manualshive.com logo in svg

D-Link NetDefend DFL-260E, Manual

The D-Link NetDefend DFL-260E is a powerful network security appliance designed to safeguard your data and network infrastructure. Ensure a seamless setup with the Quick Installation Manual, available for free download from manualshive.com. Discover comprehensive instructions and get the most out of your device hassle-free.

Share
Download
background image

Network Security Solution

 

http://www.dlink.com 

NetDefendOS

Ver.

 

2.40.00

Network Security Firewall

CLI Reference Guide

Security 

Security 

Summary of Contents for NetDefend DFL-260E

Page 1: ...Network Security Solution http www dlink com NetDefendOS Ver 2 40 00 Network Security Firewall CLI Reference Guide Security Security...

Page 2: ...rence Guide DFL 260E 860E 1660 2560 2560G NetDefendOS version 2 40 00 D Link Corporation No 289 Sinhu 3rd Rd Neihu District Taipei City 114 Taiwan R O C http www DLink com Published 2011 09 06 Copyrig...

Page 3: ...particular purpose D Link reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of such revis...

Page 4: ...cc 21 2 1 5 commit 22 2 1 6 delete 22 2 1 7 pskgen 23 2 1 8 reject 23 2 1 9 reset 25 2 1 10 set 25 2 1 11 show 26 2 1 12 undelete 28 2 2 Runtime 30 2 2 1 about 30 2 2 2 alarm 30 2 2 3 arp 30 2 2 4 ar...

Page 5: ...2 57 uarules 66 2 2 58 updatecenter 67 2 2 59 userauth 68 2 2 60 vlan 69 2 3 Utility 70 2 3 1 ping 70 2 4 Misc 71 2 4 1 echo 71 2 4 2 help 71 2 4 3 history 72 2 4 4 ls 72 2 4 5 script 73 3 Configurati...

Page 6: ...etEthernetDriver 107 3 16 7 R8139EthernetPCIDriver 108 3 16 8 R8169EthernetPCIDriver 108 3 16 9 SwitchEthernetDriver 108 3 17 EthernetDevice 110 3 18 HighAvailability 111 3 19 HTTPALGBanners 112 3 20...

Page 7: ...7 3 51 3 ServiceICMPv6 168 3 51 4 ServiceIPProto 169 3 51 5 ServiceTCPUDP 170 3 52 Settings 171 3 52 1 ARPNDSettings 171 3 52 2 AuthenticationSettings 172 3 52 3 ConnTimeoutSettings 173 3 52 4 DHCPRel...

Page 8: ...t 28 2 8 Block hosts 33 2 9 frags 41 2 10 List network objects which have names containing net 51 2 11 Show a range of rules 56 2 12 Interface ping test between all interfaces 57 2 13 Interface ping t...

Page 9: ...for the option Example 1 Command option notation One of the usages for the help command looks like this help category COMMANDS TYPES Topic This means that help has an option called category which has...

Page 10: ...s followed by ellipses it is possible to specify more than one routing table Since table name is optional as well the user can specify zero or more policy based routing tables gw world routes Virroute...

Page 11: ...eference for all commands and configuration object types that are available in the command line interface for NetDefendOS 1 1 Running a command The commands described in this guide can be run by typin...

Page 12: ...gw world activate h Full help for activate gw world help activate Help for the arp command Arp is also the name of a configuration object type so it is necessary to specify that the help text for the...

Page 13: ...of informa tion is shown Ctrl D or Delete Delete the character to the right of the cursor Ctrl E or End Move the cursor to the end of the line Ctrl F or Right Arrow Move the cursor one character to th...

Page 14: ...d lines up arrow for older command lines and down arrow to move back to a newer command line See also Section 2 4 3 history Example 1 3 Command line history Using the command line history via the arro...

Page 15: ...ip a tab gw world add Address IP4Address example_ip Address Address was autocompleted gw world add Address IP4Address example_ip Address 1 2 3 4 Tab completion of references gw world set Address IP4Gr...

Page 16: ...add or remove a member to the list without having to enter all the other members again Edit the default value gw world add LogReceiverSyslog example Address example_ip LogSeverity tab gw world add Lo...

Page 17: ...s and options cannot be used unless the logged in user has administrator priviege This is indicated in this guide by a note following the command or Admin only written next to an option 1 6 User roles...

Page 18: ...1 6 User roles Chapter 1 Introduction 18...

Page 19: ...privilege 2 1 2 add Create a new object Description Create a new object and add it to the configuration Specify the type of object you want to create and the identifier if the type has one unless the...

Page 20: ...ce silent key value pair Options force Add object even if it has errors silent Do not show any errors Category Category that groups object types Identifier The property that identifies the configurati...

Page 21: ...base called exampledb Only objects in the current context can be accessed Example 2 2 Change context Change to a sub child context gw world cc LocalUserDatabase exampledb gw world exampledb Go back to...

Page 22: ...lete the object even if it is referenced by other objects or if it is a context that has child objects that aren t deleted This may cause objects referring to the specified object or one of its childr...

Page 23: ...en Generate random pre shared key Description Generate a pre shared key of specified size containing randomized key data If a key with the spe cified name exists the existing key is modified Otherwise...

