Kerio Tech Firewall6 User Manual

Chapter 14

Definitions

194

Description

Comments for the service defined. It is strongly recommended describing each definition,

especially with non-standard services so that there will be minimum confusion when

referring to the service at a later time.

Protocol

The communication protocol used by the service.

Most standard services uses the TCP or the UDP protocol, or both when they can be

defined as one service with the TCP/UDP option. Other options available are ICMP and

other.

The other options allows protocol specification by the number in the IP packet header.

Any protocol carried in IP (e.g. GRE — protocol number is 47) can be defined this way.

Figure 14.7

Setting a protocol in service definition

Protocol inspector

WinRoute protocol inspector (see below) that will be used for this service.

Note: Each inspector should be used for the appropriate service only. Functionality of the

service might be affected by using an inappropriate inspector.

Source Port and Destination Port

If the TCP or UDP communication protocol is used, the service is defined with its port

number. In case of standard client-server types, a server is listening for connections on

a particular port (the number relates to the service), whereas clients do not know their

port in advance (port are assigned to clients during connection attempts). This means

that source ports are usually not specified, while destination ports are usually known in

case of standard services.

Note: Specification of the source port may be important, for example during the definition

of communication filter rules. For details, refer to chapter

7.3

.

Source and destination ports can be specified as:

Figure 14.8

Service definition — source and destination port setting