manualshive.com logo in svg

D-Link NetDefend DFL-CP310, User Manual

The D-Link NetDefend DFL-CP310 is a powerful network security appliance designed to protect your business from digital threats. Access its advanced features effortlessly with the comprehensive "Cli Reference Manual". Download the manual for free at manualshive.com and harness the full potential of this exceptional product.

Share
Download
background image

 

D-Link NetDefend firewall 

Security VPN Firewall 

NetDefend secured by Check Point 

User Guide 

Version 1.0 
Revised: 01/17/2006 

 

 

 

Summary of Contents for NetDefend DFL-CP310

Page 1: ...D Link NetDefend firewall Security VPN Firewall NetDefend secured by Check Point User Guide Version 1 0 Revised 01 17 2006...

Page 2: ...he software and 2 offer you this license which gives you legal permission to copy distribute and or modify the software Also for each author s protection and ours we want to make certain that everyone...

Page 3: ...alent access to copy the source code from the same place counts as distribution of the source code even though third parties are not compelled to copy the source along with the object code 4 You may n...

Page 4: ...TY PRECAUTIONS Carefully read the Safety Instructions the Installation and Operating Procedures provided in this User s Guide before attempting to install or operate the appliance Failure to follow th...

Page 5: ...l Security Services 5 Power Pack Features 5 Package Contents 6 Network Requirements 7 Getting to Know Your NetDefend firewall 8 Rear Panel 8 Front Panel 10 Getting to Know Your NetDefend firewall 11 R...

Page 6: ...tDefend Portal 46 Main Menu 47 Main Frame 48 Status Bar 48 Logging off 51 Configuring the Internet Connection 53 Overview 53 Using the Internet Wizard 54 Using a Direct LAN Connection 56 Using a Cable...

Page 7: ...twork 93 Configuring Network Settings 93 Configuring a DHCP Server 94 Changing IP Addresses 105 Enabling Disabling Hide NAT 107 Configuring a DMZ Network 108 Configuring the OfficeMode Network 110 Con...

Page 8: ...161 Overview 161 About the Wireless Hardware in Your NetDefend firewall 162 Wireless Security Protocols 163 Manually Configuring a WLAN 165 Using the Wireless Configuration Wizard 176 WPA PSK 178 WEP...

Page 9: ...eleting Rules 219 Using SmartDefense 220 Configuring SmartDefense 221 SmartDefense Categories 224 Using Secure HotSpot 256 Setting Up Secure HotSpot 257 Enabling Disabling Secure HotSpot 258 Customizi...

Page 10: ...tomatic and Manual Updates 294 Checking for Software Updates when Remotely Managed 294 Checking for Software Updates when Locally Managed 295 Working With VPNs 297 Overview 297 Site to Site VPNs 298 R...

Page 11: ...Traces for VPN Connections 356 Managing Users 359 Changing Your Password 359 Adding and Editing Users 361 Adding Quick Guest HotSpot Users 365 Viewing and Deleting Users 367 Setting Up Remote VPN Acc...

Page 12: ...ion 415 Importing the NetDefend firewall Configuration 416 Resetting the NetDefend firewall to Defaults 418 Running Diagnostics 421 Rebooting the NetDefend firewall 422 Using Network Printers 423 Over...

Page 13: ...Problems 443 Specifications 445 Technical Specifications 445 CE Declaration of Conformity 449 Federal Communications Commission Radio Frequency Interference Statement 451 Glossary of Terms 453 Index 4...

Page 14: ......

Page 15: ...t and preceded by the Note icon Each task is marked with an ic Warning Warnings are denoted by indented text and preceded by the Warning icon on indicating the NetDefend product required to perform th...

Page 16: ......

Page 17: ...rnet the NetDefend Secured by Check Point Product Family includes both wired and wireless models The D Link firewall based on the world leading Check Point Embedded NGX Stateful Inspection technology...

Page 18: ...sed users by installing node upgrades Contact your reseller for more details NetDefend Features and Compatibility Connectivity The NetDefend series includes the following features LAN ports 4 ports 10...

Page 19: ...ditional features Wireless LAN interface with dual diversity antennas supporting up to 108 Mbps Super G and Extended Range XR Integrated USB print server Wireless QoS WMM Firewall The NetDefend series...

Page 20: ...SHA1 MD5 Hardware Based Secure RNG Random Number Generator IPSec NAT traversal NAT T Route based VPN Backup VPN gateways Management The NetDefend series includes the following features Management via...

Page 21: ...tion VStream Embedded Antivirus Updates VPN Management Security Reporting Vulnerability Scanning Service Power Pack Features The table below describes the differences between the standard DFL CP310 an...

Page 22: ...Site VPN Managed 10 tunnels 100 tunnels Included VPN 1 SecuRemote client Licenses 5 users 25 users When managed by SofaWare Security Management Portal SMP Package Contents The NetDefend series packag...

Page 23: ...orer 5 0 or higher or Netscape Navigator 4 7 and higher CAT 5 STP Category 5 Shielded Twisted Pair Straight Through Ethernet cable for each attached device Note The NetDefend firewall automatically de...

Page 24: ...your NetDefend firewall Figure 1 NetDefend firewall Rear Panel Items Figure 2 NetDefend firewall Rear Panel Items The following table lists the NetDefend firewall s rear panel elements Table 1 NetDefe...

Page 25: ...have to re configure your NetDefend firewall Do not reset the unit without consulting your system administrator RS 232 Serial A serial port used for connecting computers in order to access the NetDef...

Page 26: ...atus LEDs see the table below Table 2 NetDefend firewall Status LEDs LED State Explanation PWR SEC Off Power off Flashing quickly Green System boot up Flashing slowly Green Establishing Internet conne...

Page 27: ...our NetDefend firewall R to the NetDefend firewall are made via the rear panel of your NetDefend firewall ear Panel All physical connections network and power Figure 4 NetDefend firewall Rear Panel It...

Page 28: ...onsulting your system administrator USB Two USB 2 0 ports used for connecting USB based printers RS232 A serial RS 232 port used for connecting computers in order to access the NetDefend CLI Command L...

Page 29: ...LEDs see the table below Table 4 NetDefend firewall Status LEDs LED State Explanation PWR SEC Off Power off Flashing quickly Green System boot up Flashing slowly Green Establishing Internet connection...

Page 30: ...eceived VPN Flashing Green VPN port in use Serial Flashing Green Serial port in use USB Flashing Green USB port in use WLAN Flashing Green WLAN in use Contacting Technical Support If there is a proble...

Page 31: ...tion 35 Setting Up the NetDefend firewall 36 Before You Install the NetDefend firewall Prior to connecting and setting up your NetDefend firewall for operation you must do the following Check if TCP I...

Page 32: ...it is recommended to disable it if you are using a NetDefend firewall since the NetDefend firewall offers better protection Checking the TCP IP Installation 1 Click Start Settings Control Panel The Co...

Page 33: ...ll the NetDefend firewall The Network and Dial up Connections window appears 3 Right click the icon and select Properties from the pop up menu that opens Chapter 2 Installing and Setting up the NetDef...

Page 34: ...n the components list and if it is properly configured with the Ethernet card installed on your computer If ou must install it as described in In the above window check if TCP IP appears i TCP IP doe...

Page 35: ...rties window click Install The Select Network Component Type window appears 2 Choose Protocol and click Add The Select Network Protocol window appears 3 Choose Internet Protocol TCP IP and click OK TC...

Page 36: ...PC but rather to obtain an IP address automatically If for some reason you need to assign a static IP address select Specify an IP address type in an IP address in the range of 192 168 10 129 254 ent...

Page 37: ...efend firewall Win Checking the TCP IP Installation 1 Click Start Settings Control Panel The Control Panel window appears dows 98 Millennium 2 Double click the icon Chapter 2 Installing and Setting up...

Page 38: ...y configured with th appears in the network components list e Ethernet card installed on your computer Installing TCP IP Protocol Note If TCP IP is already installed and configured on your co section...

Page 39: ...ol window appears 3 In Manufacturers list choose Microsoft and in the Network Protocols list choose TCP IP 4 Click OK If Windows asks for original Windows installation files provide the installation C...

Page 40: ...g LAN consult your network manager for the correct configurations 1 In the Network window double click the TCP IP service for the Ethernet card which has been installed on your computer e g The TCP IP...

Page 41: ...Before You Install the NetDefend firewall 3 Click the DNS Configuration tab and click the Disable DNS radio button Chapter 2 Installing and Setting up the NetDefend firewall 25...

Page 42: ...ss type in an IP address in the range of 192 168 10 129 254 enter 255 255 255 0 in the Subnet Mask field and click OK to save the new settings Note that 192 168 10 is the default value and it may vary...

Page 43: ...ol Panels TCP IP The TCP IP window appears 2 Click the Connect via drop down list and select Ethernet 3 Click the Configure drop down list and select Using DHCP Server 4 Close the window and save the...

Page 44: ...irewall Mac OS X Use the following procedure for setting up the TCP IP Protocol 1 Choose Apple System Preferences The System Preferences window appears 2 Click Network The Network window appears 28 D...

Page 45: ...Before You Install the NetDefend firewall 3 Click Configure Chapter 2 Installing and Setting up the NetDefend firewall 29...

Page 46: ...Apply Now ounting the Appliance If desired you can mount your NetDefend firewall on the wall To mount the NetDefend firewall on the wall 1 Decide where you want to mount your NetDefend firewall 2 Dec...

Page 47: ...wo plastic conical anchors into the holes Note The conical anchors you received with your NetDefend firewall are suitable for concrete walls If you want to mount the appliance on a plaster wall you mu...

Page 48: ...ainst Theft The NetDefend firewall f ht panel which enables you to secure your appliance against theft using an anti theft security device eatures a security slot to the rear of the rig Note Anti thef...

Page 49: ...y cable to the appliance s security slot To install an anti theft device on the NetDefend firewall 1 If your anti theft device has a combination lock set the desired code as that came with your device...

Page 50: ...then slide the bolt to the Closed position until the bolt holes are aligned 5 Thread the anti theft device s pin through the bolt s holes and insert the pin into the main body of the anti theft devic...

Page 51: ...of the unit Connect the other end to PCs hubs or other network device Connect the WAN cable Connect one end of the Ethernet cable to the WAN port at the unit office network 4 Connect the power adapter...

Page 52: ...ties Failure to observe this warning may cause damage to the appliance and void the warranty For information on setting up network printers see Setting up Network Printers on S tting page 424 e Up the...

Page 53: ...liance on page 397 Setting up a wireless network DFL CPG310 only Configuring a Wireless Network on page 161 Installing the Product Key Upgrading Your Software Product on page 379 Registering your NetD...

Page 54: ...ss the Setup Wizard ab The Firmware page appears 1 Click Setup in the main menu and click the Firmware t 2 Click end Setup Wizard NetDef The NetDefend Setup Wizard opens with the Welcome page displaye...

Page 55: ...to the NetDefend Portal 39 Logging on to the NetDefend Portal 42 Accessing the NetDefend Portal Remotely Using HTTPS 44 Using the NetDefend Portal 46 Logging off 51 Initial Login to the NetDefend Port...

Page 56: ...assword both in the Password and the Confirm Password fields 2 Note The password must be five to 25 characters letters or numbers Note You can change your password at any time For further information...

Page 57: ...two Internet connections To use Internet Setup click Cancel and refer to Using Internet Setup on page 63 our Internet connection using one of the following ways Wizard Th rnet Wizard is the first part...

