Manualshelf

R3721-F3210-F3171-HP High-End Firewalls NAT and ALG Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
58596061626364656667
57
Enabling ALG at the CLI
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable ALG.
alg { all | dns | ftp | gtp | h323 | ils
| msn | nbt | pptp | qq | rtsp | sccp
| sip | sqlnet | tftp }
Optional.
Enabled for all protocols by
default.
ALG configuration examples at the CLI
The following examples describe only ALG-related configurations, assuming that other required
configurations on the server and client have been done.
FTP ALG configuration example
Network requirements
As shown in Figure 53, a company uses the private network segment 192.168.1.0/24, and has four
public network addresses: 5.5.5.1, 5.5.5.9, 5.5.5.10, and 5.5.5.11. The company wants to provide FTP
services to the outside.
Configure NAT and ALG on the Firewall so that hosts on the external network can access the FTP server
on the internal network.
Figure 53 Network diagram
Configuration procedure
# Configure the address pool and ACL.
<Firewall> system-view
[Firewall] nat address-group 1 5.5.5.9 5.5.5.11
[Firewall] acl number 2001
[Firewall-acl-basic-2001] rule permit
[Firewall-acl-basic-2001] quit
# Enable ALG for FTP.
[Firewall] alg ftp
# Configure NAT.
[Firewall] interface GigabitEthernet 0/1
[Firewall-GigabitEthernet0/1] nat outbound 2001 address-group 1
# Configure internal FTP server.
[Firewall-GigabitEthernet0/1] nat server protocol tcp global 5.5.5.10 ftp inside
192.168.1.2 ftp