User manual
• Action: SAT
• Service: ftp-inbound
3. For Address Filter enter:
• Source Interface: any
• Destination Interface: core
• Source Network: all-nets
• Destination Network: wan_ip (assuming the external interface has been defined as this)
4. For SAT check Translate the Destination IP Address
5. Enter To: New IP Address: ftp-internal (assume this internal IP address for FTP server has been defined in
the Address Book object)
6. New Port: 21
7. Click OK
D. Traffic from the internal interface needs to be NATed:
1. Go to Rules > IP Rules > Add > IPRule
2. Now enter:
• Name: NAT-ftp
• Action: NAT
• Service: ftp-inbound
3. For Address Filter enter:
• Source Interface: dmz
• Destination Interface: core
• Source Network: dmznet
• Destination Network: wan_ip
4. For NAT check Use Interface Address
5. Click OK
E. Allow incoming connections (SAT requires a second Allow rule):
1. Go to Rules > IP Rules > Add > IPRule
2. Now enter:
• Name: Allow-ftp
• Action: Allow
• Service: ftp-inbound
3. For Address Filter enter:
• Source Interface: any
• Destination Interface: core
• Source Network: all-nets
• Destination Network: wan_ip
4. Click OK
6.2.3. The FTP ALG Chapter 6. Security Mechanisms
204