Page 83

Internet Security Router User

’s Manual

Chapter 9. Configuring Firewall/NAT Settings

„ NAT Pools – This option allows you to configure NAT Pools that will ensure mapping of the internal IP

address to public IP address. Configure NAT Pools here before attaching them to policies.

„ Time Ranges – This option allows you to configure time-windows for user-access to the networks

across the Internet Security Router.

9.7.1

Configuring Application Filter

Application filter allows network administrator to block, monitor, and report on network users

’ access to non-

business and objectionable content. This high-performance content access control results in increased

productivity, lower bandwidth usage and reduced legal liability.

The Internet Security Router has the ability to handle active content filtering on certain application protocols

such as HTTP, FTP, SMTP and RPC.

„ HTTP – You can define HTTP extension based filtering schemes for blocking

ActiveX

– *.ocx

Java Archive

– *.jar

Java Applets

– *.class

Microsoft Archives

– *.msar

Other URLs based on file extensions.

„ FTP – allows you to define and enforce the file transfer policy for the site or group of users

„ SMTP – allows you to filter operations such as VRFY, EXPN, etc. which reveal excess information

about the recipient.

„ RPC – allows you to filter programs based on the assigned RPC program numbers.

9.7.1.1

Application Filter Configuration Parameters

Table 9.7 describes the configuration parameters available for application filter.

Table 9.7. Application Filter Configuration Parameters

Field

Description

Filter Type

Select the type of filter: FTP, HTTP, RPC and SMTP.

Filter Name

Enter a name for the filter.

Protocol

Select the protocol that Application Filter uses (TCP/UDP).

Port

Enter the port number that the Application Filter uses.

Log

This option includes buttons to enable and disable logging for this Application Filter.

Enable

Select this option to enable logging for this application filter.

Disable

Select this option to disable logging for this application filter.

Action

Allow

Select this option to configure the rule as an

“allow” rule. This rule when

bound to the Firewall will allow matching packets to pass through.

Deny

Select this option to configure the rule as a

“deny” rule. This rule when

bound to the Firewall will not allow matching packets to pass through.

Filter Commands

This section allows you to enter a command for the respective application. The list of supported

commands per application is as follows:

FTP Commands

Add the following command to an FTP filter to: