Chapter 27 Application Patrol
27.1.2What You Need to Know About Application Patrol"The ZyWALL checks firewall rules before it checks application patrol rules for traffic going through the ZyWALL.
If you want to use a service, make sure both the firewall and application patrol allow the service’s packets to go through the ZyWALL.
Application patrol examines every TCP and UDP connection passing through the ZyWALL and identifies what application is using the connection. Then, you can specify, by application, whether or not the ZyWALL continues to route the connection.
Configurable Application Policies
The ZyWALL has policies for individual applications. For each policy, you can specify the default action the ZyWALL takes once it identifies one of the service’s connections.
You can also specify custom policies that have the ZyWALL forward, drop, or reject a service’s connections based on criteria that you specify (like the source zone, destination zone, original destination port of the connection, schedule, user, source, and destination information). Your custom policies take priority over the policy’s default settings.
Classification of Applications
There are two ways the ZyWALL can identify the application. The first is called auto. The ZyWALL looks at the IP payload (OSI
"The ZyWALL allows the first eight packets to go through the firewall, regardless of the application patrol policy for the application. The ZyWALL examines these first eight packets to identify the application.
In the second approach (called service ports). The ZyWALL uses only OSI
Bandwidth Management
When you allow an application, you can restrict the bandwidth it uses or even the bandwidth that particular features in the application (like voice, video, or file sharing) use. This restriction may be ineffective in certain cases, however, such as using MSN to send files via P2P.
444 |
| |
ZyWALL USG 100/200 Series User’s Guide |
| |
|
|
|