Amer Networks E5Web GUI User Manual
Page 394
5.
Click OK
B. Define the Service:
1.
Go to: Objects > Services > Add > TCP/UDP Service
2.
Enter the following:
•
Name: ftp-inbound-service
•
Type: select TCP from the list
•
Destination: 21 (the port the FTP server resides on)
•
ALG: select ftp-inbound created above
3.
Click OK
C. Define a rule to allow connections to the public IP on port 21 and forward that to the internal
FTP server:
1.
Go to: Policies > Add > IPRule
2.
Now enter:
•
Name: SAT-ftp-inbound
•
Action: SAT
•
Service: ftp-inbound-service
3.
For Address Filter enter:
•
Source Interface: any
•
Destination Interface: core
•
Source Network: all-nets
•
Destination Network: wan_ip (assuming the external interface has been defined as
this)
4.
For SAT check Translate the Destination IP Address
5.
Enter To: New IP Address: ftp-internal (assume this internal IP address for FTP server has
been defined in the address book object)
6.
New Port: 21
7.
Click OK
D. Traffic from the internal interface needs to be NATed through a single public IPv4 address:
1.
Go to: Policies > Add > IPRule
2.
Now enter:
•
Name: NAT-ftp
Chapter 6: Security Mechanisms
394