1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DFL-700
    5. /
  5. 25
Page 121 / 131 Scroll up to view Page 116 - 120
4.
Edit the new policy we just created
Name the rule
allow_http
Enter position
2
Select action
Allow
Select service
http-outbound
Select schedule
Always
Click
Apply
Page 122 / 131
122
The new policy should now be added to position two in the list (if not, it can be
moved to the right position by clicking on the up and down arrows).
5.
Click
Activate
and wait for the firewall to restart.
Page 123 / 131
Intrusion detection and prevention
Intrusion detection and prevention can be enabled for both policies and port mappings. In
this example we are using a port mapping. The policy setup is quite similar.
In this example a mail server with IP 192.168.2.4 and a web server with IP 192.168.2.5 is
connected to the DMZ interface on the firewall.
To set up intrusion detection and prevention to a web server on the DMZ net, follow these
steps:
1.
Create a Port mapping for the web server,
Firewall->Port Mapping
:
Under
Configured mappings
, click
Add new
Page 124 / 131
124
2.
Set up the newly created port mapping:
Name the rule
map_www
Select service
http-in-all
Enter pass to IP:
192.168.2.5
(the IP of the web server)
Check the
Intrusion detection / prevention
option
Select mode
Prevention
Enable email alerting by checking the
Alerting
box
Click
Apply
Page 125 / 131
The new mapping is now in the list.
3.
Setup email server and enable alerting,
System->Logging
:
Check
Enable E-mail alerting for IDS/IDP events
Select sensitivity
Normal
Enter SMTP server IP (email server):
192.168.2.4
Enter sender:
Enter E-mail address 1:
Enter E-mail address 2:
Click
Apply
4.
Click
Activate
and wait for the firewall to restart.
When attacks are stopped by the firewall it will listed in the logs. Since we enabled email
alerting in this example, emails will also be sent to the users
webmaster
and
steve
.
To get more information about the attack, copy the attack string and paste it into the
By
message
box at the following address:
(you can
of course also write the attack string manually in the box).
In this example we used the
prevention
mode. This means that the firewall will block all
attacks. In
Inspection only
mode nothing will be blocked, the firewall will only log the attacks
and send email alerts (if that is enabled).

Rate

4 / 5 based on 1 vote.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top