Page 66 / 139
Scroll up to view Page 61 - 65
66
Note: If the uploaded certificate is a CA certificate, it will automatically be placed in the
Certificate Authorities list, even if Add New was clicked in the Remote Peers list. Similiarly, a
non-CA certificate will be placed in the Remote Peers list even if Add New was clicked from
the Certificate Authorities list.
Identities
This is a list of all the configured Identity lists. An Identity list can be used on the VPN
page to limit inbound VPN access from this list of known identities.
Normally, a VPN tunnel is established if the certificate of the remote peer is present in the
Certificates field in the VPN section, or if the remote peer's certificate is signed by a CA
whose certificate is present in the Certificates field in the VPN section. However, in some
cases it might be necessary to limit who can establish a VPN tunnel even among peers
signed by the same CA.
The Identity list can be selected in the Identity List field on the VPN page.
If an Identity List is configured, the firewall will match the identity of the connecting remote
peer against the Identity List, and only allow it to open the VPN tunnel if it matches the
contents of the list.
If no Identity List is used, no identity matching is done.
Page 67 / 139
Content Filtering
DFL-1100 HTTP content filtering can be configured to scan all HTTP content protocol
streams for URLs or for web page content. If a match is found between a URL on the URL
block the DFL-1100 blocks the web page.
You can configure URL blacklist to block all or just some of the pages on a website. Using
this feature you can deny access to parts of a web site without denying access to it
completely.
The HTTP content filtering can also be configured to strip contents like ActiveX, Flash and
cookies.
There is also a URL whitelist for URLs that should be excluded from all Content Filtering.
Note:
For HTTP URL filtering to work, all HTTP traffic needs to go trough a policy using a
service with the HTTP ALG.
Edit the URL Global Whitelist
Follow these steps to
add or remove a url.
Step 1.
Go to
Firewall and Content
Filtering and choose
Edit global URL
whitelist
Step 2.
Add/edit or
remove the URL that
should never be
checked with the
Content Filtering.
Click the
Apply
button below to apply
the change or click
Cancel
to discard
changes.
Page 68 / 139
68
Edit the URL Global Blacklist
Follow these steps to
add or remove a url.
Step 1.
Go to
Firewall and Content
Filtering and choose
Edit global URL
blacklist
Step 2.
Add/edit or
remove the URL that
should be checked
with the Content
Filtering.
Click the
Apply
button below to apply
the change or click
Cancel
to discard
changes.
Note:
For HTTP
URL filtering to work, all
HTTP traffic needs to go
trough a policy using a
service with the HTTP
ALG.
Page 69 / 139
Active content handling
Active content handling can be enabled or disabled by checking the checkbox before each
type you would like to strip. For example to strip ActiveX and Flash enable the checkbox
named Strip ActiveX objects. It’s possible to strip ActiveX, Flash, Java, JavaScript and
VBScript, it’s also possible to block cookies.
Note:
For HTTP URL filtering to work, all HTTP traffic needs to go trough a policy using a
service with the HTTP ALG.
Page 70 / 139
70
Servers
DHCP Server Settings
The DFL-1100 contains a DHCP server; DHCP (Dynamic Host Configuration Protocol) is a
protocol that lets network administrators to automatically assign IP numbers to computers on
a network. The DFL-
1100 DHCP Server
helps to minimize the
work necessary to
administer a network, as
there is no need for
another server running
DHCP Server software.
The DFL-1100
DHCP Server only
implements a subset of
the DHCP protocol
necessary to serve a
small network, these are:
•
IP address
•
Netmask
•
Subnet
•
Gateway address
•
DNS Servers
•
WINS Servers
•
Domain name
The DFL-1100
DHCP Server assigns
and manages IP
addresses from
specified address pools
within the firewall to the DHCP clients.
Note:
Leases are remembered over a re-configure or reboot of the firewall.
The DFL-1100 also includes a DHCP Relayer. A DHCP relayer is a form of gateway
between a DHCP Server and its users. The relayer intercepts DHCP queries from the users
and forwards them to a DHCP server while setting up dynamic routes based on leases. This
enables the firewall to keep an accurate routing table based on active users and protects the
DHCP server to some degree among other things.
Note:
There can only be one DHCP Server or DHCP Relay configured per interface.