Watchguard Firebox X5500E Reference Manual

Also see for Firebox X10E: Install guide Reference guide User guide Quick start guide Quick start guide

Contents

Watchguard Firebox X5500E Reference Manual Manual pdf 15 page image

Reference Guide 7Transfer Protocols• Gives abstraction of ports. A connection is made of its source and destination ports and itssource and destination IP addresses. In typical use, port numbers less than 1024 are saved forwell-known services (destinations). The client side can use ports higher than 1023 for the sourceof the connection. But, this rule has many exceptions: NFS (port 2049) and Archie (port 1525) useserver ports at numbers higher than 1024. Some services use the same source and destinationport for server to server connections. Examples include DNS (53), NTP (123), syslog (514), and RIP(520).TCPTransmission Control Protocol (TCP) enables two hosts to make a connection and send streams of datato each other. TCP makes sure that the data that is sent gets to its destination. It also makes sure thatpackets are put in the same sequence as when they were sent.TCP manages connections with properties that control the condition of a connection. Three veryimportant properties of TCP packets are the SYN, ACK, and FIN bits. The SYN bit is set only on the firstpacket sent in each direction for a given connection. The ACK bit is set when the other side gets thedata. The FIN bit is set when the source or destination closes the connection.ICMPThe Internet Control Message Protocol (ICMP) is used most frequently to supply error informationabout other services. It operates by using the same method as UDP. That is, ICMP does not useconnections and does not make sure that packets reach their destination. One dangerous ICMP packetis the ICMP redirect packet, which can change routing information on the devices that receive it.Other protocolsMost traffic on the Internet uses TCP, UDP, or ICMP protocols. Some other protocols are as follows:IGMP (Internet Group Multicast Protocol)A protocol used by a host on multicast access networks to notify a locally attached router towhich group the router belongs.IPIP (IP-within-IP)An encapsulation protocol that is used to assemble virtual networks on the Internet.GGP (Gateway-Gateway ProtocolA routing protocol that is used between different systems.GRA protocol used for PPTP.ESAn encryption protocol used for IPSec.