Ubigate iBG2016 Configuration Guide/Ed.00© SAMSUNG Electronics Co., Ltd. 237y Many-to-one reverse NAT(NAT record attached to in bound policy)y One-to-one reverse NAT(NAT record attached to in bound policy)y Many-to-many regular NAT(NAT record attached to out bound Policy)Multiple policies can share single NAT address, provided NAT address is oftype many to one only.Public ip addresses belonging to each map are maintained in one table. A mapcannot use public ip address assigned to another map.Application Content FilteringFirewall supports command level filtering for certain well known applications.You can define application specific content filtering schemes by configuringapplication objects. Firewall can perform selective content filtering for SMTP,FTP, HTTP, and RPC Applications like disabling or enabling of individualcommands of the application.Firewall has the necessary intelligence to parse the contents of theseapplications and selectively filter out some commands. Some of thesecommands might reveal unwanted information. For this purpose, firewallmaintains a database where such protocol commands can be configured andthis database will eventually be used when the actual datagram travels in thenetwork. This application control database maintains the above mentionedprotocol commands.Every application control in the application control database can represent forone of the above-mentioned applications. Each application control containsthe application protocol information such as, the IP protocol, the transportprotocol.Along with this it maintains a set of application commands. These applicationcommands can depend on the protocol it represents. In case of SMTP & FTPthey are simple English commands, in case of RPC they are program numbersand in case of HTTP it is file extensions. Along with this command,application control also maintains the action that needs to be applied.The actions are either ALLOW or DENY. This application control can beattached to an access policy to enable application command filtering.
