Services define the traffic that can pass through the firewall. A service is not a software component, but a group of parameters that describe what kind of traffic should Zorp accept and how to handle the accepted traffic. The service specifies how thoroughly the traffic is analyzed (packet filter or application level), the protocol of the traffic (for example, HTTP, FTP, and so on), if the traffic is TLS-encrypted (and also related security settings like accepted certificates), NAT policies applied to the connections, and many other parameters.
Packet-filter services forward the incoming packets using the kzorp kernel module. Application-level services create two separate connections on the two sides of Zorp (client–Zorp, Zorp–server) different connections and analyze the traffic on the protocol level. Only application-level services can perform content filtering, authentication, and other advanced features.
Note |
---|
To allow IPSec traffic to pass Zorp, you must add packet filtering rules manually. See Procedure 16.3.4, Forwarding IPSec traffic on the packet level for details. |
The following types of services are available in Zorp:
- : It inspects the traffic on application level using proxies. For the highest available security, use application-level inspection whenever possible. For details, see
Procedure 6.4.2, Creating a new packet filtering Service (PFService).
: It inspects the traffic only on packet level. Use packet-level filtering to transfer very large amount of UDP traffic (for example, streaming audio or video). For details, seeZorp versions. For details, see Procedure 6.4.3, Creating a new DenyService.
: It enables making a service unavailable for any reasons (for example, because accessing it is prohibited in certain zones), use . DenyService is a replacement for the umbrella zones of earlier- : It attempts to determine the protocol used in the connection from the traffic itself, and to start a specified service. Currently it can detect HTTP, SSH, and SSL traffic. For HTTPS connections, it can also select a service based on the certificate of the server. For details, see
Services are managed from the ZMC component. The left side of the tab displays the configured services, while the right side shows the parameters of the selected service. Use this tab to delete unwanted services, modify existing ones, or create new ones.
tab of thePublished on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu