manualshive.com logo in svg

D-Link DFL-210 - NetDefend - Security Appliance, Cli Reference Manual

The D-Link DFL-210 NetDefend Security Appliance provides robust network protection with advanced features. Ensure a hassle-free setup with the included Quick Installation Manual, available for free download from manualshive.com. This comprehensive manual offers step-by-step instructions to optimize the product's performance, empowering users to safeguard their network effectively.

Share
Download
background image

Network Security Solution

 

http://www.dlink.com 

Security 

Security 

DFL-210/ 800/1600/ 2500

DFL-260/ 860/1660/ 2560(G)

Ver

 

2.27.01

Network Security Firewall

CLI Reference Guide

Summary of Contents for DFL-210 - NetDefend - Security Appliance

Page 1: ...Network Security Solution http www dlink com Security Security DFL 210 800 1600 2500 DFL 260 860 1660 2560 G Ver 2 27 01 Network Security Firewall CLI Reference Guide...

Page 2: ...ide DFL 210 260 800 860 1600 1660 2500 2560 2560G NetDefendOS version 2 27 01 D Link Corporation No 289 Sinhu 3rd Rd Neihu District Taipei City 114 Taiwan R O C http www DLink com Published 2010 06 22...

Page 3: ...s for a particular purpose D Link reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of su...

Page 4: ...22 2 1 5 commit 23 2 1 6 delete 23 2 1 7 pskgen 24 2 1 8 reject 24 2 1 9 reset 26 2 1 10 set 26 2 1 11 show 27 2 1 12 undelete 29 2 2 Runtime 31 2 2 1 about 31 2 2 2 alarm 31 2 2 3 arp 31 2 2 4 arpsn...

Page 5: ...63 2 2 57 rtmonitor 64 2 2 58 rules 64 2 2 59 selftest 65 2 2 60 services 67 2 2 61 sessionmanager 68 2 2 62 settings 69 2 2 63 shutdown 70 2 2 64 sipalg 70 2 2 65 sshserver 72 2 2 66 stats 73 2 2 67...

Page 6: ...17 2 BroadcomEthernetPCIDriver 113 3 17 3 E1000EthernetPCIDriver 113 3 17 4 E100EthernetPCIDriver 114 3 17 5 IXP4NPEEthernetDriver 114 3 17 6 MarvellEthernetPCIDriver 115 3 17 7 R8139EthernetPCIDrive...

Page 7: ...agement 173 3 48 1 RemoteMgmtHTTP 173 3 48 2 RemoteMgmtNetcon 173 3 48 3 RemoteMgmtSNMP 174 3 48 4 RemoteMgmtSSH 174 3 49 RouteBalancingInstance 176 3 50 RouteBalancingSpilloverSettings 177 3 51 Routi...

Page 8: ...s 198 3 55 19 RoutingSettings 199 3 55 20 SSLSettings 200 3 55 21 StateSettings 201 3 55 22 TCPSettings 202 3 55 23 VLANSettings 203 3 56 SSHClientKey 204 3 57 ThresholdRule 205 3 57 1 ThresholdAction...

Page 9: ...rags 43 2 10 List network objects which have names containing net 56 2 11 Show all monitored objects in the alg http category 64 2 12 Show a range of rules 65 2 13 Interface ping test between all inte...

Page 10: ...for the option Example 1 Command option notation One of the usages for the help command looks like this help category COMMANDS TYPES Topic This means that help has an option called category which has...

Page 11: ...s followed by ellipses it is possible to specify more than one routing table Since table name is optional as well the user can specify zero or more policy based routing tables gw world routes Virroute...

Page 12: ...eference for all commands and configuration object types that are available in the command line interface for NetDefendOS 1 1 Running a command The commands described in this guide can be run by typin...

Page 13: ...gw world activate h Full help for activate gw world help activate Help for the arp command Arp is also the name of a configuration object type so it is necessary to specify that the help text for the...

Page 14: ...of informa tion is shown Ctrl D or Delete Delete the character to the right of the cursor Ctrl E or End Move the cursor to the end of the line Ctrl F or Right Arrow Move the cursor one character to th...

Page 15: ...d lines up arrow for older command lines and down arrow to move back to a newer command line See also Section 2 4 3 history Example 1 3 Command line history Using the command line history via the arro...

Page 16: ...ip a tab gw world add Address IP4Address example_ip Address Address was autocompleted gw world add Address IP4Address example_ip Address 1 2 3 4 Tab completion of references gw world set Address IP4Gr...

Page 17: ...add or remove a member to the list without having to enter all the other members again Edit the default value gw world add LogReceiverSyslog example Address example_ip LogSeverity tab gw world add Lo...

Page 18: ...s and options cannot be used unless the logged in user has administrator priviege This is indicated in this guide by a note following the command or Admin only written next to an option 1 6 User roles...

Page 19: ...1 6 User roles Chapter 1 Introduction 19...

Page 20: ...privilege 2 1 2 add Create a new object Description Create a new object and add it to the configuration Specify the type of object you want to create and the identifier if the type has one unless the...

Page 21: ...e silent key value pair Options force Add object even if it has errors silent Do not show any errors Category Category that groups object types Identifier The property that identifies the configuratio...

Page 22: ...rrect context e g a LocalUserDatabase called exampledb Only objects in the current context can be accessed Example 2 2 Change context Change to a sub child context gw world cc LocalUserDatabase exampl...

Page 23: ...guration Add the force flag to delete the object even if it is referenced by other objects or if it is a context that has child objects that aren t deleted This may cause objects referring to the spec...

