corp# policy 1021 in deny

Foundry/configure/firewall corp/policy 1021 in# exit

Foundry/configure/firewall corp# object

Foundry/configure/firewall corp/object# http-filter javadeny deny

*.java

Foundry/configure/firewall corp/object# exit

Foundry/configure/firewall corp# policy 1024 out nat-ip

193.168.94.220

Foundry/configure/firewall corp/policy 1024 out# apply-object http-

filter javadeny

Foundry/configure/firewall corp/policy 1024 out# exit

Foundry/configure/firewall corp# exit

Foundry/configure# show firewall policy corp
Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,
R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging,
E - Policy Enabled, M - Smtp-Filter

Pri Dir Source Addr Destination Addr Sport Dport Proto Action Advanced
--- --- ----------- ---------------- ----------------- ------ --------
1021 in any any any any any DENY E
1022 out any any any any any PERMIT SE
1023 in any any any any any PERMIT SE
1024 out any any any any any PERMIT HNE

Foundry/configure# show firewall object http-filter corp

Object Name Action Log File Extensions

----------- ------ --- ---------------

javadeny deny no *.java

Foundry/configure#

This manual is related to the following products:
See also other documents in the category Foundry Networks Hardware: