3.5. The IP Rule Set
3.5.1. Security Policies
Common Policy Characteristics
NetDefendOS Security Policies designed by the administrator, regulate the way in which traffic can
flow through the D-Link Firewall. Policies in NetDefendOS are defined by different NetDefendOS
rule sets. These rule sets share a common means of specifying filtering criteria which determine the
type of traffic to which they will apply. This set of criteria consists of:
Source Interface
An Interface or Interface Group where the packet is received at
the D-Link Firewall. This can also be a VPN tunnel.
Source Network
The network that contains the source IP address of the packet.
This might be a NetDefendOS IP object which could define a
single IP address or range of addresses.
Destination Interface
An Interface or an Interface Group from which the packet
would leave the D-Link Firewall. This can also be a VPN tunnel.
Destination Network
The network to which the destination IP address of the packet
belongs. This might be a NetDefendOS IP object which could
define a single IP address or range of addresses.
Service
The protocol type to which the packet belongs. Service objects
define a protocol/port type. Examples might be HTTP or ICMP.
Custom services can also be defined. See Section 3.2, “Services”
for more information on this topic.
The NetDefendOS Security Policy Rulesets
The principle NetDefendOS rule sets that define NetDefendOS security policies, and which use the
same filtering parameters described above (networks/interfaces/service), include:
•
IP Rules
These determine which traffic is permitted to pass through the D-Link Firewall as well as
determining if the traffic is subject to address translation. They are described below.
•
Pipe Rules
These determine which traffic triggers traffic shaping to take place and are described in
Section 10.1, “Traffic Shaping”.
•
Policy-based Routing Rules
These determine the routing table ro be used by traffic and are described in Section 4.3,
“Policy-based Routing”.
•
Authentication Rules
These determine which traffic triggers authentication to take place (source net/interface only)
and are described in Chapter 8, User Authentication.
Specifying Any Interface or Network
3.5. The IP Rule Set
Chapter 3. Fundamentals
101
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...