Page 24: ...ecursively will reject changes in the user database and all users gw world exampledb set User user1 Comments Something gw world exampledb set User user2 Comments that will be gw world exampledb set Us...

Page 25: ...or privilege 2 1 10 set Set property values Description Set property values of configuration objects Specify the type of object you want to modify and the identifier if the type has one Set the proper...

Page 26: ...ilable if the ob ject is already disabled enable Enable object This option is not available if the ob ject is already enabled Category Category that groups object types Identifier The property that id...

Page 27: ...ay be contexts by Example 2 6 Show objects Show the properties of an individual object gw world show Address IP4Address example_ip gw world main show Route 1 gw world show Client DynDnsClientDyndnsOrg...

Page 28: ...ation on 2 1 12 undelete Restore previously deleted objects Description Restore a previously deleted object This is possible as long as the activate command has not been called See also delete Example...

Page 29: ...r The property that identifies the configuration object May not be applicable depending on the specified Type Type Type of configuration object to perform operation on Note Requires Administrator priv...

Page 30: ...alarm history active Options active Show the currently active alarms history Show the 20 latest alarms 2 2 3 arp Show ARP entries for given interface Description List the ARP cache entries of specifie...

Page 31: ...hardware addresses matching pattern hwsender Ethernet Address Sender ethernet address ip pattern Show only IP addresses matching pattern notify ip Send gratuitous ARP for ip num n Show only the first...

Page 32: ...ats Show active ARP Transaction States Description Show active ARP Transaction States Usage ats num n Options num n Limit list to n entries Default 20 2 2 6 bigpond Show BigPond information Descriptio...

Page 33: ...lock 100 100 100 0 24 serv FTP dest 50 50 50 1 time 6000 Usage blacklist show creationtime dynamic listtime info black white all Show information about the blacklisted hosts blacklist block host serv...

Page 34: ...block unblock show Show information about the blacklisted hosts time seconds The time that the host will remain blocked unblock Unblock specified netobject Admin only white Show whitelist hosts only...

Page 35: ...erface flush Flush CAM table information of specified interface cam flush Flush CAM table information Options flush Flush CAM table If interface is specified only entries using this interface are flus...

Page 36: ...destip ip addr Close connections Options all Mark all connections close Close all connections that match the filter expres sion Admin only destiface interface Filter on destination interface destip ip...

Page 37: ...it exists Usage crashdump 2 2 14 dhcp Display information about DHCP enabled interfaces or modify update their leases Description Display information about a DHCP enabled interface Usage dhcp List DH...

Page 38: ...terface ip example if1 192 168 Usage dhcprelay Show the currently relayed DHCP sessions dhcprelay show rules routes display filter Show DHCP BOOTP relayer ruleset dhcprelay release ip address interfac...

Page 39: ...ase BLACKLIST Release a specific types of IPs dhcpserver releaseip interface ip address Release an active IP Options fromentry Integer Shows dhcp server lease list from offset n leases Show DHCP serve...

Page 40: ...ame Resolve domain name remove Remove all pending DNS queries 2 2 18 dnsbl DNSBL Description Show status of DNSBL Usage dnsbl show SMTP ALG clean Options clean Clear DNSBL statistics for ALG show Show...

Page 41: ...s NEW ALL reassembly id free done num n Options done List done lingering reassemblies free List free instead of active num n List n entries Default 20 NEW ALL reassembly id Show in depth info about re...

Page 42: ...ted to the HTTP Application Layer Gateway Description Show information about the WCF cache or list the overridden WCF hosts Usage httpalg override flush List or flush hosts that have overridden the wc...

Page 43: ...only match the specified characters verbose Verbose wcfcache Show statistics of WCF functionality 2 2 23 httpposter Display HTTP Poster status Description Display configuration and status of configure...

Page 44: ...by IDP idppipes unpipe all host ip addr Remove piping for the specified host Options all mark all hosts host ip addr Filter on source IP address show Lists hosts for which new connections are piped by...

Page 45: ...rface Usage igmp Prints the current IGMP state igmp state Interface Prints the current IGMP state If an interface is specified more details are provided igmp query Interface MC address router address...

Page 46: ...ress all Forcibly free IP assigned to subsystem ippool show verbose max n Show IP pool information Options all Free all IP addresses max n Limit list to n entries Default 10 release Forcibly free IP a...

Page 47: ...d statistics for the configured LDAP databases Usage ldap List all LDAP databases ldap list List all LDAP databases ldap show LDAP Server Show LDAP database status and statistics ldap reset LDAP Serve...

Page 48: ...itor hosts have been configured linkmon will monitor host reachability to detect link NIC problems Usage linkmon 2 2 33 logout Logout user Description Logout current user Usage logout 2 2 34 memory Sh...

Page 49: ...Translated IP pool name NAT Pool name 2 2 36 nd Show Neighbor Discovery entries for given interface Description List the Neighbor Discovery cache entries of specified interfaces If no interface is giv...

Page 50: ...ttern Show only hardware addresses matching pattern ip pattern Show only IP addresses matching pattern num n Show only the first n entries per interface Default 20 query ip Send Neighbor Solicitation...

Page 51: ...twork objects Description Displays named network objects and their contents Example 2 10 List network objects which have names containing net netobjects net Usage netobjects String num num Options num...