Page 58: ...ule to allow access from the WLAN See Using Rules on page 209 O Enable HTTPS access from the Internet See Configuring HTTPS on pag To log on to the NetDefend Portal 1 Do one of the Browse to Or o log...

Page 59: ...Logging on to the NetDefend Portal The login page appears 2 Type your username and password 3 Click OK Chapter 3 Getting Started 43...

Page 60: ...eb server It is used to transfer confidential user information If desired you can also use HTTPS to access the NetDefend Portal from your internal network Note In order to access the NetDefend Portal...

Page 61: ...the certificate in the NetDefend firewall is not yet known to the browser so the Security Alert dialog box appears To avoid seeing this dialog box again install the certificate of the destination NetD...

Page 62: ...ch enables yo manage and The NetDefend Portal consists of t able 5 NetDefend Portal Elem ent Description Main menu Used for navigating between the various topics such as Reports Security and Setup Mai...

Page 63: ...mation R active computers and established connections Securit y computer in Antivirus Services eports Provides reporting capabilities in terms of event logging traffic monitoring y Provides controls a...

Page 64: ...o log off of the NetDefend Portal sers Allows you to manage NetDefend users PN Allows you to manage configure and log on to VPN sites Provides conte gout Al ain Frame ain and tab you s are using The d...

Page 65: ...nternet connectivity Not Connected The Internet connection is down Establishing Connection The NetDefend firewall is connecting to the Internet Contacting Gateway The NetDefend firewall is trying to c...

Page 66: ...s Web Filtering and Email Antivirus Your subscription services status may be one of the following Not Subscribed You are not subscribed to security services Connection Failed The NetDefend firewall fa...

Page 67: ...the NetDefend Portal will require re entering of the administration ssword log off of the NetDefend Porta Do one of the following If you are connected through HTTP click Logout in the main menu The I...

Page 68: ......

Page 69: ...et connection using ing setup tools d is the Internet Wizard For further all Guides you through the Internet connection configuration y step Internet Setup Offers the following advanced setup options...

Page 70: ...following three types of broadband connection methods onnection PPTP or PPPoE dialer you to configure your NetDefend firewall for Internet and easily through its us Direct LAN C Cable Modem automatic...

Page 71: ...zard opens with the Welcome page displayed 3 Click Next The Internet Connection Method dialog box appears 4 Select the Internet connection method you want to use for connecting to the Internet Chapter...

Page 72: ...are to 5 Click Next U No further settings are required for a direct LAN Local Area Network connection sing a Direct LAN Connection The Confirmation screen appears 1 Click Next he system attempts to co...

Page 73: ...Using the Internet Wizard At the end of the connection process the Connected screen appears 2 Click Finish Chapter 4 Configuring the Internet Connection 57...

Page 74: ...ess Otherwise you may leave this field blank If your ISP requires the MAC address do either of the following Click This Computer to automatically clone the MAC address of your computer to the NetDefen...

Page 75: ...creen appears 5 Click Finish Using a PPTP or PPPoE Dialer Connection If you selected the PPTP or PPPoE dialer connection method the DSL Connection Type dialog box appears 1 Select the connection metho...

Page 76: ...1 the fields using the information in the table below 2 The Confirmation screen appears 4 Click Finish Click Next 3 Click Next The system attempts to connect to the Internet via the DSL connection The...

Page 77: ...password Type your password again Service Type your service name This field can be left blank Using PPTP If you selected the PPTP connection method the DSL Configuration dialog box appears 1 Complete...

Page 78: ...nection Fields In this field Do this Connecting screen appears Username Type your user name Password Type your password Confirm password Type your password again Service Type your service name Serve T...

Page 79: ...to manually configure your Internet connection igure the using Internet Setup 1 Click Network in the main menu and click the Internet tab To conf Internet connection 2 Next to the desired Internet con...

Page 80: ...ng intend to use c ing steps should be performed in accordance with the connection type nection Type drop down list select the Internet connection ty The display The follow you have chosen hanges acco...

Page 81: ...Using Internet Setup Using a LAN Connection 1 Complete the fields using the relevant information in Internet Setup Fields on page 77 Chapter 4 Configuring the Internet Connection 65...

Page 82: ...Click Apply The NetDefen ar displays the Internet status Connecting This may take several seconds Once the connection is made the Status Bar displays the Internet status Connected d firewall attempts...

Page 83: ...Using Internet Setup Using a Cable Modem Connection 1 Complete the fields using the relevant information in Internet Setup Fields on page 77 Chapter 4 Configuring the Internet Connection 67...

Page 84: ...Click Apply The NetDefend firewall attempts to connect to the Internet and the Status Bar displays the Internet status Connecting This may take several seconds Once the connection is made the Status...

Page 85: ...Using Internet Setup Using a PPPoE Connection 1 Complete the e on page 77 fi lds using the relevant information in Internet Setup Fields Chapter 4 Configuring the Internet Connection 69...

Page 86: ...t and the Status Bar s Connecting This may take several seconds Once the connection is made the Status Bar displays the Internet status Connected Click Apply The NetDefend firewall attempts to connect...

Page 87: ...Using Internet Setup Using a PPTP Connection 1 Comp the relevant information in Internet Setup Fields lete the fields using page 77 on Chapter 4 Configuring the Internet Connection 71...

Page 88: ...pending on the check boxes you selected 2 Click Apply The NetDefend firewall attempts to connect to the Internet and the Status Bar displays the Internet status Connecting This may take several second...

Page 89: ...this Internet re subscribed to Telstra BigPond Internet Telstra BigPond is a trademark of Telstra Corporation Limited Connected Usin tra BPA Use connection type only if you a 1 Complete the fields usi...

Page 90: ...Click Apply The NetDefend firewall attempts to connect to the Internet and the Status Bar displays the Internet status Connecting This may take several seconds Once the connection is made the Status...

Page 91: ...tion see Setting Up a Dialup Modem on page 84 To use this connection type you must first set up the dialup modem For 1 Complete the fields using the relevant information in Internet Setup Fields on pa...

Page 92: ...lick Apply The NetDefend firewall attempts to connect to the Internet and the Status Bar ay take several seconds On ternet status Connected displays the Internet status Connecting This m ce the connec...

Page 93: ...ce name leave this field empty Server IP If you selected PPTP type the IP address of the PPTP server as given by your ISP If you selected Telstra BPA type the IP address of the Telstra authentication...

Page 94: ...a Backup or Master see Configuring High Availability on page 119 On outgoing activity Select this option to specify that the dialup modem should only dial a connection if no other connection exists a...

Page 95: ...d slightly lower than your Internet connection s maximum measured upstream speed in the field provided It is recommended to try different rates in order to determine which one provides the best result...

Page 96: ...shaping of inbound traffic less accurate than the shaping of outbound traffic It is therefore recommended to enable traffic shaping for incoming traffic onl necessary For information on using Traffic...

Page 97: ...In the secondary Internet connection this field is enabled only if the DMZ WAN2 port is set to WAN2 High Availability The High Availability area only appears in NetDefend with Power Pack Do not conne...

Page 98: ...ternet mined that the Internet connection is down and two Internet connections are defined a failover will be performed to the second Internet connection ensuring continuous Internet connectivity This...

Page 99: ...n the 1 2 and 3 fields If for 45 seconds none of the defined gateways respond the Internet connection is considered to be down Use this option if you have Check Point VPN gateways and you want loss of...

Page 100: ...imary or secondary Internet connection me ess is unavailable disconnected when not in use For information on setting up a dialup backup Setting Up a Dialup Backup Connection on page 92 To egular or IS...

Page 101: ...tting Up a Dialup Modem The Ports page appears 3 4 ly 5 Next to the RS232 drop down list click Setup In the RS232 drop down list select Dialup Click App Chapter 4 Configuring the Internet Connection 8...

Page 102: ...s 9 Configure a Dialup Internet connection using the information in Setup on page 63 able 11 Dialup Fields this field Do this Mode If you selected Custom the Installation String field is enabled Other...

Page 103: ...ation You can view information on your Internet connection s in terms of status duration and activity To view Internet connection information 1 Click Network in the main menu and click the Internet ta...

Page 104: ...enabl rmation see Enabling Disabling the In nnection on page 88 number of data packets rece Sent Packets number of data packets sent in the active connection Enabling Disabling the Internet Connection...

Page 105: ...ick the Internet tab ernet pag 2 Next to the Internet connection do one of the following To enable the The Int e appears connection click The button changes to and the connection is enabled To disable...

Page 106: ...up Internet Connection ary and a secondary Internet connection The sec ls the NetD ternet page you can establish a quick Intern the same manner you can term currently selected connection type In activ...

Page 107: ...g Internet Setup on page Important The two c be LAN DHCP connections onnections can be of different types However they cannot both Using the NetDefend firewall s DMZ WAN2 Port To set up a LAN or broad...

Page 108: ...primary m on page 84 2 g Internet Setup on page 63 Internet connection fails To set up a dialup backup Internet connection 1 Setup a dialup modem For instructions see Setting Up a Dialup Mode Configu...

Page 109: ...y Using Static Routes Managing Ports nfiguring Network Settings Warning These are advanced settings Do not change them unless it is necessary and you are qualified to do so correct the error you can r...

Page 110: ...IP address within the DHCP address range If you already have a DHCP server in your instead o HCP server since you cannot have two DHCP servers or relays on the same network segment he Internet or via...

Page 111: ...er for internal networks Note E network nabling and disabling the DHCP Server is not available for the OfficeMode To enable disable the NetDefend DHCP server menu and click the My Network tab The My N...

Page 112: ...appears 6 If you enabled the DHCP server your computer obtains an IP address in the DHCP address range 5 Click OK A success message appears If your computer is configured to obtain its IP address aut...

Page 113: ...eserved for statically addressed computers If desired you can set the NetDefend DHCP range manually Note Setting the DHCP range manually is not available for the OfficeMode network To configure the DH...

Page 114: ...tomatic DHCP range check box 5 Click Apply A warning message appears 6 Click OK A success message appears 7 If your computer is configured to obtain its IP address automatically using DHCP and either...

Page 115: ...ind a NAT device Note Configuring DHCP options are not available for the OfficeMode network CP relay 1 nu and click the My Network tab rk page appears 2 click Edit 3 elect Relay To configure DH Click...

Page 116: ...DHCP server 5 6 7 puter is configured to obtain its IP address automatically using DHCP ther DHCP server is enabled restart your computer Click Apply A warning message appears Click OK A success mess...

Page 117: ...servers VoIP call managers TFTP server and boot filename Note Configuring DHCP options are not available for the DMZ or VLANs To configure DHCP options 1 Click Network in the main menu and click the...

Page 118: ...Configuring Network Settings The DHCP Server Options page appears 4 levant information in the table below Complete the fields using the re 102 D Link NetDefend firewall User Guide...

Page 119: ...tains an IP a e 13 DHCP Server Options Field is field Do this Domai resolving of non fully qualified names For example if the domain suffix n Name Type a default domain suffix that should be passed to...

Page 120: ...gateway to act as a DNS relay server and pass its own IP address to DHCP clients Normally it is recommended to leave this option selected The DNS Server 1 and DNS Server 2 fields appear NS Server 1 2...

Page 121: ...hese tas e existing network and don you are using a DHCP server other than the NetDefend firewall that assigns addresse To chang I 1 Click The M 2 In the LAN network s row click Edit The Edit Network...

