CHAPTER 4: Types of Services
66
WatchGuard Firebox System
you must explicitly enable (by adding service icons) any outgoing services
you intend to use. If you do not, outgoing TCP connections won’t work
properly.
Characteristics
•
Protocol: TCP
•
Server Port(s): 80 (although servers can be run on any port, a common
alternative is 8080, and Secure Socket Layer (SSL) connections are
generally served on port 443)
•
Client Port(s): greater than 1023
•
RFC: 1945
Common Scenarios
Scenario 1
Description
“Public” HTTP server on the optional network.
Icons in the Services Arena
An HTTP icon, with Incoming From Any to the HTTP server.
Scenario 2
Description
“Public” HTTP server on the trusted network.
Icons in the Services Arena
Even with dynamic NAT, the HTTP server must have a “public”
address. Configuration is exactly the same as in Scenario 1.
Proxied-HTTP
Proxied-HTTP combines configuration options for HTTP on port 80 with
a rule allowing all outgoing TCP connections by default. Using the
Proxied-HTTP rule ensures that all outgoing HTTP traffic, regardless of
port, will be proxied according to the HTTP proxy rules.
WatchGuard recommends that you allow incoming HTTP only to any
public HTTP servers maintained behind the Firebox. External hosts can be
Summary of Contents for Firebox X1000
Page 1: ...WatchGuard Firebox System Reference Guide WatchGuard Firebox System...
Page 12: ...xii WatchGuard Firebox System...
Page 22: ...CHAPTER 1 Internet Protocol Reference 10 WatchGuard Firebox System...
Page 38: ...CHAPTER 2 MIME Content Types 26 WatchGuard Firebox System...
Page 92: ...CHAPTER 5 Common Log Messages 80 WatchGuard Firebox System...
Page 118: ...CHAPTER 8 Firebox Read Only System Area 106 WatchGuard Firebox System...
Page 164: ...CHAPTER 9 Glossary 152 WatchGuard Firebox System...