Firewall Features, Continued
A few of the terms need further explanation. The IP Pool is just a pointer to a group of IP addresses that you can set by Subnet, Range or even single IP address - the latter being a little silly. I'd rather have seen an option to specify a list of IP addresses, since the other options only let you specify contiguous ranges of addresses. The NAT Pool is another pointer / shorthand, this time letting you define contiguous groups of LAN and WAN IP addresses for use in multi-NAT configurations.
The Application Filters can be associated with ACL rules to filter FTP and SMTP commands, HTTP file extensions and RPC services. This means that for the FTP, SMTP and RPC filters, the SL1000 will allow or deny specific commands entered in the each filter, while the HTTP filter can be set only to block files with certain extensions.
Figure 8: HTTP Filter example
Figure 8 shows an HTTP filter that will block files with .java, .jar and .swf (Flash) extensions.
Note also that you can choose to have the triggering of an ACL logged or have an ACL apply to traffic coming or going via an IPsec tunnel.
With all those selectors to absorb, you may have missed the Time Ranges feature that lets you apply one of three programmable time periods to any ACL rule. The Time Range is just that - you get one "From" day and time to one "To" day and time per range - and some users may find this too limiting for their needs.
You're also sure to have missed the Application Layer Gateway (ALG) feature because it has no settings in the admin interface. ALGs are built-in dynamic port mappings that trigger on specific outbound packets. These are used for applications such as games and tele / video conferencing that need to dynamically open ports in the router's firewall. I'll have to take ASUS' word on this, since I didn't try to test out any of the list of supported applications.