Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
957
Views
0
Helpful
2
Replies

How do I set up rule to allow TFTP from DMZ?

Velocity2089
Level 1
Level 1

‎04-29-2014 12:32 PM - edited ‎03-11-2019 09:08 PM

Hello! I'm trying to set up a firewall rule to allow TFTP traffic to come from my switches in my DMZ so as to do proper configuration backups. Ideally I'd like to allow ONLY these 2 IP's for TFTP traffic and nothing else. I set up the below rule for one of them but had no luck.

Any thoughts on what I may be missing?

 

access-list dmz1_access_in extended permit udp host 10.1.61.20 host 10.1.80.220 eq tftp

 

10.1.61.20 = DMZ Switch

10.1.80.220 = TFTP Server

 

Labels:
0 Helpful
2 Replies 2

nkarthikeyan
Level 7
Level 7

‎04-30-2014 12:16 AM

Hello,

TFTP requires high ports range 1024 - 65535 also needs to be allowed... Also some cases it requires bi-directional flows.

So i request you to try by allowing 1024-65535 1st and the try for the bi-directional port allow for the same if 1st method doesn't works.

 

Regards

Karthik

 

0 Helpful

Velocity2089
Level 1
Level 1
In response to nkarthikeyan

‎05-11-2014 03:26 PM

Turns out I had the correct rules in place. The issue was that I had routes missing to the DMZ subnet.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card