Filter
Top Products
Black Box LR11xx Series Router Configurations Guide
68
Step 5: Verify the firewall policy for Security Zone CORP:
Step 6: Verify that the HTTP filter object in Security Zone CORP is created as configured.
Step 7: Create policies for Security Zone DMZ that:
Create an object of type nat-pool with private IP address of FTP server
Create an object of type ftp-filter to deny put and mkdir commands
Create a firewall policy to allow inbound traffic to FTP server public IP address (193.168.94.221) of priority 100
Modify policy 100 to add NAT pool object to translate incoming traffic for FTP server from public IP to private IP.
Modify policy 100 to add an FTP filter.
Blackbox/configure>
Blackbox/configure/firewall corp>
Blackbox/configure/firewall corp>
Blackbox/configure/firewall corp> policy 1024 out
Blackbox/configure/firewall corp/policy 1024 out> exit
Blackbox/configure/firewall corp> policy 1021 in deny
Blackbox/configure/firewall corp/policy 1021 in> exit
Blackbox/configure/firewall corp> object
Blackbox/configure/firewall corp/object> http-filter javadeny deny
*.java
Blackbox/configure/firewall corp/object> exit
Blackbox/configure/firewall corp> policy 1024 out nat-ip
193.168.94.220
Blackbox/configure/firewall corp/policy 1024 out> apply-object
http-filter javadeny
Blackbox/configure/firewall corp/policy 1024 out> exit
Blackbox/configure> show firewall policy corp
Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,
R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging,
E - Policy Enabled, M - Smtp-Filter
Pri Dir Source Addr Destination Addr Sport Dport Proto Action Advanced
--- --- ----------- ---------------- ----------------- ------ --------
1021 in any any any any any DENY E
1022 out any any any any any PERMIT SE
1023 in any any any any any PERMIT SE
1024 out any any any any any PERMIT HNE
Blackbox/configure> show firewall object http-filter corp
Object Name Action Log File Extensions
----------- ------ --- ---------------
javadeny deny no *.java
Blackbox/configure>