Computer networks are common. Connecting to other computer networks is also common. When connecting networks together, for example, a local area network (LAN) to a wide area network (WAN), there may be the need to isolate the networks to restrict access. There are several approaches to achieving this isolation. One approach is to use, what is referred to in the art as, a firewall. A firewall may be implemented in a variety of ways.
One approach a firewall may implement is packet filtering. In packet filtering, the firewall analyzes network traffic at and below the transport protocol layer. With respect to the Internet, a firewall may examine the Internet Protocol (IP) packet. Based upon a set of predefined rules the packet filtering firewall may allow communication based upon such factors as, direction of the communication, where the packet arrives physically, the supposed source and/or destination of the communication, the type of transport layer, etc. Common transport layers that may be checked in the Internet environment are Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), etc. For example, a firewall may examine a TCP and/or UDP transport layer protocol to check source and destination port numbers. Additionally, firewalls utilizing packet filtering may also perform network address translation (NAT). NAT readdresses packets such that the topology of an internal network is hidden from view of an outsider. That is, the readdressing tends to hide the internal IP addresses from external view. Traffic originating from the internal network and sent out though the firewall is readdressed so that the outgoing traffic may appear to be originating from a different host than the internal host.
Another approach to security is a circuit level firewall. This approach attempts to monitor and validate the setting up and tearing down of connections. Once a connection is set up then communications are validated as to this connection circuit and allowed to pass. For example, a firewall may monitor the setting up of a TCP connection and after verifying that the TCP connection has been properly set up will allow communications to pass until such time as the connection is torn down. The firewall may also monitor the source and destination IP addresses for additional security to try and prevent another entity from sending and/or receiving unknown packets. Additionally, a circuit level firewall may employ NAT as discussed above.
Another approach is a called an application layer firewall. As the name implies, the application layer firewall evaluates packets for validity with respect to an application. Application layer firewalls generally include proxy services. Proxy services are programs that manage network traffic through a firewall for a specific type of service. For example, several common proxy services include support for hypertext transfer protocol (HTTP), file transfer protocol (FTP), Gopher, Telnet, etc. Because the proxy services are examining incoming requests from local users, validating them and then forwarding them on to an outside network and then receiving a response from the outside network and forwarding them back to the original requester, the proxy services are sometimes referred to simply as a proxy and/or a proxy server. That is, with respect to the local user, the proxy performs the function of a server by delivering to the local user the information, without the local user actually being connected directly to the outside source of information. With respect to an outside or external resource, the proxy looks like a standard client placing a request and receiving information. Because of this proxy process, internal IP addresses are generally shielded from external access. Additionally, because a proxy can examine packets with respect to specific applications, the proxy is capable of caching information retrieved, filtering specific information, performing user authentication, etc.
A device located behind a firewall is presented with challenges in attempting to contact an external or outside resource. Likewise, an external device attempting to reach an internal resource behind a firewall is presented with the need to get through the firewall. When the devices behind the firewall are computers with keyboards, monitors, and loadable software, it is often possible to pull up configuration screens to properly configure the device for communication through the firewall. It is not so easy for an appliance type device that may be lacking user input capability to be configured. This presents a problem.