Version 5.8 75 October 2009
SIP User's Manual 3. Web-Based Management
The Firewall menu includes the following items:
îš„ General: allows you to choose the security level for the firewall (refer to ''Configuring
General Security Settings'' on page 75).
îš„ Access Control: allows you to restrict access from the device's network to the Internet
(refer to ''Configuring Access Control'' on page 76).
îš„ Port Forwarding: allows you to enable access from the Internet to specified services
provided by computers in the network and special Internet applications (refer to
''Configuring Port Forwarding'' on page 78).
îš„ DMZ Host: allows you to configure a LAN host to receive all traffic arriving at your
device, which does not belong to a known session (refer to ''Configuring a DMZ Host''
on page 80).
îš„ Port Triggering: allows you to define port triggering entries to dynamically open the
firewall for specific protocols or ports (refer to ''Configuring Port Triggering'' on page
80).
îš„ Web Restrictions: allows you to block LAN access to a certain host or Web site on
the Internet (refer to ''Configuring Website Restrictions'' on page 82).
îš„ NAT
: allows you to manually control the translation of network addresses and ports
(refer to ''Configuring NAT'' on page 83).
îš„ Advanced Filtering: allows you to implicitly control the firewall setting and rules (refer
to ''Configuring Advanced Filtering'' on page 85).
3.4.3.3.1 Configuring General Security Settings
The General item allows you to easily configure the device's basic security settings. The
firewall regulates the flow of data between the enterprise's network and the Internet. Both
incoming and outgoing data are inspected and then either accepted (allowed to pass
through) or rejected (barred from passing through) according to the configurable set of
rules.
The firewall rules specify what types of services available on the Internet may be accessed
from the enterprise's network and what types of services available in the enterprise's
network may be accessed from the Internet. Each request for a service that the firewall
receives, whether originating in the Internet or from a computer in the enterprise's network
is checked against the set of firewall rules to determine whether the request should be
allowed to pass through the firewall. If the request is permitted to pass, then all subsequent
data associated with this request (a "session") is also allowed to pass, regardless of its
direction.
For example, when you point your Web browser to a Web page on the Internet, a request is
sent out to the Internet for this page. The device's firewall identifies the request type and
origin—HTTP and a specific PC in your enterprise's network, in this case. Unless you have
configured access control to block requests of this type from this computer, the firewall
allows this request to pass out onto the Internet. When the Web page is returned from the
Web server the firewall associates it with this session and allows it to pass, regardless of
whether HTTP access from the Internet to the enterprise's network is blocked or permitted.
Therefore, it is the origin of the request, not subsequent responses to this request that
determines whether a session can be established or not.
These services include Telnet, HTTP, HTTPS, DNS, IMAP, POP3 and SMTP. The list of
allowed services at 'Maximum Security' mode can be edited in the Access Control page.
Note that some applications (such as some Internet messengers and Peer-To-Peer client
applications) tend to use these ports if they cannot connect with their own default ports.
When applying this behavior, these applications will not be blocked outbound, even at
Maximum Security Level.
To Next Page
Loading...
Need help?
General
