D-Link CP310 - DFL - Security Appliance Скачать руководство пользователя | Manualshive

Страница: 263 / 485

background image

Using SmartDefense

Table 50: Block Known Ports Fields

In this field… Do this…

Action

Specify what action to take when the FTP server attempts to connect to a

well-known port, by selecting one of the following:

•

Block.

Block the connection.

•

None.

No action. This is the default.

Block Port Overflow

FTP clients send PORT commands when connecting to the FTP sever. A PORT

f numbers between 0 and 255, separated by

To enforce compliance to the FTP standard and prevent potential attacks against
the FTP server, you can block PORT commands that contain a number greater than
255.

command consists of a series o
commas.

Chapter 9: Setting Your Security Policy

247

«
...
261
262
263
264
265
...
»

Содержание CP310 - DFL - Security Appliance

Страница 1: ...D Link NetDefend firewall Security VPN Firewall NetDefend secured by Check Point User Guide Version 1 0 Revised 01 17 2006 ...

Страница 2: ...the software and 2 offer you this license which gives you legal permission to copy distribute and or modify the software Also for each author s protection and ours we want to make certain that everyone understands that there is no warranty for this free software If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that ...

Страница 3: ...valent access to copy the source code from the same place counts as distribution of the source code even though third parties are not compelled to copy the source along with the object code 4 You may not copy modify sublicense or distribute the Program except as expressly provided under this License Any attempt otherwise to copy modify sublicense or distribute the Program is void and will automati...

Страница 4: ...ETY PRECAUTIONS Carefully read the Safety Instructions the Installation and Operating Procedures provided in this User s Guide before attempting to install or operate the appliance Failure to follow these instructions may result in damage to equipment and or personal injuries Before cleaning the appliance unplug the power cord Use only a soft cloth dampened with water for cleaning When installing ...

Страница 5: ...al Security Services 5 Power Pack Features 5 Package Contents 6 Network Requirements 7 Getting to Know Your NetDefend firewall 8 Rear Panel 8 Front Panel 10 Getting to Know Your NetDefend firewall 11 Rear Panel 11 Front Panel 13 Contacting Technical Support 14 Installing and Setting up the NetDefend firewall 15 Before You Install the NetDefend firewall 15 Windows 2000 XP 16 Windows 98 Millennium 2...

Страница 6: ...etDefend Portal 46 Main Menu 47 Main Frame 48 Status Bar 48 Logging off 51 Configuring the Internet Connection 53 Overview 53 Using the Internet Wizard 54 Using a Direct LAN Connection 56 Using a Cable Modem Connection 58 Using a PPTP or PPPoE Dialer Connection 59 Using PPPoE 60 Using PPTP 61 Using Internet Setup 63 Using a LAN Connection 65 Using a Cable Modem Connection 67 Using a PPPoE Connecti...

Страница 7: ...etwork 93 Configuring Network Settings 93 Configuring a DHCP Server 94 Changing IP Addresses 105 Enabling Disabling Hide NAT 107 Configuring a DMZ Network 108 Configuring the OfficeMode Network 110 Configuring VLANs 111 Configuring High Availability 119 Configuring High Availability on a Gateway 122 Sample Implementation on Two Gateways 126 Adding and Editing Network Objects 130 Viewing and Deleti...

Страница 8: ...k 161 Overview 161 About the Wireless Hardware in Your NetDefend firewall 162 Wireless Security Protocols 163 Manually Configuring a WLAN 165 Using the Wireless Configuration Wizard 176 WPA PSK 178 WEP 180 No Security 181 Preparing the Wireless Stations 182 Troubleshooting Wireless Connectivity 183 Viewing Reports 187 Viewing the Event Log 187 Using the Traffic Monitor 191 Viewing Traffic Reports ...

Страница 9: ...Deleting Rules 219 Using SmartDefense 220 Configuring SmartDefense 221 SmartDefense Categories 224 Using Secure HotSpot 256 Setting Up Secure HotSpot 257 Enabling Disabling Secure HotSpot 258 Customizing Secure HotSpot 259 Defining an Exposed Host 261 Using VStream Antivirus 263 Overview 263 Enabling Disabling VStream Antivirus 265 Viewing VStream Signature Database Information 266 Configuring VSt...

Страница 10: ...utomatic and Manual Updates 294 Checking for Software Updates when Remotely Managed 294 Checking for Software Updates when Locally Managed 295 Working With VPNs 297 Overview 297 Site to Site VPNs 298 Remote Access VPNs 301 Internal VPN Server 302 Setting Up Your NetDefend firewall as a VPN Server 303 Configuring the Remote Access VPN Server 305 Configuring the Internal VPN Server 306 Installing Se...

Страница 11: ...E Traces for VPN Connections 356 Managing Users 359 Changing Your Password 359 Adding and Editing Users 361 Adding Quick Guest HotSpot Users 365 Viewing and Deleting Users 367 Setting Up Remote VPN Access for Users 367 Using RADIUS Authentication 368 Configuring the RADIUS Vendor Specific Attribute 372 Maintenance 375 Viewing Firmware Status 375 Updating the Firmware 377 Upgrading Your Software Pr...

Страница 12: ...tion 415 Importing the NetDefend firewall Configuration 416 Resetting the NetDefend firewall to Defaults 418 Running Diagnostics 421 Rebooting the NetDefend firewall 422 Using Network Printers 423 Overview 423 Setting Up Network Printers 424 Configuring Computers to Use Network Printers 425 Windows 2000 XP 425 MAC OS X 431 Viewing Network Printers 435 Changing Network Printer Ports 435 Resetting N...

Страница 13: ... Problems 443 Specifications 445 Technical Specifications 445 CE Declaration of Conformity 449 Federal Communications Commission Radio Frequency Interference Statement 451 Glossary of Terms 453 Index 461 Contents ix ...

Страница 14: ......

Страница 15: ...xt and preceded by the Note icon Each task is marked with an ic Warning Warnings are denoted by indented text and preceded by the Warning icon on indicating the NetDefend product required to perform the task as follows If this icon appears You can perform the task using these products DFL CP310 or DFL CPG310 with or without the Power Pack DFL CPG310 only with or without the Power Pack DFL CP310 or...

Страница 16: ......

Страница 17: ...ernet the NetDefend Secured by Check Point Product Family includes both wired and wireless models The D Link firewall based on the world leading Check Point Embedded NGX Stateful Inspection technology inspects and filters all incoming and outgoing traffic blocking all unauthorized traffic The NetDefend firewall also allows sharing your Internet connection among several PCs or other network devices...

Страница 18: ...nsed users by installing node upgrades Contact your reseller for more details NetDefend Features and Compatibility Connectivity The NetDefend series includes the following features LAN ports 4 ports 10 100 Mbps Fast Ethernet switch WAN port 10 100 Mbps Fast Ethernet DMZ WAN2 Port 10 100 Mbps Fast Ethernet Serial RS232 port for console access and dialup modem connection Supported Internet connectio...

Страница 19: ...dditional features Wireless LAN interface with dual diversity antennas supporting up to 108 Mbps Super G and Extended Range XR Integrated USB print server Wireless QoS WMM Firewall The NetDefend series includes the following features Check Point Firewall 1 Embedded NGX firewall with Application Intelligence Intrusion Detection and Prevention using Check Point SmartDefense Network Address Translati...

Страница 20: ... SHA1 MD5 Hardware Based Secure RNG Random Number Generator IPSec NAT traversal NAT T Route based VPN Backup VPN gateways Management The NetDefend series includes the following features Management via HTTP HTTPS SSH SNMP Serial CLI Central Management SMP NTP automatic time setting TFTP Rapid Deployment Local diagnostics tools Ping WHOIS Packet Sniffer VPN Tunnel Monitor Connection Table Monitor Wi...

