Security Features

Foundry/configure# firewall dmz Foundry/configure/firewall dmz# object Foundry/configure/firewall dmz/object# ftp-filter putdeny deny put mkdir

Foundry/configure/firewall dmz/object# nat-pool ftpsrvr static 10.3.1.100

Foundry/configure/firewall dmz/object# exit Foundry/configure/firewall dmz# policy 100 in address any any 193.168.94.221 32

Foundry/configure/firewall dmz/policy 100 in# apply-object nat-pool ftpsrvr

Foundry/configure/firewall dmz/policy 100 in# apply-object ftp-filter putdeny

Foundry/configure/firewall dmz/policy 100 in# exit Foundry/configure/firewall dmz# exit

Step 8:Verify the firewall policy for Security Zone DMZ:

Foundry/configure# show firewall policy dmz

Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,

R- Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging, E - Policy Enabled, M - Smtp-Filter

Pri

Dir

Source Addr

Destination Addr

Sport

Dport

Proto Action Advanced

---

---

-----------

----------------

-----------------

------ --------

100

in

any

193.168.94.221/32

any

any

any

PERMIT FNE

1022

out

any

any

any

any

any

PERMIT SE

1023

in

any

any

any

any

any

PERMIT SE

1024

out

any

any

any

any

any

PERMIT E

Step 9: Verify that the FTP filter objects for Security Zone DMZ are created as configured:

Foundry/configure# show firewall object ftp-filter dmz

Object Name

Action

Log

Commands

-----------

------

---

--------

putdeny

deny

no

put mkdir

Foundry/configure#

Step 10: Create a default route out of the WAN:

Foundry/configure# ip route 0.0.0.0 0 wan

Foundry/configure#

June 2004

© 2004 Foundry Networks, Inc.

15 - 53

Page 277 Page 279
Page 278
Image 278
Foundry Networks AR3201, AR3202-CL Verify the firewall policy for Security Zone DMZ, Create a default route out of the WAN
Page 277 Page 279
Top Page Image Contents