Inbound Access Control

Before attempting advanced configuration, we recommend completing the information on Tables A-1 to A-1 and completing the instructions provided in Basic Firewall Configuration." After completing and testing the basic configuration, complete the information in Table A-1, which defines advanced configuration settings for inbound access control. Then refer to Managing Network Access and Use," for instructions about how to use this information.

To control access by IP address, configure an access-list command statement. To control access by user, set up authentication, as shown in Table A-1. A global or static address should exist for an internal host or network before you can set up a access-list command statement. See Tables A-1 and A-1 to configure a global or static entry for an internal host.

Inbound Access Control

Access List Identifier Permit or Deny Network Protocol Source Address Destination Address Destination Ports Interface To Bind List
             
             
             
             
             
             
             
             
             
             

Destination Address:
Static IP Address and Network Mask from Table A-5. Use the keyword "any" to specify all global IP addresses.

Destination Port:
To specify a single port or a range of ports, you can use the following operands:

Network Protocol:
UDP="source">Source Address:
External Host or Network IP Address(es) and Network Mask

Literal Port Names

The following is a list of literal port names that you can use when configuring an access-list command statement: DNS, ESP, FTP, h323, HTTP, IDENT, NNTP, NTP, POP2, POP3, PPTP, RPC, SMTP, SNMP, SNMPtrAP, SQLNET, TCP, Telnet, TFTP, and UDP. You can also specify these ports by number. Port numbers are defined in RFC 1700.

You should have two access-list command statement definitions to permit access to the following ports: