Page 26 / 133 Scroll up to view Page 21 - 25
26
Changing time zone
Follow these steps to change the time zone.
Step 1.
Choose the correct time zone in the drop down menu.
Step 2.
Specify your daylight time or choose no daylight saving time by checking the
correct box.
Click the
Apply
button below to apply the setting or click Cancel to discard changes.
Using NTP to sync time
Follow these steps to sync to an Internet Time Server.
Step 1.
Enable synchronization by checking the
Enable NTP
box.
Step 2.
Enter the Server IP Address or Server name with which you want to synchronize.
Click the
Apply
button below to apply the setting or click Cancel to discard changes.
Setting time and date manually
Follow these steps to set the system time by hand.
Step 1.
Checking the
Set the system time
box.
Step 2.
Choose the correct date.
Step 3.
Set the correct time in 24-hour format.
Click the
Apply
button below to apply the setting or click Cancel to discard changes.
Page 27 / 133
Firewall
Policy
The Firewall Policy configuration section is the "heart" of the firewall. The policies are the
primary filter that is configured to allow or disallow certain types of network traffic through the
firewall.
When a new connection is being established through the firewall, the policies are
evaluated, top to bottom, until a policy that matches the new connection is found. The Action
of the rule is then carried out. If the action is Allow, the connection will be established and a
state representing the connection is added to the firewall's internal state table. If the action is
Drop, the new connection will be refused. The section below will explain the meanings of the
various action types available.
Policy modes
The first step in configuring security policies is to configure the mode for the firewall. The
firewall can run in NAT or No NAT (Route) mode. Select NAT mode to use DFL-1000 network
address translation to protect private networks from public networks. In NAT mode, you can
connect a private network to the internal interface, a DMZ network to the dmz interface, and a
public network, such as the Internet, to the external interface. Then you can create NAT mode
policies to accept or deny connections between these networks. NAT mode policies hide the
addresses of the internal and DMZ networks from users on the Internet. In No NAT (Route)
mode you can also create routed policies between interfaces. Route mode policies accept or
deny connections between networks without performing address translation. To use NAT
mode select
Hide source addresses (many-to-one NAT)
and to use No NAT (Route) mode
choose
No NAT
.
Action Types
Drop –
Packets matching Drop rules will immediately be dropped. Such packets will be
logged if logging has been enabled in the Logging Settings page.
Reject –
Reject works in basically the same way as Drop. In addition to this, the firewall
sends an ICMP UNREACHABLE message back to the sender or, if the rejected packet was a
TCP packet, a TCP RST message. Such packets will be logged if logging has been enabled
in the Logging Settings page.
Allow –
Packets matching Allow rules are passed to the stateful inspection engine, which
will remember that a connection has been opened. Therefore, rules for return traffic will not be
required as traffic belonging to open connections is automatically dealt with before it reaches
the policies. Logging is carried out if audit logging has been enabled in the Logging Settings
page.
Page 28 / 133
28
Source and Destination Filter
Source Nets
– Specifies the sender span of IP addresses to be compared to the received
packet. Leave this blank to match everything.
Source Users/Groups
– Specifies if an authenticated username is needed for this policy
to match. Either make a list of usernames, separated by
,
or write
Any
for any authenticated
user. If it’s left blank there is no need for authentication for the policy.
Destination Nets
– Specifies the span of IP addresses to be compared to the destination
IP of the received packet.
Leave this blank to match everything.
Destination Users/Groups
– Specifies if an authenticated username is needed for this
policy to match. Either make a list of usernames, separated by , or write Any for any
authenticated user. If it’s left blank there is no need for authentication for the policy.
Service Filter
Either choose a predefined service from the dropdown menu or make a custom.
The following custom services exist:
All
This service matches all protocols.
TCP+UDP+ICMP
This service matches all ports on either the TCP or the UDP protocol,
including ICMP.
Custom TCP
This service is based on the TCP protocol.
Custom UDP
This service is based on the UDP protocol.
Custom TCP+UDP
This service is based on either the TCP or the UDP protocol.