Page 52: ...ing Write the captured packets to disk pcapdump wipe Remove all captured packets from memory pcapdump cleanup Remove all captured packets release capture mode and delete all written capture files from...

Page 53: ...memory default 512kb snaplen value Maximum length of each packet to capture srcport 0 65535 Source TCP UDP port filter start Start capture status Show capture status stop Stop capture tcp TCP filter...

Page 54: ...palg Show PPTP ALG information Description Shows information and statistics of the PPTP ALGs Usage pptpalg Show all configured PPTP ALGs pptpalg sessions PPTP ALG verbose num Integer List all PPTP ses...

Page 55: ...ys Description List the currently monitored interfaces and or gateways Usage routemon 2 2 44 routes Display routing lists Description Display information about the routing table s Contents of a named...

Page 56: ...erbose Options all Also show routes for interface addresses flushl3cache Flush Layer 3 Cache lookup ip address Lookup the route for the given IP address nonhost Do not show single host routes num n Li...

Page 57: ...t lower throughput result In the field Drop Fail the Drop column contains the number of packets that were dropped before ever reaching the crypto accelerator and the Fail column contains the number of...

Page 58: ...a ping test over the interfaces selftest throughput interfaces Interface Run a throughput test over the interfaces selftest traffic interfaces Interface Run a traffic test over the interfaces selftest...

Page 59: ...mes to execute the test Default 1 ping Run a ping test over the interfaces size Integer Size of media space to utilize in the test Set in MB Default 1 throughput Run a throughput test over the interfa...

Page 60: ...meout Usage sessionmanager Show Session Manager status sessionmanager status Show Session Manager status sessionmanager list num n List active sessions sessionmanager info session name database Show i...

Page 61: ...ess message text Message to send session name Name of session LOCAL SSH HTTP HTTPS Session type 2 2 49 settings Show settings Description Show the contents of the settings section category by category...

Page 62: ...ns SIP registration and call information The flags option with snoop allows any combination of the following values 0x00000001 GENERAL 0x00000002 ERRORS 0x00000004 OPTIONS 0x00000008 PARSE 0x00000010...

Page 63: ...ipalg registration SHOW FLUSH alg Show or flush current registration table sipalg calls alg Show active calls table sipalg session alg Show active SIP sessions sipalg connection alg Show SIP connectio...

Page 64: ...IP counters Default show alg SIP ALG name ipaddr IP Address to snoop 2 2 52 sshserver SSH Server Description Show SSH Server status or start stop restart SSH Server Usage sshserver Show server status...

Page 65: ...nd call information Usage sslvpn 2 2 54 stats Display various general firewall statistics Description Display general information about the firewall such as uptime CPU load resource consumption and ot...

Page 66: ...onize time with timeserver s specified in settings Options force Force synchronization regardless of the MaxAdjust setting set Set system local time YYYY MM DD HH MM SS sync Synchronize time with time...

Page 67: ...an update Usage updatecenter update ANTIVIRUS IDP ALL Initiate an update check of the specified database updatecenter removedb ANTIVIRUS IDP Remove the specified signature database updatecenter statu...

Page 68: ...all authenticated users userauth list num n List all authenticated users userauth privilege List all known privileges usernames and groups userauth user user ip Show all information for user s with t...

Page 69: ...d Virtual LAN Interfaces or in depth information about a specified VLAN Usage vlan List attached VLANs vlan Interface Display VLANs connected to physical iface iface Options Interface Display VLAN inf...

Page 70: ...p address pbr table count 1 10 length 4 8192 port 0 65535 udp tcp tos 0 255 verbose Options count 1 10 Number of packets to send Default 1 length 4 8192 Packet size Default 4 pbr table Route using PBR...

Page 71: ...types The fastest way to get help is to simply type help followed by the topic that you want help with A topic can be for example a command name e g set or the name of a configuration object type e g...

Page 72: ...ts device data accessible by SCP Description Lists device data which are available through SCP Example 2 18 Transfer script files to and from the device Upload scp myscript user sgw ip script myscript...

Page 73: ...delete script files Script files are transfered to and from the device by the SCP protocol On the device they are stored in the script folder Example 2 22 Execute script script sgs add IP4Address Nam...

Page 74: ...ce Force script execution name Name Name of script quiet Quiet script execution remove Remove script show Show script in console window store Store a script to persistent storage verbose Verbose mode...

Page 75: ...2 4 5 script Chapter 2 Command Reference 75...

Page 76: ...Pool page 99 DateTime page 100 Device page 101 DHCPRelay page 102 DHCPServer page 103 DNS page 105 Driver page 106 EthernetDevice page 110 HighAvailability page 111 HTTPALGBanners page 112 HTTPAuthBan...

Page 77: ...cingInstance page 159 RouteBalancingSpilloverSettings page 160 RoutingRule page 161 RoutingTable page 162 ScheduleProfile page 166 Service page 167 Settings page 171 SSHClientKey page 190 UpdateCenter...

Page 78: ...ied out LogEnabled Enable logging Default Yes LogSeverity Specifies with what severity log events will be sent to the specified log receivers Default Default Comments Text describing the current objec...

Page 79: ...a specific IP6 host network or range Properties Name Specifies a symbolic name for the network object Identifier Address IPv6 address e g 1 2 3 4 1234 5678 9abc def0 1234 5678 9abc def0 1 2 32 or 1 2...