Page 122: ...estart your computer herwise manually reconfigure your computer to use the new on configuring 192 168 100 1 192 168 100 254 The default internal network range is 192 168 10 A warning message appears 6...

Page 123: ...is enabled b must obtain a range of Internet IP addresses y default Note Static N T can be used together le disable H 1 Click Network in ork tab page appears 2 In the desired network s row click Edit...

Page 124: ...es controlling traffic to and from the Z see Default S figure a DMZ network 1 Connect the DMZ computer to the DMZ port If you have more a hub or switch to the DMZ port and connect the DMZ computers to...

Page 125: ...HCP server See Configuring a DHCP Server on page 94 e IP Address field type the IP address of the DMZ network s default y The My Network page appears 6 In the DMZ network s row click Edit Mode 8 If de...

Page 126: ...hrough the VPN link Some networking protocols or resources may require the client s IP address to be an internal one eMode solves these problems by enabling the NetDefend DHCP Server to atically ass n...

Page 127: ...raffic fir AN and other networks passes through the fi LAN to any other internal network including ot de ce network congestion For e nt VLA less of their physical location The members of a division wi...

Page 128: ...gned an identifying number called a VLAN ID also referred to as a VLAN tag All outgoing traffic from a tag based VLAN contains the VLAN s tag in the packet headers Incoming traffic to the VLAN must co...

Page 129: ...port to a separate VLAN Figure 11 Port based VLAN capable switch and is therefore simpler to use than tag based VLAN However port based VLAN is limited because the appliance s internal switch has onl...

Page 130: ...N site click Add VLAN To edit a VLAN site click Edit in the desired VLAN s row The Edit Network Settings page for VLAN networks appears add or edit a port based VLAN Click Network in the main m 3 In N...

Page 131: ...e Enabling Disabling Hide NAT on page 107 8 If desired configure a DHCP server See Configuring a DHCP Server on page 94 9 Click Apply A warning message appears ears 11 Click Ports tab Ports rk s name...

Page 132: ...name for the VLAN 4 In the Type drop down list select Tag Based VLAN The VLAN Tag field appears 5 In the VLAN Tag field type a tag for the VLAN 6 This must be an integer between 1 and 4095 In the IP...

Page 133: ...aware switch s VLAN trunk port Click Apply 11 Click OK A success message appears Click Network in the main menu and click the Ports tab The Ports page appears 13 In the DM Click Apply The DMZ WAN2 po...

Page 134: ...Apply 2 Click Network in menu and click the My Network tab ork desired VLAN s row click the Erase a Click T in the main menu and click the Ports tab e appears ents to the VLAN by selecting other netw...

Page 135: ...tifying the other gateways in the clu s priority is now the highest it becomes the Active Gateway The NetDefend firewall supports Internet connection tracking which means that each firewall tracks its...

Page 136: ...work segment To this end each cluster must be assigned a unique ID number AN HA and it is useful in g an IP address conflict rk ust be met When HA is configured you can specify that only the Active Ga...

Page 137: ...terface need not be dedicated for synchronization only It may be shared with an active internal network You can configure HA for any internal network except the OfficeMode network You must have at lea...

Page 138: ...to include in the HA cluster To configure HA on a NetDefend firewall 1 Set the appliance s internal IP addresses and network range Each appliance must have a different internal IP address See Changin...

Page 139: ...al IP field type the default gateway IP address and must be the same for all 6 Click the Synchronization radio button next to the network you want to use as the synchronization interface You can choos...

Page 140: ...nternet Setup on page 63 Table 14 High Availability Page Fields In this field Do this may become active causing unpredictable problems 7 Complete the fields using the information the tabl Click Apply...

Page 141: ...nnection on page 90 Configuring a LAN1 2 3 4 Type th Ethernet li e a ateway s priority if the LAN port s nk is DMZ Type the amount to reduce the gateway s priority if the DMZ WAN2 port s Ethernet link...

Page 142: ...work Subnet Mask 255 255 255 0 255 255 255 0 et Connections Primar The gateways have two internal networks in common LAN and DMZ This means that you can configure HA for the LAN network the DMZ networ...

Page 143: ...work computers of Gateways A and B to hub 1 Connect the DMZ network computers of Gateways A and B to hub 2 the following on Gateway A Set the gateway s internal IP addresses and network range to the v...

Page 144: ...ck the Synchronization radio button next to DMZ i In the My Priority field type 60 The low priority means that Gateway B will be the Passive Gateway j In the Internet Primary field type 20 Gateway B w...

Page 145: ...nal IP address and not the Internet IP address to which the internal IP address is mapped For further information see Using Rules on page 209 twork object You can configure the following settings for...

Page 146: ...re HotSpot on page 256 ng and E g Network Objects Assign the network object s IP addre Normally the NetDefend DHCP server cons address to a different computer If you want to guarantee that a particula...

Page 147: ...ork Objects page appears with a list of network objects 2 Do one of the following network object click New To add a To edit an existing network object click Edit next to the desired computer in the li...

Page 148: ...k Obje Type dialog box displayed ct Do one of the following 3 r or 4 To specify that the network object should represent a single compute device click Single Computer To specify that the network objec...

Page 149: ...e dialog box includes the Perform St x appears If you chose Single Computer atic NAT option If you chose Network the dialog box does not include this option 5 Comp 6 Click lete the fields using the in...

Page 150: ...g box appears 7 Type a name for the network object in the field 8 Click Finish rts in the main menu and click the Active Computers tab To add or edit a network object via the Active Computers page 1 C...

Page 151: ...ars next to it 2 Do one of the following To add a network object click Add next to the desired computer To edit a network object click Edit next to the desired computer The NetDefend Network Object Wi...

Page 152: ...dialog box appears with the network object s name If you are adding a new network object this name is the computer s name 7 To change the network object name type the desired name in the field 8 Click...

Page 153: ...ering see Configuring a Wireless Network on page 161 MAC Address Type the MAC address you want to assign to the network object s IP address or click This Computer to specify your computer s MAC Perfo...

Page 154: ...sses of the same size You must then fill in the External IP Range field Type the Internet IP address range to which you want to map the network s IP address range Select this enforcement Viewing and j...

Page 155: ...m the Accounting department should be sent via WAN1 and another static route specifying that traffic originating from the Marketing department should be sent via default and indicates whether each rou...

Page 156: ...page appears with a list of existing static routes 2 Do one of the following To add a static route click New Route To edit an existing st list atic route click Edit next to the desired route in the 14...

Page 157: ...ce and Destination dialog box 3 To select a specific source network source routing do the following rce drop down list select Specified Network a In the Sou New fields appear he Network field type the...

Page 158: ...c destination network do the following a In the Destination drop down list select Specified Network New fields appear b In the Network field type the IP address of the destination network c In the Net...

Page 159: ...f the gateway next hop router to ou 7 In the Metric The gateway destination and has the lowest metric The default v 8 Click Next which to r te the packets destined for this network field type the stat...

Page 160: ...elete a static route The Static Routes page appears with a list of existing static routes 2 In the desired not be deleted 1 Click Network in the main menu and click the Routes tab route row click the...

Page 161: ...n its ports to different uses as shown in the table below Furthermore you can restrict each port Table 18 Ports and Assignments You can assign this port To these uses to a specific link speed and dupl...

Page 162: ...state This is useful if you need to the To view port statuses 1 Click Network in the main menu and click the Ports tab The Ports page appears check whether the appliance s physical connections are wo...

Page 163: ...drop down list displays DMZ Link Config Full Duplex duplex or Automatic Detection indicates that th detect the link speed and duple Status The detected link speed and duplex No Link indicates that th...

Page 164: ...page 388 Setting Up a Dialup Modem on page 84 To modify a port as 1 Click Networ n The Ports page In the Assign sired port assignment 2 Click Apply The port is re signment k i the main menu and click...

Page 165: ...uplex This is the d 3 Click Apply rt use Defend automatically detects the link speed and anually restrict the NetDefend firewall s ports to t s link configuration k in the main menu and click the Port...

Page 166: ...to etwor he Ports pa 2 Click Default A confirmati 3 Click OK The ports are rese link configuration All currently ault settings may be broken For example if you were using the DMZ WAN2 port as WAN2 th...

Page 167: ...s are assigned weights of 30 and 10 respectively If the lines are congested Traffic Shaper will maintain the ratio of bandwidth allocated to Web traffic and FTP traffic at 3 1 If a specific class is n...

Page 168: ...ing weight bandwidth limits and i eters DiffServ marks packets as belonging to a certain Quality of Service class These packets are t class Availa the bandwidth Each c bandwidth lim c nnections belong...

Page 169: ...the Traffic Sh Inte packets und traffic less accurate than the shaping of outbound traffic It is therefore recommended to enable traffic shaping for incomin 2 If you are us that reflect your communica...

Page 170: ...ffic Shaper automatically assigns Predefined the connection type to the predefined Default class QoS Classes Traffic Shaper provides the following predefined QoS classes Using Rules 209 Table 21 Prede...

Page 171: ...ng delays For example SMTP traffic outgoing email ow Priority 5 Low Traffic that i Adding and Editing Classes In Simplified Traffic Shaper these classes cannot be changed To in menu and click the Traf...

Page 172: ...y of Service Parameters dialog box displayed 3 le below 4 Click Th Complete the fields using the relevant information in the tab Next e Step 2 of 3 Advanced Options dialog box appears lete the fields...

Page 173: ...It is therefore recommended to enable traffic shaping for incoming traffic only if necessary For information on enabling Traffic Shaper for incoming and outgoing traffic see Using Internet Setup on p...

Page 174: ...re quick user response such as telnet th a lower latency That is Traffic Shaper attempts to send packets with a High Interactive Traffic level before packets with a Medium Normal Traffic or Low Bulk O...

Page 175: ...DiffServ You ain the correct DSCP value from your ISP or private WAN e oint Select this option to mark packets belonging to this class DSCP in the field provided to their DSCP can obt administrator D...

Page 176: ...s to use the Default class If one of the addi Note This will delete any additional classes you defined in Traffic tional classes is currently used by a rule you or not by viewing the page 1 haper tab...

Page 177: ...MZ networks you can define a wireles twork called a WLAN wireless LAN network when using the DF ormation on default security p WLAN see Default Security Policy on You can configure a WLAN network in e...

Page 178: ...is tigh egrated with the firewall and hardware accelerated VPN The DFL CPG310 supports the latest 802 11g standard up to 54Mbps and backwards compatible with the older 802 11b standard up to 11Mbps s...

Page 179: ...ts attempting to connect to the access point authenticator must first be authenticated by a RADIUS server authentication server which supports 802 1x All messages are passed in EAP Extensible Authenti...

Page 180: ...ntication encryption The WPA PSK security method is a variation of WPA that does not require an authentication server WPA PSK periodically changes and authenticates encryption keys This is called reke...

Page 181: ...r information see p Your NetDefend firewall as a T Prepare the appliance for a wireless connection as described in Network Installation on page 35 ecurity mode for the WLAN configure a RADIUS server F...

Page 182: ...In he The fields are enabled 6 If desired enable or disable Hide NAT See Enabling Disabling Hide NAT on page 107 7 If desired configure a DHCP server See Configuring a DHCP Server on page 94 t Mode dr...

Page 183: ...the Advanced WLAN Settings Fields on page 172 New fields appear page 168 9 To configure advanced settings click Show Advanced Settings fields using the information in 10 A s telling you that you are...

Page 184: ...s Settings Network Name Type the network name SSID that identifies your wireless network This ibl tions passing near your access point unless you enable the Hide the Network Name SSID option It can be...

