Packet Filter Policies
62
WatchGuard System Manager
SIP-proxy
If you use Voice-over-IP (VoIP) in your organization, you can add a SIP (Session Initiation Protocol) proxy
policy to open the ports necessary to enable VoIP through your Firebox. These proxy policies have
been created to work in a NAT environment to maintain security for privately-addressed conferencing
equipment behind the Firebox.
SIP is a newer standard that is more common in hosted environments, where only endpoint devices
such as phones are hosted at your business location and a VoIP provider manages the connectivity.
Characteristics
•
Internet Protocol(s): TCP, UDP
•
Port Number(s): TCP 5060, UDP 5060
SMTP-proxy
Simple Mail Transfer Protocol (SMTP) is the Internet standard protocol used to transmit and receive
email messages. Usually SMTP servers are public servers. You use the SMTP proxy to control email
messages and email content. The proxy scans SMTP messages for a number of filtered parameters, and
compares them against the rules set in the proxy configuration.
When you use incoming static NAT with SMTP, you might see packets that come from the remote mail
server being denied with destination port 113. In these cases, you can add an IDENT policy to Policy
Manager. Configure IDENT to allow incoming connections to:
Firebox
. This enables outgoing mail
messages from behind the Firebox to the few SMTP servers on the Internet that use IDENT.
If you do not want to use the SMTP proxy but want to use SMTP and have SMTP operate correctly, add a
packet filter SMTP policy that uses TCP protocol and port 25.
Characteristics
•
Internet Protocol(s): TCP
•
Port Number(s): 25
TCP-UDP-proxy
The TCP-UDP proxy is included for these protocols on non-standard ports: HTTP, HTTPS, SIP, and FTP.
For these protocols, the TCP-UDP proxy relays the traffic to the correct proxies for the protocols or
allows you to allow or deny traffic. For other protocols, you can select to allow or deny traffic.
Characteristics
•
Internet Protocol(s): TCP, UDP
•
Port Number(s): TCP 0 (Any), UDP 0 (Any)