Configuration procedure – H3C Technologies H3C SecBlade FW Cards User Manual

30

•

The host in the outside network can access the FTP server in the inside network.

•

The company has four public network addresses: 5.5.5.1, 5.5.5.9, 5.5.5.10, and 5.5.5.11, and the
FTP server uses the public network address of 5.5.5.10 to provide services to the outside.

Figure 21 Network diagram for configuring FTP ALG

Configuration procedure

1.

Configure ALG.

# Configure FTP ALG. (By default, the FTP ALG function is enabled, and thus this step can be omitted.)

•

Select Firewall > ALG from the navigation tree.

•

Select ftp in the Optional Application Protocols list and click the << button.

•

Click OK.

2.

Configure an ACL.

# Create a basic ACL.

•

Select Firewall > ACL from the navigation tree and then on the page that appears, click Add.

•

Type 2001 in the ACL Number text box.

•

Click Apply.

# Configure an ACL rule.

•

Click the icon

of ACL 2001 to enter the ACL rule configuration page. Then click Add.

•

Select Permit as the operation.

•

Click Apply.

3.

Configure dynamic NAT and the internal server.

# Configure the address pool.

•

Select Firewall > NAT Policy > Dynamic NAT from the navigation tree. In the Address Pool area,
click Add.

•

Type 1 in the Index text box.

•

Type 5.5.5.9 as the start IP address.

•

Type 5.5.5.11 as the end IP address.

•

Click Apply.

# Configure dynamic NAT.

•

In the Dynamic NAT area, click Add.

•

Select GigabitEthernet0/1.

•

Type 2001 for the ACL field.

•

Select PAT as the address translation.

•

Type 1 as the address pool index.

•

Click Apply.

Host

FTP server

Local: 192.168.1.2
Global: 5.5.5.10

Device

Internet

GE0/1
5.5.5.1/24

192.168.1.1/24