Page 185: ...ly 802 11g Super stations will be able to connect 802 11g Super 11 54 108 Operates in the 2 4 GHz range and offers a maximum theoretical rate of 108 Mbps When using this mode 802 11b stations 802 11g...

Page 186: ...ha Alte Secu or information on the supported security protocols see Wireless Security Protocols on page 163 If you select WEP encryption the WEP Keys area opens If you select WPA the Require WPA2 802...

Page 187: ...he key need not be selected as the transmit key on the a K lengt 0 characters y length is 26 characters 152 Bits The key length is 32 characters Note Some wireless card vendors call these lengths 40 1...

Page 188: ...e your network s SSID by selecting one of the following Yes Hide the SSID Only devices to which your SSID is known can connect to your network No Do not hide the SSID Any device within range can detec...

Page 189: ...ot nded to rely n this setting alone for security Address ng Specify w of the follo Yes Enable MAC address filtering Only MAC ad o o recomme Wireless Transmitter Transmission Rate Select the transmiss...

Page 190: ...hem antenna diversity s security appliance has two antennas Specify which antenna to use fo antennas and automatically selects the antenn distortion signal to use for communicating The made on a per s...

Page 191: ...a value equal to the fragm RTS E M mode is disabled Enabled XR mode is enabled XR will be automatically nabled wireless stations and used as For more information on XR mode see About the Wireless Hard...

Page 192: ...appliance for a wireless connection as described in Network Installation on page 35 2 Click Network in the main menu and click the My Network tab The My Network page appears 3 In the WLAN network s ro...

Page 193: ...1i Click WEP to use the WEP security mode ns must use a pre shared key to connect to your re and is supported mainly for t support other the following WPA PSK periodically changes a recommended securi...

Page 194: ...ng a WLAN on page 165 10 Click Next K If you chose WPA PSK the Wireless Configuration WPA PSK dialog box appears iguring these m WPA PS Do the follow 1 In the text cessing the network or click Random...

Page 195: ...izard The Wireless Security Confirmation dialog box appears 3 Click Next 4 The Wireless Security Complete dialog box appears 5 Click Finish The wizard closes 6 Prepare the wireless stations Chapter 7...

Page 196: ...xadecimal characters 152 Bits The key length is 32 hexadecimal characters Some wireless card vendors call these lengths 40 104 128 respectively Note that WEP is generally considered to be insecure reg...

Page 197: ...eless Security No T less Security Co Complete dialog box appears 5 Click Finish The wizard closes 6 Prepare the wireless stations See Preparing the Wireless Stations on page 182 Security he Wireless S...

Page 198: ...the wireless stations administrator The wireless connect them to the WLAN Refer to the wireless cards documentation for details Note Some wireless cards have Infrastructure and Ad ho are also called...

Page 199: ...n t Automatic see Manually Config Relocate the NetDefend firewall to a place with better reception and avoid obstru mounting the appliance in a high place with a direct line of sight to the wirele C c...

Page 200: ...s between wireless stations What should I do If you have many concurrently active wireless stations there may be collisions between them Such collisions may be the result of a hidden node problem not...

Page 201: ...TS Threshold value equal to the Fragmentation Threshold va effectively disables RTS m not getting the full speed W lue a hat should I do The actual s with d Read er speed nabled in the ess point For a...

Page 202: ......

Page 203: ...rack network activity using the Event Log The Event Log displays the most recent events and color codes them able 26 Event Log Color Coding n event marked in is color Indicates T A th Blue Changes in...

Page 204: ...lock icon in the This information is useful for troubleshooting You can export the logs to an xls Microsoft technical support certain types of connections should be er the connections are incoming or...

Page 205: ...f the attacking The NetDefend firewall queries the Internet WHOIS server and a window displays the name of the entity to whom the IP address is registered and their contact information This informatio...

Page 206: ...se to a destination directory of your choice r the configuration file and click Save tory 5 nts a Click Clear A confirmation message appears b Click OK All events are cleared d Type a name fo The xls...

Page 207: ...the procedure Configuring Traffic Monitor Settings on page 193 In network traffic reports the traffic is color coded as described in the table below In the All QoS Classes report the traffic is color...

Page 208: ...per see Using Internet Setup on page 63 The selecte 3 To refresh all traffic reports click Refresh 4 To clear all traffic reports click Clear The list in ludes all cu Cho inf QoS Classes to display a...

Page 209: ...the NetDefend firewall should colle network traffic reports 1 Cl rts in the main menu and click the Traffic Monitor ta Monitor page appears gs Monitor Settings page appears 3 In the Sample monitoring...

Page 210: ...file and view the file in Microsoft Excel c report rts in the main m 2 Click Ex A stan 3 Click Save File Download dialog box appears The Save s dialog box appears destination directory of your choice...

Page 211: ...reless station has been blocked from accessing the Internet through the NetDefend firewall the reason why it was blocked is shown in red If you are exceeding the maximum number of computers allowed by...

Page 212: ...number of computers allowed by your license you can upgrade your product For further information see Upgrading Your Software ct for bject ing and editing network objects see g Network Objects on page...

Page 213: ...he Active Connections tab The Active Connections page appears The page displays the information in the table below 2 To refresh the display click Refresh 3 To view information on the destination machi...

Page 214: ...s The destination IP address Destination Port he destination port Q O T oS Class The QoS class to which the connection belongs ptions An icon indicating further details The connection is encrypted The...

Page 215: ...Statistics his field Displays Wireless Mode The operation mode used by the WLAN followed by the transmission rate in Mbps MAC Address ce Domain s point s region Cou untry configured for the WLAN Cha...

Page 216: ...umber of unicast frames transmitted and received Broadcast Frames The number of broadcast frames transmitted and received Multicast Frames The number of multicast frames transmitted and received To vi...

Page 217: ...M Fr W nt s operation mode indicating the client s maximum speed are B G and 108G rmation see Basic WLAN Settings Fields on page 168 X s client supports Extended Range XR mode Possible values are rame...

Page 218: ...Statistics This field Displays Cipher The security protocol used for the connection with the wireless client For more information see Wireless Security Protocols on page 163 202 D Link NetDefend fire...

Page 219: ...HotS 256 ining an Exposed Host 261 D The default security policy includes the following rules Setting Your Security Policy This chapter escribes ho You Filtering an ce your security policy by subscrib...

Page 220: ...ernal networks except the WLAN The W AN can only access tal using HTTPS unless a specific user defined rule g erver function see Using Network Printers on page lowed Access from the WAN t These rules...

Page 221: ...level nbound traffic is blocked to the Internet ows file sharing NBT ports 137 High Enforces strict control on ming and outgoing All inbound traffic is blocked IMAP POP3 SMTP ftp newsgroups Telnet DN...

Page 222: ...resent the security policy Security updates downloaded from a policy and change these definitions vel ain menu and click the Firewall tab To change the firewall security le 1 Click Security in the m T...

Page 223: ...ur own Web ser FTP server Note C fi imple Allow and Forward rules for comm s t to creating Allow and Forward rules in the pa a serv 1 Click Security in the main menu and click the Servers tab The Serv...

Page 224: ...IP address of the computer that will run the service one of your network computers or click the corresponding This C allow your computer to host the service To stop the for 1 Click Secur rvers tab Th...

Page 225: ...olicy rules the accounting department will be able to connect to all company computers while the rest of the employees will not be able to access any sensitive information on the accounting department...

Page 226: ...pecific IP address you can move the rule down in the the desired IP Rules ress and m than the first rule In the f exception is rule num igure below the general rule is rule number 2 and the ber 1 The...

Page 227: ...f your network uses Hide NAT Note You ca es that forward the same service low and orward This rule type enables you to do the following Permit incoming access from the Internet to a specific service i...

Page 228: ...g Web traffic as specified in the bandwidth policy for the Urgent class For information on Traffic Shaper and QoS classes see Using Traffic Shaper on page 151 Note You cannot use an Allow rule to perm...

Page 229: ...ck Security s tab The Rules p e a rule in the main menu and click the Rule ag appears 2 Do one of the following To add a new rule click Add Rule To edit an existing rule click the Ed it icon next to t...

Page 230: ...Type dialog box wizard o 3 Select the type of r ate 4 Click Next w rule ule you want to cre The p 2 Service dialog box appears The example below shows an Allo Ste 5 Complete the fields using the relev...

Page 231: ...ion Source dialog box appears 7 Complete the fields using the relevant information in the table below he Step 4 T Done dialog box appears 8 Click Finish The new rule appears in the Firewall Rules page...

Page 232: ...ule should apply Ports To specify the port range to which the rule applies type the start port number in the left text box and the end port numb r in the right text box ou do not enter a port range th...

Page 233: ...of class o assign the specified connections QoS class If Traffic Shaper r information on Traffic Shaper and fic Shaper on page 151 rule Log accepted connections Log blocked onnections By default acce...

Page 234: ...en defining an Allow and Forward rule Enabling Disabling Rules You can temporarily disable a user defined rule To enable disable a rule 1 Click Security in the main menu and click the Rules tab The Ru...

Page 235: ...the rule up in the table Click next to the desired rule to move the rule down in the table The rule s priority chang Deleting Rules es accordingly To delete an existing rule 1 Click Security in the ma...

Page 236: ...aring operations and File Transfer Protocol FTP uploading among others firewall includes Check Point SmartDefense Services based on pplication Intelligence SmartDefense provides a combination of ds an...

Page 237: ...he settings it contains appear as nodes For information on each category and the nodes it contains see SmartDefense Categories on page 224 Each node represents an attack type a sanity check or a proto...

Page 238: ...Security in the main m The Smart efense pag The left pane displays a tree containing SmartDefense categories To expand a category click the icon next to it To collapse a category click the icon next t...

Page 239: ...e following a Complete the fields using the relevant information in SmartDefense Categories on page 224 b Click Apply 4 To reset the node to its default values a Click Default A confirmation message a...

Page 240: ...tDefense includes the following IP and ICMP on page 229 e 39 n age 242 FTP on page 245 Microsoft Networks on page 249 IGMP on page 251 Denial of Service nial of Service DoS attacks are aimed at overwh...

Page 241: ...n to take when a Teardrop atta of the following Track Specify whether to log Teardrop attacks by selecting one of the following Log Log the attack This is the default None Do not log the attack Ping o...

Page 242: ...ttack This is the default None No action Track Specify whether to log Ping of Death attacks by selecting one of the following Log Log the attack This is the default None Do not log the attack LAND In...

Page 243: ...by selecti Log Log the attack This is the default None Do not log the attack Non TCP Flooding Advanced firewal table In non TCP Flooding attacks the attacker sends high volumes of non TCP traffic Sinc...

Page 244: ...shold e following any additional non TCP connections None No action This is the default for non TCP connecti Select one of th Block Block Track Specif Non TCP Traffic y selecting one of the following...

Page 245: ...UDP and TCP header lengths dropping IP options and the TCP flags You can conf This category configure various protections against IP following and ICMP related attacks It includes the page 231 on page...

Page 246: ...of the following True Disable relaxed UDP length verification The NetDefend firewall will drop packets that fail the UDP length verification check False Do not disable relaxed UDP length verification...

Page 247: ...ttacks by limiting the allowed size for ICMP echo requests Table 40 Max Ping Size Fields In this field Do this Action Max Specify what action to take when an ICMP echo response exceeds the Ping Size t...