Page 24: ...hared key of specified size containing randomized key data If a key with the spe cified name exists the existing key is modified Otherwise a new key object is created Usage pskgen Name comments String...

Page 25: ...er user1 Comments Something gw world exampledb set User user2 Comments that will be gw world exampledb set User user3 Comments rejected gw world exampledb cc gw world reject LocalUserDatabase exampled...

Page 26: ...r privilege 2 1 10 set Set property values Description Set property values of configuration objects Specify the type of object you want to modify and the identifier if the type has one Set the proper...

Page 27: ...already en abled Category Category that groups object types Identifier The property that identifies the configuration object May not be applic able depending on the specified Type key value pair One...

Page 28: ...Address IP4Address example_ip gw world main show Route 1 gw world show Client DynDnsClientDyndnsOrg Show a table of all objects of a type and a selection of their properties as well as their status gw...

Page 29: ...ete Restore previously deleted objects Description Restore a previously deleted object This is possible as long as the activate command has not been called See also delete Example 2 7 Undelete an obje...

Page 30: ...dentifies the configuration object May not be applicable depending on the specified Type Type Type of configuration object to perform operation on Note Requires Administrator privilege 2 1 12 undelete...

Page 31: ...alarm history active Options active Show the currently active alarms history Show the 20 latest alarms 2 2 3 arp Show ARP entries for given interface Description List the ARP cache entries of specifie...

Page 32: ...ware addresses matching pattern hwsender Ethernet Address Sender ethernet address ip pattern Show only IP addresses matching pattern notify ip Send gratuitous ARP for ip num n Show only the first n en...

Page 33: ...num n Limit list to n entries Default 20 2 2 6 blacklist Blacklist Description Block and unblock hosts on the black and white list Note Static blacklist hosts cannot be unblocked If force is not spec...

Page 34: ...n only creationtime Show creation time dest ip address Destination address to block unblock ExceptExtablished flag is set on dynamic Show dynamic hosts only force Unblock all services for the host tha...

Page 35: ...buffer buffers Num Decode buffer number Num Options recent Decode most recently freed buffer Num Decode given buffer number 2 2 8 cam CAM table information Description Show information about the CAM t...

Page 36: ...2 2 9 certcache Show the contents of the certificate cache Description Show all certificates in the certificate cache Usage certcache 2 2 10 cfglog Display configuration log Description Display the lo...

Page 37: ...e filter expression Admin only destiface interface Filter on destination interface destip ip addr Filter on destination IP address destport port Show only given destination TCP UDP port num n Limit li...

Page 38: ...sage cryptostat 2 2 15 dconsole Displays the content of the diagnose console Description The diagnose console is used to help troubleshooting internal problems within the security gateway Usage dconso...

Page 39: ...on about DHCP enabled interface dhcp lease RENEW RELEASE interface Modify interface lease Options lease RENEW RELEASE Modify interface lease list List all DHCP enabled interfaces show Show information...

Page 40: ...Display filter filters relays based on interface ip ip address IP address 2 2 18 dhcpserver Show content of the DHCP server ruleset Description Show the content of the DHCP server ruleset and various...

Page 41: ...rules Show DHCP server rules show Show ruleset display filter Display filters for leases based on interface mac ip eg if1 192 168 interface Interface ip address IP address 2 2 19 dns DNS client and qu...

Page 42: ...ption Show the dynamic routing policy filter ruleset and current exports In the Flags field of the dynrouting exports the following letters are used o Route describe the optimal path to the network u...

Page 43: ...gs frags NEW frags 254 Usage frags NEW ALL reassembly id free done num n Options done List done lingering reassemblies free List free instead of active num n List n entries Default 20 NEW ALL reassemb...

Page 44: ...5 httpalg Commands related to the HTTP Application Layer Gateway Description Show information about the WCF cache or list the overridden WCF hosts Usage httpalg override flush List or flush hosts that...

Page 45: ...atch the specified characters verbose Verbose wcfcache Show statistics of WCF functionality 2 2 26 httpposter Display HTTPPoster_URLx status Description Display configuration and status of configured...

Page 46: ...how and remove hosts that are piped by IDP Description Show list of currently piped hosts Usage idppipes show host ip addr Lists hosts for which new connections are piped by IDP idppipes unpipe all ho...

Page 47: ...ame Only list members of given PBR table s restart Stop and restart the interface Admin only Interface Name of interface 2 2 31 igmp IGMP Interfaces Description Show information about the current stat...

Page 48: ...ry message state Show the current IGMP state host address Host IP address Interface Interface MC address Multicast Address router address Router IP address 2 2 32 ikesnoop Enable or disable IKE snoopi...

Page 49: ...free IP assigned to subsystem ippool show verbose max n Show IP pool information Options all Free all IP addresses max n Limit list to n entries Default 10 release Forcibly free IP assigned to subsys...

Page 50: ...2 2 36 ipsecstats Show the SAs in use Description List the currently active IKE and IPsec SAs optionally only showing SAs matching the pattern giv en for the argument tunnel Usage ipsecstats ike tunne...

Page 51: ...orce Show specific number if interface ipsectunnels Show interfaces Options force Bypass confirmation question iface recv iface IPsec interface to show information about num ALL Integer Maximum number...

Page 52: ...s Manage language files on disk Description Manage language files on disk Usage languagefiles Show all language files on disk languagefiles remove String Remove a language file from disk Options remov...

Page 53: ...abases reset Reset status for LDAP database show Show status and statistics LDAP Server LDAP database 2 2 41 license Show contents of the license file Description Show contents of the license file Usa...

Page 54: ...not actually pass through the ruleset e g traffic allowed by IPsecBeforeRules NetconBeforeRules SNMPBeforeRules if such settings are enabled Note If local lockdown has been set by the core itself due...

Page 55: ...s Description Show current NAT Pools and in depth information Usage natpool verbose pool name IP4 Address num Integer Options num Integer Maximum number of items to list default 20 verbose Verbose mor...

Page 56: ...g net netobjects net Usage netobjects String num num Options num num Number of entries to show Default 20 String Name or pattern 2 2 49 ospf Show runtime OSPF information Description Show runtime info...

Page 57: ...cess Show troubleshooting messages on the console ospf ifacedown interface process OSPF Router Process Take specified interface offline ospf ifaceup interface process OSPF Router Process Take specifie...

Page 58: ...table 2 2 50 pcapdump Packet capturing Description Packet capture engine Usage pcapdump Show capture status pcapdump start interface s size value snaplen value count value out out nocap eth Ethernet A...

Page 59: ...ernet Address Ethernet source address filter filename String Filename for capture file icmp ICMP filter ip IP4 Address IP address filter ipdest IP4 Address Destination IP address filter ipsrc IP4 Addr...

Page 60: ...ethernet devices pciscan all Show all detected devices pciscan ethernet Show all detected ethernet devices pciscan cfgupdate Updates the config with detected devices pciscan force_driver Integer BROA...

Page 61: ...ommand is not executed right away it is queued until the end of the second when pipe values are calculated Usage pipes List all pipes pipes users Pipe expr String List users of a given pipe pipes show...

Page 62: ...ssions List all session using a PPTP tunnel verbose Verbose output PPTP ALG PPTP ALG 2 2 54 reconfigure Initiates a configuration re read Description Restart the Security Gateway using the currently a...

Page 63: ...show only switched routes Explanation of Flags field of the routing tables O Learned via OSPF X Route is Disabled M Route is Monitored A Published via Proxy ARP D Dynamic from e g DHCP relay IPsec L2...

Page 64: ...e beginning of a name If no filter is specified all objects are displayed If the option monitored is specified only objects that have an associated real time monitor alert are displayed Example 2 11 S...

Page 65: ...of the throughput crypto accelerator tests are dependent on configuration values If the number of large buffers LocalReassSettings LocalReass_NumLarge too low it might lower throughput result In the f...

Page 66: ...elftest media size Integer Check the sanity of the disk drive selftest mac Check if there are MAC address collisions on the interfaces selftest ping interfaces Interface Run a ping test over the inter...

Page 67: ...Check the sanity of the disk drive memory Check the sanity of the RAM minutes Integer Test duration in minutes Default 0 num Integer Number of times to execute the test Default 1 ping Run a ping test...

Page 68: ...tly active users Explanation of Timeout flags for sessions D Session is disabled S Session uses a timeout in its subsystem Session does not use timeout Usage sessionmanager Show Session Manager status...

Page 69: ...st List active sessions message Send message to session num n List n number of session status Show Session Manager status database Name of user database IP Address IP address message text Message to s...

Page 70: ...conds Seconds until shutdown Default 5 Note Requires Administrator privilege 2 2 64 sipalg SIP ALG Description List running SIP ALG configurations SIP registration and call information The flags optio...

Page 71: ...RORS NOTE verbose option outputs a lot of information on the console which may lead to system in stability Use with caution Usage sipalg definition alg Show running ALG configuration parameters sipalg...

Page 72: ...ions snoop ON OFF VERBOSE Enable or disable SIP snooping NOTE verbose option out puts a lot of information on the console which may lead to system instability Use with caution statistics SHOW FLUSH Sh...

Page 73: ...created verbose Verbose output ssh server SSH Server Note Requires Administrator privilege 2 2 66 stats Display various general firewall statistics Description Display general information about the fi...

Page 74: ...Usage time Display current system time time set date time Set system local time YYYY MM DD HH MM SS time sync force Synchronize time with timeserver s specified in settings Options force Force synchro...

Page 75: ...nd manage autoupdate information Description Show autoupdate mechanism status or force an update Usage updatecenter update ANTIVIRUS IDP ALL Initiate an update check of the specified database updatece...

Page 76: ...ist only privileges actually used by the policy are displayed Usage userauth List all authenticated users userauth list num n List all authenticated users userauth privilege List all known privileges...

Page 77: ...attached Virtual LAN Interfaces or in depth information about a specified VLAN Usage vlan List attached VLANs vlan Interface Display VLANs connected to physical iface iface Options Interface Display V...

Page 78: ...p address pbr table count 1 10 length 4 8192 port 0 65535 udp tcp tos 0 255 verbose Options count 1 10 Number of packets to send Default 1 length 4 8192 Packet size Default 4 pbr table Route using PBR...

Page 79: ...types The fastest way to get help is to simply type help followed by the topic that you want help with A topic can be for example a command name e g set or the name of a configuration object type e g...

Page 80: ...ts device data accessible by SCP Description Lists device data which are available through SCP Example 2 19 Transfer script files to and from the device Upload scp myscript user sgw ip script myscript...

Page 81: ...delete script files Script files are transfered to and from the device by the SCP protocol On the device they are stored in the script folder Example 2 23 Execute script script sgs add IP4Address Nam...

Page 82: ...ce Force script execution name Name Name of script quiet Quiet script execution remove Remove script show Show script in console window store Store a script to persistent storage verbose Verbose mode...

Page 83: ...2 4 5 script Chapter 2 Command Reference 83...

Page 84: ...e 105 ConfigModePool page 106 DateTime page 107 Device page 108 DHCPRelay page 109 DHCPServer page 110 DNS page 112 Driver page 113 DynamicRoutingRule page 118 EthernetDevice page 121 HighAvailability...

Page 85: ...MonitorAlert page 171 RemoteIDList page 172 RemoteManagement page 173 RouteBalancingInstance page 176 RouteBalancingSpilloverSettings page 177 RoutingRule page 178 RoutingTable page 179 ScheduleProfil...

Page 86: ...that the sender must belong to for this rule to be carried out LogEnabled Enable logging Default Yes LogSeverity Specifies with what severity log events will be sent to the specified log receiv ers D...

Page 87: ...IP address with one instance for each node in the high availab ility cluster UserAuthGroups Groups and user names that belong to this object Objects that fil ter on credentials can only be used as so...

Page 88: ...al 3 2 1 3 EthernetAddress Description Use an Ethernet Address item to define a symbolic name for an Ethernet MAC address Properties Name Specifies a symbolic name for the network object Identifier Ad...

Page 89: ...but has no credentials user names or groups defined This means that the object only requires that a user is authenticated but ig nores any kind of group membership Default No Comments Text describing...

Page 90: ...For example 13 30 EndTime End Time of occurence in the format HH MM For example 14 15 Occurrence Specify type of occurrence Default Weekly Weekly Specifies days in week the schedule occurrence should...

Page 91: ...control channel Default Yes AllowResumeTransfer Allow RESUME even in case of content scanning Default No Antivirus Disabled Audit or Protect Default Disabled ScanExclude List of files to exclude from...

Page 92: ...logical channel addresses Default Yes MaxGKRegLifeTime Max Gatekeeper Registration Lifetime Default 1800 Comments Text describing the current object Optional 3 4 3 ALG_HTTP Description Use an HTTP Ap...

Page 93: ...tedZip Allow encrypted zip files even though the contents can not be scanned Default No ZDEnabled Enable ZoneDefense Block Default No ZDNetwork Hosts within this network will be blocked at switches if...

Page 94: ...le List of file types to allow or deny Optional VerifyContentMimetype Verify that file extentions correspond to the MIME type Default No Antivirus Disabled Audit or Protect Default Disabled ScanExclud...

Page 95: ...ber of sessions per SIP URI Default 5 MaxRegistrationTime The maximum allowed time between registration requests Default 3600 SipSignalTmout Timeout value for last seen SIP message Default 43200 DataC...

Page 96: ...Action a value of zero will disable all compression checks Default 20 CompressionRatioAction The action to take when high compression threshold is viol ated all actions are logged Default Drop AllowEn...

Page 97: ...fied when creating an instance of this type the object will be placed last in the list and the Index will be equal to the length of the list 3 4 8 ALG_TFTP Description Use an TFTP Application Layer Ga...

Page 98: ...ame Specifies a symbolic name for the ALG Identifier HostCert Specifies the host certificate RootCert Specifies the root certificate Optional Comments Text describing the current object Optional 3 4 9...

Page 99: ...e ad dress shall be published on IP The IP address to be published or statically bound to a hardware address MACAddress The hardware address associated with the IP address Default 00 00 00 00 00 00 Co...

Page 100: ...ervice Specifies the service that will be whitelisted Schedule The schedule when the whitelist should be active Optional Comments Text describing the current object Optional Note If no Index is specif...

Page 101: ...symbolic name for the certificate Identifier Type Local Remote or Request CertificateData Certificate data PrivateKey Private key NoCRLs Disable CRLs Certificate Revocation Lists Default No PKAType En...

Page 102: ...one instance of this type 3 8 2 DynDnsClientDyndnsOrg Description Configure the parameters used to connect to the dyndns org DynDNS service Properties DNSName The DNS name excluding the dyndns org su...

Page 103: ...8 4 DynDnsClientPeanutHull Description Configure the parameters used to connect to the Peanut Hull DynDNS service Properties DNSNames Specifies the DNS names separated by Username Username Password Th...

Page 104: ...ies Description TODO Default New Group Color TODO Default 9EBEE7 Note If no Index is specified when creating an instance of this type the object will be placed last in the list and the Index will be e...

Page 105: ...ies Port Port Identifier BitsPerSecond Bits per second Default 9600 DataBits Data bits Default 8 Parity Parity Default None StopBits Stop bits Default 1 FlowControl Flow control Default None Comments...

Page 106: ...ask Specifies the netmask to assign to VPN clients DNS Specifies the IP address of a DNS server that a VPN client should be able to connect to Optional NBNSIP Specifies the IP address of a NBNS WINS s...

Page 107: ...f server for time synchronization UDPTime or SNTP Simple Network Time Protocol Default SNTP TimeSyncServer1 DNS hostname or IP Address of Timeserver 1 TimeSyncServer2 DNS hostname or IP Address of Tim...

Page 108: ...tion ConfigIP IP address of the user who committed the current configuration Optional ConfigDate Date when the current configuration was committed Optional DeviceID Device identification string Option...

Page 109: ...the routing table the clients host route should be added to Default main MaxRelaysPerInterface Specifies how many relays are allowed per interface that means how many DHCP clients are allowed to be re...

Page 110: ...ent as gateway Optional Domain Domain name used for DNS resolution Optional LeaseTime The time in seconds that a DHCP lease should be provided to a host after this the client have to renew the lease D...

Page 111: ...this type the object will be placed last in the list and the Index will be equal to the length of the list 3 15 2 DHCPServerCustomOption Description Extend the DHCP Server functionality by adding cust...

Page 112: ...erver2 IP of the secondary DNS Server Optional DNSServer3 IP of the tertiary DNS Server Optional Comments Text describing the current object Optional Note This object type does not have an identifier...

