Nortel 4134 Guia Do Utilizador
94
Firewall and NAT configuration
Port triggering lets you define an application-specific customized firewall
policy. This feature lets you configure forward or reverse conduits through
the firewall that are opened when the trigger application is launched.
policy. This feature lets you configure forward or reverse conduits through
the firewall that are opened when the trigger application is launched.
Port triggering can be understood as a manual ALG. If an application that
is not currently supported by an ALG needs to open port x to function,
port-triggering allows you to open the desired port so long as the application
is running.
is not currently supported by an ALG needs to open port x to function,
port-triggering allows you to open the desired port so long as the application
is running.
The trigger application is defined by the trigger IP address, protocol and
port, and the conduit is defined by a combination of transport protocol and
port number.
port, and the conduit is defined by a combination of transport protocol and
port number.
Procedure steps
Step
Action
1
To enter configuration mode, enter:
configure terminal
2
To specify global firewall configuration, enter:
firewall global
3
To configure the port-trigger records, enter:
[no] port-trigger <record-name> {port <start-port>
<end-port>} [protocol {tcp | udp}] [address <src-ip>]
{ {forward-direction | reverse-direction} {tcp | udp}
<start-port> <end-port>} [timeout <timeout>] [status
{enable | disable}]
—End—
Table 27
Variable definitions
Variable definitions
Variable
Value
<record-name>
Port trigger record name.
port {<start-port>
<end-port>}
<end-port>}
Port trigger ports.
[protocol {tcp | udp}]
Port trigger protocol. Default is TCP.
[address <src-ip>]
Source IP address for port-trigger. Enter a valid IP
address, or any. Default is any.
address, or any. Default is any.
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.