As a complement to threshold rules, it is also possible to manually define hosts and networks that
are to be statically blocked or excluded. Manually blocked hosts and networks can be blocked by
default or based on a schedule. It is also possible to specify which protocols and protocol port
numbers are to be blocked.
Exclude Lists can be created and used to exclude hosts from being blocked when a threshold rule
limit is reached. Good practice includes adding to the list the firewall's interface IP or MAC address
connecting towards the ZoneDefense switch. This prevents the firewall from being accidentally
blocked out.
Example 12.1. A simple ZoneDefense scenario
The following simple example illustrates the steps needed to set up ZoneDefense. It is assumed that all interfaces
on the firewall have already been configured.
An HTTP threshold of 10 connections/second is applied. If the connection rate exceeds this limitation, the firewall
will block the specific host (in network range 192.168.2.0/24 for example) from accessing the switch completely.
A D-Link switch model DES-3226S is used in this case, with a management interface address 192.168.1.250
connecting to the firewall's interface address 192.168.1.1. This firewall interface is added into the exclude list to
prevent the firewall from being accidentally locked out from accessing the switch.
Web Interface
Add a new switch into ZoneDefense section:
1.
Go to ZoneDefense > Switches > Add > ZoneDefense switch
2.
Now enter:
•
Name: switch1
•
Switch model: DES-3226S
•
IP Address: 192.168.1.250
3.
For SNMP Community enter the Write Community String configured for the switch
4.
Press Check Switch to verify the firewall can communicate with the switch and the community string is
correct.
5.
Click OK
Add the firewall's management interface into the exclude list:
1.
Go to ZoneDefense > Exclude list
2.
For Addresses choose the object name of the firewall's interface address 192.168.1.1 from the Available list
12.3.3. Manual Blocking and Exclude
Lists
Chapter 12. ZoneDefense
423
Summary of Contents for 800 - DFL 800 - Security Appliance
Page 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Page 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Page 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Page 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Page 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Page 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Page 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Page 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Page 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Page 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Page 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Page 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Page 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Page 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Page 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...