User Guide
61
Packet Filter Policies
HTTP-proxy
Hyper Text Transfer Protocol (HTTP) is a request/response protocol between clients and servers. The
HTTP client is usually a web browser. The HTTP server is a remote resource that keeps or creates HTML
files, images, and other content. When the HTTP client starts a request, it establishes a Transmission
Control Protocol (TCP) connection on port 80. An HTTP server listens for requests on port 80. When it
receives the request from the client, the server replies with the requested file, an error message, or
some other information.
Characteristics
•
Internet Protocol(s): TCP
•
Port Number(s): 80 (but servers can operate on any port, a common alternative is 8080)
HTTPS-proxy
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a request/response
protocol between clients and servers used for secure communications and transactions. HTTPS is more
secure than HTTP because HTTPS uses a digital certificate to encrypt and decrypt user page requests
as well as the pages that are returned by the web server. The HTTPS client is usually a web browser. The
HTTPS server is a remote resource that keeps or creates HTML files, images, and other content.
Characteristics
•
Internet Protocol(s): TCP
•
Port Number(s): 443
POP3-proxy
Post Office Protocol v.3 (POP3) is a protocol that moves email messages from an email server to an
email client on a TCP connection on port 110. Most Internet-based email accounts use POP3. With
POP3, an email client contacts the email server and checks for any new email messages. If it finds a new
message, it downloads the email message to the local email client. After the message is received by the
email client, the connection is closed.
Characteristics
•
Internet Protocol(s): TCP
•
Port Number(s): 110
The WatchGuard policy “HTTP Proxy” is not the same as an HTTP caching proxy. An HTTP
caching proxy controls the caching of Web data. If you use an external caching proxy, you must
enable (by adding policies) any outgoing policies that are necessary for your organization. If
you do not, outgoing TCP connections do not operate correctly.