12.3. ZoneDefense Operation
12.3.1. SNMP
Simple Network Management Protocol (SNMP) is an application layer protocol for complex
network management. SNMP allows the managers and managed devices in a network to
communicate with each other.
SNMP Managers
A typical managing device, such as a D-Link Firewall, uses the SNMP protocol to monitor and
control network devices in the managed environment. The manager can query stored statistics from
the controlled devices by using the SNMP Community String. This is similar to a userid or password
which allows access to the device's state information. If the community string type is write, the
manager will be allowed to modify the device's state.
Managed devices
The managed devices must be SNMP compliant, as are D-Link switches. They store state data in
databases known as the Management Information Base (MIB) and provide the information to the
manager upon receiving an SNMP query.
12.3.2. Threshold Rules
A threshold rule will trigger ZoneDefense to block out a specific host or a network if the connection
limit specified in the rule is exceeded. The limit can be one of two types:
•
Connection Rate Limit - This can be triggered if the rate of new connections per second to the
firewall exceeds a specified threshold.
•
Total Connections Limit - This can be triggered if the total number of connections to the
firewall exceeds a specified threshold.
Threshold rules have parameters which are similar to those for IP Rules. These parameters specify
what type of traffic a threshold rule applies to.
A single threshold rule has the parameters:
•
Source interface and source network
•
Destination interface and destination network
•
Service
•
Type of threshold: Host and/or network based
Traffic that matches the above criteria and causes the host/network threshold to be exceeded will
trigger the ZoneDefense feature. This will prevent the host/networks from accessing the switch(es).
All blocking in response to threshold violations will be based on the IP address of the host or
network on the switch(es). When a network-based threshold has been exceeded, the source network
will be blocked out instead of just the offending host.
For a general description of how Threshold Rules are specified and function, please see
Section 10.3, “Threshold Rules”.
12.3.3. Manual Blocking and Exclude Lists
12.3. ZoneDefense Operation
Chapter 12. ZoneDefense
422
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...