Technical information

ManualsBrandsSchmid ManualsComputer equipmentWatson

Watson SHDSL Router

Web-based Management Manual

Watson-SHDSL-Router-GUI-Manual.doc

Version 2.3-03

8-26

Revision: 2012-02-29

 Destination Address The destination address of packets sent or received by

Watson. This address can be configured in the same manner as the source

address. This entry enables further filtration of the packets.

 Protocol You may also specify a traffic protocol. Selecting the 'Show All Ser-

vices' option from the drop-down menu will expand the list of available proto-

cols. Select a protocol or add a new one using the 'User Defined' option. This

will commence a sequence that will add a new service, representing the proto-

col. Refer to Section 9.9.1 in order to learn how to do so.

 DSCP Select this check box to display two DSCP fields, which enable you to

specify a hexadecimal DSCP value and its mask assigned to the packets

matching the priority rule.

 Priority Select this check box to display a drop-down menu, in which you can

select a priority level assigned to the packets matching the priority rule.

 Length Select this check box if you would like to specify the length of packets,

or the length of their data portion.

Operation Define what action the rule will take, by selecting one of the following

radio buttons:

Drop Deny access to packets that match the source and destination IP addresses

and service ports defined above.

Reject Deny access to packets that match the criteria defined, and send an ICMP

error or a TCP reset to the origination peer.

Accept Connection Allow access to packets that match the criteria defined. The

data transfer session will be handled using Stateful Packet Inspection (SPI), mean-

ing that other packets matching this rule will be automatically allowed access.

Accept Packet Allow access to packets that match the criteria defined. The data

transfer session will not be handled using SPI, meaning that other packets match-

ing this rule will not be automatically allowed access. This can be useful, for exam-

ple, when creating rules that allow broadcasting.

Logging Monitor the rule.

 Log Packets Matched by This Rule Select this check box to log the first

packet from a connection that was matched by this rule.

Schedule By default, the rule will always be active. However, you can configure

scheduler rules by selecting 'User Defined', in order to define time segments during

which the rule may be active. To learn how to configure scheduler rules, refer to

Section 9.9.3.

8.2.9.2 Adding ALG Rules

The 'ALG Rule Sets' section enables you to define address and port processing

rules for certain application protocols (such as, FTP, TFTP, SIP, and others), which

carry the IP address inside the application data. Most of these protocols will not

work with the NAT, unless the NAT is aware of them and does the appropriate

translation.

The NAT is application independent, therefore a specific Application Level Gateway

(ALG) is required to perform payload monitoring and needed alterations to allow the

application's traffic to pass through the firewall. The 'Input' and 'Output' subsections

of the 'ALG Rule Sets' feature are designated to display ALG rules for inbound and