3Com MSR 50 Series Configuration Manual page 1791

for untrusted sites, such protecting the network from being attacked by
malicious Java applets.
An ASPF supports enhanced session logging. An ASPF can record the
■
information of each connection, including the duration, source and destination
addresses of the connection, the port used by the connection and number of
bytes transmitted.
An ASPF supports Port to Application Mapping (PAM), allowing you to
■
customize port numbers (non-standard port numbers) for use by application
layer protocols.
At the border of the network, the ASPF can work in coordination with a packet
filter firewall to provide a security policy that is more comprehensive and better
satisfies the actual needs for the internal network.
Basic concepts
Java blocking
■
Java blocking is a feature that blocks Java Applets, which stream over HTTP. With
the Java blocking feature enabled, when a user attempts to obtain a program
containing Java Applets on a Web page, the ASPF will block and filter out the
request from the user.
PAM
■
While application layer protocols use the standard port numbers for
communication, PAM allows you to define a set of new port numbers for different
applications, and provides some mechanisms for you to maintain and use the
configuration information of the user-defined ports.
PAM supports two types of port mapping mechanisms: general port mapping and
basic ACL-based host port mapping.
A general port mapping refers to a mapping of a user-defined port number to an
application layer protocol. If port 8080 is mapped to HTTP, for example, all TCP
packets the destination port of which is port 8080 are regarded as HTTP packets.
A host port mapping refers to a mapping of a user-defined port number to an
application layer protocol for packets to/from some specific hosts. For example,
you can establish a host port mapping so that all TCP packets using port 8080 sent
to the network segment 10.110.0.0 are regarded as HTTP packets. The address
range of hosts can be specified by means of a basic ACL.
Single-channel protocol and multi-channel protocol
■
Single-channel protocol: A single-channel protocol that has only one channel
involved in data exchange throughout a session from session establishment to
session deletion. SMTP and HTTP are examples of single-channel protocols.
Multi-channel protocol: A multi-channel protocol contains a control channel and
several data channels, namely, the control information and data are transmitted
over different channels. FTP and RSTP are examples of multi-channel protocols
Internal interface and external interface
■
Firewall Overview 1791