Page 248: ...ttack common behavior and break the data section of a single packet into several fragmented packets Without reassembling the fragments it is not always possible to detect such an attack Therefore the...

Page 249: ...Number of Incomplete Packets Type the maximum number of fragmented packets allowed Packets exceeding this threshold will be dropped The default value is 300 Timeout for Discarding Incomplete Packets W...

Page 250: ...ota Fields In this field Do this Action Specify what action to take when the number of network connections ond per Source IP Block Block all new connections from the source Existing None No action fro...

Page 251: ...a The default value is 100 Note Setting thi searching for other live computers to It does so by sending a specific ping packet to a target and waiting for the nals that the target is alive This flood...

Page 252: ...e of the lowing None Do not log the attack Spe fol Log Log the attack This is the default C ersion 4 IP isco IOS device is sent a specially crafted sequence of IPv4 packets with protocol type 53 SWIPE...

Page 253: ...of the following Block Block the attack This is the default None No action T N be protected rack Specify whether to log Cisco IOS DOS attacks by selecting one of the following Log Log the attack This...

Page 254: ...et of the s Block Drop default yload Some worms such as Sasser use ICMP echo request packets with null payload to detect potentially vuln r You can configure how null payload ping packets should be ha...

Page 255: ...41 Strict TCP Out of state TCP packets are SYN ACK or data packets that arrive out of order before the TCP SYN packet ry allows you to configure various protections related to t includes the following...

Page 256: ...of the following n Specify what action to take when an out of state TCP packet arrives by Block Block the packets None No action This is the default Track Specify whether to log null payload ping pack...

Page 257: ...e server against this attack by specify Table 47 Small PMTU Fields In this field Do this Action Specify what action to take when a packet is smaller tha Size threshold by selecting one of the followin...

Page 258: ...an attack This is most commonly done by attempting to access a port nse indicates whether or not the port is open pes of port scans Host Port Scan The attacker scans a specific host s ports to determi...

Page 259: ...a period of seconds value in order for SmartDefense to consider the activity a scan Type the minimum number of ports that must be accessed within the In a period of seconds period in order for SmartDe...

Page 260: ...ort scan For example if this value is 20 and the Number of ports accessed threshold is exceeded for 15 seconds SmartDefens will detect the activity as a port ot detect the activity as a port scan e sc...

Page 261: ...unce When connecting to an FTP server the client sends a PORT command specifying the IP address and port to which the FTP server should connect and send data An FTP Bounce attack is when an attacker s...

Page 262: ...y selecting one of the Log Log the attack This is the default e attacks b following None Do not log the attack Block Known Port an choos ports s You c e to block the FTP server from connecting to well...

Page 263: ...connection None No action This is the default Block Port Overflow FTP clients send PORT commands when connecting to the FTP sever A PORT f numbers between 0 and 255 separated by To enforce compliance...

Page 264: ...ction Blocked FTP Command So ty and int u through the s me seldom used FTP commands may compromise FTP server securi egrity Yo can specify which FTP commands should be allowed to pass security rver an...

Page 265: ...ommands box select the desired FTP command 2 Click Accept The FTP command appears in the Allowed commands box 3 Click Apply The FTP command will be allowed regardless of whether FTP command blocking i...

Page 266: ...o take when a CIFS worm attack is detected b Track Specif worm attacks by selecting one of the followi Log o attack No D g the attack This is the default CIFS worm patterns list Select the worm patter...

Page 267: ...y includes ftware hardware used by sending specially crafted IGMP attacks should be handled Table 53 IGMP Fields In this field Do this Action one Specif of Block Block the attack This is the default N...

Page 268: ...o non multicast None No action h packets MP pa y whether to allow or block IG Block Block IGMP packets tha addresses This is the default Peer to Peer SmartDefense can block peer to peer traffic by ide...

Page 269: ...Track Specify whether to log peer to peer connections by selecting one of the following Log Log the connection None Do not log the connection This is the default Bl pr proprietary protocols should be...

Page 270: ...headers This category includes the following nodes Skype Yahoo ICQ tant Messengers Note SmartDefense can detect instant messaging traffic regardless of the TCP port being used to initiate the session...

Page 271: ...selecting one of the following Log Log the connection None Do not log the connection This is the default Block proprietary protocols on all ports Specify whether proprietary protocols should be block...

Page 272: ...e My HotSpot page Note HotSpot users are automatically logged out after one hour of inactivity Secure HotSpot is useful in any wired or wireless environment where Web based user authentication or term...

Page 273: ...twork segment traffic that does not pass rough p S th the firewall Setting U ecure HotSpot To set up Sec 1 En ure able Secure HotSpot for the desired networks e Enabling 258 ize Secure HotSpot as desi...

Page 274: ...Spot tab The My HotSpot page appears e HotSpot 2 In the HotSpot Networks area do one of the following To enable Secure HotSpot for a specific network select the check box next to the network To disabl...

Page 275: ...in menu and click the My HotSpot tab The My HotSpot page appears g the information in the table below 2 Complete the fields usin Additional fields may appear 3 To preview the My HotSpot page click Pre...

Page 276: ...pr accept the terms of use before accessing the network The Allow a user to login from more than one computer at the same time check box Allow a user to login from more than one computer at the same...

Page 277: ...posed host computer The exposed host receives all traffic that was not forwarded to another computer by use of Allow and Forward rules Warning Entering an IP address may make the designated computer v...

Page 278: ...the exposed host 3 Click Apply The selected computer is now defined as an exposed host The Exposed Host page appears 2 Click 3 Cl the Exposed Host field type the IP address of To clear the exposed hos...

Page 279: ...us stores only minimal state information per connection it can scan thousands of connections rms When VStream Antivirus detects malicious content the action it takes depends on the protocol in which t...

Page 280: ...SMTP Rejects the virus infected email with error code 554 Sends a Virus detected message to the sender The standard TCP port 25 FTP Terminates the data connection Sends a Virus detected message to th...

Page 281: ...f Email Antivirus is specific to email scanning incoming POP3 and orts POP3 information on not defined Enabling Disabling VStream Antivirus Email Antivirus is centralized redirecting traffic through t...

Page 282: ...daily database and a main database The daily Periodically the contents of the daily da ain database leaving the database a You can v ases currently in use database is updated frequently with the newes...

Page 283: ...ng VStream Antivirus You can configure VStream Antivirus in the following ways Configuring the VStream Antivirus Policy on page 267 Configuring VStream Advanced Settings on page 275 Configuring the VS...

Page 284: ...gher loc irus Policy table than the first rule In the figure below the general rule er 2 and the exception is rule number 1 etDefend firewa The N ll will process rule 1 first passing outgoing SMTP tra...

Page 285: ...f a virus is found it is blocked and logged Adding and Editing Rules To add or edit a rule 1 Click Antivirus in the main menu and click the Policy tab The Antivirus Policy page appears 2 Do one of the...

Page 286: ...p 1 Rule Type dialog box displayed 3 Select the type of rule you want to create 4 Click Next The Step 2 Service dialog box appears The example below shows a Scan rule 5 Complete the fields using the r...

Page 287: ...p 3 Destination Source dialog box appears 7 Complete the fields using the relevant information in the table below The Step 4 Done dialog box appears 8 Click Finish The new rule appears in the Firewall...

Page 288: ...select Specified IP and type the desired IP address in the filed provided To specify an IP address range select Specified Range and type the desired IP address range in the fields provided Click this...

Page 289: ...tal and network printers select This Gateway This option is not a Data Direction Select the direction of connections to which the rule should apply Download and Upload data The rule applies to downloa...

Page 290: ...ntivirus Policy page appears Click Antivirus in the main 2 Do one of the following Click next to the desired rule to move the rule up in the table Click next to the desired rule to move the rule down...

Page 291: ...tivirus ad Click Antivirus in the main menu and click the Advanced tab The Advanced Antivirus Settings page appears 2 Complete the fields using the table below 3 Click Apply 4 To restore the default V...

Page 292: ...es in email messages Select this option to block all emails containing potentially unsafe attachments Unsafe file types are DOS Windows executables libraries and drivers Compiled HTML Help files VBScr...

Page 293: ...scanned and the rest of the file is skipped efault Selecting this option reduces the load on the gateway by skipping safe file types This option is selected by d St Maximum nesting level Type the maxi...

Page 294: ...g Pass file without scanning Scan only the number of compressible files and skip scanning archives that cannot be extracted because they are corrupt This is the default Block file Block the file When...

Page 295: ...y up to date with no need for user intervention However you can still check for updates manually if needed To update the VStream Antivirus virus signature database 1 Click Antivirus in the main menu a...

Page 296: ......

Page 297: ...ervice Center in your area This ch Co ect 281 s Information 287 r Service Center Connection 288 C D 289 W 290 A 294 Connecting to a Service Center apter includes the following topics ing to a Service...

Page 298: ...Connecting to a Service Center The Account page appears 2 In the Service Account area click Connect 282 D Link NetDefend firewall User Guide...

Page 299: ...IP and then in the Specified ter s IP address as given to you by ste rator 5 Click Connect Make sure the Connect to a different Service Center check box is selected Do one of the following To connect...

Page 300: ...ogin box appears Enter your gateway ID and registration key in the appropriate fields as given to you by The Conne The Confir log box appears with a list of services to which you are subscribed your s...

Page 301: ...n The ish following n If a new fi downloadi l minutes Once the download is plete the NetDef The Welcome page appears things happe rmware is available the NetDefend firewall may start ng it This may ta...

Page 302: ...ed are now available on your nd listed as such on the Account page See Viewing on page 287 for further information NetDefend firewall a Services Information The Services submenu includes the services...

Page 303: ...Gateway ID Your gateway ID Subscription will end on The date on which your subscription to services will end Service The services available in your service plan Subscription The status of your subscri...

Page 304: ...nd firewall s connection to the Service Center and ref To refresh your Service Center connection 1 t page appears 2 In the Service Account area click Refresh The NetDefend firewall reconnects to the S...

Page 305: ...ur Service Center from your Service Center If desired you can disconnect To 1 Click Se enu and click the Account tab 2 In the Service Account area click Connect The NetDefend Services Wizard opens wit...

Page 306: ...eb Filtering pop up window ice is enabled access to Web content is restricted ing to the catego able to view Web pages with no re Note Web Filtering is only available if you are connected to a Service...

Page 307: ...ed with an define which types of Web sites should be considered appropriate fo r office members by selecting the categories Categorie will r hile categories marked with emain visible w will be blocked...

Page 308: ...ltering If To temporarily disable Web Filtering 1 Click Services in the main menu and click the Web Filtering tab The Web Filtering page appears 2 Click Snooze Web Filtering is temporarily disabled fo...

Page 309: ...pens 3 he We page rnal network computers g page the button changes to Snooze To re enable the service click Resume either in the popup window or on t b Filtering The service is re enabled for all inte...

Page 310: ...e if you are connected to a Service Center bscribed to this service Chec anaged king for Software Updates when Remotely M If your NetDefend firewall is remotely managed it automatically checks for sof...

Page 311: ...s when Locally Managed If your NetDefend firewall is locally managed you can set it to automatically check for software updates or you can set it so that software updates must be checked for manually...

Page 312: ...s its schedule Note Wh can still manually check fo 3 To set the NetDefend firewall so that software updates must be checked for manually dra The NetDefen ly 4 To manually che The system checks for new...

Page 313: ...le they can securely read email use the company s intranet or access the company s database from home The are four types of VPN sites Remote Access VPN Server Makes a network remotely available to aut...

