- Kerio WinRoute Firewall Administrator's Guide
Chapter 16 Other settings
230
16.3 Universal Plug-and-Play (UPnP)
WinRoute supports UPnP protocol (Universal Plug-and-Play). This protocol enables client
applications (i.e. Microsoft MSN Messenger) to detect the firewall and make a request for
mapping of appropriate ports from the Internet for the particular host in the local net-
work. Such mapping is always temporary — it is either applied until ports are released
by the application (using UPnP reports) or until expiration of the timeout.
The required port must not collide with any existing mapped port or any traffic rule
allowing access to the firewall from the Internet. Otherwise, the UPnP port mapping
request will be denied.
Configuration of the UPnP support
To configure UPnP go to the Security Settings folder in Configuration → Advanced Op-
tions.
Figure 16.4 IPnP settings (the Security Settings tab under Configuration / Advanced Options)
Enable UPnP
This option enables UPnP.
Warning: If WinRoute is running on the Windows XP operating system, check
whether the following system services are not running before you start the UPnP
function:
• SSDP Discovery Service
• Universal Plug and Play Device Host
If any of these services is running, close it and deny its automatic startup. In
WinRoute these services cannot be used together with UPnP.
Note: The WinRoute installation program detects the services and offers their stop-
ping and denial.
Port mapping timeout
For security reasons, ports required by applications are mapped for a certain time
period only. Mapping is closed automatically on demand of the application or when
the timeout (in seconds) expires.