WatchGuard x1000 参考指南
Packet Filter Services
Reference Guide
61
a site’s Internet service provider. The WatchGuard traceroute service is
for filtering UNIX-based UDP-style traceroute only. For DOS-based or
Windows-based traceroute packet filtering, use the ping service instead
(see “ping” on page 51).
for filtering UNIX-based UDP-style traceroute only. For DOS-based or
Windows-based traceroute packet filtering, use the ping service instead
(see “ping” on page 51).
traceroute uses ICMP and UDP packets to build pathways across
networks using the UDP TTL field to return packets from every router
and machine between a source and a destination. Letting traceroute into a
network may enable an outsider to create a map of your private network.
However, outbound traceroute can be useful for troubleshooting.
networks using the UDP TTL field to return packets from every router
and machine between a source and a destination. Letting traceroute into a
network may enable an outsider to create a map of your private network.
However, outbound traceroute can be useful for troubleshooting.
Characteristics
•
Protocols: UDP, ICMP
•
Server Port(s): Not Applicable
•
Client Port(s): generally greater than 32768
WAIS
Wide Area Information Services (WAIS) is a protocol used to search for
documents over the Internet originally developed at Thinking Machines
Incorporated. Although WAIS servers are becoming rare, some WWW
sites use WAIS to scan searchable indices, so it might be a good idea to
enable outgoing WAIS.
documents over the Internet originally developed at Thinking Machines
Incorporated. Although WAIS servers are becoming rare, some WWW
sites use WAIS to scan searchable indices, so it might be a good idea to
enable outgoing WAIS.
WAIS is based on the ANSI Z39.50 search protocol, and the terms Z39.50
and WAIS are often used interchangeably.
and WAIS are often used interchangeably.
Characteristics
•
Protocol: TCP
•
Server Port(s): 210 although servers can be (and often are) configured
on other ports, much like HTTP servers
on other ports, much like HTTP servers
•
Client Port(s): greater than 1023
WatchGuard
The basic WatchGuard service allows configuration and monitoring
connections to be made to the Firebox. WatchGuard recommends
allowing this service only to the Management Station. The service is
typically set up on the trusted interface.
connections to be made to the Firebox. WatchGuard recommends
allowing this service only to the Management Station. The service is
typically set up on the trusted interface.