
[ Overview ]
[ Gateway Capability ]
[ Firewall Capability ]
[ Filter Capability ]
[ IPSec VPN Support ]
[ PPPoE Support ]
[ Feature Comparison Chart ]
The Firewall Plugin provides a flexible and secure
connection between your private network and the Internet. It prevents
unauthorized access to your private network, while providing
controlled access to Internet to users within your
network.
SERVICES
While Network Address Translation allow users transparent
access to virtually any Internet service, including FTP, Telnet,
World Wide Web (Web), E-Mail (SMTP, POP3 and IMAP), Internet Relay
chat (IRC) and many many others, the Firewall Plugin complements it
with rule-based filtering, firewall policy based protection, address
and port redirection, comprehensive logging and traffic accounting.
SECURITY
Security is enforced at several levels. IP traffic
is continuously monitored by the Firewall Plugin.
As a network packet enters the firewall, its is scanned at
every level of the protocol stack before it is allowed onto
or out of the network that is being protected. This full
inspection guarantees the security of the network.
Each packet can be checked for every little detail that the
system administrator considers important:
- Incoming and/or outgoing packet
- Type of service (TCP/UDP/ICMP/etc.)
- Source and destination IP addresses
- Source and destination IP services (ports)
- Any combination of bits in the header (ACK/SYN/FIN/etc.)
- Byte pattern at given offset of packet content
- Byte pattern search in packet
For every matched packet/connection, the system administrator can
choose an appropriate action:
- Allow packet/connection
- Deny packet/connection
- Log packet/connection into separate or common log file
- Execute external application
- Give audio-alert
- Include packet in the traffic accounting
PORT AND ADDRESS REDIRECTION
The firewall's Access Control rules provide the capability of redirection,
which allows a connection request from an external client to be remapped
to a system on the internal network.
Redirection can be applied to both IP addresses and ports, and allows the
destination address to be changed from the external address of the firewall
to specific hosts behind the internal network.
Port and address Redirection is extremely useful in providing access to
servers on the internal network that are otherwise not accessible to
the outside world.
|