Firewall

6

 

Configuring NAT Rules to Securely Access a Remote Network

 

 

 

 

 

Configuring Port Triggering Rules

Port triggering opens an incoming port for a specified type of traffic on a defined outgoing port. When a LAN device makes a connection on one of the defined outgoing ports, the security appliance opens the specified incoming port to support the exchange of data. The open ports will be closed again after 600 seconds when the data exchange is complete.

Port triggering is more flexible and secure than port forwarding, because the incoming ports are not open all the time. They are open only when a program is actively using the trigger port.

Some applications may require port triggering. Such applications require that, when external devices connect to them, they receive data on a specific port or range of ports in order to function properly. The security appliance must send all incoming data for that application only on the required port or range of ports. You can specify a port triggering rule by defining the type of traffic (TCP or UDP) and the range of incoming and outgoing ports to open when enabled.

NOTE Up to 15 port triggering rules can be configured on the security appliance. Port triggering is not appropriate for servers on the LAN, since the LAN device must make an outgoing connection before an incoming port is opened. In this case, you can create the port forwarding rules for this purpose.

STEP 1 Click Firewall > NAT > Port Triggering.

STEP 2 To enable a port triggering rule, check the box in the Enable column.

STEP 3 To add a new port triggering rule, click Add.

Other options: To edit an entry, click the Edit (pencil) icon. To delete an entry, click the Delete (x) icon. To delete multiple entries, check them and click Delete.

The Port Triggering Rule - Add/Edit window opens.

STEP 4 Enter the following information:

Description: Enter the name for the port triggering rule.

Triggered Service: Choose an outgoing TCP or UDP service.

Opened Service: Choose an incoming TCP or UDP service.

If the service that you want is not in the list, choose Create a new service to create a new service object. To maintain the service objects, go to the Networking > Service Management page. See Service Management, page177.

Cisco ISA500 Series Integrated Security Appliances Administration Guide

268

Page 268
Image 268
Casio ISA550WBUN3K9 manual Configuring Port Triggering Rules, Click Firewall NAT Port Triggering