Chapter 17
Advanced security features
230
Number of suspicious connections
Big volume of connections established from the client host is a typical feature of
P2P
networks (usually one connection for each file). The
Number of connections
value defines
maximal number of client’s network connections that must be reached to consider the
traffic as suspicious.
The optimum value depends on circumstances (type of user’s work, frequently used net-
work applications, etc.) and it must be tested. If the value is too low, the system can be
unreliable (users who do not use
P2P
networks might be suspected). If the value is too
high, reliability of the detection is decreased (less
P2P
networks are detected).
Safe services
Certain “legitimate” services may also show characteristics of traffic in
P2P
networks (e.g.
big number of concurrent connections). To ensure that traffic is not detected incorrectly
and users of these services are not persecuted by mistake, it is possible to define list of
so called secure services. These services will be excluded from detection of
P2P
traffic.
The
Define services...
button opens a dialog where services can be define that will not be
treated as traffic in
P2P
network. All services defined in
Configuration
→
Definitions
→
Services
are available (for details, refer to chapter sect-services"/>).
Warning
Default values of parameters of
P2P
detection were set with respect to long-term testing. As
already mentioned, it is not always possible to say that a particular user really uses
P2P
net-
works or not which results only in certain level of probability. Change of detection parameters
may affect its results crucially. Therefore, it is recommended to change parameters of
P2P
networks detection only in legitimate cases (e.g. if a new port number is detected which is
used only by a
P2P
network and by no legitimate application or if it is found that a legitimate
service is repeatedly detected as a
P2P
network).
17.2 Special Security Settings
WinRoute
provides several security options which cannot be defined by traffic rules. These
options can be set in the
Security settings
tab of the
Configuration
→
Advanced Options
section.
Summary of Contents for Firewall6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies...
Page 129: ...8 5 HTTP cache 129...
Page 404: ...404...