Desktop connection settings

Editing a desktop connection opens the Connection window. Under Description you can enter additional information about the connection for internal use.

On the Rules tab you can adjust the rule set for the related connection. For more information about creating firewall rules see the section Firewall Rule Settings. In addition to the settings described there, you can use the check mark above Connection NAT in the first column to control whether you use the connection settings on the NAT tab described below or use service-specific settings. The latter are located by the firewall rules on the Advanced tab. See also Creating a firewall rule.

Using the NAT tab it is possible to configure SNAT and DNAT for entire networks. The settings correspond to those for individual services except for the destination port, which is omitted from the NAT settings for the connection.

Input box Description
NAT / Masquerading Specify the desired direction for NAT/masquerading (bidirectional, left-to-right, or right-to-left), or disable the function for that rule (Off) by selecting the appropriate radio button. The default setting depends on the source and destination objects selected for the connection.
NAT Source IP Optional: If you have multiple outgoing IP addresses, specify the IP address to use for the source NAT. If no IP address is specified, the system automatically selects the main IP address of the outgoing interface.
Note: If a connected object is a network, you can also enter a network here, provided that it has the same size as the object’s network.
Enable DNAT If a single host or network object is the destination, you can mark this check box to activate DNAT.
External IP address Optional: Enter the destination IP address of the data being processed. DNAT is applied to this data traffic only. This IP address has to be one of the IP addresses of the firewall.
Note: If a connected object is a network, you can also enter a network here, provided that it has the same size as the object’s network.
Destination IP address Optional: Enter the destination IP address of the data being processed.

On the URL / Content Filter tab you can configure the URL/content filter for the related connection.

Input box Description
Block all by default Any requests are blocked unless the request is explicitly unblocked by an enabled whitelist. Content filters and blacklist entries have no function and are therefore grayed out.
Web Filter Mode You have the choice between the following modes:
  • Proxy – Default mode for the URL / Content Filter.
  • DNS – Operate URL / Content Filter based on DNS. This means that DNS queries passing through the DNS server of the LANCOM R&S®Unified Firewall are classified and filtered according to their categories or configured blacklists and whitelists. The same profiles are used as for URL / Content Filter via the HTTP / HTTPS proxy. For the use of the DNS filter also for HTTPS connections no installation of certificates on the client devices is necessary.However, this also results in the following limitations:
    • Filtering is done on the domain, not on the URL.
    • No block page is displayed and it is not possible to use the override mode.
    • Filtering is performed only when the DNS request passes through the firewall.
  • Proxy and DNS – A combination of the above modes.
Name Shows the name of the URL/content filter.
URL Filter Black/White Add the URLs of the respective filters to the blacklist or whitelist by clicking on the relevant checkboxes.
Content Filter Select content filters by checking the respective boxes.
Schedule Indicates whether the filter is always on, always off, or active when scheduled. To modify the schedule, clicking on the entry.

On the Traffic Shaping tab you can configure the traffic shaping settings for the traffic on the selected connection:

Input box Description
Traffic Group Optionally select the name of a traffic group. This applies the rules defined for this group to traffic on this connection. See also Traffic shaping.
Note: If it is a route-based IPsec tunnel, traffic within a tunnel can be prioritized using a custom shaping configuration.
Outgoing DSCP From the list, select an optional DSCP value for outbound data traffic. The list contains the designations from the relevant RFCs (e.g. "CS0") and the group (e.g. "Default"). Also, the value is numerically represented in various bases (binary, hexadecimal, and decimal). The list can be searched according to these representations, so that you can quickly find the desired value regardless of your preferred representation.

If you use application filters (see Application Management), you can activate or deactivate these for the selected desktop connection. In the Application Filter tab you set the Mode of the application filter to Blacklist or Whitelists or deactivate the application filter for each selected profile by selecting the corresponding option button. On the Application Based Routing tab you can add any configured Routing Profiles.

If you change any settings, click Save to store your changes or Reset to discard them. Then click Close to quit the editing window.

Click Activate in the toolbar at the top of the desktop to apply your configuration changes.

For more information on URL, content and application filters, see URL/Content Filter and Application Management.

www.lancom-systems.com

LANCOM Systems GmbH | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E-Mail info@lancom.de

LANCOM Logo