Page 113: ...type 3 17 2 BroadcomEthernetPCIDriver Description Broadcom NE Gigabit Ethernet Properties Comments Text describing the current object Optional Note This object type does not have an identifier and is...

Page 114: ...nly There can only be one instance of this type 3 17 4 E100EthernetPCIDriver Description Intel E100 Fast Ethernet Adaptor Properties RxRingsize Rx ringsize Default 32 TxRingsize Tx ringsize Default 12...

Page 115: ...fied by the name of the type only There can only be one instance of this type 3 17 7 R8139EthernetPCIDriver Description RealTek 8139 Fast Ethernet Adaptor Properties Comments Text describing the curre...

Page 116: ...y the name of the type only There can only be one instance of this type 3 17 10 TulipEthernetPCIDriver Description Tulip Fast Ethernet Adaptor Properties Comments Text describing the current object Op...

Page 117: ...This object type does not have an identifier and is identified by the name of the type only There can only be one instance of this type 3 17 11 X3C905EthernetPCIDriver Chapter 3 Configuration Referenc...

Page 118: ...s if the route needs to match a specific network ex actly Optional DestinationNetworkIn Specifies if the route just needs to be within a specific net work Optional NextHop The next hop router on the r...

Page 119: ...e If no Index is specified when creating an instance of this type the object will be placed last in the list and the Index will be equal to the length of the list 3 18 2 DynamicRoutingRuleAddRoute Des...

Page 120: ...which the security gateway should publish routes via Proxy ARP Optional Comments Text describing the current object Optional Note If no Index is specified when creating an instance of this type the o...

Page 121: ...net adapter PCIPort Some Ethernet adapters have multiple ports that share the same bus and slot number This parameter specifies what port to be used Media Specifies if the link speed should be auto ne...

Page 122: ...nowledgments from the cluster peer Default 1024 HASyncMaxPktBurst The maximum number of state sync packets to send in a burst Default 20 HAInitialSilence The number of seconds to stay silent on startu...

Page 123: ...rbidden HTML for the CompressionForbidden html web page ContentForbidden HTML for the ContentForbidden html web page URLForbidden HTML for the URLForbidden html web page RestrictedSiteNotice HTML for...

Page 124: ...ge LoginAlreadyDone HTML for the LoginAlreadyDone html web page LoginChallenge HTML for the LoginChallenge html web page LoginChallengeTimeout HTML for the LoginChallenge html Timeout web page LogoutS...

Page 125: ...e posted when the security gateway is loaded Optional URL3 The third URL that will be posted when the security gateway is loaded Optional RepDelay Delay in seconds until all URLs are refetched Default...

Page 126: ...MinLimit Lower limit Optional MaxLimit Upper limit Optional EnableMonitoring Enable disable monitoring Default No Comments Text describing the current object Optional Note If no Index is specified whe...

Page 127: ...Identifier Type IP DNS E Mail or Distinguished name IP IP address Hostname Host name CommonName Common name of the owner of the certificate Optional OrganizationName Organization name of the owner of...

Page 128: ...raffic with this rule Schedule By adding a schedule to a rule the security gateway will only al low that rule to trigger at those designated times Optional InsertionEvasion Protect against insertion e...

Page 129: ...action PipeNetwork Traffic shaping will only apply to hosts that are within this network Default 0 0 PipeNewConnections Enable piping of new connections from and to the same host Default No PipeTimeWi...

Page 130: ...d pack et MulticastSource Specifies the multicast source to be compared to the received packet RelayInterface Specifies the interface via which to relay IGMP messages TranslateMGroup Translate the mul...

Page 131: ...o Index is specified when creating an instance of this type the object will be placed last in the list and the Index will be equal to the length of the list 3 27 IGMPRule Chapter 3 Configuration Refer...

Page 132: ...ryResponseInterval The maximum time until a host client has to send an answer to a query Default 10000 LastMemberQueryInterval The maximum time until a host client has to send an answer to a group and...

Page 133: ...ze Specifies the Blowfish preferred key size in bits Default 128 BlowfishMaxKeySize Specifies the maximum Blowfish key size in bits Default 448 TwofishMinKeySize Specifies the minimum Twofish key size...

Page 134: ...e default gateway of the interface Optional Broadcast The broadcast address of the connected network Optional PrivateIP The private IP address of this high availability node Optional NOCHB This will d...

Page 135: ...CP lease Optional DHCPServerFilter IP address range s for the DHCP servers from which leases are accepted Optional DHCPDisallowIPConflicts Do not allow IP collisions with static routes Default Yes DHC...

Page 136: ...Specifies the PBR table to insert the interface IP route into It also means that the specified routing table will be used for all routing lookups unless overridden by a PBR rule Default main Comments...

Page 137: ...800 IPsecLifeTimeSeconds The lifetime of the IPsec connection in seconds Whenever it s exceeded a re key will be initiated providing new IPsec encryption and authentication session keys Default 3600 I...

Page 138: ...be used or not Default None PFSDHGroup Specifies which Diffie Hellman group to use with PFS Default 2 SetupSAPer Setup security association per network host or port Default Net DeadPeerDetection Enab...

Page 139: ...ress to use as source IP in e g NAT DNS1 IP of the primary DNS server Optional DNS2 IP of the secondary DNS server Optional Username Specifies the username to use for this PPTP L2TP interface Password...

Page 140: ...Table Specifies the PBR table to insert the interface IP route into It also means that the specified routing table will be used for all routing lookups unless overridden by a PBR rule Default main Com...

Page 141: ...l AllowedRoutes Restricts networks for which routes may automatically be added Default all nets MPPEAllowStateful Allow usage of Stateful MPPE less secure use only for compat ibility Default No Member...