Page 80: ...lic name for the network object Identifier Members Group members Comments Text describing the current object Optional 3 2 1 5 IP4HAAddress Description Use an IP4 HA Address item to define a name for a...

Page 81: ...ional NoDefinedCredentials If this property is enabled the object requires user authentication but has no credentials user names or groups defined This means that the object only re quires that a user...

Page 82: ...1 3 EthernetAddress 3 2 3 EthernetAddressGroup The definitions here are the same as in Section 3 2 1 4 EthernetAddressGroup 3 2 4 IP4Address The definitions here are the same as in Section 3 2 1 7 IP...

Page 83: ...M For example 13 30 EndTime End Time of occurence in the format HH MM For example 14 15 Occurrence Specify type of occurrence Default Weekly Weekly Specifies days in week the schedule occurrence shoul...

Page 84: ...umber of commands per second Default 20 Allow8BitStrings Allow 8 bit strings in control channel Default Yes AllowResumeTransfer Allow RESUME even in case of content scanning Default No Antivirus Disab...

Page 85: ...T 120 Default Yes MaxTCPDataChannels Maximum number of TCP data channels per call Default 10 TranslateAddresses Automatic or Specific Default Automatic TranslateLogicalChannelAddresses Translate logi...

Page 86: ...Action a value of zero will disable all compression checks Default 20 CompressionRatioAction The action to take when high compression threshold is violated all actions are logged Default Drop AllowEnc...

Page 87: ...not exist Default No AllowUnknownCommands Allow unknown commands Default No FileListType Specifies if the file list contains files to allow or deny Default Block FailModeBehavior Standard behaviour on...

Page 88: ...traffic in the PPTP tunnel Default 0 Comments Text describing the current object Optional 3 4 6 ALG_SIP Description Use a SIP ALG to manage SIP based multimedia sessions Properties Name Specifies a s...

Page 89: ...llowed email size in kB Optional FileListType Specifies if the file list contains files to allow or deny Default Block FailModeBehavior Standard behaviour on error Allow or Deny Default Deny File List...

Page 90: ...rerouted to AppendTXT Use TXT records will only be used if reaching the drop threshold Default No CacheSize Size of the IP Cache of checked sender IP addresses Default 0 CacheTimeout Timeout in second...

Page 91: ...packet Default No AllowUnknownOptions Allow unknown options in request packet Default No MaxBlocksize Max value for the blksize option Optional MaxFileTransferSize Max size for transferred file Optio...

Page 92: ...nterface the address shall be published on IP The IP address to be published or statically bound to a hardware address MACAddress The hardware address associated with the IP address Default 00 00 00 0...

Page 93: ...ervice Specifies the service that will be whitelisted Schedule The schedule when the whitelist should be active Optional Comments Text describing the current object Optional Note If no Index is specif...

Page 94: ...symbolic name for the certificate Identifier Type Local Remote or Request CertificateData Certificate data PrivateKey Private key NoCRLs Disable CRLs Certificate Revocation Lists Default No PKAType En...

Page 95: ...the length of the list 3 8 2 DynDnsClientDLink Description Configure the parameters used to connect to the D Link DynDNS service Properties DNSName The DNS name excluding the dlinkddns com suffix User...

Page 96: ...DNS name excluding the dyndns org suffix Username Username Password The password for the specified username Optional Comments Text describing the current object Optional Note If no Index is specified...

Page 97: ...object Optional Note If no Index is specified when creating an instance of this type the object will be placed last in the list and the Index will be equal to the length of the list 3 8 7 LoginClient...

Page 98: ...ties Port Port Identifier BitsPerSecond Bits per second Default 9600 DataBits Data bits Default 8 Parity Parity Default None StopBits Stop bits Default 1 FlowControl Flow control Default None Comments...

Page 99: ...mask Specifies the netmask to assign to VPN clients DNS Specifies the IP address of a DNS server that a VPN client should be able to connect to Optional NBNSIP Specifies the IP address of a NBNS WINS...

Page 100: ...ype of server for time synchronization UDPTime or SNTP Simple Network Time Protocol Default SNTP TimeSyncServer1 DNS hostname or IP Address of Timeserver 1 TimeSyncServer2 DNS hostname or IP Address o...

Page 101: ...the current configuration was committed Default BaseConfiguration ConfigIP IP address of the user who committed the current configuration Optional ConfigDate Date when the current configuration was co...

Page 102: ...the routing table the clients host route should be added to Default main MaxRelaysPerInterface Specifies how many relays are allowed per interface that means how many DHCP clients are allowed to be re...

Page 103: ...r use as default gateway If unspecified or if 0 0 0 0 is spe cified the IP given to the client will be sent as gate way Optional Domain Domain name used for DNS resolution Optional LeaseTime The time...

Page 104: ...Text describing the current object Optional Note If no Index is specified when creating an instance of this type the object will be placed last in the list and the Index will be equal to the length of...

Page 105: ...erver2 IP of the secondary DNS Server Optional DNSServer3 IP of the tertiary DNS Server Optional Comments Text describing the current object Optional Note This object type does not have an identifier...

Page 106: ...percentage Default 20 TxErrorPercentage Tx error percentage Default 7 ErrorTime Error time Default 10 Comments Text describing the current object Optional Note This object type does not have an identi...

