66

Note: If the uploaded certificate is a CA certificate, it will automatically be placed in the

Certificate Authorities list, even if Add New was clicked in the Remote Peers list. Similiarly, a

non-CA certificate will be placed in the Remote Peers list even if Add New was clicked from

the Certificate Authorities list.

Identities

This is a list of all the configured Identity lists. An Identity list can be used on the VPN

page to limit inbound VPN access from this list of known identities.

Normally, a VPN tunnel is established if the certificate of the remote peer is present in the

Certificates field in the VPN section, or if the remote peer's certificate is signed by a CA

whose certificate is present in the Certificates field in the VPN section. However, in some

cases it might be necessary to limit who can establish a VPN tunnel even among peers

signed by the same CA.

The Identity list can be selected in the Identity List field on the VPN page.

If an Identity List is configured, the firewall will match the identity of the connecting remote

peer against the Identity List, and only allow it to open the VPN tunnel if it matches the

contents of the list.

If no Identity List is used, no identity matching is done.

Content Filtering

DFL-1100 HTTP content filtering can be configured to scan all HTTP content protocol

streams for URLs or for web page content. If a match is found between a URL on the URL

block the DFL-1100 blocks the web page.

You can configure URL blacklist to block all or just some of the pages on a website. Using

this feature you can deny access to parts of a web site without denying access to it

completely.

The HTTP content filtering can also be configured to strip contents like ActiveX, Flash and

cookies.

There is also a URL whitelist for URLs that should be excluded from all Content Filtering.

Note:

For HTTP URL filtering to work, all HTTP traffic needs to go trough a policy using a

service with the HTTP ALG.

Edit the URL Global Whitelist

Follow these steps to

add or remove a url.

Step 1.

Go to

Firewall and Content

Filtering and choose

Edit global URL

whitelist

Step 2.

Add/edit or

remove the URL that

should never be

checked with the

Content Filtering.

Click the

Apply

button below to apply

the change or click

Cancel

to discard

changes.

68

Edit the URL Global Blacklist

Follow these steps to

add or remove a url.

Step 1.

Go to

Firewall and Content

Filtering and choose

Edit global URL

blacklist

Step 2.

Add/edit or

remove the URL that

should be checked

with the Content

Filtering.

Click the

Apply

button below to apply

the change or click

Cancel

to discard

changes.

Note:

For HTTP

URL filtering to work, all

HTTP traffic needs to go

trough a policy using a

service with the HTTP

ALG.

Active content handling

Active content handling can be enabled or disabled by checking the checkbox before each

type you would like to strip. For example to strip ActiveX and Flash enable the checkbox

named Strip ActiveX objects. It’s possible to strip ActiveX, Flash, Java, JavaScript and

VBScript, it’s also possible to block cookies.

Note:

For HTTP URL filtering to work, all HTTP traffic needs to go trough a policy using a

service with the HTTP ALG.

70

Servers

DHCP Server Settings

The DFL-1100 contains a DHCP server; DHCP (Dynamic Host Configuration Protocol) is a

protocol that lets network administrators to automatically assign IP numbers to computers on

a network. The DFL-

1100 DHCP Server

helps to minimize the

work necessary to

administer a network, as

there is no need for

another server running

DHCP Server software.

The DFL-1100

DHCP Server only

implements a subset of

the DHCP protocol

necessary to serve a

small network, these are:

•

IP address

•

Netmask

•

Subnet

•

Gateway address

•

DNS Servers

•

WINS Servers

•

Domain name

The DFL-1100

DHCP Server assigns

and manages IP

addresses from

specified address pools

within the firewall to the DHCP clients.

Note:

Leases are remembered over a re-configure or reboot of the firewall.

The DFL-1100 also includes a DHCP Relayer. A DHCP relayer is a form of gateway

between a DHCP Server and its users. The relayer intercepts DHCP queries from the users

and forwards them to a DHCP server while setting up dynamic routes based on leases. This

enables the firewall to keep an accurate routing table based on active users and protects the

DHCP server to some degree among other things.

Note:

There can only be one DHCP Server or DHCP Relay configured per interface.