Amer Networks E5Web GUI User Manual

B. Create the Service

1.

Go to: Objects > Services > Add > TCP/UDP Service

2.

Now enter:

•

Name: ftp-outbound-service

•

Type: select TCP from the dropdown list

•

Destination: 21 (the port the ftp server resides on)

•

ALG: ftp-outbound

3.

Click OK

C. Create IP Rules

IP rules need to be created to allow the FTP traffic to pass and these are different depending on if
private or public IPv4 addresses are being used.

i. Using Public IPs

If using public IPs, make sure there are no rules disallowing or allowing the same kind of
ports/traffic before these rules. The service used here is the ftp-outbound-service which should be
using the predefined ALG definition ftp-outbound which is described earlier.

1.

Go to: Policies > Add > IPRule

2.

Now enter:

•

Name: Allow-ftp-outbound

•

Action: Allow

•

Service: ftp-outbound-service

3.

For Address Filter enter:

•

Source Interface: lan

•

Destination Interface: wan

•

Source Network: lan_net

•

Destination Network: all-nets

4.

Click OK

ii. Using Public IPs

If the security gateway is using private IPs with a single external public IP, the following NAT rule
need to be added instead:

1.

Go to: Policies > Add > IPRule

2.

Now enter:

•

Name: NAT-ftp-outbound

Chapter 6: Security Mechanisms

397