Page 314: ...emote software Gateway network VPN must include at least one Remote Access V Server or gate type of VPN you want to y The type of VPN sites you include in a VPN depends on th create Site to Site or Re...

Page 315: ...Overview networks function as a single network You can use this type of VPN to mesh office branches into one corporate network Figure 12 Site to Site VPN Chapter 12 Working With VPNs 299...

Page 316: ...wing ite to Site VPN Gateway or create a unnel to the first VPN site using the procedure Adding and page 308 b Then enable the Remote Access VPN Server using the procedure emote Access VPN b Enable th...

Page 317: ...fice network remotely available to authorized users su o the office Remote Access VPN PN Clients ote Access VPN Server or Site to S ore Remote Access VPN Clients You can use this ch as employees worki...

Page 318: ...etwork Inter al security threats cause outages downtime and lost revenue Wired e internal network on page 308 See Setting Up Your NetDefend firewall as a Remote Acce page 303 You can use your NetDefen...

Page 319: ...less network may pose a significant security risk For information on setting up your NetDefend firewall as an internal VPN Server 03 Setting Up Your NetDefend firewall as a VPN Server see Setting Up Y...

Page 320: ...te VPN Access for Users on page 367 To accept remote access connections from the Internet See Configuring the Rem To accept connection See Configuring the Internal VPN Serv 2 If you configured the int...

Page 321: ...ote Access VPN Server To er 1 tab page appears configure the Remote Access VPN Serv Click VPN in the main menu and click the VPN Server The SecuRemote VPN Server 2 Select the llow SecuRemote users to...

Page 322: ...Bypass the 5 Click Apply Configuring the Internal VPN Server connecting to your internal network select the Bypass and access your internal network without restriction select the firewall check box T...

Page 323: ...ecified connection types Ins To allow authenticated users co firewall and access your internal network without restricti the firewall check box Bypass NAT is always enable disabled Click Apply The int...

Page 324: ...uRemote PN Client icon in the taskbar select Settings and then click Help Adding and Editing VPN Sites the main m link The VP 3 Follow the online instructions cuRemote for NetDefend page o SecuRemote...

Page 325: ...ng VPN Sites The VPN Sites page appears with a list of VPN sites 2 VPN site click New Site Do one of the following To add a To edit a VPN site click Edit in the desired VPN site s row Chapter 12 Worki...

Page 326: ...isplayed 3 Do one of the following Select Remote Access VPN to establish remote access from your Remote Access VPN Client to a Remote Access VPN Server el ano VPN Gateway 4 Click Next ect Site to Site...

Page 327: ...g box appears 1 Enter want to 2 3 the IP address of the Remote Access VPN Server to which you connect as given to you by the network administrator To allow the VPN site to bypass the firewall and acce...

Page 328: ...ou want to obtain the VPN network configuration Refer to VPN The following things happen in the order below If you chose Specify Configuration a second VPN Network Configuration g bo Network Configura...

Page 329: ...e information in VPN Network Configuration Fields on page 320 and click Next The Auth entication Method dialog box appears 6 Complete the fields using the information in Authentication Methods Fields...

Page 330: ...od ox appears If you selected Username and Password the VPN Login dialog b e the fields using the information in VPN Login Fields o 1 Complet n page 322 2 Click Next rs If you selected Automatic Login...

Page 331: ...nnect to the Remote Access V to Con Warning If you try to connect to the VPN site before c existing tunnels will be terminated ompleting the wizard all the Connecting ialog box appears 2 Click Next If...

Page 332: ...page reappears If you added a VPN site the new site appears in the VPN Sites list If you edited a VPN site the modifications are reflected in the VPN Sites list Certificate Authentication Method If yo...

Page 333: ...If you try to connect to the VPN site befo existing tunnels will be terminated 2 Click Next ateway the Connecting screen appears and then the Contacting VPN Site screen appears re completing the wiza...

Page 334: ...s in the VP eflected in the t RSA SecurID Authentication Method If you selected RSA SecurID the Site Name dialog box appears page reappears If you added a VPN site the new site app N Sites list If you...

Page 335: ...d screen appears Enter a name for the VPN 2 Click Next 3 pears in the VPN Sites list If you edited a VPN site the modifications are reflected in the Click Finish The VPN Sites page reappears If you ad...

Page 336: ...connecting to a Check Point VPN 1 or NetDefend Site to Site VPN Gateway Specify Configuration Click this option to provide the netwo nfiguration manually Route All Traffic Click this option to route a...

Page 337: ...ual tunnel interface VTI for this site so at it can participate in a route based VPN oute based VPNs allow routing connections over VPN tunnels so that mote VPN sites can participate in tworks For con...

Page 338: ...ect this option a certificate must have been installed Refer to rmation about tificate RSA SecurID Token Select this option to use an RSA SecurID token for VPN authentication orted in Remote Access ma...

Page 339: ...ormation on Automatic and Manual A Click this option to enable the NetDefend firewall to log on to the VPN site You must then fill in the Username and Password fields Automatic Login provides all the...

Page 340: ...Address dialog box appears If you selected Site to Site VPN the VPN Gateway 1 Complete the fields using the information in VPN Gateway Address Field page 335 s on 2 Click Next g box appears The VPN N...

Page 341: ...er to VPN Network Configuration Fields on page 320 4 Click Next If you chose Specify Configuration a second VPN Network Configuration dialog box appears Complete the fields using the information in VP...

Page 342: ...rs Complete the fields using the information in Route Based VPN Fields on 6 an Authent page 33 The d then click Next ication Method dialog box appears 5 Complete the fi Fields on page 337 6 Click Next...

Page 343: ...the Authentication dialog box appears If you sele Shared Sec If you chose Download Configuration the dialog box contains additional fields 1 Complete the fields using the information in VPN Authentic...

Page 344: ...s dialog box appears 2 To configure advanced security settings click Show Advanced Settings New fields appear 3 Complete the fields using the information in Security Methods Fields on page 337 and cli...

Page 345: ...eway check box This allows you to test the VPN connection Warning If you try to connect to the VPN site b leting the wizard all existing tunnels will be terminated Click If you selected Try to Connect...

Page 346: ...Enter e VPN site You m e 7 To keep the tunnel to the VPN site alive even if there is no network traffic between the NetDefend firewall and the VPN site select Keep this site alive Click Next a name f...

Page 347: ...firewall should The VPN Sites page reappears If you added a VPN site the new site appears in site the modifications are reflected in the Certificate Authentication Method ping in order to keep the tu...

Page 348: ...ication dialog box appears Complete the fields using the information in VPN Authentication Fields on page 337 and click Next The Security Methods dialog box appears 1 To configure advanced security se...

Page 349: ...fo 337 and click Next rmation in Security Methods Fields on page The Connect dialog box appears 3 To try to connect to the R the VPN Gateway check b emote Access VPN Server select the Try to Connect t...

Page 350: ...ialog box appears 4 Click Next If you selected Try to Con happen The Connecting screen appears The Contacting VPN Site scree The Site Nam 5 Enter a name for the VPN site You may choose any name 6 To k...

Page 351: ...p to three IP addresses which the NetDefend firewall should e tunnel to the VPN site alive The VPN Site Created screen appears 8 Click Finish The VPN Sites page reappears If you added a VPN site the n...

Page 352: ...our internal network without restriction T In able 67 Route Based VPN Fields this field Do this T Type a local IP address for this end of the VPN tunnel unnel Local IP Tunnel Remote IP Type the IP add...

Page 353: ...been installed Refer to Installing a Certificate on page 345 for more information about certificates and instructions on how to install a certificate Table 69 VPN Authentication Fields In this field D...

Page 354: ...ti he interval in minutes between IKE Phase 1 key negotiations This me but impacts heavily on e SA lifetime around its default value The default value is 1440 minutes one day Phase 2 for VPN traffic A...

Page 355: ...bled This is the default Enabling PFS will g and renew th PFS increases security but lowers performance It is recommended to D gr ellman group to use Automatic The NetDefend firewall automatically sel...

Page 356: ...The VPN site is deleted nabling Disabling a VPN Site E You can only connect to VPN sites that are enabled To enable disable a VPN site page appears with a list of VPN sites o he following 1 Click VPN...

Page 357: ...on and traffic is sent to the VPN site a VPN tunnel is established Only the computer from which you logged on can use the tunnel To sh ers your home network you must log on to the VPN site from those...

Page 358: ...a VPN site through the NetDefend Portal 1 Click VPN in the main menu and click the VPN Login tab The VPN Login page appears 2 From the Site Name list select the site to which you want to log on Note D...

Page 359: ...guration If when adding the VPN site you NetDefend firewall attempts to create a tunnel to the VPN site Once the NetDefend f Status box appears The Status field displays Connected The VPN Login Status...

Page 360: ...ration the NetDefend firewall downloads the network configuration If when adding the VPN site you specified a network configuration the NetDefend firewall attempts to create a tunnel to the VPN site T...

Page 361: ...provide verifiable information e c ished Name DN identifying information of the entity as well as the public key information about itself After two entities excha encrypting inform etween themselves...

Page 362: ...PKCS 12 file obtain one from your network security administrator porting a Certificate on page 350 Note To use unique certificate Do not use the same certificate for more than one g certificates auth...

Page 363: ...cate page appears 2 Click Install Certificate The NetDefend Certificate Wizard opens with the Certificate Wizard dialog box displayed 3 Click Generate a self signed security certificate for this gatew...

Page 364: ...rs 4 5 The NetDefend firewall generates the certificate This may take a few seconds Complete the fields using the information in the table below Click Next The Done dialog box appears displaying the c...

Page 365: ...ys the following information The gateway s certificate The gateway s name The gateway certificate s fingerprint The CA s certificate The name of the CA that issued the certificate in this case the Net...

Page 366: ...must renew the certificate when it expires Name be visible to remote users inspecting the certificate This field is filled in automatically with the gateway s MAC address If alid Until Use the drop d...

Page 367: ...browser from which to locate and select the file Th 5 The Import Certificate Passphrase dialog box appears This may take a few mo e filename that you selected is displayed Click Next ments 6 Type the...

Page 368: ...e gateway s certificate and the CA s certificate are valid Uninstalling a Certificate The CA s c The CA certificate s finge The starting a nding dates between w If you uninstall the certificate no cer...

Page 369: ...red for Automatic Login and Site to Site nnel is ver your computer attem munication with a computer at the VPN site The tunnel is closed when not in use for a period of time A tu com created whene pts...

Page 370: ...includes the information described in the table below 2 To refresh the table click Refresh Table 72 VPN Tunnels Page Fields This field Displays Type The currently active security protocol IPSEC Source...

Page 371: ...nd firewall supports AES 3DES and DES encryption Establish nel was established This information is presented in the format hh mm ss where ss seconds rity The type of encr Message Authentication Code M...

Page 372: ...t is recommended to do the following The NetDefend firewall stores traces for all recent IKE negotiations If you want to view only new IKE trace data clear all IKE trace data currently stored on the N...

Page 373: ...y This file contains lished VPN tunnels 7 Use the IKE View tool to open and view the elg file or send the file to technical support VPN Tunnels on page 353 2 Click Reports in the main menu and click t...

Page 374: ......

Page 375: ...ADIUS Authentication 368 Configuring the RA 372 Changing Your Password ribes how to manage NetDefend firewall users You can defi ir passwords and assign them various permissions Changing rd 359 Users...

