D-Link DWC-1000 Manuel D’Utilisation
Wireless Controller
User Manual
107
8.
The last step is to enable this firewall rule. Select the rule, and click ―enable‖ below the
list to make sure the firewall rule is active
5.4 Security on Custom Services
Advanced > Firewall Settings > Custom Services
Custom services can be defined to add to the list of services available during firewall
rule configuration. While common services have known TCP/UDP/ICMP ports for
traffic, many custom or uncommo n applications exist in the LAN or WAN. In the
custom service configuration menu you can define a range of ports and identify the
traffic type (TCP/UDP/ICMP) for this service. Once defined, the new service will
appear in the services list of the firewall r ules configuration menu.
rule configuration. While common services have known TCP/UDP/ICMP ports for
traffic, many custom or uncommo n applications exist in the LAN or WAN. In the
custom service configuration menu you can define a range of ports and identify the
traffic type (TCP/UDP/ICMP) for this service. Once defined, the new service will
appear in the services list of the firewall r ules configuration menu.
Figure 66 : Li st of user def ined services.
5.5 ALG support
Advanced > Firewall Settings > ALGs
Application Level Gateways (ALGs) are security component that enhance the firewall
and NAT support of this controller to seamlessly support application layer protocols.
In some cases enabling the ALG will allow the firewall to use dynamic ephemeral
TCP/ UDP ports to communicate with the known ports a particular client application
(such as H.323 or RTSP) requires, wit hout which the admin would have to open large
number of ports to accomplish the same support. Because the ALG understands the
protocol used by the specific application that it supports, it is a very secure and
efficient way of introducing support for clien t applications through the controller‘s
firewall.
and NAT support of this controller to seamlessly support application layer protocols.
In some cases enabling the ALG will allow the firewall to use dynamic ephemeral
TCP/ UDP ports to communicate with the known ports a particular client application
(such as H.323 or RTSP) requires, wit hout which the admin would have to open large
number of ports to accomplish the same support. Because the ALG understands the
protocol used by the specific application that it supports, it is a very secure and
efficient way of introducing support for clien t applications through the controller‘s
firewall.