WatchGuard x1000 参考指南
CHAPTER 4: Types of Services
40
WatchGuard Firebox System
The Any service has different semantics from other services. For example,
if you allow FTP to a specific host, all other FTP sessions are implicitly
denied by that service (unless you have also configured other FTP service
icons). The Any service, however, does not implicitly deny like other
services.
if you allow FTP to a specific host, all other FTP sessions are implicitly
denied by that service (unless you have also configured other FTP service
icons). The Any service, however, does not implicitly deny like other
services.
You also cannot use an Any service unless specific IP addresses, network
addresses, host aliases, group names, or user names are used in the From
or To lists – otherwise the Any service is deemed too permissive and will
not function.
addresses, host aliases, group names, or user names are used in the From
or To lists – otherwise the Any service is deemed too permissive and will
not function.
Characteristics
•
Protocol: Any
•
Client Port: Ignore
•
Port Number: None
AOL
The America Online proprietary protocol allows access to the AOL
service through a TCP/IP network, instead of the usual dial-up
connection. The AOL client must be specifically configured to use TCP/IP
instead of a modem.
service through a TCP/IP network, instead of the usual dial-up
connection. The AOL client must be specifically configured to use TCP/IP
instead of a modem.
Characteristics
•
Protocol: TCP
•
Server Port(s): 5190
•
Client Port(s): client
archie
archie is a search protocol used to find files on FTP servers. Because there
are a limited number of archie servers, it is safe to provide outgoing archie
service. A current list of archie servers is available via anonymous FTP
from:
are a limited number of archie servers, it is safe to provide outgoing archie
service. A current list of archie servers is available via anonymous FTP
from:
External hosts can be spoofed; WatchGuard cannot verify that these
packets were actually sent from the correct location. You can configure
packets were actually sent from the correct location. You can configure