Go to Configuration → Traffic Policy → Traffic Rules to add rules for services that will be available from the Internet. Rules for service mapping should be always at the top of the traffic rules table.
Mapping of local FTP server — unsecured access only is supposed which makes it possible to filter traffic and scan it for viruses.
Name | Resource | Destination | Service | Actions | Translation |
---|---|---|---|---|---|
Access to FTP server | Any | Firewall | FTP | Allow | Mapping 192.168.1.2 |
Table 2.2. Making the local FTP servers available from the Internet
Access to other mail server services (save SMTP) — allowed only from certain IP addresses in the Working hours time range.
Name | Resource | Destination | Service | Actions | Translation | Valid time |
---|---|---|---|---|---|---|
Access to email | Address group Access to email | Firewall | IMAP IMAPS POP3 POP3S | Allow | Working hours |
Table 2.3. Enabling access to the firewall's mailserver services
Notes:
This rule enables access to IMAP and POP3 services in both encrypted and unencrypted versions — client can select which service they will use.
Based on this example, the SMTP service was mapped by the traffic rules Wizard (refer to chapter 2.5 Setting connection and basic traffic rules) — the appropriate rule already exists.
Access to the SMTP service must not be limited to certain IP addresses only as anyone is allowed to send an email to the local domain.