Port-to-Application Mapping (PAM) enables administrators to
customize TCP or UDP port numbers for network services or applications. PAM
uses this information to support network environments that run services using
ports that are different from the registered or well-known ports associated
with an application.
Using the port information, PAM establishes a table
of default port-to-application mapping information at the firewall. The
information in the PAM table enables CBAC supported services to run on
nonstandard ports. PAM also supports host or subnet-specific port mapping,
which enables administrators to apply PAM to a single host or subnet using
standard ACLs. Host- or subnet-specific port mapping is done using standard
ACLs.
System-defined Port Mapping
PAM creates a table, or
database, of system-defined mapping entries using the well-known or registered
port mapping information set up during the system startup. The system-defined
entries comprise all the services supported by CBAC, which requires the
system-defined mapping information to function properly.
The
system-defined mapping information cannot be deleted or changed. Therefore, it
is impossible to map HTTP services to port 21, the system-defined port for FTP,
or FTP services to port 80, the system-defined port for HTTP.
The default
system-defined services and applications found in the PAM table are shown in
Figure
.