Kerio Tech Firewall6 User Manual

Page 393

Advertising

393

DMZ

DMZ (demilitarized zone) is a reserved network area where services available both from

the Internet and from the LAN are run (e.g. a company’s public web server). DMZ provides

an area, where servers accessible for public are be located separately, so they cannot be

misused for cracking into the LAN.

More information can be found for example at

DNS

DNS (Domain Name System) A worldwide distributed database of Internet hostnames and

their associated IP address. Computers use Domain Name Servers to resolve host names

to IP addresses. Names are sorted in hierarchized domains.

Firewall

Software or hardware device that protects a computer or computer network against at-

tacks from external sources (typically from the Internet).

In this guide, the word firewall represents the WinRoute host.

FTP

File Transfer Protocol. The FTP protocol uses two types of TCP connection: control and

data. The control connection is always established by a client. Two FTP modes are distin-

guished according to a method how connection is established:

•

active mode — data connection is established from the server to a client (to the

port specified by the client). This mode is suitable for cases where the firewall

is at the server’s side, however, it is not supported by some clients (e.g. by web

browsers).

•

passive mode — data connection is established also by the client (to the port

required by the server). This mode is suitable for cases where the firewall is at

the client’s side. It should be supported by any FTP client.

Note: WinRoute includes special support (protocol inspector) for FTP protocol. Therefore,

both FTP modes can be used on LAN hosts.

Gateway

Network device or a computer connecting two different subnets. If traffic to all the other

(not specified) networks is routed through a gateway, it is called the default gateway.