Страница 21: ...ction VStream Embedded Antivirus Updates VPN Management Security Reporting Vulnerability Scanning Service Power Pack Features The table below describes the differences between the standard DFL CP310 and DFL CPG310 with the Power Pack installed Feature DFL CP310 CPG310 DFL CP310 CPG310 with Power Pack High Availability Traffic Shaper Basic Advanced DiffServ Tagging Dynamic Routing Firewall VPN Thro...

Страница 22: ...o Site VPN Managed 10 tunnels 100 tunnels Included VPN 1 SecuRemote client Licenses 5 users 25 users When managed by SofaWare Security Management Portal SMP Package Contents The NetDefend series package includes the following D Link NetDefend firewall VPN Firewall Power adapter CAT5 Straight through Ethernet cable Getting Started Guide This User Guide 6 D Link NetDefend firewall User Guide ...

Страница 23: ...lorer 5 0 or higher or Netscape Navigator 4 7 and higher CAT 5 STP Category 5 Shielded Twisted Pair Straight Through Ethernet cable for each attached device Note The NetDefend firewall automatically detects cable types so you can use either a straight through or crossed cable when cascading an additional hub or switch to the NetDefend firewall Note For optimal results it is highly recommended to u...

Страница 24: ... your NetDefend firewall Figure 1 NetDefend firewall Rear Panel Items Figure 2 NetDefend firewall Rear Panel Items The following table lists the NetDefend firewall s rear panel elements Table 1 NetDefend firewall Rear Panel Elements Label Description PWR A power jack used for supplying power to the unit Connect the supplied power adapter to this jack 8 D Link NetDefend firewall User Guide ...

Страница 25: ...l have to re configure your NetDefend firewall Do not reset the unit without consulting your system administrator RS 232 Serial A serial port used for connecting computers in order to access the NetDefend CLI Command Line Interface or for connecting an external dialup modem WAN Wide Area Network An Ethernet port RJ 45 used for connecting your cable or xDSL modem or for connecting a hub when settin...

Страница 26: ...tatus LEDs see the table below Table 2 NetDefend firewall Status LEDs LED State Explanation PWR SEC Off Power off Flashing quickly Green System boot up Flashing slowly Green Establishing Internet connection On Green Normal operation Flashing Red Hacker attack blocked On Red Error LAN 1 4 WAN DMZ WAN2 LINK ACT Off 100 Off Link is down LINK ACT On 100 Off 10 Mbps link established for the correspondi...

Страница 27: ...Your NetDefend firewall R to the NetDefend firewall are made via the rear panel of your NetDefend firewall ear Panel All physical connections network and power Figure 4 NetDefend firewall Rear Panel Items The following table lists the NetDefend firewall appliance s rear panel elements Table 3 NetDefend firewall Rear Panel Elements Label Description PWR r supplying power to the unit Connect the sup...

Страница 28: ...consulting your system administrator USB Two USB 2 0 ports used for connecting USB based printers RS232 A serial RS 232 port used for connecting computers in order to access the NetDefend CLI Command Line Interface or for connecting an external dialup modem WAN Wide Area Network An Ethernet port RJ 45 used for connecting your cable or xDSL modem or for connecting a hub when setting up more than on...

Страница 29: ... LEDs see the table below Table 4 NetDefend firewall Status LEDs LED State Explanation PWR SEC Off Power off Flashing quickly Green System boot up Flashing slowly Green Establishing Internet connection On Green Normal operation Flashing Red Hacker attack blocked On Red Error Flashing Orange Software update in progress LAN 1 4 WAN DMZ WAN2 LINK ACT Off 100 Off Link is down LINK ACT On 100 Off 10 Mb...

Страница 30: ...received VPN Flashing Green VPN port in use Serial Flashing Green Serial port in use USB Flashing Green USB port in use WLAN Flashing Green WLAN in use Contacting Technical Support If there is a problem with your NetDefend firewall see http support dlink com You can also download the latest version of this guide from the site 14 D Link NetDefend firewall User Guide ...

Страница 31: ...ation 35 Setting Up the NetDefend firewall 36 Before You Install the NetDefend firewall Prior to connecting and setting up your NetDefend firewall for operation you must do the following Check if TCP IP Protocol is installed on your computer Check your computer s TCP IP settings to make sure it obtains its IP address automatically Refer to the relevant section in this guide in accordance with the ...

Страница 32: ... it is recommended to disable it if you are using a NetDefend firewall since the NetDefend firewall offers better protection Checking the TCP IP Installation 1 Click Start Settings Control Panel The Control Panel window appears 2 Double click the Network and Dial up Connections icon 16 D Link NetDefend firewall User Guide ...

Страница 33: ...all the NetDefend firewall The Network and Dial up Connections window appears 3 Right click the icon and select Properties from the pop up menu that opens Chapter 2 Installing and Setting up the NetDefend firewall 17 ...

Страница 34: ...4 n the components list and if it is properly configured with the Ethernet card installed on your computer If ou must install it as described in In the above window check if TCP IP appears i TCP IP does not appear in the Components list y the next section 18 D Link NetDefend firewall User Guide ...

Страница 35: ...erties window click Install The Select Network Component Type window appears 2 Choose Protocol and click Add The Select Network Protocol window appears 3 Choose Internet Protocol TCP IP and click OK TCP IP protocol is installed on your computer Chapter 2 Installing and Setting up the NetDefend firewall 19 ...

Страница 36: ...r PC but rather to obtain an IP address automatically If for some reason you need to assign a static IP address select Specify an IP address type in an IP address in the range of 192 168 10 129 254 enter 255 255 255 0 in the Subnet Mask field and click OK to save the new settings Note that 192 168 10 is the default value and it may vary if you changed it in the My Network page 3 Click the Obtain D...

Страница 37: ...Defend firewall Win Checking the TCP IP Installation 1 Click Start Settings Control Panel The Control Panel window appears dows 98 Millennium 2 Double click the icon Chapter 2 Installing and Setting up the NetDefend firewall 21 ...

Страница 38: ...dy configured with th appears in the network components list e Ethernet card installed on your computer Installing TCP IP Protocol Note If TCP IP is already installed and configured on your co section and mo mputer skip this ve directly to TCP IP Settings 1 In the Network window click Add 22 D Link NetDefend firewall User Guide ...

Страница 39: ...col window appears 3 In Manufacturers list choose Microsoft and in the Network Protocols list choose TCP IP 4 Click OK If Windows asks for original Windows installation files provide the installation CD and relevant path when required e g D win98 5 Restart your computer if prompted the Chapter 2 Installing and Setting up the NetDefend firewall 23 ...

Страница 40: ...ng LAN consult your network manager for the correct configurations 1 In the Network window double click the TCP IP service for the Ethernet card which has been installed on your computer e g The TCP IP Properties window opens 2 Click the Gateway tab and remove any installed gateways 24 D Link NetDefend firewall User Guide ...

Страница 41: ...Before You Install the NetDefend firewall 3 Click the DNS Configuration tab and click the Disable DNS radio button Chapter 2 Installing and Setting up the NetDefend firewall 25 ...

Страница 42: ...ess type in an IP address in the range of 192 168 10 129 254 enter 255 255 255 0 in the Subnet Mask field and click OK to save the new settings Note that 192 168 10 is the default value and it may vary if you changed it in the My Network page rompted for Do you want to restart your computer settings to take effect Your computer is now ready to access your NetDefend firewall M cedure for setting up...

Страница 43: ...rol Panels TCP IP The TCP IP window appears 2 Click the Connect via drop down list and select Ethernet 3 Click the Configure drop down list and select Using DHCP Server 4 Close the window and save the setup Chapter 2 Installing and Setting up the NetDefend firewall 27 ...

Страница 44: ...firewall Mac OS X Use the following procedure for setting up the TCP IP Protocol 1 Choose Apple System Preferences The System Preferences window appears 2 Click Network The Network window appears 28 D Link NetDefend firewall User Guide ...

Страница 45: ...Before You Install the NetDefend firewall 3 Click Configure Chapter 2 Installing and Setting up the NetDefend firewall 29 ...

