Manualshelf

- Foundry Router User Guide

ManualsBrandsFoundry Networks ManualsNetwork RouterAR1216
271272273274275276277278279280
Foundry AR-Series Router User Guide
15 - 52 © 2004 Foundry Networks, Inc. June 2004
Step 5: Verify the firewall policy for Security Zone CORP:
Step 6: Verify that the HTTP filter object in Security Zone CORP is created as configured:
Step 7: Create policies for Security Zone DMZ that:
Create an object of type nat-pool with private IP address of FTP server
Create an object of type ftp-filter to deny put and mkdir commands
Create a firewall policy to allow inbound traffic to FTP server public IP address (193.168.94.221) of priority
100
Modify policy 100 to add NAT pool object to translate incoming traffic for FTP server from public IP to private
IP.
Modify policy 100 to add an FTP filter.
Foundry/configure#
Foundry/configure/firewall corp#
Foundry/configure/firewall corp#
Foundry/configure/firewall corp# policy 1024 out
Foundry/configure/firewall corp/policy 1024 out# exit
Foundry/configure/firewall corp# policy 1021 in deny
Foundry/configure/firewall corp/policy 1021 in# exit
Foundry/configure/firewall corp# object
Foundry/configure/firewall corp/object# http-filter javadeny deny
*.java
Foundry/configure/firewall corp/object# exit
Foundry/configure/firewall corp# policy 1024 out nat-ip
193.168.94.220
Foundry/configure/firewall corp/policy 1024 out# apply-object http-
filter javadeny
Foundry/configure/firewall corp/policy 1024 out# exit
Foundry/configure/firewall corp# exit
Foundry/configure# show firewall policy corp
Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,
R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging,
E - Policy Enabled, M - Smtp-Filter
Pri Dir Source Addr Destination Addr Sport Dport Proto Action Advanced
--- --- ----------- ---------------- ----------------- ------ --------
1021 in any any any any any DENY E
1022 out any any any any any PERMIT SE
1023 in any any any any any PERMIT SE
1024 out any any any any any PERMIT HNE
Foundry/configure# show firewall object http-filter corp
Object Name Action Log File Extensions
----------- ------ --- ---------------
javadeny deny no *.java
Foundry/configure#