Packet mapping

Packet mapping is a way to redirect data through a SafeLinx Server.

Packet mapping lets you:
  • Redirect certain types of data packets (TCP, UDP, ICMP, and other) according to various criteria.
  • Change specific fields within the packet header.
  • Change specific character strings within the packet data.

For example, you have a subnet of email application programs running on SafeLinx Clients configured to connect to sendmail servers that listen on well-known port 25. An email server is optimized for SafeLinx Clients and is configured to listen on port 9000; port 25 continues to be used by other client applications. Because email uses simple mail transfer protocol (SMTP), a TCP application, you can set up a TCP mapping function on the SafeLinx Server to redirect all outgoing mail packets from port 25 to port 9000.

The following table describes more mapping criteria that you can specify according to the type of packet that is received by the SafeLinx Server:
Packet type Mapping criteria
TCP

You can qualify the mapping according to the port used by the originator or the receiver of the packet.

You can further qualify the mapping by specifying a from-flag and a to-flag in the packet header.

Note: Flags should be used only by protocol experts who require this level of differentiation for a special purpose.
UDP You can qualify the mapping according to the port used by the originator or the receiver of the packet.
ICMP You can qualify the mapping according to a specific type of ICMP packet. For some specific ICMP packets, you can further qualify with code that applies to the packet.
OTHER You can qualify the mapping according to a specific type of IP protocol. Specify a search for a specific character string within the packet header.

Packet mappings that work together can be put into groups.

To add a packet mapping, right-click the OU in which you want to add the packet mapping, click Add Resource > Packet mapping or NAT, and then select the mapping type.