Страница 46: ...M Apply Now ounting the Appliance If desired you can mount your NetDefend firewall on the wall To mount the NetDefend firewall on the wall 1 Decide where you want to mount your NetDefend firewall 2 Decide on the mounting orientation You can mount the appliance on the wall facing up down left or right 30 D Link NetDefend firewall User Guide ...

Страница 47: ...two plastic conical anchors into the holes Note The conical anchors you received with your NetDefend firewall are suitable for concrete walls If you want to mount the appliance on a plaster wall you must use anchors that are suitable for plaster walls 6 Insert the two screws you received with your NetDefend firewall into the plastic conical anchors and turn them until they protrude approximately 5...

Страница 48: ...gainst Theft The NetDefend firewall f ht panel which enables you to secure your appliance against theft using an anti theft security device eatures a security slot to the rear of the rig Note Anti theft security device er hardware stores This procedure explains how to install a looped security cable on your appliance A looped security cable typically includes the parts shown in the diagram below s...

Страница 49: ...ty cable to the appliance s security slot To install an anti theft device on the NetDefend firewall 1 If your anti theft device has a combination lock set the desired code as that came with your device 2 escribed in the documentation that came with your device Slide the anti theft device s bolt to the Open position described in the documentation Connect the anti theft device s loop to any sturdy m...

Страница 50: ...d then slide the bolt to the Closed position until the bolt holes are aligned 5 Thread the anti theft device s pin through the bolt s holes and insert the pin into the main body of the anti theft device as described in the documentation that came with your device 34 D Link NetDefend firewall User Guide ...

Страница 51: ... of the unit Connect the other end to PCs hubs or other network device Connect the WAN cable Connect one end of the Ethernet cable to the WAN port at the unit office network 4 Connect the power adapter to the power socket labeled 230 VAC input power Verify that the wall outlet vo wer adapter Failure to observe this Warning The NetDefend firewall power adapter is compatible with either 100 120 or l...

Страница 52: ...ities Failure to observe this warning may cause damage to the appliance and void the warranty For information on setting up network printers see Setting up Network Printers on S tting page 424 e Up the NetDefend firewall After you have installed the NetDefend firewall you must set it up using the steps sh When setting up your NetDefend firewall for the first time after installation these boxes for...

Страница 53: ...pliance on page 397 Setting up a wireless network DFL CPG310 only Configuring a Wireless Network on page 161 Installing the Product Key Upgrading Your Software Product on page 379 Registering your NetDefend firewall Registering Your NetDefend firewall on page 383 Setting up subscription services Connecting to a Service Center on page 281 You can access the Setup Wizard at any time after initial se...

Страница 54: ...ess the Setup Wizard ab The Firmware page appears 1 Click Setup in the main menu and click the Firmware t 2 Click end Setup Wizard NetDef The NetDefend Setup Wizard opens with the Welcome page displayed 38 D Link NetDefend firewall User Guide ...

Страница 55: ... to the NetDefend Portal 39 Logging on to the NetDefend Portal 42 Accessing the NetDefend Portal Remotely Using HTTPS 44 Using the NetDefend Portal 46 Logging off 51 Initial Login to the NetDefend Portal The first time you log on to the NetDefend Portal you must set up your password To log on to the NetDefend Portal for the first time 1 Browse to http my firewall Getting Started Chapter 3 Getting ...

Страница 56: ...password both in the Password and the Confirm Password fields 2 Note The password must be five to 25 characters letters or numbers Note You can change your password at any time For further information see Changing Your Password 3 Click OK 40 D Link NetDefend firewall User Guide ...

Страница 57: ... two Internet connections To use Internet Setup click Cancel and refer to Using Internet Setup on page 63 our Internet connection using one of the following ways Wizard Th rnet Wizard is the first part of the Setup Wizard and it takes y basic Internet connection setup step by step For information on Internet Wizard After you have com guide you th pleted the Internet Wizard the Setup Wizard continu...

Страница 58: ...rule to allow access from the WLAN See Using Rules on page 209 O Enable HTTPS access from the Internet See Configuring HTTPS on pag To log on to the NetDefend Portal 1 Do one of the Browse to Or o log on the procedure Accessing the NetDefend Portal Remotely on page 44 Configure a specific r e 390 following http my firewall T through HTTPS locally or remotely follow 42 D Link NetDefend firewall Use...

Страница 59: ...Logging on to the NetDefend Portal The login page appears 2 Type your username and password 3 Click OK Chapter 3 Getting Started 43 ...

Страница 60: ...Web server It is used to transfer confidential user information If desired you can also use HTTPS to access the NetDefend Portal from your internal network Note In order to access the NetDefend Portal remotely using HTTPS you must first do both of the following Configure your password using HTTP See Initial Login to the NetDefend Portal on page 39 Configure HTTPS Remote Access See Configuring HTTP...

Страница 61: ... the certificate in the NetDefend firewall is not yet known to the browser so the Security Alert dialog box appears To avoid seeing this dialog box again install the certificate of the destination NetDefend firewall If you are using Internet Explorer 5 do the following a Click View Certificate The Certificate dialog box appears with the General tab displayed b Click Install Certificate The Certifi...

Страница 62: ...ich enables yo manage and The NetDefend Portal consists of t able 5 NetDefend Portal Elem ent Description Main menu Used for navigating between the various topics such as Reports Security and Setup Main frame Displays information and controls related to the selected topic The main frame may also contain tabs that allow you to view different pages related to the selected topic Status bar Shows your...

Страница 63: ...rmation R active computers and established connections Securit y computer in Antivirus Services eports Provides reporting capabilities in terms of event logging traffic monitoring y Provides controls and options for setting the security of an the network Allows you to configure VStream Antivirus settings Allows you to control your subscription to subscription services Chapter 3 Getting Started 47 ...

Страница 64: ...to log off of the NetDefend Portal sers Allows you to manage NetDefend users PN Allows you to manage configure and log on to VPN sites Provides conte gout Al ain Frame ain and tab you s are using The differences are described throughout this guide Status Bar the fields below as we M The m frame displays the relevant data and controls pertaining to the menu elect These elements sometimes differ dep...

Страница 65: ...Internet connectivity Not Connected The Internet connection is down Establishing Connection The NetDefend firewall is connecting to the Internet Contacting Gateway The NetDefend firewall is trying to contact the Internet default gateway ally disabled Note You can configure both a primary and a secondary Internet connection secondary Internet connection see Configuring the Internet Connection on Di...

Страница 66: ...as Web Filtering and Email Antivirus Your subscription services status may be one of the following Not Subscribed You are not subscribed to security services Connection Failed The NetDefend firewall failed to connect to the Service Center Connecting The NetDefend firewall is connecting to the Service Center onnected You are connected to the Service Center and security ervices are active C s 50 D L...

Страница 67: ...o the NetDefend Portal will require re entering of the administration ssword log off of the NetDefend Porta Do one of the following If you are connected through HTTP click Logout in the main menu The If you are connected through HTTPS the Logout option does not appear menu Close the browser window in the main Chapter 3 Getting Started 51 ...

Страница 68: ......

Страница 69: ...net connection using ing setup tools d is the Internet Wizard For further all Guides you through the Internet connection configuration y step Internet Setup Offers the following advanced setup options Configure two Internet connections For information see Configuring a Backup Internet Connection on page 90 Enable Traffic Shaper for traffic flowing through the connection Configuring the Internet Co...

Страница 70: ...e following three types of broadband connection methods onnection PPTP or PPPoE dialer you to configure your NetDefend firewall for Internet and easily through its us Direct LAN C Cable Modem automatic the pro Note The first time you log on to the NetDefend Portal the Internet ally as part of the Setup Wizard In this case you should skip to st Wizard starts ep 3 in cedure below ernet connection us...

Страница 71: ...izard opens with the Welcome page displayed 3 Click Next The Internet Connection Method dialog box appears 4 Select the Internet connection method you want to use for connecting to the Internet Chapter 4 Configuring the Internet Connection 55 ...

