Kerio Tech Firewall6 User Manual
Page 237
18.2 Universal Plug-and-Play (UPnP)
237
Enable UPnP
This option enables UPnP.
Warning
If WinRoute is running on Windows XP, Windows Server 2003, Windows Vista or Windows
Server 2008, check that the following system services are not running before you start
the UPnP function:
•
SSDP Discovery Service
•
Universal Plug and Play Device Host
If any of these services is running, close it and deny its automatic startup. In WinRoute,
these services work with the UPnP protocol in Windows, and therefore they cannot be
used together with UPnP.
Note: The WinRoute installation program detects the services and offers their stopping
and denial.
Log packets
If this option is enabled, all packets passing through ports mapped with UPnP will be
recorded in the Filter log (see chapter
Log connections
If this option is enabled, all packets passing through ports mapped with UPnP will be
recorded in the Connection log (see chapter
).
Warning
Warning: Apart from the fact that UPnP is a useful feature, it may also endanger network
security, especially in case of networks with many users where the firewall could be controlled
by too many users. A WinRoute administrator should consider carefully whether to prefer
security or functionality of applications that require UPnP.
Using traffic policy (see chapter
) you can limit usage of UPnP and enable it to certain IP
addresses or certain users only.
Example:
Figure 18.4
Traffic rules allowing UPnP for specific hosts
The first rule allows UPnP only from UPnP Clients IP group. The second rule denies UPnP from
other hosts (IP addresses).