D-Link DFL-M510 User Manual Download

Page: 1 / 153

Network Security Solution

http://www.dlink.com

DFL-M510

Security

Information Security gateway(ISG)

User Manual

Summary of Contents for DFL-M510

Page 1: ...Network Security Solution http www dlink com DFL M510 Security Security Information Security gateway ISG User Manual ...

Page 2: ......

Page 3: ...im any implied warranties of merchantability or fitness for any particular purpose The manufacturer reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of the manufacturer to notify any person of such revision or changes Trademark Recognition MSN is a registered trademark of Microsoft Corporation ICQ is a registered trademark...

Page 4: ...Communications Commission FCC This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with t...

Page 5: ...at may cause undesired operation Safety Certifications CE C Tick TUV UL About this Manual This manual provides information for setting up and configuring the DFL M510 This manual is intended for network administrators Safety Information READ THIS IMPORTANT SAFETY INFORMATION SECTION RETAIN THIS MANUAL FOR REFERENCE READ THIS SECTION BEFORE SERVICING CAUTION To reduce the risk of electric shock thi...

Page 6: ...iv ...

Page 7: ...izard 9 Toolbar 10 Wizard 10 Setup Wizard 11 Policy Wizard 15 Tools 21 Backup 21 Reset 22 Upgrade 23 Debug 24 Status 24 System Status 26 Logging Status 28 Report for Network status 30 Policy Status 32 Pattern Status 36 Chapter 2 System 37 The System Screen 37 The Date Time Screen 38 The Remote Management Screen 40 The Log Setting Screen 42 Chapter 3 Interfaces 45 The Interface Screen 45 Network Se...

Page 8: ... The Policy Viewer Tab 87 User Defined Pattern 88 Defining a Pattern by Protocol 89 Defining a Pattern by Server 91 The Schedule Screen 93 Message Setting 94 Keyword Filter 96 Pattern Update 97 Chapter 7 Real Time Monitor 98 The Real Time Monitor Screen 98 Monitoring Real Time Traffic 99 Monitoring Real Time Application 100 Common Network Protocol 101 Health Checking 102 EIM 103 Two Levels Top 10 ...

Page 9: ...ommand 124 set state command 125 set remote command 126 set interface command 129 History Command 129 Exit Command 130 Reboot Command 130 Reset Command 131 Ping Command 131 Appendix B Glossary 132 Appendix C Features and Specifications 137 Hardware Specification 137 Features Specification 137 LCM Module 139 Other Specifications 140 Mechanic ID Design Front LED indicators 141 Physical Environment 1...

Page 10: ... your current network environment Refer to the Quick Installation Guide for instructions on connecting the DFL M510 to your network This section covers the following topics z Identifying Components on page 1 z Configuring the DFL M510 on page 3 z Running the Setup Wizard on page 9 Before using this manual take a look at the copyright trademark and safety information section See Before you Begin on...

Page 11: ... bypass is enabled Off Ethernet link OK and the speed is 10Mbps Inbound Left Green On Ethernet link OK and the speed is 100Mbps Off No packets sending receiving On Link Inbound Right Inbound LAN Green Blinking Activity port is sending receiving data Off Ethernet link ok and the speed is 10Mbps Outbound Left Green On Ethernet link ok and the speed is 100Mbps Off No packets sending receiving On Link...

Page 12: ...of the DFL M510 The following are the default settings IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 254 User name admin Password admin CONFIGURATION THROUGH THE COMMAND LINE INTERFACE Configure the DFL M510 using the following parameters The IP address shown below is only an example Instead use the IP address for your network IP Address 192 168 9 231 Subnet Mask 255 2...

Page 13: ... open a connection in Windows 95 98 NT 2000 XP go to Program Files Accessory Communications Super Terminal 3 Once you access the Command Line Interface CLI with a terminal connection press any key The following prompt appears 4 Type in the username and password ...

Page 14: ...5 5 Use the get system command to get information on the DFL M510 6 Use the set system ip command to set the IP address ...

Page 15: ...eway to set the default gateway 8 After setting the IP address Mask and Gateway use the get system command to get correct information Use the web based interface to configure other parameters See Configuration Through a Web based Interface on page 7 ...

Page 16: ... from www java com or you can download it from the link within the DFL M510 GUI The PC you log in from must have the following system requirements z Microsoft Windows XP professional operation systems z Device with Internet connection z CPU Intel Pentium4 2 0G or 100 compatible z Memory 512MB RAM or above z Java Run Time Environment J2RE V1 4 2 or above Refer to the following to log on to the DFL ...

Page 17: ...ty Warning appears 4 Click Always to continue and prevent this screen appearing again The login screen appears The IP address shown above is only an example Instead use the IP address for your network 5 Type in the default account name admin and the default password admin choose your preferred language and click Login ...

Page 18: ...p See Chapter 4 User Authentication on page 63 6 After two or three minutes the GUI opens on the DFL M510 main screen 7 To log out click the Close button at the top right of the screen RUNNING THE SETUP WIZARD The Setup Wizard helps you to quickly apply basic settings for the DFL M510 You will need the following information for your network to complete the Setup Wizard z IP Address z Subnet Mask z...

Page 19: ...mation and policy configuration for DFL M510 For system maintenance several handy tools such as Backup Reset Upgrade and Debug are provided in the Tools enable you to quickly maintain the system configuration The Status is the most fabulous function you may frequently utilize for instance System information Logging information and Report for network status The current status of the supported appli...