Страница 72: ...ware to 5 Click Next U No further settings are required for a direct LAN Local Area Network connection sing a Direct LAN Connection The Confirmation screen appears 1 Click Next he system attempts to connect to the Internet via the selected connection T The Connecting screen appears 56 D Link NetDefend firewall User Guide ...

Страница 73: ...Using the Internet Wizard At the end of the connection process the Connected screen appears 2 Click Finish Chapter 4 Configuring the Internet Connection 57 ...

Страница 74: ...ress Otherwise you may leave this field blank If your ISP requires the MAC address do either of the following Click This Computer to automatically clone the MAC address of your computer to the NetDefend firewall Or If the ISP requires authentication using the MAC address of a different computer enter the MAC address in the MAC cloning field If your ISP requires a specific hostname for authenticati...

Страница 75: ...screen appears 5 Click Finish Using a PPTP or PPPoE Dialer Connection If you selected the PPTP or PPPoE dialer connection method the DSL Connection Type dialog box appears 1 Select the connection method used by your DSL provider Note Most xDSL providers use PPPoE If you are uncertain regarding which connection method to use contact your xDSL provider 2 Click Next Chapter 4 Configuring the Internet...

Страница 76: ... 1 the fields using the information in the table below 2 The Confirmation screen appears 4 Click Finish Click Next 3 Click Next The system attempts to connect to the Internet via the DSL connection The Connecting screen appears At the end of the connection process the Connected screen appears 60 D Link NetDefend firewall User Guide ...

Страница 77: ... password Type your password again Service Type your service name This field can be left blank Using PPTP If you selected the PPTP connection method the DSL Configuration dialog box appears 1 Complete the fields using the information in the table below 2 Click Next The Confirmation screen appears Chapter 4 Configuring the Internet Connection 61 ...

Страница 78: ...nnection Fields In this field Do this Connecting screen appears Username Type your user name Password Type your password Confirm password Type your password again Service Type your service name Serve Type the IP address of the PPTP modem Intern P modem Subnet Mask Type the subnet mask of the PPTP modem r IP al IP Type the local IP address required for accessing the PPT 62 D Link NetDefend firewall...

Страница 79: ... to manually configure your Internet connection igure the using Internet Setup 1 Click Network in the main menu and click the Internet tab To conf Internet connection 2 Next to the desired Internet connection click Edit Chapter 4 Configuring the Internet Connection 63 ...

Страница 80: ...ing intend to use c ing steps should be performed in accordance with the connection type nection Type drop down list select the Internet connection ty The display The follow you have chosen hanges according to the connection type you selected 64 D Link NetDefend firewall User Guide ...

Страница 81: ...Using Internet Setup Using a LAN Connection 1 Complete the fields using the relevant information in Internet Setup Fields on page 77 Chapter 4 Configuring the Internet Connection 65 ...

Страница 82: ... Click Apply The NetDefen ar displays the Internet status Connecting This may take several seconds Once the connection is made the Status Bar displays the Internet status Connected d firewall attempts to connect to the Internet and the Status B 66 D Link NetDefend firewall User Guide ...

Страница 83: ...Using Internet Setup Using a Cable Modem Connection 1 Complete the fields using the relevant information in Internet Setup Fields on page 77 Chapter 4 Configuring the Internet Connection 67 ...

Страница 84: ...2 Click Apply The NetDefend firewall attempts to connect to the Internet and the Status Bar displays the Internet status Connecting This may take several seconds Once the connection is made the Status Bar displays the Internet status Connected 68 D Link NetDefend firewall User Guide ...

Страница 85: ...Using Internet Setup Using a PPPoE Connection 1 Complete the e on page 77 fi lds using the relevant information in Internet Setup Fields Chapter 4 Configuring the Internet Connection 69 ...

Страница 86: ... t and the Status Bar s Connecting This may take several seconds Once the connection is made the Status Bar displays the Internet status Connected Click Apply The NetDefend firewall attempts to connect to the Interne displays the Internet statu 70 D Link NetDefend firewall User Guide ...

Страница 87: ...Using Internet Setup Using a PPTP Connection 1 Comp the relevant information in Internet Setup Fields lete the fields using page 77 on Chapter 4 Configuring the Internet Connection 71 ...

Страница 88: ...epending on the check boxes you selected 2 Click Apply The NetDefend firewall attempts to connect to the Internet and the Status Bar displays the Internet status Connecting This may take several seconds 72 D Link NetDefend firewall User Guide ...

Страница 89: ... this Internet re subscribed to Telstra BigPond Internet Telstra BigPond is a trademark of Telstra Corporation Limited Connected Usin tra BPA Use connection type only if you a 1 Complete the fields using the relevant information in Internet Setup Fields on page 77 Chapter 4 Configuring the Internet Connection 73 ...

Страница 90: ...2 Click Apply The NetDefend firewall attempts to connect to the Internet and the Status Bar displays the Internet status Connecting This may take several seconds Once the connection is made the Status Bar displays the Internet status Connected 74 D Link NetDefend firewall User Guide ...

Страница 91: ...ation see Setting Up a Dialup Modem on page 84 To use this connection type you must first set up the dialup modem For 1 Complete the fields using the relevant information in Internet Setup Fields on page 77 Chapter 4 Configuring the Internet Connection 75 ...

Страница 92: ...Click Apply The NetDefend firewall attempts to connect to the Internet and the Status Bar ay take several seconds On ternet status Connected displays the Internet status Connecting This m ce the connection is made the Status Bar displays the In 76 D Link NetDefend firewall User Guide ...

Страница 93: ...ice name leave this field empty Server IP If you selected PPTP type the IP address of the PPTP server as given by your ISP If you selected Telstra BPA type the IP address of the Telstra authentication server as given by Telstra Phone Number If you selected Dialup type the phone number that the modem should dial as given by your ISP word Type your password onfirm password Type your password ce Type...

Страница 94: ...s a Backup or Master see Configuring High Availability on page 119 On outgoing activity Select this option to specify that the dialup modem should only dial a connection if no other connection exists and there is outgoing activity that is packets need to be transmitted to the Internet If another connection opens or if the connection times out the dialup modem will disconnect Idle timeout Type the ...

Страница 95: ...nd slightly lower than your Internet connection s maximum measured upstream speed in the field provided It is recommended to try different rates in order to determine which one provides the best results For information on using Traffic Shaper see Using Traffic Shaper on page 151 btain Domain ame Servers Clear this option if you want the NetDefend firewall to obtain an IP matically DNS servers ain ...

Страница 96: ... shaping of inbound traffic less accurate than the shaping of outbound traffic It is therefore recommended to enable traffic shaping for incoming traffic onl necessary For information on using Traffic Shaper see Using Traffic Shaper on A E ou to do so MTU This field allows you to control the maximum transmission unit size As a general recommendation you should leave this field empty If however you...

Страница 97: ...e In the secondary Internet connection this field is enabled only if the DMZ WAN2 port is set to WAN2 High Availability The High Availability area only appears in NetDefend with Power Pack Do not connect if this gateway is in passive state If you are using High Availability HA select this option to specify that the gateway should connect to the Internet only if it is the Active Gateway in the HA c...

Страница 98: ...nternet mined that the Internet connection is down and two Internet connections are defined a failover will be performed to the second Internet connection ensuring continuous Internet connectivity This option is selected by default robe Next Hop gateway If you selected LA default gateway I sending PPP echo reply LCP messages to the PPP peer By default if the defau connection is considered to be do...

Страница 99: ...in the 1 2 and 3 fields If for 45 seconds none of the defined gateways respond the Internet connection is considered to be down Use this option if you have Check Point VPN gateways and you want loss of connectivity to these gateways to trigger ISP failover to an Internet connection from which these gateways are reachable does not always indicate that the Internet is accessible For example if there...

