Outbound Filters control access from hosts on Protected networks and PSNs to IP addresses that reside on an external network The External network is the unprotected network for which no network address translation is performed. The External network is typically connected to the Internet. However, GNAT Box can also be used internally on private networks as an intranet firewall. If connected to the Internet, the external interface must have a registered IP address. GNAT Box provides no security for hosts located on the External network. See Protected and Private Service Networks., and from hosts on a Protected Network The Protected network is the network hidden behind the GNAT Box system. The term Protected network is used by GTA to refer to the network directly connected to the GNAT Box system. All features and attributes associated with this network also apply to all networks connected to the Protected network. All hosts and IP addresses used on this network are hidden from the External and Private Service networks. Hosts on the Protected Network are by default not accessible from the External network or PSN network. The Tunnel facility can be used to allow external access to hosts and services on this network. to those that reside external to a PSN.
TCP, UDP, ICMP, IGMP, ESP, AH or any other protocol The procedures that are used by two or more computer systems so they can communicate with each other. defined in IP Protocols can be matched against the packet.
The implicit rule, ěthat which is not explicitly allowed is denied,î applies to both outbound packets and inbound packets. The rule is explicitly listed in the Outbound Filters in version 3.5 and higher. See Index #3 in the illustration below.
The factory default set of Outbound Filters allows all IP addresses on the Protected Network to access any IP address and service external to the Protected Network. If a PSN interface exists, a similar Outbound Filter will be auto-configured that allows all access to the External Network but not to the Protected Network. These filters can be modified or deleted according to local network security policy.