Page 20: ...r you logon the device The Setup Wizard will guide you step by step through the entire procedure After the procedure is completed the basic system information for DFL M510 is configured To run the Setup Wizard 1 Go to Toolbar click Wizard Setup Wizard The Setup Wizard window appears Click Next to continue ...

Page 21: ...t Gateway and DNS Server address to enable the device to connect to your network If the network was set by CLI check the settings here Type in the required information and click Next 3 Select the check boxes for the applications you want to block and click Next ...

Page 22: ... the Policy menu See Chapter 6 Policy on page 75 4 Select the No radio button and click Finish If you select Yes in the screen above you are taken to the Real Time Monitor screen when setup completes See Chapter 7 Real Time Monitor on page 98 It takes 30 seconds for the settings to be processed and then the following screen appears ...

Page 23: ...14 When the setup is successful the following screen appears 5 Click OK The System status screen is shown for your information ...

Page 24: ...configurations and apply policy settings for the DFL M510 Follow the steps as below to experience the easy use and convenience of Policy Wizard TO CREATE A NEW POLICY TEMPLATE VIA POLICY WIZARD 1 Go to Toolbar click Wizard Policy Wizard The Policy Wizard window appears ...

Page 25: ...ormation here or latter in the tree view list To setup the Host Group information click the Set up Host Group Now button otherwise click Next to continue 3 In this step you can choose either to create a new policy or to select an existing policy template ...

Page 26: ...y template click the radio button Choose an existing policy template and select an existing policy template from the pull down list The detail setting for the policy template you choose will appear in the three view list for your information and click Next to continue If you select Choose an existing policy template and click Next you are taken to the Step 5 for further configuration ...

Page 27: ...18 4 Specify the corresponding action and schedule for the Block Streaming Media template Here the Block checkbox is checked and the schedule is Always Click Next to continue ...

Page 28: ...You can latter configure it in the Policy Setting Tab when you require In this example the policy does not apply to any specific group immediately Click Save to save your setting for the new policy template Do not forget to click the Save button in this step otherwise you will lose your entire configuration for your new policy template ...

Page 29: ...y Wizard or to set up another policy template via the wizard The Policy Wizard provides a simple and easy way to set up your policy setting these configurations still can be modified latter in the configuration tabs of Policy Setting See Chapter 6 Policy on page 75 for more information ...

Page 30: ... Backup The Backup window appears Backup configuration to Press Backup configuration to store the currents settings to a file The backup configuration dialog displays to ask the name of the stored file Restore configuration from Press Restore configuration from to restore setting from a file on the management GUI The restore configuration dialog would display to ask the name of the file ...

Page 31: ...ompletes click Reboot to reboot the device The configuration file includes the user defined policy RESET Go to the Toolbar click Tools Reset The System Reboot window appears as below Reboot After an update completes press Reboot to boot the device from the new firmware Reset to Factory Default Press Reset to Factory Default to restore the factory default settings ...

Page 32: ...o UPGRADE Go to the Toolbar click Tools Upgrade The Firmware Upgrade window appears see below File Path Type the file path to the update file Browse Press Browse to locate the update file Then press Upload to send the newest file to the device Upload Press Upload to begin the update ...

Page 33: ...s see below The Debug tool is a trouble shooting tool for your hardware provider When you encounter hardware problems or configuration problems of DFL M510 you can retrieve the debug information from the DFL M510 and provide this file to your vendor for further analysis ...

Page 34: ...s of what applications can be monitored and incorporated into your policies After you log on go to Toolbar and click Status to open the following screen The Status screen gives you access to the following information z System Status z Logging Status z Report for Network Status z Policy Status z Pattern Status ...

Page 35: ...e default gateway the default is 192 168 1 254 DNS Server Shows the DNS server address Operation Mode Shows the defense status of the device Stealth Mode Shows if stealth mode is enabled Lan Link Mode Shows the LAN link mode Wan Link Mode Shows the WAN link mode DMZ Bypass Shows the DMZ bypass packets are not monitored in DMZ Host Bypass Shows the host bypass Model Name Shows the model name Device...

Page 36: ...verload RAM Usage Shows RAM usage monitor memory usage to prevent overload Flash Usage Shows flash usage monitor flash usage to prevent overload Current Users Shows the total number of hosts monitor the host table to prevent it from running out Current Sessions Shows the total number of sessions monitor the sessions table to prevent connection sessions from running out CPU utilization RAM and Flas...

Page 37: ...the log display by clicking Refresh On the log display list the default setting of the system is to display all information regarding incidents including the occurring source and message Administrators can inspect data and filter out unnecessary events SEARCHING FOR LOGS BY A SPECIFIC TIME To search a log for a specific time specify the time under Specific Time and click Search SETTING THE LOG DIS...

Page 38: ...e Use Prev Next to go to the previous or next page Go to a specific page by selecting it from the Page drop down arrow THE REPORT for Network Status To view the Report for Network Status click Status Report In the Report Title field type a title for the report and click Generate ...

Page 39: ...e the report window opens The above screen is described in the Real Time Monitor chapter See Monitoring Real Time Traffic Click Print to print the report Click Save As to save the report to the local computer Click Close to close the report window ...

Page 40: ...T Reports are saved in HTML format and can be viewed in a Web browser 1 Click Save As 2 Type a name for the report and click Save As 3 Open the file you saved in your Web browser 4 Scroll down to view the details of the report ...

