Page 41 / 131 Scroll up to view Page 36 - 40
Add User
Follow these steps to add a new user.
Step 1.
Click on
add
after the type of
user you would like to add, Admin or
Read-only.
Step 2.
Fill in
User name;
make sure
you are not trying to add one that
already exists.
Step 3.
Specified what groups the user
should be a member of.
Step 3.
Specify the password for the new user.
Click the
Apply
button below to apply the setting or click
Cancel
to discard changes.
Note:
The user name and password should be at least six characters long. The user
name and password can contain numbers (0-9) and upper and lower case letters (A-Z, a-
z). Special characters and spaces are not allowed.
Change User Password
To change the password of a user click on the user name and you will see the following
screen.
Follow these steps to change a users
password.
Step 1.
Click on the user you would like
to change level of.
Step 2.
Enable the
Change password
checkbox.
Step 3.
Enter the new password twice.
Click the
Apply
button below to apply
the setting or click Cancel to discard
changes.
Note
:
The password should be at least six characters long. The password can contain
numbers (0-9) and upper and lower case letters (A-Z, a-z). Special characters and spaces
are not allowed.
Page 42 / 131
42
Delete User
To delete a user click on the user name and you will see the following screen.
Follow these steps to delete a user.
Step 1.
Click on the user you would like
to change level of.
Step 2.
Enable the
Delete user
checkbox.
Click the
Apply
button below to apply
the setting or click Cancel to discard
changes.
Note:
Deleting a user is
irreversible;
once the user is deleted, it cannot be
undeleted.
Page 43 / 131
Schedules
It is possible to
configure a schedule for
policies to take affect.
By creating a schedule,
the DFL-700 is allowing
the firewall policies to
be used at those
designated times only.
Any activities outside of
the scheduled time slot
will not follow the
policies and will
therefore likely not be
permitted to pass
through the firewall. The
DFL-700 can be
configured to have a
start time and stop time,
as well as creating 2
different time periods in
a day. For example, an
organization may only
want the firewall to allow
the internal network
users to access the
Internet during work
hours. Therefore, one may create a schedule to allow the firewall to allow traffic Monday-
Friday, 8AM-5PM only. During the non-work hours, the firewall will not allow Internet access.
Add new recurring schedule
Follow these steps to add new recurring schedule.
Step 1.
Go to Firewall and Schedules and choose Add new.
Step 2.
Choose the starting and ending date and hour when the schedule should be active.
Step 3.
Use the checkboxes to set the times this schedule should be active. If all boxes
are checked the schedule will be active all the time from the starting to the ending date. If
all boxes are unchecked the schedule never will trigger.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes.
Page 44 / 131
44
Services
A service is basically a definition of a specific IP protocol with corresponding parameters.
The service http, for instance, is defined as to use the TCP protocol with destination port 80.
Services are simplistic, in that they cannot carry out any action in the firewall on their own.
Thus, a service definition does not include any information whether the service should be
allowed through the firewall or not. That decision is made entirely by the firewall policies, in
which the service is used as a filter parameter.
Adding TCP, UDP or TCP/UDP Service
For many services, a single destination port is sufficient. The http service, for instance, is
using destination port 80. To use a single destination port, enter the port number in the
destination ports text box. In most cases, all ports (0-65535) have to be used as source ports.
The second option is to define a port range, a port range is inclusive, meaning that a range
137-139 covers ports 137, 138 and 139.
Multiple ranges or individual ports may also be entered, separated by commas. For
instance, a service can be defined as having source ports 1024-65535 and destination ports
80-82, 90-92, 95. In this case, a TCP or UDP packet with the destination port being one of 80,
81, 82, 90, 91, 92 or 95, and the source port being in the range 1024-65535, will match this
service.
Follow these steps to add a TCP, UDP or TCP/UDP service.
Step 1.
Go to Firewall and Service and choose add new.
Step 2.
Enter a Name for the service in the name field. This name will appear in the
service list when you add a new policy. The name can contain numbers (0-9) and upper
and lower case letters (A-Z, a-z), and the special characters - and _. No other special
characters and spaces are allowed.
Step 3.
Select TCP/UDP Service.
Step 4.
Select the protocol (either TCP, UDP or both TCP/UDP) used by the service.
Step 5.
Specify a source port or range for this service by typing in the low and high port
numbers. Enter 0-65535 for all ports, or a single port like 80 for only one source port.
Step 6.
Specify a destination port or range for this service by typing in the low and high
port numbers. Enter 0-65535 for all ports, or a single port like 80 for only one destination
port.
Step 7.
Enable the Syn Relay checkbox if you want to protect the destination from SYN
flood attacks.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes.
Page 45 / 131
Adding IP Protocol
When the type of the service is IP Protocol, an IP protocol number may be specified in the
text field. To have the service match the GRE protocol, for example, the IP protocol should be
specified as 47. A list of some defined IP protocols can be found in the appendix named “IP
Protocol Numbers”.
IP protocol ranges can be used to specify multiple IP protocols for one service. An IP
protocol range is similar to the TCP and UDP port range described previously; the range 1-4,
7 will match the protocols ICMP, IGMP, GGP, IP-in-IP and CBT.
Follow these steps to add a TCP, UDP or TCP/UDP service.
Step 1.
Go to Firewall and Service and choose new.
Step 2.
Enter a Name for the service in the name field. This name will appear in the
service list when you add a new policy. The name can contain numbers (0-9) and upper
and lower case letters (A-Z, a-z), and the special characters - and _. No other special
characters and spaces are allowed.
Step 3.
Select IP Protocol.
Step 4.
Specify a comma-separated list of IP protocols.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes.
Grouping Services
Services can be grouped in order to simplify configuration. Consider a web server using
standard http as well as SSL encrypted http (https). Instead of having to create two separate
rules allowing both types of services through the firewall, a service group named, for instance,
Web, can be created, with the http and the https services as group members.
Follow these steps to add a group.
Step 1.
Go to Firewall and Service and choose new.
Step 2.
Enter a Name for the service in the name field. This name will appear in the
service list when you add a new policy. The name can contain numbers (0-9) and upper
and lower case letters (A-Z, a-z), and the special characters - and _. No other special
characters and spaces are allowed.
Step 3.
Select Group.
Step 4.
Specify a comma-separated list of existing services.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top