Page 142: ...s dynamically assigned Properties Name Specifies a symbolic name for the interface Identifier EthernetInterface The physical Ethernet interface that connects to the PPPoE server network IP The host na...

Page 143: ...to manually specify IP Address object Default No MTU Specifies the size in bytes of the largest packet that can be passed onward Default 1492 MemberOfRoutingTable All or Specific Default All RoutingT...

Page 144: ...No AutoInterfaceNetworkRoute Automatically add a route for this virtual LAN interface using the given network Default Yes AutoDefaultGatewayRoute Automatically add a default route for this virtual LAN...

Page 145: ...ce Which interface to use when communicating with the DHCP server Optional PrefetchLeases Specifies the number of leases an IP Pool will keep prefetched Default 3 MaxFree Maximum number of free addres...

Page 146: ...e received packet DestinationInterface Specifies the the destination interface to be compared to the received packet DestinationNetwork Specifies the span of IP addresses to be compared to the des tin...

Page 147: ...cifies the maximum number of failed ping attempts until host is considered to be unreachable Default 2 SLBPingMaxAverageLatency Specifies the max average latency for the sample attempts Default 800 SL...

Page 148: ...all destination IPs to a single IP Default No RuleSet Assuming action is Goto where to redirect rule lookup LogEnabled Enable logging Default Yes LogSeverity Specifies with what severity log events w...

Page 149: ...3 32 2 1 IPRule The definitions here are the same as in Section 3 32 1 IPRule 3 32 2 IPRuleFolder Chapter 3 Configuration Reference 149...

Page 150: ...its Default 128 BlowfishKeySize Specifies the Blowfish preferred key size in bits Default 128 BlowfishMaxKeySize Specifies the maximum Blowfish key size in bits Default 448 TwofishMinKeySize Specifies...

Page 151: ...AP database Default userPassword GroupsAttr Specifies the group membership attribute used in the LDAP database Default memberOf GetGroups Retrieve group membership for users Default Yes DomainName The...

Page 152: ...e to use when accessing the LDAP server Optional Password Specifies the password to use when accessing the LDAP server Optional Port Specifies the LDAP service port number Default 389 Comments Text de...

Page 153: ...econds between each monitor attempt Default 250 InitGracePeriod Do not allow triggering of the link monitor for this number of seconds after the last reconfiguration Default 45 RoutingTable Routing ta...

Page 154: ...etc Properties Name Specifies the username to add into the user database Identifier Password The password for this user Groups Specifies the user groups that this user is a member of e g Adminis trato...

Page 155: ...lients host route should be added to Default main Comments Text describing the current object Optional 3 38 1 1 LogReceiverMessageException Description A log message exception is used to override the...

Page 156: ...ss The IP address of the SMTP server Port Specifies the which port to use to connect to the SMTP server Default 25 Receiver1 The email address that the event information is sent to Receiver2 Alternate...

Page 157: ...514 Facility Specifies what facility is used when logging Default local0 LogSeverity Specifies with what severity log events will be sent to the specified log receiv ers Optional Default Emergency Ale...

Page 158: ...he IP Pool IPRange Specifies the range of IP addresses used for NAT translation StateKeepAlive The number of seconds that stateful NAT state will be kept in absence of new connections Default 120 MaxS...

Page 159: ...es the time in seconds that the routing table will be kept unchanged after a reconfiguration of OSPF entries or a HA failover Default 45 RefBandwidthValue Set the reference bandwidth that is used when...

Page 160: ...ects OSPF interfaces neighbors aggregates and virtual links Properties Name Specifies a symbolic name for the area Identifier AreaID Specifies the area id if 0 0 0 0 is specified this is the backbone...

Page 161: ...ce Default 10 RtrDeadInterval If no HELLO packets are received from a neighbor within this interval in seconds that neighbor router will be declared to be down Default 40 RxmtInterval Specifies the nu...

Page 162: ...onging to the local intra area with one contiguous network which may then be advertised or hidden Properties Network The aggregate network used to combine several small routes Advertise Advertise the...

Page 163: ...he authentication type for the OSPF protocol exchanges Default None AuthPassphrase Specifies the passphrase used for authentication Optional AuthMD5ID Specifies the MD5 key ID used for MD5 digest auth...

Page 164: ...ps for precedence 3 Optional LimitPPS3 Specifies the packet per second limit for precedence 3 Optional LimitKbps4 Specifies the bandwidth limit in kbps for precedence 4 Optional LimitPPS4 Specifies th...

Page 165: ...itPPS6 Specifies the throughput limit per group in PPS for precedence 6 Optional UserLimitKbps7 Specifies the bandwidth limit per group in kbps for precedence 7 the highest precedence Optional UserLim...

Page 166: ...Default 7 Comments Text describing the current object Optional 3 41 Pipe Chapter 3 Configuration Reference 166...

Page 167: ...estina tion IP of the received packet Service Specifies a service that will be used as a filter parameter when matching traffic with this rule Schedule By adding a schedule to a rule the security gate...

Page 168: ...involved Properties Name Specifies a symbolic name for the pre shared key Identifier Type Specifies the type of the shared key PSKAscii Specifies the PSK as a passphrase PSKHex Specifies the PSK as a...

Page 169: ...used when trying to contact the RADIUS ac counting server If no response has been given after for example 2 seconds the security gateway will try again by sending a new AccountingRequest packet Defaul...

Page 170: ...nds used when trying to contact the RADIUS ac counting server If no response has been given after for example 2 seconds the security gateway will try again by sending a new AccountingRequest packet De...

