Routing

Click on

System

in the menu bar, and then click

Routing

below it, this will give a list of all

configured routes, it will look something like this:

The Routes configuration section describes the firewall’s routing table. DFL-700 uses a

slightly different way of describing routes compared to most other systems. However, we

believe that this way of describing routes is easier to understand, making it less likely for

users to cause errors or breaches in security.

Interface

– Specifies which interface packets destined for this route shall be sent through.

Network

– Specifies the network address for this route.

Gateway

– Specifies the IP address of the next router hop used to reach the destination

network. If the network is directly connected to the firewall interface, no gateway address is

specified.

Local IP Address

– The IP address specified here will be automatically published on the

corresponding interface. This address will also be used as the sender address in ARP queries.

If no address is specified, the firewalls own interface IP address will be used.

Proxy ARP –

Specifies that the firewall shall publish this route via Proxy ARP.

One advantage with this form of notation is that you can specify a gateway for a particular

route, without having a route that covers the gateway’s IP address or despite the fact that the

route that covers the gateway’s IP address is normally routed via another interface.

The difference between this form of notation and that most commonly used is that there,

you do not specify the interface name in a separate column. Instead, you specify the IP

address of each interface as a gateway.

Note:

The firewall does not Proxy ARP routes on VPN interfaces.

22

Add a new Static Route

Follow these steps to add a new route.

Step 1.

Go to

System

and

Routing

.

Step 2.

Click on

Add new

in the bottom of the routing table.

Step 3.

Choose the interface that the route should be sent trough from the dropdown

menu.

Step 4.

Specify the Network and Subnet mask.

Step 5.

If this network is behind a remote gateway enable the checkbox

Network is

behind remote gateway

and specify the IP of that gateway

Click the

Apply

button below to apply the setting or click

Cancel

to discard changes.

Remove a Static Route

Follow these steps to add a remove a route.

Step 1.

Go to

System

and

Routing

.

Step 2.

Take

Edit

after the route you would like to remove.

Step 3.

Check the checkbox named

Delete this route

.

Click the

Apply

button below to apply the setting or click

Cancel

to discard changes.

Logging

Click on

System

in the menu bar, and then click

Logging

below it.

Logging, the ability to audit decisions made by the firewall, is a vital part in all network

security products. The D-Link DFL-700 provides several options for logging its activity. The D-

Link DFL-700 logs its activities by sending the log data to one or two log receivers in the

network.

All logging is done to Syslog recipients. The log format used for syslog logging is suitable

for automated processing and searching.

The D-Link DFL-700 specifies a number of events that can be logged. Some of those

events, for instance, startup and shutdown events, are mandatory, and will always generate

log entries. Others, for instance to log if when allowed connections are opened and closed, is

24

configurable. It’s also possible to have E-mail alerting for IDS/IDP events to up to three email

addresses.

Enable Logging

Follow these steps to enable logging.

Step 1.

Enable syslog by checking the

Syslog

box.

Step 2.

Fill in your first syslog server as

Syslog server 1,

if you have two syslog servers

you have to fill in the second one as

Syslog server 2

.

You must fill in at least one syslog

server for logging to work.

Step 3.

Specify what facility to use by selecting the appropriate syslog facility. Local0 is

the default facility.

Click the

Apply

button below to apply the setting or click Cancel to discard changes.

Enable Audit Logging

To start auditing all traffic trough the firewall, follow the sets below and the firewall will start

logging all traffic trough the firewall, this is needed for running third party log analyzers on the

logs and to see how much traffic different connections use.

Follow these steps to enable auditing.

Step 1.

Enable syslog by checking the

Enable audit logging

box.

Click the

Apply

button below to apply the setting or click Cancel to discard changes.

Enable E-mail alerting for ISD/IDP events

Follow these steps to enable E-mail alerting.

Step 1.

Enable E-mail alerting by checking the

Enable E-mail alerting for IDS/IDP

events

checkbox.

Step 2.

Choose the sensitivity level.

Step 3.

In the

SMPT Server

field, fill in the SMTP server to which the DFL-700 should

send email.

Step 4.

Specify up to three valid email addresses to receive the email alerts.

Click the

Apply

button below to apply the setting or click Cancel to discard changes.

When an attack has occurred, more information about the attack can be found. Copy the

attack string and paste it into the

By message

box at the following address:

(you can of course also write the attack string

manually in the box).

Intrusion attacks will always be logged in the usual logs if IDS is enabled for any of the

rules.

For more information about how to enable intrusion detection and prevention on a policy

or port mapping, read more under

Policies

and

Port Mappings

in the Firewall section below.