Traffic Squeezer - Limited Firewall Feature

Traffic Squeezer - Limited Firewall Feature

TS-Alpha also provides the network gateway firewall services. A firewall's basic task is to regulate some of the flow of traffic between computer networks of different trust levels

Being a WAN Acceleration device, it is enough to just process traffic, optimize and shape the traffic and the traffic filtering can be outsourced to a completely different stand-alone machine which acts as a firewall. But when it comes to SOHO deployments or rarely even in enterprise corporate deployments it also makes sense to have an inbuilt network traffic firewalling capability in the WAN Acceleration device.

The WAN network is a very costly recurring investment. So it also makes sense that to fine tune and filter-out all the rouge packets which can suck a portion of the available expensive WAN bandwidth.

Rather than a state-of-art firewalling feature, for now the TS-Alpha would provide a very simple Network layer stateless firewall feature. Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. The firewall administrator may define the rules; or default rules may apply.
The current TS-Firewall feature is “stateless” since stateless firewalls require less memory, and can be faster for simple filters that require less time to filter than to look up a session. They may also be necessary for filtering stateless network protocols that have no concept of a session. However, they cannot make more complex decisions based on what stage communications between hosts have reached.
So in simple terms TS firewall feature can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like P2P transfers or FTP.

Internal Implementation
TS-Alpha firewall feature is implemented on the iptables framework. The TS firewall policies are converted into iptables rules (ACL lists – Access Control Lists) and are fed into the system to make the effect.

But the users can also opt for non-iptables based TS-firewall mechanism, if the host OS platform they are installing does not support or contain iptables installed. In this case the TS firewall policies are fed into the TS-Alpha custom TS-module where the same does the pattern matching and filters the traffic.

For usage and instructions of the same please refer the Traffic Squeezer - User usage and installation guide.