Страница 100: ...rimary or secondary Internet connection me ess is unavailable disconnected when not in use For information on setting up a dialup backup Setting Up a Dialup Backup Connection on page 92 To egular or ISDN dialup modem to your NetDefend firewall s serial 2 thod This is useful in locations where broadband Internet acc When used as a backup Internet connection the modem can be automatically connection...

Страница 101: ...etting Up a Dialup Modem The Ports page appears 3 4 ly 5 Next to the RS232 drop down list click Setup In the RS232 drop down list select Dialup Click App Chapter 4 Configuring the Internet Connection 85 ...

Страница 102: ...ys 9 Configure a Dialup Internet connection using the information in Setup on page 63 able 11 Dialup Fields this field Do this Mode If you selected Custom the Installation String field is enabled Otherwise m Type Select the modem type it is filled in with the correct installation string for the modem type Initialization String Type the installation string for the custom modem type If you selected ...

Страница 103: ...mation You can view information on your Internet connection s in terms of status duration and activity To view Internet connection information 1 Click Network in the main menu and click the Internet tab The Internet page appears For an explanati 2 To refresh the in e click Refresh on of the fields on this page see the table below formation on this pag Chapter 4 Configuring the Internet Connection ...

Страница 104: ... enabl rmation see Enabling Disabling the In nnection on page 88 number of data packets rece Sent Packets number of data packets sent in the active connection Enabling Disabling the Internet Connection You can temporaril you are going on va nd do not want to leave your computer connected to the Internet If you have two Internet connections you can force the NetDefend firewall to use a particular c...

Страница 105: ...lick the Internet tab ernet pag 2 Next to the Internet connection do one of the following To enable the The Int e appears connection click The button changes to and the connection is enabled To disable the connection click The button changes to and the connection is disabled Chapter 4 Configuring the Internet Connection 89 ...

Страница 106: ...kup Internet Connection ary and a secondary Internet connection The sec ls the NetD ternet page you can establish a quick Intern the same manner you can term currently selected connection type In active connectio NetDefend fire nnection see Enabling Disabling the Internet Connection on page 88 You can configure both a prim ondary connection acts as a backup so that if the primary connection fai ef...

Страница 107: ...ng Internet Setup on page Important The two c be LAN DHCP connections onnections can be of different types However they cannot both Using the NetDefend firewall s DMZ WAN2 Port To set up a LAN or broadband backup Internet connection 1 WAN2 port on your appliance s rear panel ork in the main menu and click the Ports tab The Ports page appears 3 In 4 5 Configure two Internet connections For instruct...

Страница 108: ...e primary m on page 84 2 g Internet Setup on page 63 Internet connection fails To set up a dialup backup Internet connection 1 Setup a dialup modem For instructions see Setting Up a Dialup Mode Configure a LAN or broadband primary Internet connection For instructions see Using Internet Setup on page 63 3 Configure a Dialup secondary Internet connection For instructions see Usin 92 D Link NetDefend...

Страница 109: ...ty Using Static Routes Managing Ports nfiguring Network Settings Warning These are advanced settings Do not change them unless it is necessary and you are qualified to do so correct the error you can reset the NetDefend firewall to its default settings See Note If you change the network settings to incorrect values and are unable to e NetDefend firewall to Defaults on page 418 Network Managing You...

Страница 110: ... IP address within the DHCP address range If you already have a DHCP server in your instead o HCP server since you cannot have two DHCP servers or relays on the same network segment he Internet or via a VPN instead of the DHCP relay mo s information from the desired DHCP server to the the DHCP server will not assign this IP address to another computer internal network and you want to use it f the ...

Страница 111: ...ver for internal networks Note E network nabling and disabling the DHCP Server is not available for the OfficeMode To enable disable the NetDefend DHCP server menu and click the My Network tab The My Network page appears 1 Click Network in the main 2 In the desired network s row click Edit Chapter 5 Managing Your Network 95 ...

Страница 112: ...e appears 6 If you enabled the DHCP server your computer obtains an IP address in the DHCP address range 5 Click OK A success message appears If your computer is configured to obtain its IP address automatically using DHCP and either the NetDefend DHCP server or another DHCP server is enabled restart your computer 96 D Link NetDefend firewall User Guide ...

Страница 113: ...reserved for statically addressed computers If desired you can set the NetDefend DHCP range manually Note Setting the DHCP range manually is not available for the OfficeMode network To configure the DHCP address range 1 Click Network in the main menu and click the My Network tab The My Network page appears 2 In the desired network s row click Edit The Edit Network Settings page appears 3 To set th...

Страница 114: ...utomatic DHCP range check box 5 Click Apply A warning message appears 6 Click OK A success message appears 7 If your computer is configured to obtain its IP address automatically using DHCP and either the NetDefend DHCP server or another DHCP server is enabled restart your computer Your computer obtains an IP address in the new DHCP address range 98 D Link NetDefend firewall User Guide ...

Страница 115: ...hind a NAT device Note Configuring DHCP options are not available for the OfficeMode network CP relay 1 nu and click the My Network tab rk page appears 2 click Edit 3 elect Relay To configure DH Click Network in the main me The My Netwo In the desired network s row The Edit Network Settings page appears In the DHCP Server list s Chapter 5 Managing Your Network 99 ...

Страница 116: ...d DHCP server 5 6 7 puter is configured to obtain its IP address automatically using DHCP ther DHCP server is enabled restart your computer Click Apply A warning message appears Click OK A success message appears If your com and either the NetDefend DHCP server or ano Your computer obtains an IP address in the DHCP address range 100 D Link NetDefend firewall User Guide ...

Страница 117: ...P servers VoIP call managers TFTP server and boot filename Note Configuring DHCP options are not available for the DMZ or VLANs To configure DHCP options 1 Click Network in the main menu and click the My Network tab The My Network page appears 2 In the desired network s row click Edit The Edit Network Settings page appears 3 In the DHCP area click Options Chapter 5 Managing Your Network 101 ...

Страница 118: ...Configuring Network Settings The DHCP Server Options page appears 4 levant information in the table below Complete the fields using the re 102 D Link NetDefend firewall User Guide ...

Страница 119: ...btains an IP a e 13 DHCP Server Options Field is field Do this Domai resolving of non fully qualified names For example if the domain suffix n Name Type a default domain suffix that should be passed to DHCP clients The DHCP client will automatically append the domain suffix for the is set to mydomain com and the client tries to resolve the name mail the suffix will be automatically appended to the...

Страница 120: ... gateway to act as a DNS relay server and pass its own IP address to DHCP clients Normally it is recommended to leave this option selected The DNS Server 1 and DNS Server 2 fields appear NS Server 1 2 Type the IP addresses of the Primary and Secondary DNS servers to pass to DHCP clients instead of the gateway uto atically assign server Clear this option if you do not want DHCP clients to be assign...

Страница 121: ...m hese tas e existing network and don you are using a DHCP server other than the NetDefend firewall that assigns addresse To chang I 1 Click The M 2 In the LAN network s row click Edit The Edit Network Settings page appears 3 To change the NetDefend firewall s internal IP address enter the new IP address in the IP Address field 4 To change the internal network range enter a new value in the Subnet...

Страница 122: ...restart your computer herwise manually reconfigure your computer to use the new on configuring 192 168 100 1 192 168 100 254 The default internal network range is 192 168 10 A warning message appears 6 Click OK The NetDefend firewall s internal IP address and or the range are changed A success message appears Do one of the following If your computer is configured to obtain its IP using DHCP and th...

Страница 123: ... is enabled b must obtain a range of Internet IP addresses y default Note Static N T can be used together le disable H 1 Click Network in ork tab page appears 2 In the desired network s row click Edit twork 3 From the Hide NAT list select Enabled or Disabled 4 Click Apply ess 5 Click OK If you chose to disable H If you chose t AT and Hide NA To enab ide NAT the main menu and click the My Netw The ...

