EasyManua.ls Logo

Cisco WS-CE500 - Port Triggering

Cisco WS-CE500
240 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Firewall Configuration
Port Triggering
Cisco SA500 Series Security Appliances Administration Guide 121
4
STEP 3 If you click Add or Edit, the IP MAC Binding Configuration window opens.
STEP 4 Enter the following information:
Name: Specify a unique name for this rule.
MAC Address: Specify the MAC address for this rule.
IP Address: Specify the IP address for this rule.
Log Dropped Packets: Choose whether to Enable or Disable dropped
packets.
STEP 5 Click Apply to save your changes.
The new rule appears in the IP/MAC Binding table.
Port Triggering
Port triggering opens an incoming port for a specified type of traffic on a defined
outgoing port. When a LAN device makes a connection on one of the defined
outgoing ports, the security appliance opens the specified incoming port to
support the exchange of data. When the exchange is completed, the ports are
closed.
Port triggering is more flexible than the static port forwarding that you can
configure in a firewall rule. Port triggering rules do not have to reference specific
LAN IP addresses or IP addresses ranges. In addition, the ports are not left open
when they are not in use, thereby providing a level of security that static port
forwarding does not offer.
Port triggering is required for some applications. Such applications require that,
when external devices connect to them, they receive data on a specific port or
range of ports in order to function properly. The security appliance must send all
incoming data for that application only on the required port or range of ports. The
gateway has a list of common applications and games with corresponding
outbound and inbound ports to open. You can also specify a port triggering rule by
defining the type of traffic (TCP or UDP) and the range of incoming and outgoing
ports to open when enabled. See Appendix B, “Standard Services.”
NOTE Port triggering is not appropriate for servers on the LAN, since the LAN device must
make an outgoing connection before an incoming port is opened.

Table of Contents

Related product manuals