Page 376: ...Internal Users page appears 2 your username click Edit rd opens displaying the Set User Details dialog box In the row of The Account Wiza 3 Edit the Password and Confirm password fields 360 D Link Net...

Page 377: ...g and Editing Users ick Finish This procedure explains how to add and edit users For information on quickly adding guest HotSpot users via a shortcut that the firewall provides see Adding Quick Guest...

Page 378: ...New User existing user click Edit next to the desire user Th unt Wizard opens d x To edit an e Acco isplaying the Set User Details dialog bo 3 Complete the fields using the information in Set User Det...

Page 379: ...6 Click Finish e user is saved T In this field Do this you are using 5 Complete the fields using the information in Set Use Th able 74 Set User Details Fields Usern Enter a username for the user ame P...

Page 380: ...on to the NetDefend Portal but liance page For example you could assign this administrator level to technical support personnel who need to view the Event Log The default level is No Access changed d...

Page 381: ...Users The NetDefend firewall provides a shortcut for quickly adding a guest HotSpot user This is useful in situations where you want to grant temporary network access to gue xample in an Int guest use...

Page 382: ...the Save Quick Guest dialog box create a guest user Users the main menu n The Internal Quick Guest Acco The 3 In the Expires field click on the arrows to specify the expiration date and time e user d...

Page 383: ...d users appears in red 2 To delete a use he desired user s row click the Erase icon onfirmation mess A c age appears OK ll expired users do the following ation message b Click OK The expired users are...

Page 384: ...Portal s RADIUS page However you can configure the RADIUS server to pass the NetDefend firewall a specific set of permissions to grant the authenticated user instead of these default permissions This...

Page 385: ...sion set for this To The page appears user use RADIUS authentication 1 Click Users in the main menu and click the RADIUS tab RADIUS 2 Complete the fields using the table below Apply 3 Click 4 To resto...

Page 386: ...efend firewall sends a request to the primary RADIUS server first If the primary RADIUS server does not respond after three attempts the NetDefend firewall will send the request to the secondary RADIU...

Page 387: ...ute is configured for a user the fields in this area will have no effect and the user will be granted the permissions specified in the VSA If the VSA is not configured for the user the permissions con...

Page 388: ...Specific Attribute For detailed instructions and examples refer to the Configuring the RADIUS Vendor Specific Attribute white paper To assign permissions to specific RADIUS authenticated users 1 Crea...

Page 389: ...String none The user cannot ac level of access to the NetDefend Portal NetDefend Portal but cannot m can log on to the NetDefend Portal and modi VPN n he user can remotely access the network via VPN...

Page 390: ...s the Internet via My HotSpot false The user HotSpot This permission is only relevant if the Secure HotSpot feature is enabled cannot access the Internet via My U hether e Web 4 String true The user c...

Page 391: ...V etDefend firewall This chapter includes the following topics Updating the Firmware 377 Registering Your NetDefend firewall 383 Configuring Syslog Logging 384 Configuring SSH Configuring SN Setting...

Page 392: ...ollowing information Tabl T xample e 78 Firmware Status Fields his field Displays For e WAN MAC Address The MAC address used for the Internet connection 00 80 11 22 33 44 Firmware Version The current...

Page 393: ...ormed If au rod ct features and protection against ne ler r the availability of Software Updates and other services For information on subscribing to services see Co ge 281 e Software Updates service...

Page 394: ...ate image file appears in the Browse text box 5 Click Upload Your NetDefend firewall firmware is updated Updating may take a few minutes during which time the PWR SEC LED may start flashing red or ora...

Page 395: ...u have today There is no need to replace your hardware You can also purchase node upgrades as needed u can upgrade your NetDefend fire Note To purchase the Power Pack or node upgrades contact your Net...

Page 396: ...pens with the Install Product Key dialog box displayed Enter a d 3 Click ent Product Key iffer Product Key field enter the new Product Key 4 In the 5 Click Next The Installe dialog box appears d New P...

Page 397: ...ialog box appears 7 Do one of the following To register your NetDefend firewall later on clear the I want to register my product check box and then click Next To register your NetDefend firewall now d...

Page 398: ...your contact information in the appropriate fields 3 To receive email notifications regarding new firmware versions ears The third Registration dialog box appears and services select the check box 4...

Page 399: ...or otherwise disclose any of your personal or contact details without your explicit permission To register your NetDefend firewall 1 Click Setup in the main menu and click the Firmware tab The Firmwa...

Page 400: ...tocol used for the communication attempt for example TCP or UDP This same information is also available in the Event Log page see Viewing the However while the Event Log can display hundreds of Furthe...

Page 401: ...yslog Serv Type the IP address of the computer that will run the Syslog service twork computers or click This Computer to allow your er one of your ne computer to host the service C Click to clear the...

Page 402: ...page 386 Using a console connected to the NetDefend firewall For information see Using the Serial Console on page 388 Using an SSH client See Configuring SSH on page 392 Using the NetDefend Portal mma...

Page 403: ...Controlling the Appliance via the Command Line The Tools page appears 2 Click Command The Command Line page appears 3 In the upper field type a command Chapter 14 Maintenance 387...

Page 404: ...ole to the NetDefend firewall and use the consol ntrol the appliance via the command lin Yo e to co e Note Your terminal emulation software must be set to 57600 bps N 8 1 To For information on locatin...

Page 405: ...ts page appears 3 In the RS232 drop down list select Console 4 Click Apply You can now control the NetDefend firewall from the serial console For information on all supported commands refer to the Net...

Page 406: ...and click the Management tab The Management page appears 2 Specify from where HTTPS access to the NetDefend Portal should be granted See Access Options on page 391 for information Warning If remote HT...

Page 407: ...desired IP address range in the fields provided 4 Click Apply now access the NetDefend Portal through the Internet using the procedure S o The HTTPS configuration is saved If you configured remote HT...

Page 408: ...all users can control the unit via the command line using the SSH Secure Shell management protocol You can enable users to do so via the Internet by configuring remote SSH access You can also integrat...

Page 409: ...ficult to guess If you selected IP Address Range additional fields appear 3 If you selected IP Address Range enter the desired IP address range in the fields provided 4 Click Apply The SSH configurati...

Page 410: ...MP access The NetDefend firewall supports the following SNMP MIBs SNMPv2 MIB RFC1213 MIB IF MIB IP MIB All SNMP access is read only To configure SNMP 1 Click Setup in the main menu and click the Manag...

Page 411: ...in the fields ed 4 In the Community field type the name of the SNMP community string SNMP clients uses the SNMP community string as a password when connecting to the NetDefend firewall The default va...

Page 412: ...Configure the SNMP clients w Table 81 Advanc MP Settings System Location Ty e a description of the appliance s location Th e visible to SN seful for admi oses p is information will b MP clients and i...

Page 413: ...e time displayed in the NetDefend Portal during initial appliance setup If desired you can change the date and time using the procedure below To set the time 1 Click Setup in the main menu and click t...

Page 414: ...ime Wizard Fields on page 400 4 The following things happen in the order below If you selected Specify date and time the Specify Date and Time dialog rs Click Next box appea Set the date time and time...

Page 415: ...selected Use a Time Server the Time Servers dialog box appears Complete the fields using the information in Time Servers Fields on page 0 then click Next The Date and Time Updated screen appears 40 5...

Page 416: ...ed to the right of this option Use a Time Server Synchronize the applianc Time Protocol NTP server Specify date and time Set the appliance to a specific date and time nce s time e time with a Network...

Page 417: ...IP Tools on page 402 T Display a list of all routers used to Using IP Tools on page 402 W a specific IP address or DNS name is registered This P raceroute connect from the NetDefend firewall to a spe...

Page 418: ...Go If you selected Ping the following things happen The NetDefend firewall sends packets to the specified the IP address or DNS name The IP Tools window opens and displays the percentage of packet lo...

Page 419: ...outers used to make the If you selected WHOIS the following thi The NetDefend firewall queries the Inte tit or DNS tact info ngs happen rnet WHOIS server y to which the IP address rmation A window dis...

Page 420: ...alyze the file or you can al runs on mputing platforms and w etherea click the e appears 2 Click Sniffer The Packet Sniffer window opens niffer tool which enables you etDefend port This is useful tr c...

Page 421: ...ng on the ackets 5 Click Stop to stop collecting packets box appears The Save As dialog box appears 7 Browse to a destination directory of your choice 8 Type a name for the configuration file and clic...

Page 422: ...marks ter string way Select this option to capture incom gateway only If this option is not selected Pack traffic on the interface lter String Type the filter string t packets that m ring the captured...

Page 423: ...age 413 udp on page 414 For detailed information on filter syntax refer to http www tcpdump org and ate filter ts ter string elem element element ilter String Syntax The following represents a li and...

Page 424: ...TERS IP Address or String The computer to which the packet is his can be the following address host name at a dst PURPOSE The dst element captures all packets SYNTAX dst destination P destination sent...

Page 425: ...g filter string saves packets th dst port 80 to capture packets of a specific ether protocol YNTAX er proto protocol ng The protocol type of the packet wing ip ip6 arp rarp lk aarp dec net sca lat mop...

Page 426: ...is sent This can be the following An IP address A host name EXAMPLE The following filter string saves all packets that either originated from IP address 192 168 10 1 or are destined for that same IP a...

Page 427: ...0 1 or IP address 192 168 10 10 src 192 168 10 1 or src 192 168 10 10 or UR Th or must match at least on ing elements The filtered packets ents SYNTAX element or element or elem element element elem P...

Page 428: ...ring T which the packet is sent This can be th An IP address A host name llowing filter string saves packets that or address 192 168 10 1 src 192 168 10 1 rc URPOSE The src element captures all pack e...

Page 429: ...OSE he tcp element cap is element ca ted elements ip proto tc Note When not prepended to other elemen uivalent of p ent P nt String A port re string element that should be restricted to saving followi...

Page 430: ...other elements udp element ERS nt String A port re t should be restricted to sav DP packets This can be the following dst port C for a specific po port Captures al s originating from or destined t src...

Page 431: ...lanation of the CLI script f supported CLI nds see the NetDefend CLI Reference G Exporting the NetDefend firewall Configuration g file and use this ll your settings The file If desired you can edit th...

Page 432: ...der to restore your NetDefend firewall s co m a configuration file you m T d firewall configuration 1 Click Setup in the main menu and click t s tab s page appears t page appears nfiguration fro ust i...

Page 433: ...ation file 4 Click Upload A confirmatio OK The NetDefend firewall settings are imported The Import of implementing each configuration command uration file s c abl Note If the appliance s IP add your...

Page 434: ...tion erases all your settings You will new password and reconfigure yo Internet or information on performing these tasks see Setting Up the Y etDefend firewall to default ment i r by manually pressing...

Page 435: ...version that shipped with the appliance select the check box 4 Click OK The Please Wait screen appears The NetDefend firewall returns to its factory defaults The NetDefend firewall is restarted the PW...

Page 436: ...the NetDefend firewall to boot up until the system is ready PWR SEC LED flashes slowly or illuminates steadily in green light For information on the appliance s front and rear panels see the relevant...

Page 437: ...lick the Tools tab The Tools page appears 2 Click Diagnostics Technical information about your NetDefend firewall appears in a new window 3 To save the displayed information to an html file a Click Sa...

Page 438: ...rebooting it may solve the problem To reboot the NetDefend firewall 1 Click Setup in the main menu and click the Firmware tab The Firmware page appears 2 Click Restart A confirmation message appears...