Page 41: ... DFL M510 The latest pattern can be downloaded automatically after you register the product information and enable the auto download feature on the DFL M510 To register product information please visit the following hyperlink https security dlink com tw member_registration asp Application Support Version Web mail Yahoo Hotmail Gmail HTTP HTTPS Web Control NNTP eDonkey2000 1 4 3 eMule 0 46a WinMX 3...

Page 42: ... Media Player 10 0 H 323 RTSP iTunes 4 8 WinAmp 5 09 Radio365 1 1 11 Streaming Media QuickTime 6 5 2 General FTP Applications GetRight 5 2d File Transfer FlashGet 1 71 MSN 7 5 Build 7 5 031 Microsoft Live Messenger 8 0 Web MSN AIM 5 9 3759 QQ V06 1 103 300 TM 2006 ICQ 5 iChat 3 0 1 Yahoo Messenger 7 0 Odigo v4 0 Beta Build 689 IRC MIRC 6 16 Rediff BOL 7 0 Beta Google Talk 1 0 0 92 Message Exchange...

Page 43: ...34 POP3 IMAP4 NNTP The DFL M510 manages P2P downloads by using the P2P Protocol In this architecture no matter what version of the client you use the DFL M510 can manage it ...

Page 44: ...application that the DFL M510 can not support you can use this function to request support 1 Click User Request The following screen appears 2 Complete all information of the new application and click Send You will be contacted by the D Link support team ...

Page 45: ...RMATION This page will display the Pattern Information Last Update Shows the last time the pattern was updated Version of current pattern Shows the pattern version Number of pattern Shows the pattern number Pattern Updated Information This page will show the log when you update pattern ...

Page 46: ... with your network The System menu also lets you set local time settings and carry out maintenance THE SYSTEM SCREEN After you log on click System to open the following screen The System screen gives you access to the following screens Date and Time on page 38 Remote Management on page 40 Log Setting on page 42 ...

Page 47: ... Date and Time to adjust the time for your location 1 Click System Date and Time The Date and Time window appears 2 Click to the right of Current Date and Time 3 Select the current date and click to return to the Date and Time screen ...

Page 48: ...or your location from the drop down list 5 Click Apply to confirm your settings The following screen appears 6 Click OK to exit If your location uses daylight saving time A Check Enable daylight saving time B At Offset set the offset time C Click to set the start and end dates and then click Apply ...

Page 49: ...The Remote Access tab lets you control access rights HTTP SSH The descriptions for the HTTP and SSH fields are the same Server Access Options are All Disabled Allowed from LAN or Allowed from WAN The default is All Secure Client IP Address Options are All or Selected IP Address Add Delete Use Add Delete to add IP Addresses or a Subnet address to the Selected IP Address window ...

Page 50: ... 2 Click the Selected IP Address radio button and click Add 3 Type in the IP Address and Subnet Mask for the PC that will access the DFL M510 and click OK The IP Address is added to the Selected IP Address window Repeat steps 2 and 3 to add other IP Addresses 4 Click Apply The new settings are processed ...

Page 51: ...ppears 5 Click OK to finish THE LOG SETTING SCREEN Configure Log Type and Severity Notification to view log information on the device Click System Log Setting the following screen appears The Log Setting screen has two tabs Click on a tab to view the settings ...

Page 52: ...ting enables you further configure the logging for individual policy template For Malware Detection log setting it allows DFL M510 log the information while the device detects any network health concern activities in your internal network Each log type has three corresponding severity notification including Critical Warning and Info You can configure severity notification for each log type to enab...

Page 53: ...port the logging information to external Syslog server you need to activate the Server setting meanwhile provide the IP address and port configuration of your Syslog server Then specify the log type and severity notification you would like to export to and view on your Syslog server ...

Page 54: ...NTERFACES THE INTERFACE SCREEN The Network screen lets you configure settings for your network 1 Click Interface The Network Setting window appears The Network screen has four tabs Click on a tab to view the settings ...

Page 55: ...46 NETWORK SETTING TAB Click the Network Setting tab The following screen appears Device Name Type a name for the device Inactivity Timeout Set the inactivity time out ...

Page 56: ...device names to help identify different units DEVICE SETTING These fields display the IP address and related network information of the device IP Address Device IP Address Subnet Mask Device Subnet Mask DNS Server Device DNS Server Default Gateway Device Default Gateway ...

Page 57: ...trator s email address SMTP Server Type the IP of the SMTP server ID Type an ID if sender authentication is required Password Type a password if sender authentication is required Server Check When the above fields are completed click Server Check to verify the mail account The ID Password field must be filled in if your mail server requires authentication ...

Page 58: ...tion Object ID Up time Name Location and Service Trap Community Type the SNMP community that allows the SNMP trap command When the device reboots the device sends the trap to the trap server Trap Server Type the IP of the SNMP management center that should be reported Server Access Options are Disable No access from LAN or WAN All Access from LAN and WAN Note This setting has no remote access rest...

Page 59: ...ctions any IP address will have access to the DFL M510 2 Click the Selected IP Address radio button and click Add 3 Type in the IP Address and Subnet Mask for the PC that will access the DFL M510 and click OK The IP Address is added to the Selected IP Address window Repeat steps 2 and 3 to add other IP Addresses 4 Click Apply The new settings are processed ...

Page 60: ...51 When the settings are processed the following screen appears 5 Click OK to finish ...

Page 61: ...Set the Ethernet ports for the speed you want and click Apply WAN 10 100 Half Full Auto Interface Link Setup LAN 10 100 Half Full Auto INTERFACE STEALTH SETTING The LAN WAN Ports can be configured in Stealth Mode by selecting On WAN On Off Stealth Mode LAN On Off Subnet Mask LAN Port ...

