Chapter 12 Definitions
can only be used in passive mode. The FTP protocol inspector distinguishes that the FTP is active, opens the appropriate port and redirects the connection to the appropriate client in the local network. Due to this fact, users in the local network are not limited by the firewall and they can use both FTP modes (active/passive).
The protocol inspector is enabled if it is set in the service definition and if the corre- sponding traffic is allowed. Each protocol inspector applies to a specific protocol and service. In the default WinRoute configuration, all available protocol inspectors are used in definitions of corresponding services (so they will be applied to corresponding traffic automatically), except protocol inspectors for SIPand H.323 (SIP and H.323 are complex protocols and protocol inspectors may work incorrectly in some configurations).
To apply a protocol inspector explicitly to another traffic, it is necessary to define a new service where this inspector will be used or to set the protocol inspector directly in the corresponding traffic rule.
Example: You want to perform inspection of the HTTP protocol at port 8080. Define
a new service: TCP protocol, port 8080, HTTP protocol inspector. This ensures that HTTP protocol inspector will be automatically applied to any TCP traffic at port 8080 and passing through WinRoute.
Notes:
1.Generally, protocol inspectors cannot be applied to secured traffic (SSL/TLS). In this case, WinRoute “percieves” the traffic as binary data only. This implies that such traffic cannot be deciphered.
2.Under certain circumstances, appliance of a protocol inspector is not desirable. Therefore, it is possible to disable a corresponding inspector temporarily. For de- tails, refer to chapter 23.4.
12.4 URL Groups
URL Groups enable the administrator to define HTTP rules easily (see chapter 10.2). For example, to disable access to a group of Web pages, you can simply define a URL group and assign permissions to the URL group, rather than defining permissions to each individual URL rule. URL groups can be defined in the Configuration / Definitions / URL Groups section.
To define URL rules go to the URL Rules tab in Configuration → Content Filtering → HTTP Policy.
