Foundry/configure# firewall dmz, Foundry/configure/firewall dmz# object, Foundry/configure/firewall dmz/object# exit – Foundry Networks AR3202-CL User Manual
Page 278: Foundry/configure/firewall dmz/policy 100 in# exit, Foundry/configure/firewall dmz# exit, Foundry/configure# show firewall policy dmz, R - rpc-filter, n - nat-ip/nat-pool, l - logging, E - policy enabled, m - smtp-filter, 1022 out any any any any any permit se, 1023 in any any any any any permit se
Security Features
June 2004
© 2004 Foundry Networks, Inc.
15 - 53
Step 8:Verify the firewall policy for Security Zone DMZ:
Step 9: Verify that the FTP filter objects for Security Zone DMZ are created as configured:
Step 10: Create a default route out of the WAN:
Foundry/configure# firewall dmz
Foundry/configure/firewall dmz# object
Foundry/configure/firewall dmz/object# ftp-filter putdeny deny put
mkdir
Foundry/configure/firewall dmz/object# nat-pool ftpsrvr static
10.3.1.100
Foundry/configure/firewall dmz/object# exit
Foundry/configure/firewall dmz# policy 100 in address any any
193.168.94.221 32
Foundry/configure/firewall dmz/policy 100 in# apply-object nat-pool
ftpsrvr
Foundry/configure/firewall dmz/policy 100 in# apply-object ftp-filter
putdeny
Foundry/configure/firewall dmz/policy 100 in# exit
Foundry/configure/firewall dmz# exit
Foundry/configure# show firewall policy dmz
Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,
R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging,
E - Policy Enabled, M - Smtp-Filter
Pri Dir Source Addr Destination Addr Sport Dport Proto Action Advanced
--- --- ----------- ---------------- ----------------- ------ --------
100 in any 193.168.94.221/32 any any any PERMIT FNE
1022 out any any any any any PERMIT SE
1023 in any any any any any PERMIT SE
1024 out any any any any any PERMIT E
Foundry/configure# show firewall object ftp-filter dmz
Object Name Action Log Commands
----------- ------ --- --------
putdeny deny no put mkdir
Foundry/configure#
Foundry/configure# ip route 0.0.0.0 0 wan
Foundry/configure#