Page 62: ...53 After you make changes click Apply The new settings are processed and the following screen appears Click OK to finish ...

Page 63: ...54 PARAMETER TAB Click the Parameter tab The following screen appears This tab defines management parameters ...

Page 64: ...network abnormalities When Bypass mode is selected the DFL M510 will not detect or take action to security events in the network Monitor Monitor mode allows you to analyze network activities and make early stage diagnosis before deployment The DFL M510 will detect all events by inspecting all packets In this mode the DFL M510 will log all events but will not take any countermeasure reset drop acti...

Page 65: ...bnet Mask Type in the Subnet Mask The IP addresses of the hosts in a subnet must be continuous That is the network mask contains only two pairs the leading 1s and the following 0s DMZ Bypass prevents the DFL M510 as a bottleneck in your intranet For example the IP address of Mail FTP server could be assigned in the DMZ Bypass configuration to provide wire speed traffic from the internal network to...

Page 66: ...net which do not need to be monitored are added to the Bypassed User Group These hosts have unhindered access to the WAN but may be less secure than In Line hosts The IP addresses of the hosts in the bypass list must be in the host table first That is the host must be learned or entered before you can select it Otherwise the host must be within a group and specified by a subnet Such a host is auto...

Page 67: ...d Groups that have been added After you make changes click Save The new settings are processed and the following screen appears Click OK to continue An IP address in the Host Bypass implies bypass source IP To provide more throughputs you could set up the servers IP ERP mail ftp in the Host Bypass if the servers are located in the internal network ...

Page 68: ... physical connections they are extremely flexible The IEEE 802 1Q standard defines VLAN ID 1 as the default VLAN The default VLAN includes all the ports as the factory default The default VLAN s egress rule restricts the ports to be all untagged so it can by default be easily used as a simple 802 1D bridging domain The default VLAN s domain shrinks as untagged ports are defined in other VLANs If y...

Page 69: ... sets Item Description VID1 1 VID2 3 VID3 5 VID4 7 Management VID2 Refer to the following to configure the VLAN setting 1 Click Interface and then select the VLAN tab VLAN Enabled Enables or disables the VLAN function VID1 VID7 Type in the VLAN ID Management Group Select the Management VLAN Group ...

Page 70: ...o enable VLAN 3 Type in each VID in the VID1 to VID7 boxes The DFL M510 supports up to seven VLANs The Management VID must be either PVID or VID1 to VID7 Configurations depend on your environment 4 Click Apply The screen updates as follows ...

Page 71: ...62 VLAN STATUS Management IP Shows the device IP address Management VLAN Shows the Management VLAN Group ID VID1 VID7 Shows the ID of each VLAN ...

Page 72: ...reen ACCOUNTS No Shows the current number of accounts Name Shows the name for each account Role Shows the shows the level of the user s policy Administrator Read Only or Write Last Time Login Shows the last time the account was accessed Only users that are assigned the Administrator role can edit the Account and Hosts Groups menus ...

Page 73: ... The Account Edit dialog box appears Name Type a name for the account Password Type a password Confirm Password Retype the password Privilege Assign privilege status Administrator Read Only or Write Click OK to confirm The account is added to the Accounts list ...

Page 74: ...65 To review or audit an account click Login Status The following screen appears A log is created each time a user logs on or logs out Monitor this list for added security See Toolbar Logging on page 28 ...

Page 75: ...C address IP address and VLAN address In order to manage the host internet access we can lock a host with a MAC address and or an IP address Assign names to hosts to make them easier to manage Otherwise the DFL M510 learns the device name from the network Assigned names take priority over learned names THE OBJECTS SCREEN After you log on click Objects to open the following screen The Objects scree...

Page 76: ...the deployment environment where a switch is attached to the LAN port of your DFL M510 However if there is a router attached to your LAN port the DFL M510 will recognize the router mac address only it cannot recognize the hosts automatically behind the routers thus the IP Based Management mode is required in order to have your DFL M510 correctly recognize the hosts behind your router Host Table No...

Page 77: ...e not monitored Other Hosts The DFL M510 can manage 200 hosts If you select Block hosts that exceed 200 have no Internet access If you select Forward those hosts will be allowed to access the Internet but will not be monitored by the DFL M510 CHANGING THE STATUS OF A HOST In the following example the status of No 1 is changed from Hosts within 200 to Other Hosts 1 Right click on the host you want ...

Page 78: ...69 2 Select Move to Standby Notice the State icon is now green indicating the host is now in the Other Hosts category ADDING A HOST Refer to the following to add a host 1 Click Add ...

Page 79: ...lick OK The new host is added to host table EXPORTING A HOST DATABASE You can export a host database to reuse or to import into another DFL M5 10 Refer to the following to export a host database 1 Click Export 2 Click The Save dialog box appears ...

Page 80: ...71 3 Enter a file name and click Save 4 Click OK to confirm the export 5 Click OK to continue ...

Page 81: ... GROUP SETTING Add Click to add a new Setup Group Delete Click to delete a Setup Group Up Click to move a Setup Group up Down Click to move a Setup Group down QUICK ASSIGN USER GROUP Group Name Type in the group name Quota Total available space to a group Session Total sessions available to a group Available Hosts Lists the available hosts Hosts in Selected Group Lists the hosts in the selected gr...

Page 82: ...ial IP address range to a group ASSIGNING HOSTS TO GROUPS You can assign a host to a group by checking the button crossing the host and the group Refer to the following to add a host to a group 1 Click Add 2 Type a group name and click OK ...

Page 83: ...74 3 Select the host and click to add it to the Hosts in Selected Group window 4 Click Apply 5 Click OK to finish The new group is added to the Group Setting list ...

Page 84: ... click Policy to open the following screen The Policy screen gives you access to the following screens z The Policy Setting Screen z User Defined Pattern z The Schedule Screen z Message Setting z Keyword Filter z Pattern Updates After the policy database is published and fetched it is uploaded to the DFL M510 To manage the users and applications policies are defined and each of them complies with ...

Page 85: ...ate created by the device wizard can be created or modified The protocols displayed on the policy are described as follows A The IM Applications that can be managed by the DFL M510 Item Protocol Management Type Support Version MSN Keyword Login Chat File Transfer Audio Communication Video Communication Online Game Message Exchange IM MSN Encrypted with SIMP MSN 7 5 Microsoft Live Messenger 8 0 ...

Page 86: ...ahoo IM 6 0 0 1921 QQ TM Login QQ V06 1 103 300 TM 2006 Gadu Gadu Login Gadu Gadu 7 1 Login Normal Mode Skype Login Strict Mode Skype 1 3 0 60 Login IRC File Transfer MIRC 6 16 Odigo Login v4 0 Beta Build 689 Login Chat Audio Communication Rediff BOL File Transfer Rediff BOL 7 0 Beta Login Chat Google Talk Audio Communication Google Talk 1 0 0 92 Yahoo Mail Gmail Web Mail Hotmail Web Control Web W...

Page 87: ... 1 0 0 BearShare 5 0 1 1 LimeWire 4 8 1 Gnucleus 2 2 0 0 Morpheus 5 0 Gnutella ezPeer2 0 mldonkey 2 5 x Kazaa 3 0 FastTrack Grokster 2 6 Kuro Kuro 5 30 0704 eDonkey2000 1 4 3 Shareaza 2 1 eMule 0 46a Morpheus 5 0 eDonkey2000 mldonkey 2 5 x BitComet 0 59 Shareaza 2 1 BitTorrect 4 0 4 BitTorrent mldonkey 2 5 x PeerWeb DC 0 300 StrongDC 1 00 RC9 Internet File Sharing P2P DirectConnect RevConnect 0 67...

Page 88: ...ftEther 2 10 build 5080 File Transfer FTP Application Command Execution GetRight GetRight 5 2d File Transfer FlashGet FlashGet 1 71 POP3 IMAP4 SMTP Mail NNTP RealPlayer 10 5 MS Media Player 10 0 iTunes 4 9 0 17 QuickTime 7 Winamp 5 09 Radio365 1 11 Streaming Media H 323 The DFL M510 manages P2P downloads by using P2P Protocol In this architecture no matter what version of client is used the DFL M5...

Page 89: ...ate Setting Tab on page 80 The Assign Policy Tab on page 83 The Policy Viewer Tab on page 87 THE TEMPLATE SETTING TAB To view the Template Setting tab click Policy Policy Setting Template Setting When you select a template from this list its patterns are listed in the center pane You can add delete and duplicate templates ...

Page 90: ...me When a pattern is chosen it shows all the options and all the constraints of it The options or constraints which are not shown are grayed out Changes made in the fields under Options apply to all patterns THE OPTIONS PANE When a pattern is detected the DFL M510 takes certain management actions such as blocking the connection or notifying the administrator There are five actions that can be take...

Page 91: ...k your staff using P2P software you can limit the detection range of the P2P policy to only intranet and skip detection against DMZ Thus false positives can be reduced while maintaining performance If the detection scope is defined as Directional the scope is distinguished by source and destination If it is defined as Non directional the rule will manage Therefore an administrator does not have to...

Page 92: ...parameters If such a pattern rule is selected there is a constraint parameter section as following Keyword The user defined keyword to match the content of packets THE ASSIGN POLICY TAB To view the Assign Policy tab click Policy Policy Setting Assign Policy ...

Page 93: ...In the following example the Security group is assigned a policy only allowing Web control such as Web browsing 1 In the Template Setting tab click Add to add a new template 2 Configure Policy for application behavior management ...

Page 94: ...85 3 Click Apply to save the policy template 4 Click the Assign Policy tab Select the template you want to implement from the Available Templates pane ...

Page 95: ...86 5 Under Group Host select PM and click Apply ...

Page 96: ...In the Policy Viewer tab you can view all policies of groups In the example below we check the policy of the PM group via the Assign Viewer tab click Policy Policy Setting Policy Viewer and then select PM in the Group Host pane ...

Page 97: ...still ways for a manager to define application patterns If a specific application is always connecting to several specific servers or by several specific ports The servers and the ports can be blocked by a user defined pattern Policies can be defined in the following Policy User Defined Pattern screen After a pattern is defined the pattern is displayed in the pattern list contained in a template a...

Page 98: ...L For example a Streaming Media sees TCP 3001 ports to connect to Media servers To block this Streaming Media game do the following 1 In the User Defined Pattern screen click Add 2 Type in Streaming1 for the pattern name and click OK ...

Page 99: ...90 3 Input a pattern named Streaming 1 with category Streaming Media and TCP port 3001 4 Click Save ...

Page 100: ...s always connecting to a network server with the IP address 140 126 21 4 You can block this web chat application and then click the Save button to add a new rule as follows 1 In the User Defined Pattern screen click Add 2 Type in Web Chat 1 for the pattern name and click OK ...

Page 101: ...92 3 Input a rule name Web Chat 1 with category Web Control and servers 140 126 21 4 4 Click Save ...

