Edit Firewall Rule

Use this screen to configure a firewall rule.

Click here to go to the table that describes the labels in this screen .

Predefined Services

The Available Services list box displays all predefined services that the Prestige already supports. Next to the name of the service, two fields appear in brackets. The first field indicates the IP protocol type (TCP, UDP, or ICMP). The second field indicates the IP port number that defines the service. (Note that there may be more than one IP protocol type. For example, look at the default configuration labeled ?DNS)? (UDP/TCP:53) means UDP port 53 and TCP port 53. Custom services may also be configured using the Custom Ports function.

Predefined Services

SERVICE

DESCRIPTION

AIM/New-ICQ(TCP:5190)

AOL’s Internet Messenger service, used as a listening port by ICQ.

AUTH(TCP:113)

Authentication protocol used by some servers.

BGP(TCP:179)

Border Gateway Protocol.

BOOTP_CLIENT(UDP:68)

DHCP Client.

BOOTP_SERVER(UDP:67)

DHCP Server.

CU-SEEME(TCP/UDP:7648, 24032)

A popular videoconferencing solution from White Pines Software.

DNS(UDP/TCP:53)

Domain Name Server, a service that matches web names (e.g. www.zyxel.com) to IP numbers.

FINGER(TCP:79)

Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.

FTP(TCP:20.21)

File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail.

H.323(TCP:1720)

NetMeeting uses this protocol.

HTTP(TCP:80)

Hyper Text Transfer Protocol - a client/server protocol for the world wide web.

HTTPS(TCP:443)

HTTPS is a secured http session often used in e-commerce.

ICQ(UDP:4000)

This is a popular Internet chat program.

IKE(UDP:500)

The Internet Key Exchange algorithm is used for key distribution and management.

IPSEC_TUNNEL(AH:0)

The IPSEC AH (Authentication Header) tunneling protocol uses this service.

IPSEC_TUNNEL(ESP:0)

The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service.

IRC(TCP/UDP:6667)

This is another popular Internet chat program.

MSN Messenger(TCP:1863)

Microsoft Networks?messenger service uses this protocol.

MULTICAST(IGMP:0)

Internet Group Multicast Protocol is used when sending packets to a specific group of hosts.

NEW-ICQ(TCP:5190)

An Internet chat program.

NEWS(TCP:144)

A protocol for news groups.

NFS(UDP:2049)

Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments.

NNTP(TCP:119)

Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.

PING(ICMP:0)Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.

POP3(TCP:110)

Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other).

PPTP(TCP:1723)Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel.
PPTP_TUNNEL(GRE:0)Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the data channel.
RCMD(TCP:512) Remote Command Service.
REAL_AUDIO(TCP:7070) A streaming audio service that enables real time sound over the web.
REXEC(TCP:514) Remote Execution Daemon.
RLOGIN(TCP:513) Remote Login.
RTELNET(TCP:107) Remote Telnet.
RTSP(TCP/UDP:554)The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet.
SFTP(TCP:115) Simple File Transfer Protocol.
SMTP(TCP:25) Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.
SNMP(TCP/UDP:161) Simple Network Management Program.
SNMP-TRAPS(TCP/UDP:162) Traps for use with the SNMP (RFC:1215).
SQL-NET(TCP:1521) Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers.
SSH(TCP/UDP:22)Secure Shell Remote Login Program.
STRM WORKS(UDP:1558) Stream Works Protocol.
SYSLOG(UDP:514)Syslog allows you to send system logs to a UNIX server.
TACACS(UDP:49) Login Host Protocol used for (Terminal Access Controller Access Control System).
TELNET(TCP:23) Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.
TFTP(UDP:69) Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).
VDOLIVE(TCP:7000) Another videoconferencing solution.

Label

Description

ActiveCheck the Active check box to have the Prestige use this rule. Leave it unchecked if you do not want the Prestige to use the rule after you apply it.
Action for Matched PacketsUse the radio button to select whether to discard (Block) or allow the passage of (Forward) packets that match this rule.
Source/Destination Address
Address TypeDo you want your rule to apply to packets with a particular (single) IP, a range of IP addresses (e.g., 192.168.1.10 to 192.169.1.50), a subnet or any IP address? Select an option from the drop-down list box that includes: Single Address, Range Address, Subnet Address and Any Address.
Start IP AddressType the single IP address or the starting IP address in a range here.
End IP AddressType the ending IP address in a range here.
Subnet MaskType the subnet mask here, if applicable.
Add >>
Click Add >> to add a new address to the Source or Destination Address box. You can add multiple addresses, ranges of addresses, and/or subnets.
Edit <<
To edit an existing source or destination address, select it from the box and click Edit <<.
Delete
Highlight an existing source or destination address from the Source or Destination Address box above and click Delete to remove it
Services
Available/ Selected Services
Highlight a service from the Available Services box on the left, then click Add >> to add it to the Selected Services box on the right. To remove a service, highlight it in the Selected Services box on the right, then click Remove.
Edit Customized Service
Click the Edit Customized Services link to bring up the screen that you use to configure a new custom service that is not in the predefined list of services.
Schedule
Day to Apply
Select everyday or the day(s) of the week to apply the rule.
Time of Day to Apply (24-Hour Format)
Select All Day or enter the start and end times in the hour-minute format to apply the rule.
Log
Log Packet Detail Information.
This field determines if a log for packets that match the rule is created (Enable) or not (Disable). Go to the Log Settings page and select the Access Control logs category to have the Prestige record these logs.
Alert
Send Alert Message to Administrator When Matched
Select this check box to have the Prestige generate an alert when the rule is matched.
BackClick Back to return the Rule Summary screen.
Apply
Click Apply to save your customized settings and exit this screen.
CancelClick Cancel to exit this screen without saving.
Delete
Click Delete to remove this rule.
Back to top