1 configuring application filter, 1 application filter configuration parameters – Asus SL1000 User Manual
Page 83
Internet Security Router User
’s Manual
Chapter 9. Configuring Firewall/NAT Settings
67
„ NAT Pools – This option allows you to configure NAT Pools that will ensure mapping of the internal IP
address to public IP address. Configure NAT Pools here before attaching them to policies.
„ Time Ranges – This option allows you to configure time-windows for user-access to the networks
across the Internet Security Router.
9.7.1
Configuring Application Filter
Application filter allows network administrator to block, monitor, and report on network users
’ access to non-
business and objectionable content. This high-performance content access control results in increased
productivity, lower bandwidth usage and reduced legal liability.
The Internet Security Router has the ability to handle active content filtering on certain application protocols
such as HTTP, FTP, SMTP and RPC.
„ HTTP – You can define HTTP extension based filtering schemes for blocking
ActiveX
– *.ocx
Java Archive
– *.jar
Java Applets
– *.class
Microsoft Archives
– *.msar
Other URLs based on file extensions.
„ FTP – allows you to define and enforce the file transfer policy for the site or group of users
„ SMTP – allows you to filter operations such as VRFY, EXPN, etc. which reveal excess information
about the recipient.
„ RPC – allows you to filter programs based on the assigned RPC program numbers.
9.7.1.1
Application Filter Configuration Parameters
Table 9.7 describes the configuration parameters available for application filter.
Table 9.7. Application Filter Configuration Parameters
Field
Description
Filter Type
Select the type of filter: FTP, HTTP, RPC and SMTP.
Filter Name
Enter a name for the filter.
Protocol
Select the protocol that Application Filter uses (TCP/UDP).
Port
Enter the port number that the Application Filter uses.
Log
This option includes buttons to enable and disable logging for this Application Filter.
Enable
Select this option to enable logging for this application filter.
Disable
Select this option to disable logging for this application filter.
Action
Allow
Select this option to configure the rule as an
“allow” rule. This rule when
bound to the Firewall will allow matching packets to pass through.
Deny
Select this option to configure the rule as a
“deny” rule. This rule when
bound to the Firewall will not allow matching packets to pass through.
Filter Commands
This section allows you to enter a command for the respective application. The list of supported
commands per application is as follows:
FTP Commands
Add the following command to an FTP filter to: