Re: suggestions on router w/firewall
From: CZ (CZ_at_no99spam.com)
Date: 11/05/04
- Next message: Robin T Cox: "Re: How to chnage the homepage"
- Previous message: Raja: "How to chnage the homepage"
- In reply to:(deleted message) Leythos: "Re: suggestions on router w/firewall"
- Next in thread: Leythos: "Re: suggestions on router w/firewall"
- Reply:(deleted message) Leythos: "Re: suggestions on router w/firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 05 Nov 2004 15:01:51 GMT
CZ wrote:
> 2) A simple packet filtering firewall works on OSI layers 3 & 4, and does
> not know what HTTP is, as HTTP protocol is on OSI layer 7 (so is FTP
> protocol). So, a simple packet filtering firewall should process HTTP
> that
> is received on port 21 by the same rules that would be used for FTP.
> A simple packet filtering firewall can block TCP port 80, which is usually
> used with HTTP.
Leythos:
And a firewall can detect the "type" of traffic being passed over a port
and determine if the traffic type matches the rule you created for that
port - for example, if I create a HTTP rule on port 21, it will reject
FTP sessions and pass HTTP through - this is an example of the
difference between a Firewall and a Router with NAT.
Leythos:
What firewall brand and model are you using?
In MS's ISA product (multi-level firewall & Web proxy) I can block the HTTP
protocol via application level filtering (at OSI layer 7) for certain ISA
client types, but ISA cannot directly block the HTTP protocol at the port
level (OSI layer 4). ISA can block normal use of HTTP at OSI layer 4 by
blocking use of port 80, but that is not directly filtering on the HTTP
protocol itself.
Re: "And a firewall can detect the "type" of traffic being passed over a
port":
A simple packet filter type of firewall cannot do that, as it only inspects
the headers for OSI layer 3 & 4, and HTTP protocol is on OSI layer 7. A
firewall that can filter the HTTP protocol, IMO, would be called something
like an application level protocol filter (OSI layer 7).
However, a simple packet filter should not be denied consideration as a
firewall because it does not filter the HTTP protocol, it should be thought
of as a different type of firewall.
- Next message: Robin T Cox: "Re: How to chnage the homepage"
- Previous message: Raja: "How to chnage the homepage"
- In reply to:(deleted message) Leythos: "Re: suggestions on router w/firewall"
- Next in thread: Leythos: "Re: suggestions on router w/firewall"
- Reply:(deleted message) Leythos: "Re: suggestions on router w/firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
