Port - Protocol

The destination port represents the port on which the “source” host opens a connection to the “destination” host. The protocol to which the filter rule applies can also be defined in this window.

Port

Destination Port Service or service group used as a selection criterion for this rule. Double-click on this zone to select the associated object.

EXAMPLES
Port 80: HTTP service
Port 25: SMTP service


You can Add or Delete objects by clicking on the icon

Objects can be created or modified directly from this field by clicking on .

Protocol

Depending on the protocol type that you choose here, the following field that appears will vary:

Protocol type Select the desired protocol type. The value of the following fields varies according to your choice.
  • Automatic protocol detection (default),
  • Application protocol,
  • IP protocol.
  • Ethernet protocol.
Application protocol The advantage of this choice is being able to apply application analysis on a port other that the default port. When this protocol type is selected:
  • Application protocol: Select the desired protocol from the drop-down list.
  • IP protocol: the IP protocols concerned will change according to the selected application protocol.
IP protocol When this protocol type is selected:
  • Application protocol: No application analysis.
  • IP protocol: Select the desired protocol from the drop-down list. Additional fields may appear depending on the protocol selected.
  • Stateful tracking: Select the checkbox to track the status of IP connections. This option is selected by default for TCP, UDP and ICMP protocols.
Ethernet protocol When this protocol type is selected, select the desired Ethernet protocol from the drop-down list.

NOTE
For example, connection status tracking (stateful mode) can be enabled for the GRE protocol, which is used in PPTP tunnels. Thanks to this tracking tool, the source (map), destination (redirection) or both (bimap) can be translated.
However, it will be impossible to differentiate 2 connections that share the same source and destination addresses. In concrete terms, this means that when the firewall translates a source N -> 1 (map), only one simultaneous connection to a PPTP server can be made.

Translated port

This section is available when NAT on the destination is selected.

Translated destination port Translated port to which packets are going. Network packets received will be redirected from a given port on a host or a network device to another host or network device. If you wish to translate the traffic’s destination port, select one from the objects in the drop-down list.
Otherwise, leave the field empty, i.e. “None” by default. In this case, the Destination port field remains unchanged.