D-Link DFL-260E User Manual for DFL-260E - Page 278
Objects > Services > Add > TCP/UDP Service, Objects > ALG > Add > FTP ALG
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 278 highlights
6.2.3. The FTP ALG Chapter 6. Security Mechanisms 1. Go to: Objects > ALG > Add > FTP ALG 2. Enter Name: ftp-outbound 3. Uncheck Allow client to use active mode 4. Check Allow server to use passive mode 5. Click OK B. Create the Service 1. Go to: Objects > Services > Add > TCP/UDP Service 2. Now enter: • Name: ftp-outbound-service • Type: select TCP from the dropdown list • Destination: 21 (the port the ftp server resides on) • ALG: ftp-outbound 3. Click OK C. Create IP Rules IP rules need to be created to allow the FTP traffic to pass and these are different depending on if private or public IPv4 addresses are being used. i. Using Public IPs If using public IPs, make sure there are no rules disallowing or allowing the same kind of ports/traffic before these rules. The service used here is the ftp-outbound-service which should be using the predefined ALG definition ftp-outbound which is described earlier. 1. Go to: Rules > IP Rules > Add > IPRule 2. Now enter: • Name: Allow-ftp-outbound • Action: Allow • Service: ftp-outbound-service 3. For Address Filter enter: • Source Interface: lan • Destination Interface: wan • Source Network: lannet • Destination Network: all-nets 4. Click OK ii. Using Public IPs If the firewall is using private IPs with a single external public IP, the following NAT rule need to be added instead: 1. Go to: Rules > IP Rules > Add > IPRule 2. Now enter: • Name: NAT-ftp-outbound • Action: NAT • Service: ftp-outbound-service 3. For Address Filter enter: 278