Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Page 186

Advertising
background image

Chapter 14

Definitions

186

Figure 14.8

Service definition — source and destination port setting

Protocol Inspectors

WinRoute includes special subroutines that monitor all traffic using application protocols, such

as HTTP, FTP or others. The modules can be used to modify (filter) the communication or adapt

the firewall’s behavior according to the protocol type. Benefits of protocol inspectors can be

better understood through the two following examples:

1.

HTTP protocol inspector monitors traffic between clients (browsers) and Web servers. It

can be used to block connections to particular pages or downloads of particular objects

(i.e. images, pop-ups, etc.).

2.

With active FTP, the server opens a data connection to the client. Under certain conditions

this connection type cannot be made through firewalls, therefore FTP can only be used

in passive mode. The FTP protocol inspector distinguishes that the FTP is active, opens

the appropriate port and redirects the connection to the appropriate client in the local

network. Due to this fact, users in the local network are not limited by the firewall and

they can use both FTP modes (active/passive).

The protocol inspector is enabled if it is set in the service definition and if the correspond-

ing traffic is allowed. Each protocol inspector applies to a specific protocol and service. In

the default WinRoute configuration, all available protocol inspectors are used in definitions

of corresponding services (so they will be applied to corresponding traffic automatically), ex-

cept protocol inspectors for SIPand H.323 (SIP and H.323 are complex protocols and protocol

inspectors may work incorrectly in some configurations).

To apply a protocol inspector explicitly to another traffic, it is necessary to define a new service

where this inspector will be used or to set the protocol inspector directly in the corresponding

traffic rule.

Example

You want to perform inspection of the HTTP protocol at port 8080. Define a new service: TCP

protocol, port 8080, HTTP protocol inspector. This ensures that HTTP protocol inspector will

be automatically applied to any TCP traffic at port 8080 and passing through WinRoute.

Advertising
Popular Brands
Popular manuals