Page 171: ...if statistical value goes above this threshold Optional BackoffInterval The minimum number of seconds between consecutive log messages Default 60 Continuous If set generate event if the value goes fro...

Page 172: ...SKHex Specifies the PSK as a hexadecimal key IDType Selects the type of remote identity to use IDValue Specify the remote identity of the tunnel ID Comments Text describing the current object Optional...

Page 173: ...TTPS Default No Network Specifies the network for which remote access is granted Comments Text describing the current object Optional 3 48 2 RemoteMgmtNetcon Description Configure Netcon management to...

Page 174: ...SH Server to enable remote management access to the system Properties Name Specifies a symbolic name for the SSH server Identifier Interface Specifies the interface for which remote access is granted...

Page 175: ...ents that can be connected at the same time Default 5 SessionIdleTime The number of seconds a user can be idle before the session is closed Default 1800 LoginGraceTime When the user has supplied the u...

Page 176: ...ultiple routes to the same destination Properties RoutingTable Specify routingtable to deploy route load balancing in Identifier Algorithm Specify which algorithm to use when balancing the routes Defa...

Page 177: ...seconds over under the threshold limit to trig ger state change for the affected routes Default 30 OutboundThreshold Outbound threshold limit Optional OutboundUnit TODO Default kbps InboundThreshold I...

Page 178: ...er span of IP addresses to be compared to the re ceived packet DestinationInterface Specifies the the destination interface to be compared to the re ceived packet DestinationNetwork Specifies the span...

Page 179: ...er hop used to reach the destination network If the network is directly connected to the security gateway interface no gateway address is spe cified Optional LocalIP The IP address specified here will...

Page 180: ...bing the current object Optional Note If no Index is specified when creating an instance of this type the object will be placed last in the list and the Index will be equal to the length of the list 3...

Page 181: ...object Optional Interface Specifies which interface packets destined for this route shall be sent through Network Specifies the network address for this route Metric Specifies the metric for this rout...

Page 182: ...tive on Wednesdays Optional Thu Specifies during which intervals the schedule profile is active on Thursdays Optional Fri Specifies during which intervals the schedule profile is active on Fridays Opt...

Page 183: ...to this service Default All EchoRequest Enable matching of Echo Request messages Default No EchoRequestCodes Specifies which Echo Request message codes should be matched Default 0 255 DestinationUnre...

Page 184: ...vice Default 200 Comments Text describing the current object Optional 3 54 3 ServiceIPProto Description An IP Protocol Service is a definition of an IP protocol with specific parameters Properties Nam...

Page 185: ...efault 0 65535 SYNRelay Enable SYN flood protection SYN Relay Default No PassICMPReturn Enable passing an ICMP error message only if it is related to an existing connection using this service Default...

Page 186: ...changed Default DropLog ARPExpire Lifetime of an ARP entry in seconds Default 900 ARPExpireUnknown Lifetime of an unknown ARP entry in seconds Default 3 ARPMulticast ARP packets claiming to be multica...

Page 187: ...is identified by the name of the type only There can only be one instance of this type 3 55 3 ConnTimeoutSettings Description Timeout settings for various protocols Properties ConnLife_TCP_SYN Connec...

Page 188: ...seconds allowed from the DHCP server too high times will be lowered silently Default 10000 MaxAutoRoutes Maximum number of DHCP client IPs automatically added to the routing table Default 256 AutoSave...

Page 189: ...efault 256 Ringsize_e100_rx Size of e100 receive ring per interface Default 32 Ringsize_e100_tx Size of e100 send ring per interface Default 128 Ringsize_yukonii_rx Size of Yukon II receive ring per i...

Page 190: ...ed packets Properties PseudoReass_MaxConcurrent Maximum number of concurrent fragment reassemblies Set to 0 to drop all fragments Default 1024 IllegalFrags Illegaly constructed fragments partial overl...

Page 191: ...use percentage as unit for monitoring else it is megabyte Default Yes MemoryLogRepetition Should we send a log message for each poll result that is in the Alert Critical or Warning level or should we...

Page 192: ...the next update field in the CRL Default 86400 IKEMaxCAPath Maximum number of CA certificates in a certificate path Default 15 IPsecCertCacheMaxCerts Maximum number of entries in the certificate cache...

Page 193: ...P Time To Live value accepted on receipt Default 3 TTLOnLow What action to take on too low unicast TTL values Default DropLog TTLMinMulticast The minimum IP multicast Time To Live value accepted on re...

Page 194: ...cepted on re ceipt Default 1 TTLOnLowBroadcast What action to take on too low broadcast TTL values Default DropLog Note This object type does not have an identifier and is identified by the name of th...

Page 195: ...ault 1480 MaxIPIPLen IPIP FWZ Encapsulated tunneled transport used by VPN 1 Default 2000 MaxIPCompLen IPsec IPComp Compressed communication Default 2000 MaxL2TPLen L2TP Layer 2 Tunneling Protocol Defa...

Page 196: ...the type only There can only be one instance of this type 3 55 16 MiscSettings Description Miscellaneous Settings Properties UDPSrcPort0 How to treat UDP packets with source port 0 Default DropLog Por...

Page 197: ...MulticastSettings Description Advanced Multicast Settings Properties AutoAddMulticastCoreRoute Auto generate core route for 224 0 0 1 239 255 255 255 Default Yes IGMPBeforeRules Allows IGMP traffic to...

Page 198: ...log in before reverting to the previous configuration Default 30 WebUIBeforeRules Enable HTTP S traffic to the security gateway regardless of configured IP Rules Default Yes WWWSrv_HTTPPort Specifies...