Page 107: ...daptor Properties Comments Text describing the current object Optional Note This object type does not have an identifier and is identified by the name of the type only There can only be one instance o...

Page 108: ...the current object Optional Note This object type does not have an identifier and is identified by the name of the type only There can only be one instance of this type 3 16 8 R8169EthernetPCIDriver D...

Page 109: ...ts Text describing the current object Optional Note This object type does not have an identifier and is identified by the name of the type only There can only be one instance of this type 3 16 9 Switc...

Page 110: ...rnet adapter PCIPort Some Ethernet adapters have multiple ports that share the same bus and slot number This parameter specifies what port to be used Media Specifies if the link speed should be auto n...

Page 111: ...packets to send in a burst Default 20 HAInitialSilence The number of seconds to stay silent on startup or after reconfiguration Default 5 UseUniqueSharedMac Use a unique shared mac address for each i...

Page 112: ...rbidden HTML for the CompressionForbidden html web page ContentForbidden HTML for the ContentForbidden html web page URLForbidden HTML for the URLForbidden html web page RestrictedSiteNotice HTML for...

Page 113: ...ge LoginAlreadyDone HTML for the LoginAlreadyDone html web page LoginChallenge HTML for the LoginChallenge html web page LoginChallengeTimeout HTML for the LoginChallenge html Timeout web page LogoutS...

Page 114: ...in seconds until the URL is refetched Default 1200 AlwaysRepost Respost on each reconfiguration Default No PostValues HTTP POST the values Default No Comments Text describing the current object Optio...

Page 115: ...MinLimit Lower limit Optional MaxLimit Upper limit Optional EnableMonitoring Enable disable monitoring Default No Comments Text describing the current object Optional Note If no Index is specified whe...

Page 116: ...Identifier Type IP DNS E Mail or Distinguished name IP IP address Hostname Host name CommonName Common name of the owner of the certificate Optional OrganizationName Organization name of the owner of...

Page 117: ...a service that will be used as a filter para meter when matching traffic with this rule Schedule By adding a schedule to a rule the security gateway will only allow that rule to trigger at those desi...

Page 118: ...Specifies the bandwidth limit in kbps for hosts triggered by this action PipeNetwork Traffic shaping will only apply to hosts that are within this network Default 0 0 PipeNewConnections Enable piping...

Page 119: ...ed packet MulticastSource Specifies the multicast source to be compared to the received packet RelayInterface Specifies the interface via which to relay IGMP mes sages TranslateMGroup Translate the mu...

Page 120: ...o Index is specified when creating an instance of this type the object will be placed last in the list and the Index will be equal to the length of the list 3 25 IGMPRule Chapter 3 Configuration Refer...

Page 121: ...eryResponseInterval The maximum time until a host client has to send an answer to a query Default 10000 LastMemberQueryInterval The maximum time until a host client has to send an answer to a group an...

Page 122: ...ze Specifies the Blowfish preferred key size in bits Default 128 BlowfishMaxKeySize Specifies the maximum Blowfish key size in bits Default 448 TwofishMinKeySize Specifies the minimum Twofish key size...

Page 123: ...dress of the interface Network The network of the interface DefaultGateway The default gateway of the interface Optional Broadcast The broadcast address of the connected network Optional EnableIPv6 TO...

Page 124: ...MulticastTraffic Sets the multicast receive mode of the interface Default Auto VLanQoSInherit Set whether VLANs using the interface should in herit the IP QoS bits Default No EnableRouterAdvertisement...

Page 125: ...ties Name Specifies a symbolic name for the interface Identifier Equivalent Specifies if the interfaces should be considered se curity equivalent that means that if enabled the in terface group can be...

Page 126: ...s The lifetime of the IPsec connection in kilobytes Default 0 EncapsulationMode Specifies if the IPsec tunnel should use Tunnel or Transport mode Default Tunnel AuthMethod Certificate or Pre shared ke...

Page 127: ...ive ICMP pings Metric Specifies the metric for the auto created route Default 90 AutoInterfaceNetworkRoute Automatically add a route for this interface using the given remote network Default Yes Comme...

Page 128: ...PPAuthMSCHAPv2 Use MS CHAP v2 authentication protocol for this tunnel Default Yes MPPENone Allow authentication without Microsoft Point to Point Encryption MPPE Default Yes MPPERC440 Use an RC4 40 bit...

Page 129: ...be listening on ServerIP Specifies the IP that the PPTP L2TP server should listen on this can be an IP of a interface or for ex ample an ARP published IP UseUserAuth Enable the use of user authentica...

Page 130: ...e way should publish routes via Proxy ARP Optional Comments Text describing the current object Optional 3 28 8 PPPoETunnel Description A PPPoE interface is a PPP point to point protocol tunnel over an...

Page 131: ...t Idle timeout in seconds for dial on demand Default 3600 Metric Specifies the metric for the auto created route Default 90 AutoInterfaceNetworkRoute Automatically add a route for this interface using...

Page 132: ...which the security gate way should publish routes via Proxy ARP Optional Comments Text describing the current object Optional 3 28 10 VLAN Description Use a VLAN to define a virtual interface compatib...

Page 133: ...ode which means that a switch route is added automatically for this virtual LAN in terface Default No AutoInterfaceNetworkRoute Automatically add a route for this virtual LAN inter face using the give...

Page 134: ...ce Which interface to use when communicating with the DHCP server Optional PrefetchLeases Specifies the number of leases an IP Pool will keep prefetched Default 3 MaxFree Maximum number of free addres...

Page 135: ...a filter para meter when matching traffic with this rule Schedule By adding a schedule to a rule the security gateway will only allow that rule to trigger at those desig nated times Optional NATActio...

Page 136: ...specified log receivers Default Default Comments Text describing the current object Optional Note If no Index is specified when creating an instance of this type the object will be placed last in the...

Page 137: ...Identifier Name Specifies the name of the folder Comments Text describing the current object Optional Note If no Index is specified when creating an instance of this type the object will be placed la...

Page 138: ...mum Blowfish key size in bits Default 128 BlowfishKeySize Specifies the Blowfish preferred key size in bits Default 128 BlowfishMaxKeySize Specifies the maximum Blowfish key size in bits Default 448 T...

Page 139: ...Comments Text describing the current object Optional 3 32 IPsecAlgorithms Chapter 3 Configuration Reference 139...

Page 140: ...ault uid PassAttr Specifies a password attribute in LDAP database Optional GroupsAttr Specifies the group membership attribute used in the LDAP database Default memberOf GetGroups Retrieve group membe...

Page 141: ...e to use when accessing the LDAP server Optional Password Specifies the password to use when accessing the LDAP server Optional Port Specifies the LDAP service port number Default 389 Comments Text de...

Page 142: ...to Default 7 PingInterval Milliseconds between each monitor attempt Default 250 InitGracePeriod Do not allow triggering of the link monitor for this number of seconds after the last reconfiguration De...

Page 143: ...etc Properties Name Specifies the username to add into the user database Identifier Password The password for this user Groups Specifies the user groups that this user is a member of e g Administrato...

Page 144: ...o Comments Text describing the current object Optional 3 37 1 1 LogReceiverMessageException Description A log message exception is used to override the severity filter in the log receiver Properties L...

Page 145: ...escription An SMTP event receiver is used for receiving emails for IDP events Properties Name Specifies a symbolic name for the log receiver Identifier IPAddress The IP address of the SMTP server Port...

Page 146: ...the standard Syslog format Properties Name Specifies a symbolic name for the log receiver Identifier IPAddress Specifies the IP address of the log receiver Port Specifies the port number of the log s...

Page 147: ...e IP Pool IPRange Specifies the range of IP addresses used for NAT translation StateKeepAlive The number of seconds that stateful NAT state will be kept in absence of new connections Default 120 MaxSt...

Page 148: ...recedence 1 Optional LimitKbps2 Specifies the bandwidth limit in kbps for precedence 2 Optional LimitPPS2 Specifies the packet per second limit for precedence 2 Optional LimitKbps3 Specifies the bandw...

Page 149: ...mit per group in kbps for precedence 3 Optional UserLimitPPS3 Specifies the throughput limit per group in PPS for precedence 3 Optional UserLimitKbps4 Specifies the bandwidth limit per group in kbps f...

Page 150: ...Specifies the default precedence for the pipe If a packet enters this pipe without a set precedence it gets assigned this value Should be higher than or equal to the minimum precedence Default 0 Prece...

Page 151: ...estination IP of the received packet Service Specifies a service that will be used as a filter para meter when matching traffic with this rule Schedule By adding a schedule to a rule the security gate...

Page 152: ...involved Properties Name Specifies a symbolic name for the pre shared key Identifier Type Specifies the type of the shared key PSKAscii Specifies the PSK as a passphrase PSKHex Specifies the PSK as a...

Page 153: ...1813 RetryTimeout The retry timeout in seconds used when trying to contact the RADIUS accounting server If no re sponse has been given after for example 2 seconds the security gateway will try again b...

Page 154: ...ult 1812 RetryTimeout The retry timeout in seconds used when trying to contact the RADIUS accounting server If no re sponse has been given after for example 2 seconds the security gateway will try aga...

Page 155: ...SKHex Specifies the PSK as a hexadecimal key IDType Selects the type of remote identity to use IDValue Specify the remote identity of the tunnel ID Comments Text describing the current object Optional...

Page 156: ...a HTTP Default No HTTPS Enable remote management via HTTPS Default No Network Specifies the network for which remote access is granted Comments Text describing the current object Optional 3 45 2 Remot...

Page 157: ...oup 1 key exchange al gorithm Default Yes AllowAES128 Allow AES 128 encryption algorithm Default Yes AllowAES192 Allow AES 192 encryption algorithm Default Yes AllowAES256 Allow AES 256 encryption alg...

Page 158: ...number of retires allowed before the session is closed Default 3 AccessLevel The access level to grant the user that logs in Default Admin LocalUserDatabase Specifies the local user database to use fo...

Page 159: ...ultiple routes to the same destination Properties RoutingTable Specify routingtable to deploy route load balancing in Identifier Algorithm Specify which algorithm to use when balancing the routes Defa...

Page 160: ...nder the threshold limit to trigger state change for the af fected routes Default 30 OutboundThreshold Outbound threshold limit Optional OutboundUnit The outbound units Default kbps InboundThreshold I...