The following is used when making a custom service:
Custom source/destination ports –
For many services, a single destination port is
sufficient. The source port most often be all ports, 0-65535. The http service, for instance, is
using destination port 80. A port range can also be used, meaning that a range 137-139
covers ports 137, 138 and 139. Multiple ranges or individual ports may also be entered,
separated by commas. For instance, a service can be defined as having source ports 1024-
65535 and destination ports 80-82, 90-92, 95. In this case, a TCP or UDP packet with the
destination port being one of 80, 81, 82, 90, 91, 92 or 95, and the source port being in the
range 1024-65535, will match this service.
Schedule
If a schedule should be used for the policy, choose one from the dropdown menu, these
are specified on the
Schedules
page. If the policy should always be active, choose Always
from the dropdown menu.
Page 29 / 133
Intrusion Detection / Prevention
The DFL-200 Intrusion Detection/Prevention System (IDS/IDP) is a real-time intrusion
detection and prevention sensor that identifies and takes action against a wide variety of
suspicious network activity. The IDS uses intrusion signatures, stored in the attack database,
to identify the most common attacks. In response to an attack, the IDS protect the networks
behind the DFL-200 by dropping the traffic. To notify of the attack the IDS sends an email to
the system administrators if email alerting is converted. There are two modes that can be
configured, either
Inspection Only
or
Prevention.
Inspection Only will only inspect the traffic
and if the DFL-200 sees anything it will log, email an alert (if configured) and pass on the
traffic, if Prevention is used the traffic will be dropped and logged and if configured a email
alert will be sent.
D-Link updates the attack database periodically. Since firmware version 1.30.00 automatic
updates are possible. If IDS or IDP is enabled for at least one of the policies or port mappings,
auto updating of the IDS database will be enabled. The firewall will then automatically
download the latest database from the D-Link website.
Add a new policy
Follow these steps to add a new outgoing policy.
Step 1.
Choose the
LAN->WAN
policy list from the available policy lists.
Step 2.
Click on the
Add new
link.
Step 3.
Fill in the following values:
Name:
Specifies a symbolic name for the rule. This name is used mainly as a rule
reference in log data and for easy reference in the policy list.
Action:
Select
Allow
to allow this type of traffic.
Source Nets:
– Specifies the sender span of IP addresses to be compared to the
received packet. Leave this blank to match everything.
Source Users/Groups:
Specifies if an authenticated username is needed for this policy to
match. Either make a list of usernames, separated by
,
or write
Any
for any authenticated
user. If it’s left blank there is no need for authentication for the policy.
Destination Nets:
Specifies the span of IP addresses to be compared to the destination
IP of the received packet.
Leave this blank to match everything.
Destination Users/Groups:
Specifies if an authenticated username is needed for this
policy to match. Either make a list of usernames, separated by
,
or write
Any
for any
authenticated user. If it’s left blank there is no need for authentication for the policy.
Service:
Either choose a predefined service from the dropdown menu or make a custom.
Schedule:
Choose what schedule should be used for this policy to match, choose Always
for no scheduling.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes
Page 30 / 133
30
Change order of policy
Follow these steps to change order of a policy.
Step 1.
Choose the policy list you would like do change order in from the available policy
lists.
Step 2.
Click on the
Edit
link on the rule you want to delete.
Step 3.
Change the number in the
Position
to the new line, this will after the apply button
is clicked move this policy to this row and move the old policy and all after to one step
down.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes
Delete policy
Follow these steps to delete a policy.
Step 1.
Choose the policy list you would like do delete the policy in from the available
policy lists.
Step 2.
Click on the
Edit
link on the rule you want to delete.
Step 3.
Enable the
Delete policy
checkbox.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes
Configure Intrusion Detection
Follow these steps to configure IDS on a policy.
Step 1.
Choose the policy you would like have IDS on.
Step 2.
Click on the
Edit
link on the rule you want to delete.
Step 3.
Enable the
Intrusion Detection / Prevention
checkbox.
Step 4.
Choose
Intrusion Detection
from the mode drop down list.
Step 5.
Enable the alerting checkbox for email alerting.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top