User Guide
45
Packet Filter Policies
IDENT
The Identification Protocol (IDENT) is a protocol used to match TCP connections to a user name. It is
used most frequently by large public SMTP and FTP servers. It is used for logs, but you cannot trust the
information it gives, as attackers can change their servers to have them send back incorrect
information. IDENT uses false information to hide internal user information.
When you use incoming static NAT with SMTP, you might see packets that come from the remote mail
server being denied with destination port 113. In these cases, you can add an IDENT policy to Policy
Manager. Configure IDENT to allow incoming connections to:
Firebox
. This enables outgoing mail
messages from behind the Firebox to the few SMTP servers on the Internet that use IDENT.
If you are not using dynamic NAT, allow IDENT to the IP address of your email server.
We recommend that IDENT policies be allowed to and from the Firebox, but know that hackers can use
IDENT to collect user names.
Characteristics
•
Internet Protocol(s): TCP
•
Port Number(s): 113
IGMP
The Internet Group Management Protocol (IGMP) is the standard for IP multicasting on the Internet. It
is used to control host memberships in multicast groups on a single network.
Characteristics
•
Internet Protocol(s): IGMP
IMAP
Internet Mail Access Protocol (IMAP) is an application layer protocol for getting email or bulletin board
messages on a remote email server as if the messages were local. You can access email stored on an
IMAP server from many locations (such as home, work, or laptop) without moving messages.
Characteristics
•
Internet Protocol(s): TCP
•
Port Number(s): 143
IPSec
Internet Protocol Security (IPSec) is a framework for a set of protocols for security at the network or
packet layer of network communications. It is a VPN tunneling protocol with encryption.
Characteristics
•
Internet Protocol(s): UDP, encapsulated security payload (ESP), authentication header (AH)
•
Port Number(s): UDP 4500