Page 102: ...of hours Click Policy Schedule to access the Schedule screen There are four predefined schedules The Always schedule means the policy is always active The Working Hours schedule means the policy is active during working hours The regular working hours are Monday to Friday from 9 00 AM to 5 00 PM The Weekdays schedule means the policy is active during the whole workdays The regular workdays are Mon...

Page 103: ... schedule editing dialog box Modify the schedule name and check the hour tab to include or exclude the hour represented by the tab MESSAGE SETTING In this section you can edit popup or Web messages Refer to the following to add a popup message 1 Click Policy Message Setting ...

Page 104: ...95 2 Under Popup Message to User click Add 3 Type a description and the content of the message and click OK ...

Page 105: ...keyword URL keyword MSN keyword These keyword functions are used to describe applications of MSN and Web browsers Since all the keyword policies and other policies are too complex to display in a page an integrated GUI frame is designed to aggregate these rules to use more easily The special keyword policy GUI is illustrated as following This function only supports chapter by ASCII encoding ...

Page 106: ...ber of pattern You can register the DFL M510 in D Link s security portal by clicking on the Register for Pattern Update or view current button By clicking Download Now you can immediately connect to the update server and manually download the latest pattern To obtain the detailed information for the latest pattern before you download please click Check details before download for further informati...

Page 107: ...MONITOR SCREEN After you log on click Real Time Monitor to open the following screen For Real time Monitor to work properly port 8801 8810 must be opened on the client PC to receive the analysis data from the DFL M510 D Link recommends not managing the DFL M510 through a WAN link since the Real time Monitor feature would get data from the DFL M510 The Real Time Monitor screen gives you access to t...

Page 108: ...P2P The number of bytes of all application of the P2P category Mail The number of bytes of all application of the Mail category File Transfer The number of bytes of all application of the File Transfer category Web Control The number of bytes of all application of the Web Control category Streaming Media The number of bytes of all application of the Streaming Media category Misc The number of byte...

Page 109: ...t time Each line can be hidden or shown by clicking the check box before the specified label SCOPE Click the drop down arrow to select a group or subnet to monitor It filters hosts and doesn t affect the current traffic status but instead zooms into the subset of the hosts that are specific by each case MONITORING REAL TIME APPLICATION To monitor Real Time Application check the Real Time Applicati...

Page 110: ...e health checking table Select the radio button to display each table The EIM table is the default COMMON NETWORK PROTOCOL The common network protocol table shows the current status of each host This table is a layer 4 table and network applications are monitored at the network port number The common network protocol contains HTTP HTTPS SMTP FTP TELNET POP3 IRC NNTP and IMAP If a host is connectin...

Page 111: ...to almost all anti virus software but detectable by the DFL M510 When those packets come from a host and are detected the corresponding field shows a check mark to indicate the host has health concern problems Health concern problems include network based worms illegal agents and tunnels Network based worms do not include common viruses since they are easy to discover by standard virus software Il...

Page 112: ...on pattern and summarized into six categories IM P2P Web application file transfer E mail and media If a host is connecting to the Internet and identified as a category application the table shows a check mark to indicate the host is currently running the application with that specific category ...

Page 113: ...ckly understand the present status of the network These monitoring charts have two levels First choose one chart from the six charts then pick one item from the first level to display the second level chart TOP 10 CATEGORIES TOP 10 APPLICATION In these charts the first level shows the top 7 categories When a category is chosen the second level shows the top 10 applications in the chosen category T...

Page 114: ...en the IM category is chosen the second level chart covers the first chart as follows It would be understood that the MSN is the most frequent application within the IM category If you press Reset all data is erased Click Back to go to the previous page ...

Page 115: ...S TOP 10 USERS In these charts the first level shows the top 10 applications When an application is chosen the second level shows the top 10 users in the chosen application The following means that the top application is MSN ...

Page 116: ...GROUPS TOP 10 APPLICATIONS In these charts the first level shows the top 10 groups When a group is chosen the second level shows the top 10 Applications The following means that the top group is the default group ...

Page 117: ...ERS TOP 10 APPLICATIONS In these charts the first level shows the top 10 users When a user is chosen the second level shows the top 10 applications in the chosen user The following means that the top user is Jeffrey ...

Page 118: ...ERS In these charts the first level shows the top 3 health concerns When a health concern is chosen the second level shows the top 10 users in the chosen health concern The following means that the top health concern is the illegal agent ...

Page 119: ...EALTH CONCERNS In these charts the first level shows the top 10 users with health concerns When a user is chosen the second level shows the top 3 health concerns in the chosen user The following means that the top user with health concern is CJHO ...

Page 120: ...111 CHAPTER 8 TRAFFIC SHAPING The Traffic Shaping enables bandwidth control over the Internet applications System administrators can specify the bandwidth either for user groups or for applications ...

Page 121: ...ping policy via click the Add for Application button and then click the Apply button to add a traffic shaping policy as follows 1 In the Traffic Shaping screen click Add for Application 2 Select By Default Application provide the policy name P2P_BitTorrent In Category and Application menu select Internet File Sharing P2P and BitTorrent meanwhile assign bandwidth limitation for instance 50KB for Bi...

Page 122: ...o configure bandwidth limitation for user groups Here the example below demonstrates how to create a traffic shaping policy for the PM user group You can create a traffic shaping policy via click the Add for Group button and then click the Apply button to add a traffic shaping policy as follows 1 In the Traffic Shaping screen click Add for Application ...

