Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
391392393394395396397398399400
4-85
Firewall
Port Mapping
Port Mapping
A port map is a port-to-service (or application) association. The firewall ALGs
draw on the port maps to learn which application to expect on a particular
TCP or UDP port. For example, if you add a port map that associates FTP with
TCP 55555, the TMS zl Module will treat traffic on TCP 55555 as FTP traffic—
any ALGs that apply to FTP will be applied to traffic on TCP 55555. You can
map a service to more than one protocol or port.
The TMS zl Module will treat traffic that passes through a port that is not
explicitly mapped as the application that is associated with the well-known
port. If no application is mapped to the port by the TMS zl Module or Internet
Assigned Numbers Authority (IANA), the traffic will be treated as generic TCP/
UDP traffic.
Note The IDS/IPS also uses these port maps. See “Port Maps” in Chapter 6: “Intru-
sion Detection and Prevention.”
At factory default settings, the TMS zl Module has several port maps that
match services to the standard protocol and ports for those services. The
default port maps also include common alternate port numbers for several
services. Table 4-11 lists the default port maps.
You can create your own port maps for these services. (There is no need to
create port maps for other services because the module does not support
specific ALGs or attack checks for them.) The module can have up to 1001
port maps.
Table 4-11. Default Port Mappings
Service Protocol Port
BGP TCP 179
DRDA TCP 50000
FTP TCP 21
H323 TCP 1720
H323GK UDP 1719
HTTP TCP 80
HTTP TCP 3128
HTTP TCP 8080