Страница 124: ...les controlling traffic to and from the Z see Default S figure a DMZ network 1 Connect the DMZ computer to the DMZ port If you have more a hub or switch to the DMZ port and connect the DMZ computers to the hub 2 Click Network in The Ports page a DM ecurity Policy on page 203 To con than one computer in the DMZ network connect the main menu and click the Ports tab ppears 108 D Link NetDefend firewa...

Страница 125: ...DHCP server See Configuring a DHCP Server on page 94 e IP Address field type the IP address of the DMZ network s default y The My Network page appears 6 In the DMZ network s row click Edit Mode 8 If desired ble Hide N See Enabling Hide NAT on page 10 In th gatewa 11 In th Note The DMZ network must n p other networks e Subnet Mask text box type the DMZ s internal network range ot overla 12 Click Ap...

Страница 126: ...through the VPN link Some networking protocols or resources may require the client s IP address to be an internal one eMode solves these problems by enabling the NetDefend DHCP Server to atically ass nnects and authenticates The IP addresses Mode network Note OfficeMode requires clients It is not supported by Check Point S Check Point SecureClient to be installed on the VPN ecuRemote To configu 1 ...

Страница 127: ...traffic fir AN and other networks passes through the fi LAN to any other internal network including ot de ce network congestion For e nt VLA less of their physical location The members of a division will be able to communicate with each other and share resources and only members who need visions will be allowed to do so Furthermore ur NetDefend firewall allows you partition your network into sever...

Страница 128: ...igned an identifying number called a VLAN ID also referred to as a VLAN tag All outgoing traffic from a tag based VLAN contains the VLAN s tag in the packet headers Incoming traffic to the VLAN must contain c Tag based In tag based VLAN you use one of the gateway s ports as a 802 1Q VLAN trunk connecting the applian the VLAN s tag as well or the packets are dropped Tagging ensures that traffi is d...

Страница 129: ...h port to a separate VLAN Figure 11 Port based VLAN capable switch and is therefore simpler to use than tag based VLAN However port based VLAN is limited because the appliance s internal switch has only four ports port based and tag based combined t security policy for VLANs see Default Security Port based VLAN does not require an external VLAN You can define up to ten VLAN networks For informatio...

Страница 130: ...AN site click Add VLAN To edit a VLAN site click Edit in the desired VLAN s row The Edit Network Settings page for VLAN networks appears add or edit a port based VLAN Click Network in the main m 3 In Network Name field type a name for the VLAN 4 In the Type drop down list select Port Based VLAN The VLAN Tag field disappears the 114 D Link NetDefend firewall User Guide ...

Страница 131: ...ee Enabling Disabling Hide NAT on page 107 8 If desired configure a DHCP server See Configuring a DHCP Server on page 94 9 Click Apply A warning message appears ears 11 Click Ports tab Ports rk s name 10 Click OK A success message app Network in the main menu and click the The page appears xt to the LAN port you want to assign select the 12 In the drop down list ne VLAN netwo You can assign more t...

Страница 132: ...a name for the VLAN 4 In the Type drop down list select Tag Based VLAN The VLAN Tag field appears 5 In the VLAN Tag field type a tag for the VLAN 6 This must be an integer between 1 and 4095 In the IP Address field type the IP address of the VLAN network s default gateway Note The VLAN network must not overlap other networks 7 In 8 on page 107 the Subnet Mask field type the VLAN s internal network...

Страница 133: ...N aware switch s VLAN trunk port Click Apply 11 Click OK A success message appears Click Network in the main menu and click the Ports tab The Ports page appears 13 In the DM Click Apply The DMZ WAN2 port now operates as a VLAN Trunk port In this mode it will not accept untagged packets 15 Configure a according to the vendor instructions Define the same VLAN IDs on the switch Chapter 5 Managing You...

Страница 134: ...k Apply 2 Click Network in menu and click the My Network tab ork desired VLAN s row click the Erase a Click T in the main menu and click the Ports tab e appears ents to the VLAN by selecting other netw e drop down lists the main The My Netw 3 In the page appears icon A confirmation m OK The VLAN is deleted essage appears 4 Click 118 D Link NetDefend firewall User Guide ...

Страница 135: ...otifying the other gateways in the clu s priority is now the highest it becomes the Active Gateway The NetDefend firewall supports Internet connection tracking which means that each firewall tracks its Internet connection s status and reduces its own priority by a NetDefend firew network one a network t For example you can install two NetDefend firewalls on as the Master the default gatew ly and t...

Страница 136: ...twork segment To this end each cluster must be assigned a unique ID number AN HA and it is useful in g an IP address conflict rk ust be met When HA is configured you can specify that only the Active Gateway in the cluster should connect to the Internet This is called W the following situations Your Internet subscription cost is based is on connection time and therefore having the Passive appliance...

Страница 137: ...nterface need not be dedicated for synchronization only It may be shared with an active internal network You can configure HA for any internal network except the OfficeMode network You must have at least two identical NetDefend firewalls Note You can enable the DH Gateway s DHCP server CP server in all NetDefend firewalls A Passive will start answering DHCP requests only if the Active Gateway fail...

Страница 138: ...t to include in the HA cluster To configure HA on a NetDefend firewall 1 Set the appliance s internal IP addresses and network range Each appliance must have a different internal IP address See Changing IP Addresses on page 105 2 Click Setup in the main menu and click the High Availability tab The High Availability page appears 3 Select the Gateway High Availability check box 122 D Link NetDefend ...

Страница 139: ...ual IP field type the default gateway IP address and must be the same for all 6 Click the Synchronization radio button next to the network you want to use as the synchronization interface You can choose any network listed except the WLAN box the This can be any unused IP address in the network gateways Chapter 5 Managing Your Network 123 ...

Страница 140: ...Internet Setup on page 63 Table 14 High Availability Page Fields In this field Do this may become active causing unpredictable problems 7 Complete the fields using the information the tabl Click Apply A success m If desired configure W connection Priority My Priority Type the gateway s priority This must be an integer between 1 and 255 Interface Tracking Internet Primary Type the amount to reduce ...

Страница 141: ...onnection on page 90 Configuring a LAN1 2 3 4 Type th Ethernet li e a ateway s priority if the LAN port s nk is DMZ Type the amount to reduce the gateway s priority if the DMZ WAN2 port s Ethernet link is lost Advanced Group ID If multiple H xist on the same network segment type the ID number of the cluster to which the gateway should belong This must be an integer between 1 and 255 The default va...

Страница 142: ...twork Subnet Mask 255 255 255 0 255 255 255 0 et Connections Primar The gateways have two internal networks in common LAN and DMZ This means that you can configure HA for the LAN network the DMZ network or both You can use either of the networks as the synchronization interface The procedure below shows how to configure HA for both the LAN and DMZ networks The synchronization interface is the DMZ ...

Страница 143: ...twork computers of Gateways A and B to hub 1 Connect the DMZ network computers of Gateways A and B to hub 2 the following on Gateway A Set the gateway s internal IP addresses and network range to the values specified in the table above See Changing IP Addresses on page 105 Click Setup in the main menu and click the High Availability tab The H Select the Gateway High Availability check box The Gate...

Страница 144: ...ick the Synchronization radio button next to DMZ i In the My Priority field type 60 The low priority means that Gateway B will be the Passive Gateway j In the Internet Primary field type 20 Gateway B will reduce its priority by 20 if its Internet connection goes down k Click Apply A success message appears essage appears 6 D ing on Gateway B a Set the ga way s internal IP addresses ing IP Addresse...

Страница 145: ...rnal IP address and not the Internet IP address to which the internal IP address is mapped For further information see Using Rules on page 209 twork object You can configure the following settings for a network object Static NAT or One to One NAT Static NAT allows the mapping of Internet IP addresses or address ranges to hosts inside the internal network This is useful if you want a computer in y ...

