Motorola WS2000 - Wireless Switch - Network Management Device System Reference Manual page 47

• Destination IP—The Destination IP range determines the target address(es) for the firewall rule. To
configure the Destination IP range, click the field and a new window will pop up to enter the IP address
and range. An IP address of 0.0.0.0 indicates all IP addresses.
• Transport—To determine the transport protocol to be filtered in the firewall rule, click the field to
choose from the list of protocols:
Transport Description
ALL This selection designates all of the protocols displayed in the table's pull-down menu, as described
below.
TCP Transmission Control Protocol (TCP) is a set of rules used with Internet Protocol (IP) to send data as
message units over the Internet. While IP handles the actual delivery of data, TCP keeps track of
individual units of data called packets. Messages are divided into packets for efficient routing
through the Internet.
UDP User Datagram Protocol (UDP) is mostly used for broadcasting data over the Internet. Like TCP, UDP
runs on top of Internet Protocol (IP) networks. Unlike TCP/IP, UDP/IP provides very few error
recovery services and methods. UDP offers a way to directly connect, and then send and receive
datagrams over an IP network.
ICMP Internet Control Message Protocol (ICMP) is tightly integrated with IP. ICMP messages, delivered
in IP packets, are used for out-of-band messages related to network operation. Because ICMP uses
IP, ICMP packet delivery is unreliable. Hosts cannot count on receiving ICMP packets for a network
problem.
AH Authentication Header (AH) is one of the two key components of IP Security Protocol (IPSec). The
other key component is Encapsulating Security Protocol (ESP), described below.
AH provides authentication, proving the packet sender really is the sender, and the data really is
the data sent. AH can be used in transport mode, providing security between two end points. Also,
AH can be used in tunnel mode, providing security like that of a Virtual Private Network (VPN).
ESP Encapsulating Security Protocol (ESP) is one of the two key components of IP Security Protocol
(IPSec). The other key component is Authentication Header (AH), described above.
ESP encrypts the payload of packets, and also provides authentication services. ESP can be used in
transport mode, providing security between two end points. Also, ESP can be used in tunnel mode,
providing security like that of a Virtual Private Network (VPN).
GRE General Routing Encapsulation (GRE) supports VPNs across the Internet. GRE is a mechanism for
encapsulating network layer protocols over any other network layer protocol. Such encapsulation
allows routing of IP packets between private IP networks across an Internet that uses globally
assigned IP addresses.
• Src. Ports (Source Ports)—The source port range determines which ports the firewall rule applies to
on the source IP address. To configure the source port range, click the field and a new window will pop
up to enter the starting and ending ports in the range. For rules where only a single port is necessary,
enter the same port in the start and end port fields.
• Dst. Ports (Destination
applies to on the destination IP address. To configure the destination port range, click the field and a new
window will pop up to enter the starting and ending ports in the range. For rules where only a single port
is necessary, enter the same port in the start and end port fields.
Ports)—The destination port range determines which ports the firewall rule
3-11
LAN/Subnet Configuration