Chapter 12 Definitions
180
can only be used in passive mode. The FTP protocol inspector distinguishes that
the FTP is active, opens the appropriate port and redirects the connection to the
appropriate client in the local network. Due to this fact, users in the local network
are not limited by the firewall and they can use both FTP modes (active/passive).
The protocol inspector is enabled if it is set in the service definition and if the corre-
sponding traffic is allowed. Each protocol inspector applies to a specific protocol and
service. In the default WinRoute configuration, all available protocol inspectors are used
in definitions of corresponding services (so they will be applied to corresponding traffic
automatically), except protocol inspectors for SIPand H.323 (SIP and H.323 are complex
protocols and protocol inspectors may work incorrectly in some configurations).
To apply a protocol inspector explicitly to another traffic, it is necessary to define a new
service where this inspector will be used or to set the protocol inspector directly in the
corresponding traffic rule.
Example: You want to perform inspection of the HTTP protocol at port 8080. Define
a new service: TCP protocol, port 8080,HTTP protocol inspector. This ensures that HTTP
protocol inspector will be automatically applied to any TCP traffic at port 8080 and
passing through WinRoute.
Notes:
1. Generally, protocol inspectors cannot be applied to secured traffic (SSL/TLS). In this
case, WinRoute “percieves” the traffic as binary data only. This implies that such
traffic cannot be deciphered.
2. Under certain circumstances, appliance of a protocol inspector is not desirable.
Therefore, it is possible to disable a corresponding inspector temporarily. For de-
tails, refer to chapter 23.4.
12.4 URL Groups
URL Groups enable the administrator to define HTTP rules easily (see chapter 10.2).
For example, to disable access to a group of Web pages, you can simply define a URL
group and assign permissions to the URL group, rather than defining permissions to
each individual URL rule. URL groups can be defined in the Configuration / Definitions /
URL Groups section.
To define URL rules go to the URL Rules tab in Configuration Content Filtering HTTP
Policy.