Страница 146: ...ure HotSpot on page 256 ng and E g Network Objects Assign the network object s IP addre Normally the NetDefend DHCP server cons address to a different computer If you want to guarantee that a particular computer s IP address remains only This is called DHCP reser ent network able to access the networ t from n Secure HotSpot see Configuring in Addi ditin You can add or edit network objects via e le...

Страница 147: ...work Objects page appears with a list of network objects 2 Do one of the following network object click New To add a To edit an existing network object click Edit next to the desired computer in the list Chapter 5 Managing Your Network 131 ...

Страница 148: ...rk Obje Type dialog box displayed ct Do one of the following 3 r or 4 To specify that the network object should represent a single compute device click Single Computer To specify that the network object should represent a network click Network Click Next 132 D Link NetDefend firewall User Guide ...

Страница 149: ...he dialog box includes the Perform St x appears If you chose Single Computer atic NAT option If you chose Network the dialog box does not include this option 5 Comp 6 Click lete the fields using the information in the tables below Next Chapter 5 Managing Your Network 133 ...

Страница 150: ...og box appears 7 Type a name for the network object in the field 8 Click Finish rts in the main menu and click the Active Computers tab To add or edit a network object via the Active Computers page 1 Click Repo 134 D Link NetDefend firewall User Guide ...

Страница 151: ...ears next to it 2 Do one of the following To add a network object click Add next to the desired computer To edit a network object click Edit next to the desired computer The NetDefend Network Object Wizard opens with the Step 1 Network Object Type dialog box displayed 3 Do one of the following To specify that the network object should represent a single computer or lick Single Computer device c Ch...

Страница 152: ... dialog box appears with the network object s name If you are adding a new network object this name is the computer s name 7 To change the network object name type the desired name in the field 8 Click Finish The new object appears in the Network Objects page The Step 2 Computer Details dialog box appears The comput Complete the fields using the information in the tables b 136 D Link NetDefend fir...

Страница 153: ...tering see Configuring a Wireless Network on page 161 MAC Address Type the MAC address you want to assign to the network object s IP address or click This Computer to specify your computer s MAC Perfo Netw T You must then fill in the External IP field nal IP Type the Internet IP address to which you want to map the local ter s IP address ute is option to exclude the network object from HotSpot ent...

Страница 154: ...esses of the same size You must then fill in the External IP Range field Type the Internet IP address range to which you want to map the network s IP address range Select this enforcement Viewing and jects Deleting Network Ob To view or delete a network object ork he Network of network objects he desi 1 Click Netw T in the main menu and click the Network Objects tab Objects page appears with a lis...

Страница 155: ...om the Accounting department should be sent via WAN1 and another static route specifying that traffic originating from the Marketing department should be sent via default and indicates whether each route is currently Up reachable or not A a setting that explicitly specifies the route for packets originati does not match any defined static route will be routed to the de n be based on the packet s d...

Страница 156: ... page appears with a list of existing static routes 2 Do one of the following To add a static route click New Route To edit an existing st list atic route click Edit next to the desired route in the 140 D Link NetDefend firewall User Guide ...

Страница 157: ...rce and Destination dialog box 3 To select a specific source network source routing do the following rce drop down list select Specified Network a In the Sou New fields appear he Network field type the IP address of the source network b In t Chapter 5 Managing Your Network 141 ...

Страница 158: ...ic destination network do the following a In the Destination drop down list select Specified Network New fields appear b In the Network field type the IP address of the destination network c In the Netmask drop down list select the subnet mask 5 Click Next 142 D Link NetDefend firewall User Guide ...

Страница 159: ...of the gateway next hop router to ou 7 In the Metric The gateway destination and has the lowest metric The default v 8 Click Next which to r te the packets destined for this network field type the static route s metric sends a packet to the route that matches the packet s alue is 10 Chapter 5 Managing Your Network 143 ...

Страница 160: ...delete a static route The Static Routes page appears with a list of existing static routes 2 In the desired not be deleted 1 Click Network in the main menu and click the Routes tab route row click the Erase icon on message appears A confirmati 3 Click OK The route is deleted 144 D Link NetDefend firewall User Guide ...

Страница 161: ...gn its ports to different uses as shown in the table below Furthermore you can restrict each port Table 18 Ports and Assignments You can assign this port To these uses to a specific link speed and duplex setting LA VLAN network N LAN network D VLAN trunk RS23 modem MZ WAN2 DMZ network Second WAN connection 2 Dialup Serial console ...

Страница 162: ...x state This is useful if you need to the To view port statuses 1 Click Network in the main menu and click the Ports tab The Ports page appears check whether the appliance s physical connections are working and you can t see LEDs on front of the appliance The following information is displayed for each enabled port 146 D Link NetDefend firewall User Guide ...

Страница 163: ...e drop down list displays DMZ Link Config Full Duplex duplex or Automatic Detection indicates that th detect the link speed and duple Status The detected link speed and duplex No Link indicates that the appliance does not port Disable ma such e display click Refresh Modifyin ort Assignments You can ass assig ign nments oft determine whic Table 19 Modifying Port Assignments To assign a port to See ...

Страница 164: ... page 388 Setting Up a Dialup Modem on page 84 To modify a port as 1 Click Networ n The Ports page In the Assign sired port assignment 2 Click Apply The port is re signment k i the main menu and click the Ports tab appears ed To drop down list to the right of the port select the de assigned to the specified network or purpose 148 D Link NetDefend firewall User Guide ...

Страница 165: ...duplex This is the d 3 Click Apply rt use Defend automatically detects the link speed and anually restrict the NetDefend firewall s ports to t s link configuration k in the main menu and click the Ports tab 2 In the onfiguration drop down list to the right of the port do one desired link speed and duplex tomatic Detection to configure the port to automatic efault The po s the specified link speed ...

Страница 166: ...s to etwor he Ports pa 2 Click Default A confirmati 3 Click OK The ports are rese link configuration All currently ault settings may be broken For example if you were using the DMZ WAN2 port as WAN2 the port reverts to its DMZ assignment and the secondary Internet connection moves to the WAN port defaults 1 Click N T k in the main menu and click the Ports tab ge appears on message appears t to the...

Страница 167: ...es are assigned weights of 30 and 10 respectively If the lines are congested Traffic Shaper will maintain the ratio of bandwidth allocated to Web traffic and FTP traffic at 3 1 If a specific class is not using all of its bandwidth the leftover bandwidth is divided among the remaining classes in accordance with their relative weights In the example above if only one Web and one FTP connection are a...

Страница 168: ...ding weight bandwidth limits and i eters DiffServ marks packets as belonging to a certain Quality of Service class These packets are t class Availa the bandwidth Each c bandwidth lim c nnections belonging to that class will not be allocated f available For example traffic used le sharing applications may be limited to a speci ond Each class also tio s belonging to the class should be given prece o...

Страница 169: ... the Traffic Sh Inte packets und traffic less accurate than the shaping of outbound traffic It is therefore recommended to enable traffic shaping for incomin 2 If you are us that reflect your communication needs or modify the four predefined QoS classes See Adding a aper cannot control the number or type of packets it receives from rnet it can only affect the rate of incoming traffic by dropping r...

Страница 170: ...affic Shaper automatically assigns Predefined the connection type to the predefined Default class QoS Classes Traffic Shaper provides the following predefined QoS classes Using Rules 209 Table 21 Predefined Class Weig To assign traffic to thes on page e classes define firewall rules as described in QoS Classes ht Delay Sensitivity Useful for Default 10 Medium Normal traffic y default Normal Traffi...

Страница 171: ...ong delays For example SMTP traffic outgoing email ow Priority 5 Low Traffic that i Adding and Editing Classes In Simplified Traffic Shaper these classes cannot be changed To in menu and click the Traffic Shaper tab add or edit a QoS class 1 Click Network in the ma The Quality of Service Classes page appears 2 Click Add Chapter 6 Using Traffic Shaper 155 ...

Страница 172: ...ty of Service Parameters dialog box displayed 3 le below 4 Click Th Complete the fields using the relevant information in the tab Next e Step 2 of 3 Advanced Options dialog box appears lete the fields using the relevant information in the table below 5 Comp 156 D Link NetDefend firewall User Guide ...

