Foundry AR-Series Router User Guide
Foundry/configure# Foundry/configure/firewall corp# Foundry/configure/firewall corp# Foundry/configure/firewall corp# policy 1024 out Foundry/configure/firewall corp/policy 1024 out# exit Foundry/configure/firewall corp# policy 1021 in deny Foundry/configure/firewall corp/policy 1021 in# exit Foundry/configure/firewall corp# object Foundry/configure/firewall corp/object#
Foundry/configure/firewall corp/object# exit Foundry/configure/firewall corp# policy 1024 out
Foundry/configure/firewall corp/policy 1024 out#
Foundry/configure/firewall corp/policy 1024 out# exit Foundry/configure/firewall corp# exit
Step 5: Verify the firewall policy for Security Zone CORP:
Foundry/configure# show firewall policy corp
Advanced: S - Self Traffic, F -
R-
Pri | Dir | Source Addr | Destination Addr | Sport | Dport | Proto | Action | Advanced |
1021 | in | any | any | any | any | any | DENY | E |
1022 | out | any | any | any | any | any | PERMIT | SE |
1023 | in | any | any | any | any | any | PERMIT | SE |
1024 | out | any | any | any | any | any | PERMIT | HNE |
Step 6: Verify that the HTTP filter object in Security Zone CORP is created as configured:
Foundry/configure# show | firewall object | ||
Object Name | Action Log | File Extensions | |
javadeny | deny | no | *.java |
Foundry/configure#
Step 7: Create policies for Security Zone DMZ that:
•Create an object of type
•Create an object of type
•Create a firewall policy to allow inbound traffic to FTP server public IP address (193.168.94.221) of priority 100
•Modify policy 100 to add NAT pool object to translate incoming traffic for FTP server from public IP to private IP.
•Modify policy 100 to add an FTP filter.
15 - 52 | © 2004 Foundry Networks, Inc. | June 2004 |
