Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual Page 101
- Page / 368
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
7.8 Use of Full cone NAT
101
Note: In the default configuration of the Traffic rules section, the Protocol inspector column
is hidden. To show it, modify settings through the Modify columns dialog (see chapter 3.2).
Warning
To disable a protocol inspector, it is not sufficient to define a service that would not use the
inspector! Protocol inspectors are applied to all traffic performed by corresponding protocols
by default. To disable a protocol inspector, special traffic rules must be defined.
7.8 Use of Full cone NAT
However, many applications (especially applications working with multimedia, Voice over IP
technologies, etc.) use another traffic method where other clients can (with direct connection
established) connect to a port “opened” by an outgoing packet. For these cases, WinRoute
includes a special mode of address translation, known as Full cone NAT. In this mode, opened
port can be accessed from any IP address and the traffic is always redirected to a correspond-
ing client in the local network.
Use of Full cone NAT may bring certain security risk. Each connection established in this mode
opens a possible passage from the Internet to the local network. To keep the security as high
as possible, it is therefore necessary to enable Full cone NAT for particular clients and services
only. The following example refers to an IP telephone with the SIP protocol.
Note: For details on traffic rules definition, refer to chapter 7.3.
Example: SIP telephone in local network
In the local network, there is an IP telephone registered to an SIP server in the Internet. The
parameters may be as follows:
• IP address of the phone: 192.168.1.100
• Public IP address of the firewall: 195.192.33.1
• SIP server: sip.server.com
Since the firewall performs IP address translation, the telephone is registered on the SIP server
with the firewall’s public address (195.192.33.1). If there is a call from another telephone
to this telephone, the connection will go through the firewall’s address (195.192.33.1) and
the corresponding port. Under normal conditions, such connection can be established only
directly from the SIP server (to which the original outgoing connection for the registration was
established). However, use of Full cone NAT allows such connection for any client calling to
the SIP telephone in the local network.
Full cone NAT will be enabled by an extremely restrictive traffic rule (to keep the security level
as high as possible):
- Kerio WinRoute Firewall 6 1
- Contents 3
- Quick Checklist 7
- Introduction 9
- 2.2 Conflicting software 10
- 2.3 System requirements 11
- 2.4 Installation - Windows 12
- Sharing 15
- 2.9 WinRoute Components 23
- WinRoute Administration 27
- Chapter 4 32
- 4.2 License information 33
- 4.6 User counter 45
- Network interfaces 47
- Figure 5.2 Editing interfaces 50
- Internet Connection 53
- 6.3 Connection Failover 62
- Chapter 6 Internet Connection 64
- 6.4 Network Load Balancing 66
- Traffic Policy 71
- 7.2 How traffic rules work 78
- 7.4 Basic Traffic Rule Types 90
- 7.5 Policy routing 95
- 7.8 Use of Full cone NAT 101
- 7.9 Media hairpinning 102
- Chapter 8 104
- 8.1 DNS module 104
- Figure 8.1 DNS settings 105
- 8.2 DHCP server 110
- 8.4 Proxy server 121
- 8.5 HTTP cache 124
- Bandwidth Limiter 130
- User Authentication 137
- Web Interface 141
- HTTP and FTP filtering 147
- 12.2 URL Rules 148
- 12.5 FTP Policy 162
- Antivirus control 167
- 13.3 HTTP and FTP scanning 172
- 13.4 Email scanning 176
- Definitions 180
- 14.2 Time Ranges 181
- 14.3 Services 183
- 14.4 URL Groups 187
- Description 189
- User Accounts and Groups 190
- 15.2 Local user accounts 193
- Step 1 — basic information 194
- 15.5 User groups 210
- Administrative settings 214
- 16.3 Update Checking 216
- Advanced security features 218
- Other settings 224
- 18.3 Relay SMTP server 229
- Status Information 231
- 19.4 Alerts 243
- Figure 19.12 Alert Definitions 244
- Basic statistics 248
- Figure 20.1 User statistics 249
- 20.2 Interface statistics 250
- Chapter 21 254
- Chapter 22 262
- 22.1 Log settings 262
- Figure 22.1 Log settings 263
- Chapter 22 Logs 264
- Syslog Logging 264
- 22.2 Logs Context Menu 265
- 22.3 Alert Log 269
- 22.4 Config Log 269
- 22.5 Connection Log 270
- 22.6 Debug Log 271
- 22.7 Dial Log 273
- 22.8 Error Log 275
- 22.9 Filter Log 276
- 22.10 Http log 277
- 22.11 Security Log 278
- 22.12 Sslvpn Log 280
- 22.13 Warning Log 280
- 22.14 Web Log 281
- Kerio VPN 283
- 23.1 VPN Server Configuration 284
- Chapter 23 Kerio VPN 320
- Paris branch office server 332
- Chapter 24 335
- Chapter 25 338
- 25.2 Configuration files 339
- Technical support 351
- 26.2 Tested in Beta version 352
- Legal Notices 353
- Used open source items 354
- Glossary of terms 357
© 2020, manymanuals.com. All rights reserved. | 0.103 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals