What is a Protocol Inspector

Article Details
URL: https://support.deerfield.net/support/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=17
Article ID: 17
Created On: Jun 14, 2004 01:44 PM

Answer WinRoute Firewall

A protocol inspector is a part of WinRoute Firewall that understands high-level Internet languages, like HTTP or FTP. It is called an inspector because it looks at the traffic before allowing it though.

Discussion

A brief explanation of Internet protocols

There are many different types of languages, or protocols, that are spoken between computers on the Internet. Of these, the most basic is the Internet Protocol (IP), which is used to get the address of each computer and explains how to get from one address to the other.

That\'s not very much information, so there are other languages that are built on top of the Internet Protocol, like the Transmission Control Protocol (TCP), which is used to say that a certain set of IP messages are all part of the same conversation, or transmission.

Even then, that only says how you communicate between two computers. It doesn\'t say what you communicate. To say what you communicate, many languages are built on top of TCP. The most common language is the Hypertext Transfer Protocol (HTTP), used to communicate web pages from a web server to a web browser.

Historical Firewalls

Older firewalls could only understand low-level Internet languages, like IP (the Internet Protocol) or TCP (Transmission Control Protocol). As a result, they could only filter traffic based on the limited amount of information in those low-level languages. You could specify where traffic was allowed to go, but not what messages were allowed through.

WinRoute Firewall and Protcol Inspectors

A protocol inspector is a part of WinRoute Firewall that understands high-level Internet languages like FTP (File Transfer Protocol, used for downloading files) or HTTP (Hypertext Transfer Protocol, used for looking at web sites).

Each message in these languages is made up of many TCP or IP messages. Those smaller messages (called packets) are collected by WinRoute Firewall, decoded, and then given to the appropriate Protocol Inspector.

What are they good for?

Protocol Inspectors give WinRoute Firewall the ability to do many things that older firewalls cannot do.

For example, because WinRoute Firewall can understand HTTP, it can integrate with the Cobion OrangeFilter and filter out web sites that users access, based on category. WinRoute Firewall can also look for forbidden words in web pages and deny access to those pages.

WinRoute can also control what types of messages are allowed between Internet FTP servers and your corporate network, for added security.

Finally, there are many Internet protocols that do not pass through firewalls correctly. With protocol inspectors, WinRoute Firewall can fix them as they go through, to make them work correctly.