Page 161: ...n of IP addresses to be compared to the destination IP of the received packet SourceInterface Specifies the name of the receiving interface to be compared to the received packet DestinationInterface S...

Page 162: ...s which interface packets destined for this route shall be sent through Gateway Specifies the IPv6 address of the next router hop used to reach the destination network If the network is directly conne...

Page 163: ...sender address in ARP queries If no address is specified the security gate way s interface IP address will be used Optional Network Specifies the network address for this route RouteMonitor Specifies...

Page 164: ...and a monitoring method Properties Method Monitoring method Default ICMP IPAddress Specifies the IP address of the host to monitor Port Specifies the TCP port to monitor PollingInterval Delay in milli...

Page 165: ...or this route shall be sent through Network Specifies the network address for this route Metric Specifies the metric for this route Default 0 ProxyARPAllInterfaces Always select all interfaces includi...

Page 166: ...ive on Wednesdays Optional Thu Specifies during which intervals the schedule profile is active on Thursdays Optional Fri Specifies during which intervals the schedule profile is active on Fridays Opti...

Page 167: ...ice Identifier MessageTypes Specifies the ICMP message types that are applic able to this service Default All EchoRequest Enable matching of Echo Request messages Default No EchoRequestCodes Specifies...

Page 168: ...G An Application Layer Gateway ALG capable of managing advanced protocols can be specified for this service Optional MaxSessions Specifies how many concurrent sessions that are per mitted using this s...

Page 169: ...eturn Enable passing an ICMP error message only if it is related to an existing connection using this service Default No ALG An Application Layer Gateway ALG capable of managing advanced protocols can...

Page 170: ...Type Specifies whether this service uses the TCP or UDP protocol or both Default TCP SourcePorts Specifies the source port or the port ranges applic able to this service Default 0 65535 SYNRelay Enab...

Page 171: ...AcceptLog StaticARPChanges ARP packets that would cause static entries to be changed Default DropLog ARPExpire Lifetime of an ARP entry in seconds Default 900 ARPExpireUnknown Lifetime of an unknown...

Page 172: ...citations before giving up address resolution Default 3 NDMaxUnicastSolicit Number of Neighbor Solicitations before giving up a zombie during dead peer detection Default 3 NDBaseReachableTime Multiple...

Page 173: ...CP connections being formed Default 60 ConnLife_TCP Connection idle lifetime for TCP Default 262144 ConnLife_TCP_FIN Connection idle lifetime for TCP connections being closed Default 80 ConnLife_UDP C...

Page 174: ...cy for saving the relay list to disk Default Re confShut AutoSaveRelayInterval Seconds between auto saving the relay list to disk Default 86400 Note This object type does not have an identifier and is...

Page 175: ...since first re ceived fragment Default 90 ReassDoneLinger How long to remember a completed reassembly watching for old dups Default 20 ReassIllegalLinger How long to remember an illegal reassembly wat...

Page 176: ...ing else it is megabyte Default Yes MemoryLogRepetition Should a log message be sent for each poll result that is in the Alert Critical or Warning level or should a log message only be sent when a new...

Page 177: ...number of seconds a CRL is considered valid 0 obey the next update field in the CRL Default 86400 IKEMaxCAPath Maximum number of CA certificates in a certificate path Default 15 IPsecCertCacheMaxCert...

Page 178: ...n too low unicast Hop Limit values Default DropLog HopLimitMinMulticast The minimum IP multicast Hop Limit value accep ted on receipt Default 3 HopLimitOnLowMulticast What action to take on too low mu...

Page 179: ...eceived packets with TTL 0 this should never happen Default Yes Log0000Src Log invalid 0 0 0 0 source address Default Drop Block0Net Block 0 source addresses Default DropLog Block127Net Block 127 sour...

Page 180: ...l Strip the DontFragment flag for packets of this size or smaller Default 65535 MulticastIPEnetOnMismatch What action to take when ethernet and IP multicast addresses do not match Default DropLog Note...

Page 181: ...ommunication Default 2000 MaxSKIPLen SKIP Simple Key management for IP VPN pro tocol Default 2000 MaxOSPFLen OSPF Open Shortest Path First routing protocol Default 1480 MaxIPIPLen IPIP FWZ Encapsulate...

Page 182: ...ttings Description Advanced log settings Properties LogSendPerSecLimit Limits how many log packets the security gateway may send out per second Default 2000 Note This object type does not have an iden...

Page 183: ...ault 2 IGMPQueryInterval The interval ms between general queries sent by the Security Gateway Default 125000 IGMPQueryResponseInterval The maximum time ms until a host client has to send an answer to...

Page 184: ...traffic to the security gateway regard less of configured IP Rules Default Yes HTTPSCertificate Specifies which certificate to use for HTTPS traffic Only RSA certificates are supported Optional SNMPBe...

Page 185: ...e Default 5 RouteFailOver_ConsecSuccess Number of consecutive success before route is marked as available Default 5 Transp_CAMToL3CDestLearning Do L3 Cache learning based on destination IPs and MACs i...

Page 186: ...C4_5 6_SHA1 Enable cipher TLS_RSA_EXPORT1024_WITH_RC4_56_SHA1 Default Yes TLS_RSA_EXPORT512_WITH_RC4_40 _MD5 Enable cipher TLS_RSA_EXPORT1024_WITH_RC4_40_MD5 Default No TLS_RSA_EXPORT512_WITH_RC2_40 _...

