7.3.7. SAT and FwdFast Rules .............................................................. 298
8. User Authentication ........................................................................................ 302
8.1. Overview ............................................................................................ 302
8.2. Authentication Setup ............................................................................. 304
8.2.1. Setup Summary ......................................................................... 304
8.2.2. The Local Database .................................................................... 304
8.2.3. External RADIUS Servers ........................................................... 304
8.2.4. External LDAP Servers ............................................................... 305
8.2.5. Authentication Rules .................................................................. 309
8.2.6. Authentication Processing ........................................................... 310
8.2.7. HTTP Authentication ................................................................. 311
8.3. Customizing HTML Pages ..................................................................... 315
9. VPN ............................................................................................................. 319
9.1. Overview ............................................................................................ 319
9.1.1. VPN Usage ............................................................................... 319
9.1.2. VPN Encryption ........................................................................ 320
9.1.3. VPN Planning ........................................................................... 320
9.1.4. Key Distribution ........................................................................ 321
9.1.5. The TLS Alternative for VPN ...................................................... 321
9.2. VPN Quick Start .................................................................................. 323
9.2.1. IPsec LAN to LAN with Pre-shared Keys ....................................... 323
9.2.2. IPsec LAN to LAN with Certificates ............................................. 324
9.2.3. IPsec Roaming Clients with Pre-shared Keys .................................. 325
9.2.4. IPsec Roaming Clients with Certificates ......................................... 327
9.2.5. L2TP Roaming Clients with Pre-Shared Keys ................................. 328
9.2.6. L2TP Roaming Clients with Certificates ........................................ 329
9.2.7. PPTP Roaming Clients ............................................................... 330
9.3. IPsec Components ................................................................................ 332
9.3.1. Overview ................................................................................. 332
9.3.2. Internet Key Exchange (IKE) ....................................................... 332
9.3.3. IKE Authentication .................................................................... 338
9.3.4. IPsec Protocols (ESP/AH) ........................................................... 339
9.3.5. NAT Traversal .......................................................................... 340
9.3.6. Algorithm Proposal Lists ............................................................. 341
9.3.7. Pre-shared Keys ........................................................................ 342
9.3.8. Identification Lists ..................................................................... 344
9.4. IPsec Tunnels ...................................................................................... 346
9.4.1. Overview ................................................................................. 346
9.4.2. LAN to LAN Tunnels with Pre-shared Keys ................................... 346
9.4.3. Roaming Clients ........................................................................ 347
9.4.4. Fetching CRLs from an alternate LDAP server ................................ 352
9.4.5. Troubleshooting with ikesnoop ..................................................... 352
9.4.6. IPsec Advanced Settings ............................................................. 360
9.5. PPTP/L2TP ......................................................................................... 363
9.5.1. PPTP Servers ............................................................................ 363
9.5.2. L2TP Servers ............................................................................ 364
9.5.3. L2TP/PPTP Server advanced settings ............................................ 368
9.5.4. PPTP/L2TP Clients .................................................................... 369
9.6. CA Server Access ................................................................................ 371
9.7. VPN Troubleshooting ........................................................................... 374
10. Traffic Management ...................................................................................... 378
10.1. Traffic Shaping .................................................................................. 378
10.1.1. Introduction ............................................................................ 378
10.1.2. Traffic Shaping in NetDefendOS ................................................. 379
10.1.3. Simple Bandwidth Limiting ....................................................... 381
10.1.4. Limiting Bandwidth in Both Directions ........................................ 382
10.1.5. Creating Differentiated Limits with Chains ................................... 383
10.1.6. Precedences ............................................................................ 383
10.1.7. Guarantees .............................................................................. 385
10.1.8. Differentiated Guarantees .......................................................... 386
10.1.9. Groups ................................................................................... 387
10.1.10. Recommendations .................................................................. 388
10.1.11. A Summary of Traffic Shaping ................................................. 389
User Manual
7
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...