Proxy Policies; Dns-Proxy; Ftp-Proxy; H323-Proxy - Watchguard Firebox X5500E Reference Manual

Vpn gateway

Hide thumbs Also See for Firebox X5500E:

User manual (314 pages)

Reference manual (264 pages)

Hardware manual (33 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

page of 160

/ 160
Contents
Table of Contents
Bookmarks

Table of Contents

Packet Filter Policies

Proxy Policies

This section reviews the proxy policies supplied by the WatchGuard® System Manager. A proxy policy

opens packets, strips out forbidden data types in the packet content, and assembles the packets again

using the source and destination headers of the proxy.

You configure and activate proxies the same way you add packet filter policies.

DNS-proxy

Domain Name Service (DNS) matches host names to IP addresses. The DNS proxy policy examines the

contents of DNS packets to help protect your DNS servers from hackers. It puts limits on the type of

operations allowed in a DNS query and can look for specified patterns in query names.

Characteristics

•

Internet Protocol(s): TCP, UDP

•

Port Number(s): TCP 53, UDP 53

FTP-proxy

File Transfer Protocol (FTP) is used to send files from one computer to a different computer over a TCP/

IP network. The FTP client is usually a computer. The FTP server can be a resource that keeps files on the

same network or on a different network. The FTP client can be in one of two modes for data transfer:

active or passive. In active mode, the server starts a connection to the client on source port 20. In

passive mode, the client uses a previously negotiated port to connect to the server. The Fireware FTP

proxy monitors and scans these FTP connections between your users and the FTP servers they

connect to.

Characteristics

Internet Protocol(s): TCP

•

Port Number: 21

H323-proxy

If you use Voice-over-IP (VoIP) in your organization, you can add an H.323 proxy policy to open the

ports necessary to enable VoIP through your Firebox. This proxy policy has been created to work in a

NAT environment to maintain security for privately addressed conferencing equipment behind the

Firebox.

H.323 is used commonly on older videoconferencing equipment and voice installations. With H.323,

the key component of call management is known as the "GateKeeper. " The H.323 proxy supports only

peer-to-peer connections.

Characteristics

•

Internet Protocol(s): TCP, UDP

•

Port Number(s): TCP 1720, UDP 1719

WatchGuard System Manager

Table of Contents

This manual is also suitable for:

Firebox x6500e Firebox x8500e Firebox x peak e-series Firebox x core e-series Firebox x edge e-series v10.0 Firebox x55e ... Show all

Proxy Policies; Dns-Proxy; Ftp-Proxy; H323-Proxy - Watchguard Firebox X5500E Reference Manual

Proxy Policies

DNS-proxy

FTP-proxy

H323-proxy

Related Manuals for Watchguard Firebox X5500E

Related Content for Watchguard Firebox X5500E

This manual is also suitable for:

Table of Contents