Foundry Networks AR1216, AR3202-CL, AR3201-CL Verify the firewall policy for Security Zone Corp

Foundry AR-Series Router User Guide

Foundry/configure# Foundry/configure/firewall corp# Foundry/configure/firewall corp# Foundry/configure/firewall corp# policy 1024 out Foundry/configure/firewall corp/policy 1024 out# exit Foundry/configure/firewall corp# policy 1021 in deny Foundry/configure/firewall corp/policy 1021 in# exit Foundry/configure/firewall corp# object Foundry/configure/firewall corp/object# http-filter javadeny deny *.java

Foundry/configure/firewall corp/object# exit Foundry/configure/firewall corp# policy 1024 out nat-ip 193.168.94.220

Foundry/configure/firewall corp/policy 1024 out# apply-object http- filter javadeny

Foundry/configure/firewall corp/policy 1024 out# exit Foundry/configure/firewall corp# exit

Step 5: Verify the firewall policy for Security Zone CORP:

Foundry/configure# show firewall policy corp

Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,

R- Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging, E - Policy Enabled, M - Smtp-Filter

Step 6: Verify that the HTTP filter object in Security Zone CORP is created as configured:

Foundry/configure#

Step 7: Create policies for Security Zone DMZ that:

•Create an object of type nat-poolwith private IP address of FTP server

•Create an object of type ftp-filterto deny put and mkdir commands

•Create a firewall policy to allow inbound traffic to FTP server public IP address (193.168.94.221) of priority 100

•Modify policy 100 to add NAT pool object to translate incoming traffic for FTP server from public IP to private IP.

•Modify policy 100 to add an FTP filter.