Step 7: create policies for security zone dmz that – Black Box LR1102A-T1/E1 User Manual

Page 66

Advertising
background image

Black Box LR11xx Series Router Configurations Guide

68

Step 5: Verify the firewall policy for Security Zone CORP:

Step 6: Verify that the HTTP filter object in Security Zone CORP is created as configured.

Step 7: Create policies for Security Zone DMZ that:

„

Create an object of type nat-pool with private IP address of FTP server

„

Create an object of type ftp-filter to deny put and mkdir commands

„

Create a firewall policy to allow inbound traffic to FTP server public IP address (193.168.94.221) of priority 100

„

Modify policy 100 to add NAT pool object to translate incoming traffic for FTP server from public IP to private IP.

„

Modify policy 100 to add an FTP filter.

Blackbox/configure>

Blackbox/configure/firewall corp>

Blackbox/configure/firewall corp>

Blackbox/configure/firewall corp> policy 1024 out

Blackbox/configure/firewall corp/policy 1024 out> exit

Blackbox/configure/firewall corp> policy 1021 in deny

Blackbox/configure/firewall corp/policy 1021 in> exit

Blackbox/configure/firewall corp> object

Blackbox/configure/firewall corp/object> http-filter javadeny deny

*.java

Blackbox/configure/firewall corp/object> exit

Blackbox/configure/firewall corp> policy 1024 out nat-ip

193.168.94.220

Blackbox/configure/firewall corp/policy 1024 out> apply-object

http-filter javadeny

Blackbox/configure/firewall corp/policy 1024 out> exit

Blackbox/configure> show firewall policy corp
Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,
R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging,
E - Policy Enabled, M - Smtp-Filter

Pri Dir Source Addr Destination Addr Sport Dport Proto Action Advanced
--- --- ----------- ---------------- ----------------- ------ --------
1021 in any any any any any DENY E
1022 out any any any any any PERMIT SE
1023 in any any any any any PERMIT SE
1024 out any any any any any PERMIT HNE

Blackbox/configure> show firewall object http-filter corp

Object Name Action Log File Extensions

----------- ------ --- ---------------

javadeny deny no *.java

Blackbox/configure>

Advertising
This manual is related to the following products:

LR1112A-T1/E1, LR1114A-T1/E1, LR1104A-T1/E1

Popular Brands
Popular manuals