Conﬁguring TCP port ﬁlter for FTP | Patton electronic 2621, 2603

Models 2603, 2621, and 2635 Getting Started Guide	7 • Security

4.Set Inbound as Block, but Outbound as Allow. (See ﬁgure 51.)

5.Click on Create.

Figure 51. Conﬁguring TCP port ﬁlter for FTP

After conﬁguring the FTP portﬁlter, you can open an ftp session from Remote to Local, however you can issue ftp commands (e.g., login, cd, etc.). Because the trigger to permit transfer of data via FTP has not been deﬁned, no data can be transferred. (Data transfer occurs with the commands ls, dir, get, put commands.) The portﬁlter allows an ftp control channel but does not allow the use of a secondary data channel for passing data by ftp.

To enable the FTP data channel, add a trigger to open a secondary channel only when data is being passed. This minimizes the number of open ports. Each open port is a security risk.

1.From the Conﬁguration Menu, > Conﬁguration > Security > Security Trigger Conﬁguration... > New Trig- ger.

2.Set the parameters as follows (See ﬁgure 52.):

–Transport Type = tcp

–Port Number Start = 21

–Port Number End = 21

–Allow Multiple Hosts = Block

–Max Activity Interval = 3000

–Enable Session Chaining = Block

–Enable UDP Session Chaining = Block

–Binary Address Replacement = Block

–Address Translation Type = none

3.Click on Create.

Security Triggers

76

Image 76

Patton electronic 2621, 2603, 2635 manual Conﬁguring TCP port ﬁlter for FTP

Contents

IPLink Series High Speed Routers Mailsupport@patton.com Summary Table of Contents Contents Contents Models 2603, 2621, and 2635 Getting Started Guide Remote Site Configuration Central site configuration EMC Ethernet Cable 123 Adapter Contents Models 2603, 2621, and 2635 Getting Started Guide List of Figures Models 2603, 2621, and 2635 Getting Started Guide List of Tables Audience About this guideStructure Precautions Impaired functioning Safety when working with electricity General observations Typographical conventions used in this document Factory default parametersGeneral conventions Chapter contents General Information IPLink Series High Speed Routers overview General attributes Ethernet Protocol supportPPP Support WAN Interfaces Security Front Panel Status LEDs and Console Port Rear panel connectors and switches Console port Power connector Ethernet port outlined in green General Information Product Overview Introduction Applications Overview Sync Serial Application Initial Conﬁguration Interface cable installation Hardware installationWhat you will need RJ-48C pinout diagram Models 2603, 2621, and 2635 Getting Started Guide Mechanical serviceability Case being opened with a screwdriver Ethernet connector Interface connector RJ-45 DB-25 Installing the AC power cord DCE Initial Configuration Installing the Ethernet cable Do the following IP address modiﬁcation Web Operation and ConﬁgurationPC Conﬁguration Web Browser Model 2603 home Model 2635 home Ethernet LAN Port LAN Connections Ethernet Port Basic Ethernet port attributes Conﬁgurable Ethernet parameters Serial Port Conﬁguration Serial Interface WAN Serial Port ConﬁgurationVariables Web Interface Conﬁguration T1/E1 Interface Conﬁguration Conﬁguring the IPLink Series 2603 for T1 Operation Web Conﬁguration , enter username See ﬁgure Line Options Fractional T1 Conﬁguring the IPLink Series 2603 for E1 Operation Serial Port Configuration WAN Services PPP Bridged WAN Services PPP Conﬁguration WAN Service ConﬁgurationPPP Bridged Leave User name and Password blank. Click on Create PPP Routed Remote site conﬁguration Click on Create Click the Update button PPP link status LMI Management Frame Relay links LMI Conﬁguration Web Conﬁguration Methods Frame Relay Conﬁguration Dlci Number Use Frame Relay bridged Frame Relay bridged creation Central site conﬁguration Frame Relay Routed Relay Description FR routed Frame Relay Channel Routed conﬁguration Cost Interface frame-0 WAN Services Security Click on Create a new service Conﬁguring the router Click on the Create a new Ip route... hyperlink Conﬁguring the security interfaces Valid gateway route Security conﬁguration home Conﬁguring Security Policies Deﬁne ‘ppp-0’ interface as External Firewall Portﬁlters Enabling the FirewallDeleting a security Policy Security Triggers Add Raw IP Filter Conﬁguring TCP port ﬁlter for FTP Adding trigger for FTP data transfer Intrusion Detection System IDS Attack Name Protocol Attacking Host Blacklisted? Security Enabling NAT Introduction to NATGlobal address pool and reserved map Click on Add Global Address Pool button Dhcp and DNS Conﬁguration Services and features normally associated with each other Dhcp Server NAT Dhcp Server web Parameters for the Dhcp Server subnet Dhcp server conﬁguration web IP Addresses to be available on this subnet Dhcp IP address pool Example based on default range of IP address pool DNS server option information Default gateway option information Additional option informationDhcp Relay Conﬁguration of the Dhcp Relay Dhcp Relay webpage DNS Relay Conﬁguring the DNS Relay DNS Relay conﬁguration webpage IP Services WEB Server IP ServicesCLI Conﬁguration Associated Ports for the different System IP Services System Conﬁguration Authentication Authentication web page showing default superuser Alarm Access the conﬁguration and status of the alarms Remote Access Alarm & Alarm Error Log conﬁguration Backup/Restore UpdateSave Website Settings Restart Error Log Snmp Daemon System Tools Snmp Daemon conﬁguration Sntp Client Conﬁguration Sntp Client Mode Conﬁguration Parameters Conﬁguring the Sntp Client System Clock Setting Sntp Client General Conﬁguration Parameters Conﬁguration of the internal system calendar clock System Status System Status Port Connection Status LAN Status WAN StatusHardware Status Deﬁned Interfaces Status LEDs Contacting Patton for assistance Contact information Warranty coveragePatton support headquarters in the USA Out-of-warranty service Returns for creditReturn for credit policy RMA numbers Appendix a Compliance information EMC Safety ComplianceRadio and TV Interference FCC Part CE Declaration of Conformity Authorized European Representative Appendix B Speciﬁcations General Characteristics EthernetSync Serial Interface T1/E1 Interface PPP Support Protocol SupportManagement Dimensions Power and Power Supply SpeciﬁcationsAC universal power supply VDC power supply Appendix C Cable Recommendations Ethernet Cable Adapter Appendix D IPLink Physical Connectors RJ-45 shielded 10/100 Ethernet port RJ-45 non-shielded RS-232 console port EIA-561 35 M/34 and DB-25 Connector Serial port 21 DB-15 Connector Pin No Circuit Signal Name Direction E1/T1 RJ-48C Connector Pin No Signal Appendix E Command Line Interface CLI Operation Using the Console CLI TerminologyLocal VT-100 emulation Remote Telnet Then Setting user passwords Administering user accountsAdding new users Controlling login access Changing user settingsControlling user access