Page 439: ...d printers to the appliance and share them across the network Note When using computers with a Windows 2000 XP operating system the NetDefend firewall supports connecting up to four USB based printers...

Page 440: ...lationT on page 35 2 Turn the printer on 3 In the NetDefend Portal click Setup in the main menu and click the Printers tab The Printers page appears If the NetDefend firewall detected the printer the...

Page 441: ...the replacement printer s port number to the old printer s port number and you can skip the next step 7 Configure each computer from which you want to enable printing to the network printer See TConf...

Page 442: ...trol Panel window opens 3 Click Printers and Faxes The Printers and Faxes window opens 4 Right click in the window and click Add Printer in the popup menu The Add Printer Wizard opens with the Welcome...

Page 443: ...ally detect and install my Plug and Play printer check box 7 Click Next The Select a Printer Port dialog box appears 8 Click Create a new port 9 In the Type of port drop down list select Standard TCP...

Page 444: ...ield type the NetDefend firewall s LAN IP address or my firewall You can find the LAN IP address in the NetDefend Portal under Network My Network The Port Name field is filled in automatically 13 Clic...

Page 445: ...og box opens 16 In the Port Number field type the printer s port number as shown in the Printers page 17 In the Protocol area make sure that Raw is selected 18 Click OK The Add Standard TCP IP Printer...

Page 446: ...del If your printer does not appear in the lists insert the CD that came with your printer in the computer s CD ROM drive and click Have Disk 22 Click Next 23 Complete the remaining dialog boxes in th...

Page 447: ...the latest version of the MAC OS X operating system Note This procedure may not apply to earlier MAC OS X versions To configure a computer to use a network printer 1 If the computer for which you want...

Page 448: ...nters 432 D Link NetDefend firewall User Guide The System Preferences window appears 3 Click Show All to display all categories 4 In the Hardware area click Print Fax The Print Fax window appears 5 In...

Page 449: ...ct IP Printing 8 In the Printer Type drop down list select Socket HP Jet Direct 9 In the Printer Address field type the NetDefend firewall s LAN IP address or my firewall You can find the LAN IP addre...

Page 450: ...11 In the Printer Model list select the desired printer type A list of models appears 12 In the Model Name list select the desired model 13 Click Add The new printer appears in the Printer List windo...

Page 451: ...inter is processing a print job Restarting The printer server is restarting Fail An error occurred See the Event Log for details TViewing the Event LogT on page 187 2 To refresh the display click Refr...

Page 452: ...enu and click the Printers tab The Printers page appears 2 In the printer s Printer Server TCP Port field type the desired port number 3 Click Apply Resetting Network Printers You can cause a network...

Page 453: ...roblems you may encounter while using the NetDefend firewall Note For information on troubleshooting wireless connectivity see TTroubleshooting Wireless ConnectivityT on page 183 This chapter includes...

Page 454: ...to http my firewall and see whether Connected appears on the Status Bar Make sure that your NetDefend firewall network settings are configured as per your ISP directions Check your TCP IP configurati...

Page 455: ...ernet adapter MAC address onto the NetDefend firewall For instructions see TConfiguring the Internet ConnectionT on page 53 Some cable ISPs require using a hostname for the connection Try reconfigurin...

Page 456: ...Ethernet card There may be an IP address conflict in your network Check that the TCP IP settings of all your computers are configured to obtain an IP address automatically I changed the network settin...

Page 457: ...256 TCP 264 ESP IP protocol 50 TCP 981 I cannot receive audio or video calls through the NetDefend firewall What should I do To enable audio video you must configure an IP Telephony H 323 virtual ser...

Page 458: ...ess that exceeds the licensed node limit the Active Computers page displays a warning message and marks nodes over the node limit in red These nodes will not be able to access the Internet through the...

Page 459: ...tion see TSetting the Time on the ApplianceT on page 397 I cannot use a certain network application What should I do Look at the Event Log page If it lists blocked attacks do the following Set the Net...

Page 460: ......

Page 461: ...echnical Specifications Table 86 NetDefend Appliance Attributes Attribute DFL CP310 DFL CPG310 General Dimensions width x height x depth 20 x 3 1 x 15 5 cm 7 9 x 1 2 x 6 1 inches 20 x 3 1 x 15 5 cm 7...

Page 462: ...m 11 4 x 9 8 x 3 inches 29 x 25 x 7 6 cm 11 4 x 9 8 x 3 inches Retail box weight 1 35 kg 3 lbs 1 35 kg 3 lbs Environmental Conditions Temperature Storage Transport 5 C to 70 C 5 C to 70 C Temperature...

Page 463: ...pecifications 447 Attribute DFL CP310 DFL CPG310 Quality ISO9001 2000 TL9000 HW R3 0 ISO14001 Ohsas18001 1999 ISO9001 2000 TL9000 HW R3 0 ISO14001 Ohsas18001 1999 Mean Time Between Failures MTBF 68 00...

Page 464: ...e Table 87 NetDefend Wireless Attributes Attribute DFL CPG310 series Operation Frequency 2 412 2 484 MHz Transmission Power 79 4 mW Modulation OFDM DSSS 64QAM 16QAM QPSK BPSK CCK DQPSK DBPSK WPA Authe...

Page 465: ...73 23 EEC Low Voltage Directive LVD Directive 99 05 EEC Radio Equipment and Telecommunications Terminal Equipment Directive In accordance with the following standards Table 88 NetDefend Appliance Sta...

Page 466: ...1993 EN 61000 4 10 1993 EN 61000 4 11 1994 EN 61000 4 12 1995 Safety EN 60950 2000 IEC 60950 1999 EN 60950 2000 IEC 60950 1999 The CE mark is affixed to this product to demonstrate conformance to the...

Page 467: ...or modifications to this product not explicitly approved by the manufacturer could void the user s authority to operate the equipment and any assurances of Safety or Performance and could result in vi...

Page 468: ......

Page 469: ...computer to the Internet via the cable television network Cable modems offer a high speed always on connection Certificate Authority The Certificate Authority CA issues certificates to entities such a...

Page 470: ...ewall DNS The Domain Name System DNS refers to the Internet domain names or easy to remember handles that are translated into IP addresses An example of a Domain Name is www sofaware com Domain Name S...

Page 471: ...t number that identifies each computer sending or receiving data packets across the Internet When you request an HTML page or send e mail the Internet Protocol part of TCP IP includes your IP address...

Page 472: ...ement unit for the rate of data transmission MTU The Maximum Transmission Unit MTU is a parameter that determines the largest datagram than can be transmitted by an IP interface without it needing to...

Page 473: ...ple computer users on an Ethernet local area network to a remote site or ISP through common customer premises equipment e g modem PPTP The Point to Point Tunneling Protocol PPTP allows extending a loc...

Page 474: ...ting through the Internet For example when an HTML file is sent to you from a Web server the Transmission Control Protocol TCP program layer in that server divides the file into one or more packets nu...

Page 475: ...urce depends on the Internet application protocol On the Web which uses the Hypertext Transfer Protocol an example of a URL is http www sofaware com V VPN A virtual private network VPN is a private da...

Page 476: ......

Page 477: ...Overflow 247 Block rules explained 213 Blocked FTP Commands 248 C CA explained 345 453 cable modem connection 58 67 explained 453 cable type 35 certificate explained 345 generating self signed 346 im...

Page 478: ...454 F File and Print Sharing 249 firewall levels 204 rule types 211 setting security level 204 firmware explained 375 454 updating manually 377 viewing status 375 FTP Bounce 245 G gateways backup 119...

Page 479: ...105 explained 455 hiding 107 IP Fragments 232 IPSEC VPN mode 455 ISP explained 456 L LAN cable 35 configuring High Availability for 119 connection 54 56 65 explained 456 ports 35 LAND 226 licenses 19...

Page 480: ...eMode about 110 configuring 110 P packet 87 139 401 455 457 Packet Sanity 229 Packet Sniffer filter string syntax 407 using 404 Pass rules explained 268 password changing 359 setting up 39 Peer to Pee...

Page 481: ...3 305 explained 297 Remote Access VPN sites 311 reports active computers 194 active connections 197 event log 187 node limit 194 traffic 191 viewing 187 wireless statistics 198 routers 90 119 401 438...

Page 482: ...connecting to 281 disconnecting from 289 refreshing a connection to 288 services software updates 294 Web Filtering 290 Setup Wizard 39 54 Site to Site VPN gateways 308 explained 297 installing a cer...

Page 483: ...setting up for Windows XP 2000 16 Teardrop 224 technical support 14 Telstra 73 Traceroute 401 Traffic Monitor configuring 193 exporting reports 194 using 191 viewing reports 191 traffic reports export...

Page 484: ...creation and closing of 353 establishing 341 explained 297 459 viewing 353 VStream Antivirus about 263 configuring 267 configuring advanced settings 275 configuring policy 267 enabling disabling 265 r...

Page 485: ...dex 469 wireless stations preparing 182 viewing 198 WLAN configuring 161 defined 459 preparing stations for 182 troubleshooting connectivity 183 viewing statistics for 198 WPA 161 163 WPA2 163 WPA PSK...

Reviews:

No comments

Related manuals for NetDefend DFL-CP310

D-Link NetDefend DFL-260E Log Reference Manual preview
NetDefend DFL-260E
Brand: D-Link Pages: 652
D-Link NetDefend DFL-260E Datasheet preview
NetDefend DFL-260E
Brand: D-Link Pages: 6
D-Link DFL-500 Quick Install Manual preview
DFL-500
Brand: D-Link Pages: 8
D-Link DFL-800 - Security Appliance Quick Manual preview
DFL-800 - Security Appliance
Brand: D-Link Pages: 20
D-Link DFL-300 - Security Appliance Quick Install Manual preview
DFL-300 - Security Appliance
Brand: D-Link Pages: 12
D-Link DFL-1600 - Security Appliance Quick Manual preview
DFL-1600 - Security Appliance
Brand: D-Link Pages: 22
D-Link NetDefend SOHO DFL-160 User Manual preview
NetDefend SOHO DFL-160
Brand: D-Link Pages: 130
D-Link DFL-700 - Security Appliance Manual preview
DFL-700 - Security Appliance
Brand: D-Link Pages: 141
D-Link NetDefend DFL-260E Manual preview
NetDefend DFL-260E
Brand: D-Link Pages: 198
D-Link DFL-210 - NetDefend - Security Appliance Cli Reference Manual preview
DFL-210 - NetDefend - Security Appliance
Brand: D-Link Pages: 213
D-Link DFL-210 - NetDefend - Security Appliance User Manual preview
DFL-210 - NetDefend - Security Appliance
Brand: D-Link Pages: 469
D-Link DFL-1000 Quick Install Manual preview
DFL-1000
Brand: D-Link Pages: 6
Barracuda F100 Quick Start Manual preview
F100
Brand: Barracuda Pages: 4
3Com 3C16792 - OfficeConnect Dual Speed Switch 16 Datasheet preview
3C16792 - OfficeConnect Dual Speed Switch 16
Brand: 3Com Pages: 2
3Com 3C16772 - OfficeConnect Web Site Filter Datasheet preview
3C16772 - OfficeConnect Web Site Filter
Brand: 3Com Pages: 4
Abocom BM200 Specification Sheet preview
BM200
Brand: Abocom Pages: 3
Watchguard SOHO Quick Start Manual preview
SOHO
Brand: Watchguard Pages: 2
H3C H3C SecPath F1800-A Installation Manual preview
H3C SecPath F1800-A
Brand: H3C Pages: 13

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Load more brands