Page 187: ...everseOpens Log reverse connection attempts through an estab lished connection Default Yes LogStateViolations Log packets that violate stateful tracking rules for instance TCP connect sequences Defaul...

Page 188: ...G Force unused URG fields to zero prevents small in formation leak Default Yes TCPOPT_WSOPT The WSOPT Window Scale option common Default ValidateLogBad TCPOPT_SACK The SACK SACKPERMIT Selective ACK op...

Page 189: ...L TCP NULL packets without SYN ACK FIN or RST normally invalid used by scanners Default DropLog TCPSequenceNumbers Validation of TCP sequence numbers Default Val idateLogBad TCPAllowReopen Allow clien...

Page 190: ...Name Specifies a symbolic name for the key Identifier Type DSA or RSA Default DSA Subject Value of the Subject header tag of the public key file Optional PublicKey Specifies the public key Comments T...

Page 191: ...pecifies the day of month when the automatic up date is runs UpdateWeekday Specifies the day of week when the automatic update is runs Default mon Hourly Specififes the number of hours between periodi...

Page 192: ...ce RadiusServers Specifies the authentication servers that will be used to authenticate users matching this rule LDAPServers Specifies the authentication servers that will be used to authenticate user...

Page 193: ...entication serv er If no values are received the manually specified values will be used Default No MultipleUsernameLogins Specifies how multiple username logins will be handled Default AllowMultiple R...

Page 194: ...ith what severity log events will be sent to the specified log receivers Default Default Comments Text describing the current object Optional Note If no Index is specified when creating an instance of...

Page 195: ...3 55 UserAuthRule Chapter 3 Configuration Reference 195...

Page 196: ...lg 42 httpposter 43 hwm 43 I idppipes 44 ifstat 44 igmp 45 ippool 46 L languagefiles 46 ldap 47 license 47 linkmon 48 logout 48 ls 72 M memory 48 N natpool 49 nd 49 ndsnoop 50 netobjects 51 P pcapdump...

Page 197: ...106 Ethernet 123 EthernetAddress 80 82 EthernetAddressGroup 80 82 EthernetDevice 110 EventReceiverSNMP2c 144 F FragSettings 174 G GRETunnel 124 H HighAvailability 111 HTTPALGBanners 112 HTTPAuthBanner...

Page 198: ...Settings 184 RemoteMgmtSNMP 156 RemoteMgmtSSH 157 Route 163 Route6 162 RouteBalancingInstance 159 RouteBalancingSpilloverSettings 160 RoutingRule 161 RoutingSettings 185 RoutingTable 162 S SchedulePro...

Reviews:

No comments

Related manuals for NetDefend DFL-260E

D-Link NetDefend DFL-CP310 User Manual preview
NetDefend DFL-CP310
Brand: D-Link Pages: 485
D-Link NetDefend DFL-260E Log Reference Manual preview
NetDefend DFL-260E
Brand: D-Link Pages: 652
D-Link NetDefend DFL-260E Datasheet preview
NetDefend DFL-260E
Brand: D-Link Pages: 6
D-Link DFL-500 Quick Install Manual preview
DFL-500
Brand: D-Link Pages: 8
D-Link DFL-800 - Security Appliance Quick Manual preview
DFL-800 - Security Appliance
Brand: D-Link Pages: 20
D-Link DFL-300 - Security Appliance Quick Install Manual preview
DFL-300 - Security Appliance
Brand: D-Link Pages: 12
D-Link DFL-1600 - Security Appliance Quick Manual preview
DFL-1600 - Security Appliance
Brand: D-Link Pages: 22
D-Link NetDefend SOHO DFL-160 User Manual preview
NetDefend SOHO DFL-160
Brand: D-Link Pages: 130
D-Link DFL-700 - Security Appliance Manual preview
DFL-700 - Security Appliance
Brand: D-Link Pages: 141
D-Link DFL-210 - NetDefend - Security Appliance Cli Reference Manual preview
DFL-210 - NetDefend - Security Appliance
Brand: D-Link Pages: 213
D-Link DFL-210 - NetDefend - Security Appliance User Manual preview
DFL-210 - NetDefend - Security Appliance
Brand: D-Link Pages: 469
D-Link DFL-1000 Quick Install Manual preview
DFL-1000
Brand: D-Link Pages: 6
Barracuda F100 Quick Start Manual preview
F100
Brand: Barracuda Pages: 4
3Com 3C16792 - OfficeConnect Dual Speed Switch 16 Datasheet preview
3C16792 - OfficeConnect Dual Speed Switch 16
Brand: 3Com Pages: 2
3Com 3C16772 - OfficeConnect Web Site Filter Datasheet preview
3C16772 - OfficeConnect Web Site Filter
Brand: 3Com Pages: 4
Abocom BM200 Specification Sheet preview
BM200
Brand: Abocom Pages: 3
Watchguard SOHO Quick Start Manual preview
SOHO
Brand: Watchguard Pages: 2
H3C H3C SecPath F1800-A Installation Manual preview
H3C SecPath F1800-A
Brand: H3C Pages: 13

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Load more brands