Page 199: ...e one instance of this type 3 55 19 RoutingSettings Description Configure the routing capabilities of the system Properties RouteFailOver_IfacePollInterval Time ms between polling of interface failure...

Page 200: ...nder Action to take if sender MAC in the ethernet header is the null address 0000 0000 0000 Default DropLog BroadcastEnetSender Action to take if sender MAC in the ethernet header is the broadcast eth...

Page 201: ...type 3 55 21 StateSettings Description Parameters for the state engine in the system Properties ConnReplace What to do when the connection table is full Default Re placeLog LogOpenFails Log packets th...

Page 202: ...lt 7000 TCPMSSAutoClamping Automatically clamp TCP MSS according to MTU of involved inter faces in addition to TCP MSS max Default Yes TCPZeroUnusedACK Force unused ACK fields to zero helps prevent co...

Page 203: ...ng Default StripLog TCPRF The TCP Reserved field should be zero Used in OS fingerprinting Also part of ECN extension Default StripLog TCPNULL TCP NULL packets without SYN ACK FIN or RST normally in va...

Page 204: ...Name Specifies a symbolic name for the key Identifier Type DSA or RSA Default DSA Subject Value of the Subject header tag of the public key file Optional PublicKey Specifies the public key Comments T...

Page 205: ...to the destina tion IP of the received packet Service Specifies a service that will be used as a filter parameter when matching traffic with this rule Schedule By adding a schedule to a rule the secur...

Page 206: ...stIgnoreEstablished Do not drop existing connection Default No LogEnabled Enable logging Default Yes LogSeverity Specifies with what severity log events will be sent to the spe cified log receivers De...

Page 207: ...pecifies the day of month when the automatic update is runs UpdateWeekday Specifies the day of week when the automatic update is runs Default mon Hourly Specififes the number of hours between periodic...

Page 208: ...entication servers that will be used to au thenticate users matching this rule RadiusMethod Specifies the authentication method used for encrypting the user password Default PAP LocalUserDB Specifies...

Page 209: ...of the number of bytes sent by the user Default Yes PacketsSent Enable reporting of the number of packets sent by the user Default Yes BytesReceived Enable reporting of the number of bytes received b...

Page 210: ...3 59 UserAuthRule Chapter 3 Configuration Reference 210...

Page 211: ...story 80 hostmon 44 httpalg 44 httpposter 45 hwaccel 45 hwm 46 I idppipes 46 ifstat 47 igmp 47 ikesnoop 48 ippool 49 ipsecglobalstats 49 ipseckeepalive 50 ipsecstats 50 ipsectunnels 51 K killsa 51 L l...

Page 212: ...DHCPRelay 109 DHCPRelaySettings 188 DHCPServer 110 DHCPServerCustomOption 111 DHCPServerPoolStaticHost 110 DHCPServerSettings 188 DNS 112 DynamicRoutingRule 118 DynamicRoutingRuleAddRoute 119 DynamicR...

Page 213: ...P Pipe 164 PipeRule 167 PPPoETunnel 142 PSK 168 R R8139EthernetPCIDriver 115 R8169EthernetPCIDriver 115 RadiusAccounting 169 RadiusServer 170 RealTimeMonitorAlert 171 RemoteIDList 172 RemoteMgmtHTTP...

Reviews:

No comments

Related manuals for DFL-210 - NetDefend - Security Appliance

D-Link NetDefend DFL-CP310 User Manual preview
NetDefend DFL-CP310
Brand: D-Link Pages: 485
D-Link NetDefend DFL-260E Log Reference Manual preview
NetDefend DFL-260E
Brand: D-Link Pages: 652
D-Link NetDefend DFL-260E Datasheet preview
NetDefend DFL-260E
Brand: D-Link Pages: 6
D-Link DFL-500 Quick Install Manual preview
DFL-500
Brand: D-Link Pages: 8
D-Link DFL-800 - Security Appliance Quick Manual preview
DFL-800 - Security Appliance
Brand: D-Link Pages: 20
D-Link DFL-300 - Security Appliance Quick Install Manual preview
DFL-300 - Security Appliance
Brand: D-Link Pages: 12
D-Link DFL-1600 - Security Appliance Quick Manual preview
DFL-1600 - Security Appliance
Brand: D-Link Pages: 22
D-Link NetDefend SOHO DFL-160 User Manual preview
NetDefend SOHO DFL-160
Brand: D-Link Pages: 130
D-Link DFL-700 - Security Appliance Manual preview
DFL-700 - Security Appliance
Brand: D-Link Pages: 141
D-Link NetDefend DFL-260E Manual preview
NetDefend DFL-260E
Brand: D-Link Pages: 198
D-Link DFL-210 - NetDefend - Security Appliance User Manual preview
DFL-210 - NetDefend - Security Appliance
Brand: D-Link Pages: 469
D-Link DFL-1000 Quick Install Manual preview
DFL-1000
Brand: D-Link Pages: 6
Barracuda F100 Quick Start Manual preview
F100
Brand: Barracuda Pages: 4
3Com 3C16792 - OfficeConnect Dual Speed Switch 16 Datasheet preview
3C16792 - OfficeConnect Dual Speed Switch 16
Brand: 3Com Pages: 2
3Com 3C16772 - OfficeConnect Web Site Filter Datasheet preview
3C16772 - OfficeConnect Web Site Filter
Brand: 3Com Pages: 4
Abocom BM200 Specification Sheet preview
BM200
Brand: Abocom Pages: 3
Watchguard SOHO Quick Start Manual preview
SOHO
Brand: Watchguard Pages: 2
H3C H3C SecPath F1800-A Installation Manual preview
H3C SecPath F1800-A
Brand: H3C Pages: 13

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Load more brands