|
ConduitsNote: You should complete the initial basic installation and testing of the firewall prior to configuring statis address mappings and conduits. The mechanism by which the firewall permits hosts on an outside interface to initiate connections with hosts on an inside interface is known as a conduit. To understand whether you need to configure conduits at the site, decide if you want external hosts to access internal, firewall protected hosts. Be default, all external attempts to access internal hosts are denied, and configure specifici access. If you want external hosts to access internal hosts or networks, consider whether you want to control access by IP address, or by both IP address and by user. To control access by IP address, configure a conduit. To control access by user set up authentication. A global or static address must exist for an internal host or network before you can set up a conduit. Use the deny option to create exceptions for broadly applied conduits. For example, you can configure one conduit that permits a host on the Internet to access the corporate internal network using any port service, while another conduit specifically denies that same outside host FTP services. The foloowing is a list of literal port names that you can use when configuring a conduit: DNS, ESP, FTP, HTTP, IDENT, NTP, POP2, POP3, PPTP, RPC, SMTP, SNMP, SNMPTRAP, SQLNET, TCP, TELNET, TFTP, and UDP You must have two conduit definitions to permit access to the following ports:
|