H3C SecPath F1800-A Operation Manual page 404

Operation Manual - Security Defence
H3C SecPath F1800-A Firewall
ActiveX Blocking can prevent network from being destroyed by harmful ActiveX.
ASPF supports mappings from ports to applications, which specifies
non-well-known ports for services based on the application layer protocols.
Enhanced session log can record all connections, including connection time,
source address, destination address, the number of ports in use and the number
of transmitted bytes.
ASPF detects protocols on the application layer and prevents malicious intrusion ,
through maintaining session status and checking packet protocol and port number of
session.
ASPF can monitor traffic of the following protocols:
FTP
H.323
HTTP
HWCC
MSN
NetBIOS
PPTP
QQ
RTSP
User-define
II. QQ or MSN Chat Detection
At present, most networks deploy the NAT devices for NAT to save resources of IP
addresses. Thus, users in different intranets can chat with each other after NAT.
For the text chat, the communication of users can be forwarded smoothly by QQ
server since the server saves the address mapping information of these two users.
For audio or video chat, it is expected that the two users directly exchange file, audio,
or video information of large traffic. Thus, resources resulting from transfer of the QQ
server will not be consumed. However, the traditional NAT devices cannot meet such
requirement.
To solve this problem, on the firewall, you can enable the detection of QQ or MSN
chats between the private network and public network. Thus, address mapping is set
up when a QQ or MSN chat is started up. In this case, users in two different private
networks can transfer files and conduct audio or video chat directly.
III. Triplet ASPF
The SecPath F1800-A is a quintuple NAT device.
In other words, the setup of each session requires five fields:
6-52
Chapter 2 Security Policy