Models 2603, 2621, and 2635 Getting Started Guide | 7 • Security |
|
|
4.Set Inbound as Block, but Outbound as Allow. (See figure 51.)
5.Click on Create.
Figure 51. Configuring TCP port filter for FTP
After configuring the FTP portfilter, you can open an ftp session from Remote to Local, however you can issue ftp commands (e.g., login, cd, etc.). Because the trigger to permit transfer of data via FTP has not been defined, no data can be transferred. (Data transfer occurs with the commands ls, dir, get, put commands.) The portfilter allows an ftp control channel but does not allow the use of a secondary data channel for passing data by ftp.
To enable the FTP data channel, add a trigger to open a secondary channel only when data is being passed. This minimizes the number of open ports. Each open port is a security risk.
1.From the Configuration Menu, > Configuration > Security > Security Trigger Configuration... > New Trig- ger.
2.Set the parameters as follows (See figure 52.):
–Transport Type = tcp
–Port Number Start = 21
–Port Number End = 21
–Allow Multiple Hosts = Block
–Max Activity Interval = 3000
–Enable Session Chaining = Block
–Enable UDP Session Chaining = Block
–Binary Address Replacement = Block
–Address Translation Type = none
3.Click on Create.
Security Triggers | 76 |