Patton electronic 2603 Router User Manual


 
Security Triggers 76
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security
4. Set Inbound as Block, but Outbound as Allow. (See figure 51.)
5. Click on Create.
Figure 51. Configuring TCP port filter for FTP
After configuring the FTP portfilter, you can open an ftp session from Remote to Local, however you can issue
ftp commands (e.g., login, cd, etc.). Because the trigger to permit transfer of data via FTP has not been
defined, no data can be transferred. (Data transfer occurs with the commands ls, dir, get, put commands.) The
portfilter allows an ftp control channel but does not allow the use of a secondary data channel for passing data
by ftp.
To enable the FTP data channel, add a trigger to open a secondary channel only when data is being passed.
This minimizes the number of open ports. Each open port is a security risk.
1. From the Configuration Menu, > Configuration > Security > Security Trigger Configuration... > New Trig-
ger.
2. Set the parameters as follows (See figure 52.):
Transport Type = tcp
Port Number Start = 21
Port Number End = 21
Allow Multiple Hosts = Block
Max Activity Interval = 3000
Enable Session Chaining = Block
Enable UDP Session Chaining = Block
Binary Address Replacement = Block
Address Translation Type = none
3. Click on Create.