Nortel 4134 用户指南

Configuring policy-specific properties

Variable

Value

{ {forward-direction |
reverse-direction} {tcp
| udp} <start-port>
<end-port>}

Specifies the protocol (TCP or UDP) and the port
numbers (start and end port) to open in the same
direction (forward-direction) or opposite direction
(reverse-direction) as the established control
connection.

[timeout <timeout>]

Port trigger timeout. Default: 600

[status {enable |
disable}]

Enables or disables same-direction or
reverse-direction conduits through the firewall.
(default: enable)

Configuring policy-specific properties

Configuring firewall objects

With firewall objects, you can assign a set of policy parameters to an object
entity, and then apply these configured parameters to one or more policies.
The ability to differentiate and name different sets of parameters can make
your policies easier to write and, when applied, understand.

You can configure objects globally or for a specific firewall zone. When
configured globally, configured objects can be applied to any number of
policies in any map. When configured for a specific map, the object is
available for that map only.

Procedure steps

Step

Action

To enter configuration mode, enter:

configure terminal

To specify the map name to configure, or global firewall configuration,
enter:

firewall [global | <map-name>]

To specify firewall objects configuration, enter:

object

To configure the firewall objects, enter:

[no] [address <object-name> <ipaddress>]

[ftp-filter <object-name> {permit | deny | log}

<ftp-commands>]

[http-filter <object-name> {deny | log} <web-extension

s>]

[nat-pool <object-name> {static | dynamic | pat}

<NAT-startip> <NAT-endip>]

Nortel Secure Router 4134

Security — Configuration and Management

NN47263-600

01.02

Standard

10.0

3 August 2007