beautypg.com

Westermo RedFox Series User Manual

Page 684

background image

Westermo OS Management Guide

Version 4.17.0-0

The WeOS firewall utilises connection tracking; a filter rule allowing traffic
to pass through the firewall in one direction, will implicitly allow traffic of
established connections (and traffic of related connections) to also pass in
the reverse direction. Connection tracking can configured to handle more
complex protocols by enabling ALG helpers (see below).

WeOS supports up to 1024 filtering rules. The WeOS packet filtering support
is further described in

sections 31.1.2

and

31.1.2.3

.

Packet modification: WeOS currently supports one kind of packet modifica-

tion:

DSCP: The Differentiated Services Code Point (DSCP) field of the IP

header is used for classifying traffic in some environments. The value
of this field can be modified by WeOS when routing the IP packets.

WeOS supports up to 32 packet modifier rules. The WeOS packet modifica-
tion support is further described in

section 31.1.3

.

Network Address Translation (NAT): WeOS supports two kinds of NAT sup-

port:

NAPT: NAPT is the most common NAT form, where a common (public) IP

address is shared by a set of hosts in a private network. This form of NAT
is sometimes referred to as IP Masquerading or port address translation
(PAT). NAPT is often used together with port forwarding, see below.

1-TO-1 NAT: 1-TO-1 NAT enables you to translate a whole range of IP

addresses to another set of addresses.

WeOS supports up to 512 NAT rules. The WeOS NAT support is further de-
scribed in

section 31.1.4

.

Port Forwarding: Port forwarding is commonly used together with NAPT. With

port forwarding a service (such as a Web Server) located in a private net-
work, can be made accessible from the public network, typically from the
Internet.
WeOS supports up to 256 port forwarding rules. The WeOS port forwarding
support is further described in

section 31.1.5

.

Some network protocols are more complex and therefore more difficult than oth-
ers to handle by the connection tracking function in a firewall or NAT device. An
example is FTP, which utilises a control connection to exchange information on
TCP port numbers for data connections for the actual file transfers – to enable a
PC to download files through a firewall from an FTP server on the Internet, the

684

➞ 2015 Westermo Teleindustri AB

This manual is related to the following products:
See also other documents in the category Westermo Equipment: