Symantec 360R Administration Guide - Page 74

74 Network traffic control Configuring special applications 7 In the Redirect to Port(s): End text box, type a port number. 8 Click Add. To update an existing service 1 In the SGMI, in the left pane, click Firewall. 2 In the right pane, on the Services tab, on the Application drop-down list, select an existing service. 3 Make the changes to the services fields. 4 Click Update. The configured Service is displayed in the Service List. To delete a service 1 In the SGMI, in the left pane, click Firewall. 2 In the right pane, on the Services tab, on the Application drop-down list, select an existing service. 3 Click Delete. Configuring special applications Special applications are used for dynamic port forwarding. To determine what ports and protocols an application needs for operation, consult the application's documentation for information on firewall or NAT usage. Some applications may need more than one entry defined and enabled; for example, when they have multiple port ranges in use. Special applications are global in scope and overwrites any computer group specific outbound rules or inbound rules. When enabled, the traffic specified can pass in either direction from any host. Certain applications with two-way communication (such as games and video conferencing) need ports open in the firewall. Normally, you open ports with the Inbound Rules tab. But inbound rules only open ports for the application server IP address defined in its settings, because firewalls using NAT can only open a defined service for a single computer on the LAN (when using a single external IP). The Special Applications tab works around this limitation by letting you set port triggers. The appliance listens for outgoing traffic on a range of ports from computers on the LAN and if it sees traffic, it opens an incoming port range for that computer. Once the communication is done, the appliance starts listening again so that another computer can trigger the ports to be opened for it.