Cisco WS-CE500-24TT Administration Guide - Page 121
Port Triggering, Firewall Configuration, Appendix B, Standard Services.
UPC - 882658054068
View all Cisco WS-CE500-24TT manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 121 highlights
Firewall Configuration Port Triggering 4 STEP 3 If you click Add or Edit, the IP MAC Binding Configuration window opens. STEP 4 Enter the following information: • Name: Specify a unique name for this rule. • MAC Address: Specify the MAC address for this rule. • IP Address: Specify the IP address for this rule. • Log Dropped Packets: Choose whether to Enable or Disable dropped packets. STEP 5 Click Apply to save your changes. The new rule appears in the IP/MAC Binding table. Port Triggering Port triggering opens an incoming port for a specified type of traffic on a defined outgoing port. When a LAN device makes a connection on one of the defined outgoing ports, the security appliance opens the specified incoming port to support the exchange of data. When the exchange is completed, the ports are closed. Port triggering is more flexible than the static port forwarding that you can configure in a firewall rule. Port triggering rules do not have to reference specific LAN IP addresses or IP addresses ranges. In addition, the ports are not left open when they are not in use, thereby providing a level of security that static port forwarding does not offer. Port triggering is required for some applications. Such applications require that, when external devices connect to them, they receive data on a specific port or range of ports in order to function properly. The security appliance must send all incoming data for that application only on the required port or range of ports. The gateway has a list of common applications and games with corresponding outbound and inbound ports to open. You can also specify a port triggering rule by defining the type of traffic (TCP or UDP) and the range of incoming and outgoing ports to open when enabled. See Appendix B, "Standard Services." NOTE Port triggering is not appropriate for servers on the LAN, since the LAN device must make an outgoing connection before an incoming port is opened. Cisco SA500 Series Security Appliances Administration Guide 121