Page 123: ...licy name UG_PM In Group menu select the PM user group meanwhile assign bandwidth limitation for instance 300KB for the user group Then click the Apply button to add a new policy 3 Click Apply to take the policy effective ...

Page 124: ...en them 1 SSH service provides administrators an ISG remote control mechanism and higher security compared to a traditional Telnet connection 2 Since remote access is considered more risky than accessing from a terminal connection some functions are limited to the terminal connection service only For example the device booting message does not show on the remote access Details of the limited funct...

Page 125: ...an use the console or SSH to connect the DFL M510 After login you can use the CLI commands to configure the DFL M510 The complete CLI commands are described as follows Commands Description help Getting information of all command s usage and argument configuration get Display all kinds of configuration information of the DFL M510 set Set the system parameter history Display all commands which you h...

Page 126: ...reset Display all information of reset command help ping help ping Display all information of ping command EXAMPLE A help get help get get Get system parameters Available commands system System configurations including IP password and etc time Device clock setting state Device operation state interface Device interface configuration B help set help set set Set system parameters Available commands ...

Page 127: ... D help exit help exit exit Log out E help reboot help reboot reboot Reboot system F help reset help reset reset Reset system configurations to manufacturing defaults G help set help ping ping Ping utility ...

Page 128: ... system configurations including IP password and etc time get time Display device clock setting state get state Display device operation state get interface get interface Display device interface configuration EXAMPLE A get system get system B get time get time Current time GMT 0 Mon Apr 18 08 34 37 2005 DST time GMT 0 Mon Apr 18 08 34 37 2005 System duration 0 days 0 43 10 ...

Page 129: ... device operation mode remote Set remote control mode set interface Set interface link mode SET SYSTEM COMMAND Prefix command 2nd command Example Command description ip set system ip 192 168 80 244 Set device s IP mask set system mask 255 255 0 0 Set device s mask gateway set system gateway 192 168 80 244 Set device s default gateway passwd set system passwd Set administrator s new password set sy...

Page 130: ...eck On set system detect policy lan on Turn on lan port s policy check policy lan Off set system detect policy lan off Turn off lan port s policy check wan 10 300000 set system detect ping wan 5000 Set max ICMP count of wan port pingmax lan 10 300000 set system detect ping lan 5000 Set max ICMP count of lan port on set system detect stateful on Turn on TCP state bypass stateful off set system dete...

Page 131: ...h http connection will be cut off y n B set system mask set system mask 255 255 255 0 Do you want to apply this setting immediately Your current ssh http connection will be cut off y n C set system gateway set system gateway 255 255 255 0 Do you want to apply this setting immediately Your current ssh http connection will be cut off y n D set system passwd set system passwd Original password New pa...

Page 132: ...t system detect pingmax wan 100000 set system detect pingmax wan 100000 Change wan port maximum ping packet limit OK J set system detect pingmax lan 100000 set system detect pingmax wan 100000 Change lan port maximum ping packet limit OK K set system detect stateful on set system detect stateful on Turn on TCP state check bypass L set system detect stateful off set system detect stateful off Turn ...

Page 133: ... Q set system vlan vid 1 set system vlan vid 1 Set VLAN ID OK R set system name set system name Press new device name M510 SET TIME COMMAND Main command Sub command Example Command description set time set time Set device clock EXAMPLE A set time set time Current time GMT 0 Mon Apr 18 10 57 15 2005 Specify year 2000 2099 Specify month 1 12 Specify date 1 31 Specify hour 0 23 Specify minute 0 59 Sp...

Page 134: ...ccord Bypass Set state bypass ISG will transmit all received packets to work on another port unconditionally which can be regarded as bridge mode set state Span Set state span ISG accept packets mirrored from hub or switch mirror port and is able to reset network connection two connection ports of ISG work at this time EXAMPLE A set state inline set state inline Set system state to In Line mode B ...

Page 135: ... access device 1 2 set remote http mask 3 xxx xxx xxx xxx Assign specify subnet mask can use browser to remote access device Prefix command 2nd command 3rd command Postfix command Command description wan Enable remote access using SSH from wan port lan Enable remote access using SSH from lan port all Enable remote access using SSH from wan and lan port access disable Disable remote access using SS...

Page 136: ... off y n D set remote http access disable set remote http access disable Do you want to apply this setting immediately Your current ssh http connection will be cut off y n E set remote http ip 1 192 168 1 230 set remote http ip 1 192 168 1 230 Do you want to apply this setting immediately Your current ssh http connection will be cut off y n F set remote http mask 1 255 255 255 0 set remote http ma...

Page 137: ... y n J set remote ssh access disable set remote ssh access disable Do you want to apply this setting immediately Your current ssh http connection will be cut off y n K set remote ssh ip 1 192 168 1 230 set remote ssh ip 1 192 168 1 230 Do you want to apply this setting immediately Your current ssh http connection will be cut off y n L set remote ssh mask 1 255 255 255 0 set remote ssh mask 1 255 2...

Page 138: ...stealth mode on off Setup LAN port configuration Specify auto mode or speed auto 10 100 Specify stealth mode on off Do you want to apply this setting immediately Your current ssh http connection will be cut off y n History Command This command will display all commands which you have used Main command Sub command Example Command description history none history Display all commands which you have ...

Page 139: ...MPLE A exit exit Logout Welcome to D Link DFL M510 Console Environment Copyright C 2005 D Link Corp www dlink com DFL M510 login Reboot Command Use this command to reboot system Main command Sub command Example Command description reboot none reboot Reboot system type y to reboot the system EXAMPLE A exit reboot Are you sure to reboot system y n ...

