Enabling alg at the cli, Alg configuration examples at the cli, Ftp alg configuration example – H3C Technologies H3C SecPath F1000-E User Manual

Page 65: Network requirements, Configuration procedure

Enabling ALG at the CLI

Step Command

Remarks

Enter system view.

system-view

N/A

Enable ALG.

alg { all | dns | ftp | gtp | h323 |
ils | msn | nbt | pptp | qq | rtsp |
sccp | sip | sqlnet | tftp }

Optional.
Enabled only for FTP by default.

ALG configuration examples at the CLI

The following examples describe only ALG-related configurations, assuming that other required

configurations on the server and client have been done.

FTP ALG configuration example

Network requirements

As shown in

Figure 54

, a company uses the private network segment 192.168.1.0/24, and has four

public network addresses: 5.5.5.1, 5.5.5.9, 5.5.5.10, and 5.5.5.11. The company wants to provide FTP
services to the outside.
Configure NAT and ALG on the SecPath so that hosts on the external network can access the FTP server

on the internal network.

Figure 54 Network diagram

Configuration procedure

# Configure the address pool and ACL.

system-view

[SecPath] nat address-group 1 5.5.5.9 5.5.5.11

[SecPath] acl number 2001

[SecPath-acl-basic-2001] rule permit

[SecPath-acl-basic-2001] quit

# Enable ALG for FTP.

[SecPath] alg ftp

# Configure NAT.

[SecPath] interface GigabitEthernet 0/1

[SecPath-GigabitEthernet0/1] nat outbound 2001 address-group 1

# Configure internal FTP server.

Host

FTP server

Local: 192.168.1.2
Global: 5.5.5.10

SecPath

Internet

GE0/1
5.5.5.1/24

192.168.1.1/24

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI