Patton electronic 2621, 2603, 2635 manual Configuring TCP port filter for FTP

Page 76

Models 2603, 2621, and 2635 Getting Started Guide

7 • Security

 

 

4.Set Inbound as Block, but Outbound as Allow. (See figure 51.)

5.Click on Create.

Figure 51. Configuring TCP port filter for FTP

After configuring the FTP portfilter, you can open an ftp session from Remote to Local, however you can issue ftp commands (e.g., login, cd, etc.). Because the trigger to permit transfer of data via FTP has not been defined, no data can be transferred. (Data transfer occurs with the commands ls, dir, get, put commands.) The portfilter allows an ftp control channel but does not allow the use of a secondary data channel for passing data by ftp.

To enable the FTP data channel, add a trigger to open a secondary channel only when data is being passed. This minimizes the number of open ports. Each open port is a security risk.

1.From the Configuration Menu, > Configuration > Security > Security Trigger Configuration... > New Trig- ger.

2.Set the parameters as follows (See figure 52.):

Transport Type = tcp

Port Number Start = 21

Port Number End = 21

Allow Multiple Hosts = Block

Max Activity Interval = 3000

Enable Session Chaining = Block

Enable UDP Session Chaining = Block

Binary Address Replacement = Block

Address Translation Type = none

3.Click on Create.

Security Triggers

76

Image 76
Contents IPLink Series High Speed Routers Mailsupport@patton.com Summary Table of Contents Contents Contents Models 2603, 2621, and 2635 Getting Started Guide Remote Site Configuration Central site configuration EMC Ethernet Cable 123 Adapter Contents Models 2603, 2621, and 2635 Getting Started Guide List of Figures Models 2603, 2621, and 2635 Getting Started Guide List of Tables Audience About this guideStructure Precautions Impaired functioningSafety when working with electricity General observationsTypographical conventions used in this document Factory default parametersGeneral conventions Chapter contents General InformationIPLink Series High Speed Routers overview General attributesEthernet Protocol supportPPP Support WAN InterfacesSecurity Front Panel Status LEDs and Console PortRear panel connectors and switches Console portPower connector Ethernet port outlined in greenGeneral Information Product Overview Introduction Applications Overview Sync Serial ApplicationInitial Configuration Interface cable installation Hardware installationWhat you will need RJ-48C pinout diagram Models 2603, 2621, and 2635 Getting Started Guide Mechanical serviceability Case being opened with a screwdriver Ethernet connector Interface connector RJ-45 DB-25 Installing the AC power cord DCEInitial Configuration Installing the Ethernet cable Do the followingIP address modification Web Operation and ConfigurationPC Configuration Web BrowserModel 2603 home Model 2635 home Ethernet LAN Port LAN Connections Ethernet PortBasic Ethernet port attributes Configurable Ethernet parameters Serial Port Configuration Serial Interface WAN Serial Port ConfigurationVariables Web Interface Configuration T1/E1 Interface ConfigurationConfiguring the IPLink Series 2603 for T1 Operation Web Configuration , enter username See figureLine Options Fractional T1 Configuring the IPLink Series 2603 for E1 OperationSerial Port Configuration WAN Services PPP BridgedWAN Services PPP Configuration WAN Service ConfigurationPPP Bridged Leave User name and Password blank. Click on Create PPP Routed Remote site configurationClick on Create Click the Update button PPP link status LMI Management Frame Relay links LMI ConfigurationWeb Configuration Methods Frame Relay Configuration Dlci Number UseFrame Relay bridged Frame Relay bridged creationCentral site configuration Frame Relay Routed RelayDescription FR routed Frame Relay Channel Routed configuration Cost Interface frame-0 WAN Services Security Click on Create a new service Configuring the routerClick on the Create a new Ip route... hyperlink Configuring the security interfaces Valid gateway routeSecurity configuration home Configuring Security Policies Define ‘ppp-0’ interface as ExternalFirewall Portfilters Enabling the FirewallDeleting a security Policy Security Triggers Add Raw IP FilterConfiguring TCP port filter for FTP Adding trigger for FTP data transfer Intrusion Detection System IDS Attack Name Protocol Attacking Host Blacklisted?Security Enabling NAT Introduction to NATGlobal address pool and reserved map Click on Add Global Address Pool button Dhcp and DNS Configuration Services and features normally associated with each other Dhcp Server NATDhcp Server web Parameters for the Dhcp Server subnet Dhcp server configuration webIP Addresses to be available on this subnet Dhcp IP address poolExample based on default range of IP address pool DNS server option informationDefault gateway option information Additional option informationDhcp Relay Configuration of the Dhcp RelayDhcp Relay webpage DNS Relay Configuring the DNS RelayDNS Relay configuration webpage IP Services WEB Server IP ServicesCLI Configuration Associated Ports for the different System IP Services System Configuration Authentication Authentication web page showing default superuserAlarm Access the configuration and status of the alarmsRemote Access Alarm & Alarm Error Log configurationBackup/Restore UpdateSave Website Settings RestartError Log Snmp DaemonSystem Tools Snmp Daemon configurationSntp Client Configuration Sntp Client Mode Configuration Parameters Configuring the Sntp ClientSystem Clock Setting Sntp Client General Configuration ParametersConfiguration of the internal system calendar clock System Status System Status Port Connection StatusLAN Status WAN StatusHardware Status Defined InterfacesStatus LEDs Contacting Patton for assistance Contact information Warranty coveragePatton support headquarters in the USA Out-of-warranty service Returns for creditReturn for credit policy RMA numbersAppendix a Compliance information EMCSafety ComplianceRadio and TV Interference FCC Part CE Declaration of ConformityAuthorized European Representative Appendix B Specifications General Characteristics EthernetSync Serial Interface T1/E1 InterfacePPP Support Protocol SupportManagement Dimensions Power and Power Supply SpecificationsAC universal power supply VDC power supplyAppendix C Cable Recommendations Ethernet Cable AdapterAppendix D IPLink Physical Connectors RJ-45 shielded 10/100 Ethernet port RJ-45 non-shielded RS-232 console port EIA-56135 M/34 and DB-25 Connector Serial port21 DB-15 Connector Pin No Circuit Signal Name DirectionE1/T1 RJ-48C Connector Pin No SignalAppendix E Command Line Interface CLI Operation Using the Console CLI TerminologyLocal VT-100 emulation Remote TelnetThen Setting user passwords Administering user accountsAdding new users Controlling login access Changing user settingsControlling user access
Related manuals
Manual 133 pages 40.62 Kb Manual 8 pages 11.19 Kb