System Software 7.5.1 allows you to enter the maximum path depth for the Cobion Orange Filter when scanning a URL.
Use the URL PATHDEPTH field to enter the maximum path level accessed when checking a URL.
When you enter 0, only the URL domain name is checked (e.g., www.server.com). This means that all pages on this Web server belong to the same category.
When 1 is entered, the first level of the URL path is scanned. For example, www.server.com/info and www.server.com/games are checked separately and can be assigned to two different categories.
The higher the setting, the longer it will take to load Internet pages because each URL has to be checked for multiple categories. If you enter a value that is too low, no distinctions are made between any categories of directories below the set depth. The actual classification on the Cobion filter servers is not affected by this, but the processing speed increases since the check is not R1200w Setup Tool Funkwerk Enterprise Communications GmbH [SECURITY][ORANGE FILTER]: Static Settings MyGateway
2.18 UPnP
UPnP is available for use with System Software 7.5.1.
Universal Plug and Play (UPnP) enables you to use the latest messenger services (e.g., real-time video/audio conferences) for peer-to-peer communication, where one of the peers is behind a gateway with enabled NAT function.
In most cases, UPnP allows Windows operating systems to control other UPnP devices in the local area network. These include gateways, access points and print servers. No special device driver is needed because known and shared protocols such as TCP/IP, HTTP and XML are used.
Your gateway makes it possible to use the Internet Gateway Devices (IGD) subsystem, one of the functions available to you with UPnP.
More information on UPnP is available at www.upnp.org.
The gateway is configured in the IP ➜ UPNP menu:
R1200w Setup Tool Funkwerk Enterprise Communications GmbH
[IP][UPNP]: UPnP Configuration MyGateway
UPnP status disabled
TCP port number for UPnP 5678
SAVE CANCEL
The menu contains the following fields:
Table 2-29: IP ➜ UPNP
Field Meaning
UPnP status Select how the gateway responds to UPnP requests from the LAN.
Options include:
■ disabled (cleared) - The gateway discards UPnP requests, NAT enabling is not performed.
■ restricted - The gateway arranges port enabling and mapping for the duration of the application only for the requesting client. A check is also made to determine whether the target IP address of the incoming packets matches the IP address of the LAN UPnP client. A LAN UPnP client is therefore unable to map ports on behalf of other hosts in the LAN.
■ enabled - The gateway performs UpnP enabling using the parameters in the request from the requesting LAN UPnP client regardless of what IP address this client has.
TCP port number for UPnP
Enter the number of the port where the gateway will check for UPnP requests.
Possible values are 1 to 65535; the default value is 5678.
2.19 Stateful Inspection Firewall – Easier to configure
It is now easier to configure the bintec Stateful Inspection Firewall.
Interfaces, services and addresses can now be combined into groups.
Internal use of alias names has also been improved.
Groups can be created and customised under SECURITY➜ STATEFUL INSPECTION
in the respective submenus.
Interface Groups You can combine interfaces into groups in the SECURITY➜ STATEFUL INSPECTION
➜ EDIT INTERFACE GROUPS ➜ ADD/EDIT menu. The menu consists of the following fields:
Table 2-30: New fields in the SECURITY ➜ STATEFUL INSPECTION ➜ EDIT INTERFACE GROUPS➜ ADD/EDIT menu
Parameter Value
Alias Enter a name for the interface group that you wish to configure.
Interface Alias 1 Interface Alias 2
Interface Alias 10
Shows the alias names for your device's interfaces.
You can choose an alias name and then combine up to ten interfaces into a group.
Service Groups You can combine services into groups in the SECURITY➜ STATEFUL INSPECTION
➜ EDIT SERVICES GROUPS ➜ ADD/EDIT menu. The menu consists of the following fields:
Table 2-31: New fields in the SECURITY ➜ STATEFUL INSPECTION ➜ EDIT INTERFACE GROUPS➜ ADD/EDIT menu
Address groups You can combine address aliases into groups in the SECURITY ➜ STATEFUL
INSPECTION➜ EDIT ADDRESS GROUPS➜ ADD/EDIT menu. The menu consists of the following fields:
Table 2-32: New fields in the SECURITY ➜ STATEFUL INSPECTION ➜ EDIT ADDRESS GROUPS➜ ADD/EDIT menu
Parameter Value
Alias Enter a name for the service group that you wish to configure.
Service Alias 1 - 10 Shows the alias names for services that have been configured on your device.
You can choose a service and then combine up to ten services into a group.
Parameter Value
Alias Enter a name for the address alias group that you wish to configure.
Interface Alias 1 - 10 Shows the alias names of interfaces that have been assigned an alias for an IP address or an IP address range on your device.
You can chose an alias name and then combine up to ten aliases into a group.
2.20 QoS classification integrated into the Stateful Inspection Firewall
In System Software 7.5.1, IP QoS classification has been added to the Stateful Inspection Firewall configuration.
This allows you to use SIF-internal session handling even with packet classification as required for QoS policies.
One major advantage is easier QoS configuration:
■ There is no need to configure individual IP packet filters.
■ Packet direction and target ports can be disregarded.
■ Cross-references do not have to be configured separately for interdependent sessions, e.g., PPTP/GRE, H232/RTP, FTP etc.
■ QoS classification is performed on each data stream that is not blocked by the SIF.
The settings are configured under SECURITY ➜ STATEFUL INSPECTION ➜ EDIT
FILTERS➜ ADD/EDIT:
R1200w Setup Tool Funkwerk Enterprise Communications GmbH
[SECURITY][STATEFUL INSPECTION][ADD] MyGateway
QoS Priority default (no special IP QoS handling)
SAVE CANCEL
The menu contains the following fields for QoS classification:
Table 2-33: SECURITY➜ STATEFUL INSPECTION➜ EDIT FILTERS➜ ADD/EDIT