Page 140: ...onfiguration to the default values and then reboot the system Continue y n Ping Command Use this command to reset system configuration to default settings Main command Sub command Example Command description ping xxx xxx xxx xxx Ping 168 95 192 1 Send ICMP echo request messages EXAMPLE A ping ping 192 168 80 243 PING 192 168 80 243 168 95 192 1 56 data bytes 168 95 192 1 ping statistics 1 packets ...

Page 141: ...ample two data terminal equipment DTE or data communications equipment DCE devices DNS Domain Name System Domain Name System links names to IP addresses When you access Web sites on the Internet you can type the IP address of the site or the DNS name Domain Name The unique name that identifies an Internet site Domain Names always have two or more parts that are separated by dots The part on the le...

Page 142: ... Text Transfer Protocol The most common protocol used on the Internet HTTP is the primary protocol used for web sites and web browsers It is also prone to certain kinds of attacks HTTPS HyperText Transfer Protocol over Secure Socket Layer HyperText Transfer Protocol over Secure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an applic...

Page 143: ...r network Connect two or more networks together and you have an internet NIC Network Interface Card A board that provides network communication capabilities to and from a computer system Also called an adapter P2P Peer To Peer Peer to peer P2P is where computing devices link directly to each other and can directly initiate communication with each other they do not need an intermediary A device can...

Page 144: ...s a path or circuit to send a data packet through TCP Transmission Control Protocol TCP is a connection oriented transport service that ensures the reliability of message delivery It verifies that messages and data were received Telnet Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allo...

Page 145: ... files graphics video and audio A URL is the address of an object that is normally typed in the Address field of a Web browser A URL is basically a pointer to the location of an object WAN Wide Area Networks WANs link geographically dispersed offices in other cities or around the globe including switched and permanent telephone circuits terrestrial radio systems and satellite systems ...

Page 146: ...ection Prevention Management Application Class Application Type Application Name Control Points 1 Message Exchange Instant Messengers IM 1 MSN 2 Yahoo Messenger 3 ICQ 4 AIM 5 QQ 6 IChat MAC 7 Odigo 8 Trillian 1 Login 2 Send Receive Message 3 Send File 4 File Type Name Size 5 Receive File 6 VoIP Establishment 7 Video Establishment 8 White Board Establishment 2 Internet File Sharing Peer to Peer P2P...

Page 147: ...ashGet 3 GetRight 4 NetTranport 1 Login Password 2 Download File 3 Upload File Streaming Media 1 Media Player 2 RealOne 3 Winamp 1 Connection Establishment 5 Media Internet Audio Radio on line 1 Connection SMTP 1 Restricted mail from Address 2 Restricted rcpt to POP3 Login Password IMAP4 Login Password 6 Mail Mail Content Keyword Matching Illegal Intranet Internet Tunnel 1 SoftEther Connection Est...

Page 148: ...ription Firmware Ver Policy Ver Policy Number Current Date Current Time Dev Up Time CPU Load Memory Usage System Info Current Session WAN RX WAN Drop LAN RX LAN Drop Traffic Info Traffic Level Device Status Alert Monitor Traffic Alert Device Name IP Address IP Mask Gateway IP DNS IP IP Info Operation Mode LAN Link Mode Device Config Interface Info LAN Stealth ...

Page 149: ... Link Mode WAN Stealth Reset Reset Confirm Reboot Reboot Confirm Other Specifications Performance 30 40 Mbps All function enabled Wires peed for L3 switching Concurrent Users 150 Concurrent TCP Sessions 4 000 ...

Page 150: ...t enable Bypass Bypass Red On System bypass or failed Off Ethernet link ok and the speed is 10Mbps Inbound left Inbound LAN Green On Ethernet link ok and the speed is 100Mbps Off No packet forwarding ON Link Inbound right Yellow Blinking Act Off Ethernet link ok and the speed is 10 Mbps Outbound left Outbound WAN Green On Ethernet link ok and the speed is 100Mbps Outbound Off No packets Send Recei...

Page 151: ...142 Physical Environment Power 25W Open Frame Switching Power Supply Input AC range 100 240V 50 60Hz Operation Temperature 0 60 Storage Temperature 20 70 Humidity Operation 10 90 RH Storage 5 90 RH ...

Page 152: ...protocol 82 Configuring Command Line Interface 3 Configuring Web based Interface 7 D Date and time adjust 21 E EIM 83 F Front view 1 H Heath checking 82 Host database exporting 50 Host adding 49 Hosts assigning to groups 53 HTTP SSH remote management 30 I Interface tab 28 K Keyword content template 65 Keyword filter 76 L LCM Button Description 2 Log tab 94 Log searching for 95 Logging on the DFL M...

Page 153: ...ow to assign 66 Popup messages editing 74 Ports speed 29 Ports stealth mode 29 R Real Time Application monitoring 81 Real Time Monitor screen 79 Real Time Traffic monitoring 80 Rear View 3 Remote Access tab 29 Report tab 92 Report interactive 92 S Schedule screen 72 Server access configuring 27 Server access configuring for SSH 30 Setup Groups tab 51 Setup Wizard run 10 SNMP configuring 26 Status ...

Search results

Summary of Contents for DFL-M510

Reviews:

Related manuals for DFL-M510

Brands by name

Popular brands

D-Link DFL-M510, User Manual

Search results

Summary of Contents for DFL-M510

Reviews:

Related manuals for DFL-M510

Brands by name

Popular brands