WSM Reference Guide - WatchGuard Technologies

More documents

Recommendations

Info

Standard Ports and Random PortsTCPTransmission Control Protocol (TCP) enables two hosts to make a connection and send streams of datato each other. TCP makes sure that the data that is sent gets to its destination. It also makes sure thatpackets are put in the same sequence as when they were sent.TCP manages connections with properties that control the condition of a connection. Three very importantproperties of TCP packets are the SYN, ACK, and FIN bits. The SYN bit is set only on the first packetsent in each direction for a given connection. The ACK bit is set when the other side gets the data. TheFIN bit is set when the source or destination closes the connection.ICMPThe Internet Control Message Protocol (ICMP) is most frequently used to supply error information aboutother services. It operates using the same method as UDP. That is, it does not use connections and doesnot make sure that packets get to their destination. One dangerous ICMP packet is the ICMP redirectpacket, which can change routing information on the devices that receive it.Other protocolsMost traffic on the Internet uses TCP, UDP, or ICMP protocols. Some other protocols are as follows:IGMP (Internet Group Multicast Protocol)A protocol used for hosts on multicast access networks to tell locally attached routers the groupthey are a member of.IPIP (IP-within-IP)An encapsulation protocol used to assemble virtual networks on the Internet.GGP (Gateway-Gateway ProtocolA routing protocol used between different systems.GRESA protocol used for PPTP.An encryption protocol used for IPSec.Standard Ports and Random PortsUDP and TCP use encapsulation of information contained in the application layer. The software applicationprocedures are specified by source ad destination port numbers. These port numbers, togetherwith the source and destination IP addresses, supply a unique connection on the Internet.For example, you can have two telnet sessions from one host to a different host. Since telnet uses a wellknownservice port number of 23, something must be different between these two connections. Theother port in these conditions is a port that is usually larger than 1023. The operating system on the clientside assigns this port number automatically.Random ports can cause problems if they match a well-known service on a port higher than 1023. Ifsome client computer assigns a random port of 2049, no connection can be made. This type of problemfrequently occurs with the X Window and Archie services.Usually, most operating systems assign port numbers between 1024 and 2100. Because of this, thisproblem does not occur frequently.6 WatchGuard System Manager
CHAPTER 2MIME Content TypesSoftware applications use content type headers to identify the type of data they receive. Content typeheaders tell the software application how to correctly identify and display video clips, images, sound, orother data. Usually, people are most familiar with the MIME content types used in e-mail.The WatchGuard HTTP proxy can use content type headers to know if it must allow or deny HTTP traffic.Use Policy Manager to configure an HTTP proxy policy to allow or deny content types. Content types arealso used in the SMTP and FTP proxies. This chapter contains a list of the MIME content types included ina WatchGuard configuration file.You can use wildcards to select all subtypes of a type, and thus deny all or allow all of that MIME type.For example, to allow all content types that are text (including text/enriched, text/plain, and others), usethe content type text/*.New, registered MIME content types appear regularly. WatchGuard recommends frequent checks of anonline source for the most current list. One source of current MIME types is:www.iana.org/assignments/media-types/Note that software applications can use incorrect content types, or content types that are not registered,To make a request to add a new content type in the WatchGuard list, send an e-mail to:manual@watchguard.comType Subtype Reference (where available)application *application activemessage Shapiroapplication andrew-inset Borensteinapplication applefile Falstromapplication astoundapplication atomicmail Borensteinapplication cals-1840 RFC 1895application commonground Glaznerapplication cybercash Eastlakeapplication dca-rft Campbellapplication dec-dx CampbellReference Guide 7
Page 1 and 2: WatchGuard ® System ManagerReferen
Page 3 and 4: ContentsCHAPTER 1 Internet Protocol
Page 5 and 6: CHAPTER 1Internet Protocol Referenc
Page 7 and 8: Internet Protocol HeaderKeyword Num
Page 9: Transfer ProtocolsSource RoutingThe
Page 13 and 14: Type Subtype Reference (where avail
Page 23 and 24: CHAPTER 3Services and PortsWell-kno
Page 25 and 26: Well-Known Services ListPort(s) Pro
Page 27 and 28: Well-Known Services ListService Nam
Page 29 and 30: Well-Known Services ListService Nam
Page 31 and 32: CHAPTER 4Log MessagesUnderstanding
Page 33 and 34: Traffic LogsFWAllowEach packet filt
Page 35 and 36: Traffic Logsdst_ip="66.35.250.151"
Page 37 and 38: Traffic LogsDNS Proxy Traffic Log M
Page 39 and 40: Traffic LogsHTTP Proxy Traffic Log
Page 41 and 42: Alarm LogsPolicy AlarmsDefaultNameP
Page 43 and 44: Alarm LogsDenial of Servce (DoS) Al
Page 45 and 46: Event LogsGateway AntiVirus Service
Page 47 and 48: Event LogsDescription of Log Module
Page 49 and 50: Event LogsEvent Log Message Catalog
Page 59 and 60: Firebox Log File XML DTD and Schema
Page 61 and 62:
Firebox® X Edge Log MessagesModule
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
CHAPTER 5WebBlocker ContentWatchGua
Page 75 and 76:
WebBlocker CategoriesCategoryDrugs,
Page 77 and 78:
WebBlocker CategoriesCategoryJob Se
Page 79 and 80:
CHAPTER 6ResourcesThere are many re
Page 81 and 82:
Mailing ListsMailing Listswg-users@
Page 83 and 84:
White Hat Web Sitesbeginners. Cons:
Page 85 and 86:
Other Web Sitesmaintains a list of
Page 87 and 88:
RSS Feedswww.sophos.com/virusinfo/i
Page 89 and 90:
IndexBblocked sites, searching for
show all

WSM Reference Guide - WatchGuard Technologies

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?