Страница 173: ...s It is therefore recommended to enable traffic shaping for incoming traffic only if necessary For information on enabling Traffic Shaper for incoming and outgoing traffic see Using Internet Setup on page 63 6 Click Next The Step 3 of 3 Save dialog box appears with a summary of the class 7 Type a name for the class For example if you are creating a class for high priority Web connections you can n...

Страница 174: ...ire quick user response such as telnet th a lower latency That is Traffic Shaper attempts to send packets with a High Interactive Traffic level before packets with a Medium Normal Traffic or Low Bulk Outgoing Traffic G Le Select this option to guarantee a minimum bandwidth for outgoing traffic ing to this class Then type the minimum bandwidth in bits second in the field provided Outgoing T Limit o...

Страница 175: ...t DiffServ You ain the correct DSCP value from your ISP or private WAN e oint Select this option to mark packets belonging to this class DSCP in the field provided to their DSCP can obt administrator Deleting Classes You cannot delete a class that is currently used by a rule You can determine whether a class is in use or not by viewing the Rules page To delete an existing QoS class 1 Click Network...

Страница 176: ...es to use the Default class If one of the addi Note This will delete any additional classes you defined in Traffic tional classes is currently used by a rule you or not by viewing the page 1 haper tab The Quality of Service Classes page appears 2 Click A con ppears 3 Click OK cannot reset Traffic Shaper to defaults You can determine whether a class is in use Rules To restore Traffic Shaper default...

Страница 177: ...DMZ networks you can define a wireles twork called a WLAN wireless LAN network when using the DF ormation on default security p WLAN see Default Security Policy on You can configure a WLAN network in either of the following ways Wireless Configuration Wizard Guides you through the WLAN setup step by step See Using the Wireless Configuration Wizard on page 176 Manual configuration Offers advanced s...

Страница 178: ...t is tigh egrated with the firewall and hardware accelerated VPN The DFL CPG310 supports the latest 802 11g standard up to 54Mbps and backwards compatible with the older 802 11b standard up to 11Mbps so th th new and old adapters of these standards are interoperable The DFL o supports a special Super G mode that allows reaching a throughput mode refer to http www super ag com e DFL CPG310 transmit...

Страница 179: ...nts attempting to connect to the access point authenticator must first be authenticated by a RADIUS server authentication server which supports 802 1x All messages are passed in EAP Extensible Authentication Protocol This method is recommended for situations in which you want to authenticate wireless users but do not need to encrypt the data Note To use this security method you must first configur...

Страница 180: ...entication encryption The WPA PSK security method is a variation of WPA that does not require an authentication server WPA PSK periodically changes and authenticates encryption keys This is called rekeying This option is recommended for small networks which want to authenticate and encrypt wireless data but do not want to install a RADIUS server Note The appliance and the wireless stations must be...

Страница 181: ...or information see p Your NetDefend firewall as a T Prepare the appliance for a wireless connection as described in Network Installation on page 35 ecurity mode for the WLAN configure a RADIUS server For information on security modes see Basic WLAN Settings Fields on page S servers see Using RADIUS Authentication on page 368 My Network tab page appears LAN network s row click Edit o manually confi...

Страница 182: ... In he The fields are enabled 6 If desired enable or disable Hide NAT See Enabling Disabling Hide NAT on page 107 7 If desired configure a DHCP server See Configuring a DHCP Server on page 94 t Mode drop down list select Enabled 166 D Link NetDefend firewall User Guide ...

Страница 183: ...e the Advanced WLAN Settings Fields on page 172 New fields appear page 168 9 To configure advanced settings click Show Advanced Settings fields using the information in 10 A s telling you that you are about to change your network settings Click Apply warning message appear Chapter 7 Configuring a Wireless Network 167 ...

Страница 184: ...ss Settings Network Name Type the network name SSID that identifies your wireless network This ibl tions passing near your access point unless you enable the Hide the Network Name SSID option It can be up to 32 alphanumeric characters long and is case sensitive Country Select the country where you are located ubnet Mask Type the WLAN s internal network range SSID name will be vis e to wireless sta...

Страница 185: ...nly 802 11g Super stations will be able to connect 802 11g Super 11 54 108 Operates in the 2 4 GHz range and offers a maximum theoretical rate of 108 Mbps When using this mode 802 11b stations 802 11g stations and 802 11g Super stations will all be able to connect cates a wireless protocol such as 802 11g selected country by s usually significantly lower than the egrades with distance Important Th...

Страница 186: ...tha Alte Secu or information on the supported security protocols see Wireless Security Protocols on page 163 If you select WEP encryption the WEP Keys area opens If you select WPA the Require WPA2 802 11i field appears If you select WPA PSK the Passphrase and Require WPA2 802 11i fields appear Passphrase Type the passphrase for accessing the network or click Random to randomly generate a passphras...

Страница 187: ...the key need not be selected as the transmit key on the a K lengt 0 characters y length is 26 characters 152 Bits The key length is 32 characters Note Some wireless card vendors call these lengths 40 104 128 EP Keys If you selected WEP e The wireless stations must be configured with the same key as w 2 3 4 radio Click the radio button nex tton tr The selected key must be entered in the stations No...

Страница 188: ...de your network s SSID by selecting one of the following Yes Hide the SSID Only devices to which your SSID is known can connect to your network No Do not hide the SSID Any device within range can detect your network name wireless network discovery features of some products such as Microsoft Windows XP and attempt to connect to your network This is the default Note Hiding the SSID does not provide ...

Страница 189: ...not nded to rely n this setting alone for security Address ng Specify w of the follo Yes Enable MAC address filtering Only MAC ad o o recomme Wireless Transmitter Transmission Rate Select the transmission rate Automatic The NetDefend firewall automatically selects a rate This is the default A specific rate Transmitter Power Select the transmitter power Setting a higher transmitter power increases ...

Страница 190: ...them antenna diversity s security appliance has two antennas Specify which antenna to use fo antennas and automatically selects the antenn distortion signal to use for communicating The made on a per station bas ANT 1 The ANT 1antenna is a ANT 2 The ANT 2 antenna is always used for communicating Use manual diversity control ANT 1 or ANT 2 if there is only one antenna connected to the appliance F T...

Страница 191: ... a value equal to the fragm RTS E M mode is disabled Enabled XR mode is enabled XR will be automatically nabled wireless stations and used as For more information on XR mode see About the Wireless Hardware in Your NetDefend firewall on page 162 Multimedia QoS WMM Specify whether to use the Wireless Multimedia WMM standard to prioritize traffic from WMM compliant multimedia applications Disabled WM...

Страница 192: ... appliance for a wireless connection as described in Network Installation on page 35 2 Click Network in the main menu and click the My Network tab The My Network page appears 3 In the WLAN network s row click Edit The Edit Network Settings page appears 4 Click Wireless Wizard less Configuration dialog The Wireless Configuration Wizard opens with the Wire box displayed 5 Select the Enable wireless ...

Страница 193: ...11i Click WEP to use the WEP security mode ns must use a pre shared key to connect to your re and is supported mainly for t support other the following WPA PSK periodically changes a recommended security mode for small private wireless networks which want to authenticate and encrypt wireless data but do not want to in RADIUS server Both WPA and th will be accepted Using WEP wireless statio network...

Страница 194: ...ing a WLAN on page 165 10 Click Next K If you chose WPA PSK the Wireless Configuration WPA PSK dialog box appears iguring these m WPA PS Do the follow 1 In the text cessing the network or click Random to randomly generate a passphrase This must be between 8 and 63 characters It can contain spaces and special characters 2 Click Next ing box type the passphrase for ac and is case sensitive 178 D Lin...

Страница 195: ...Wizard The Wireless Security Confirmation dialog box appears 3 Click Next 4 The Wireless Security Complete dialog box appears 5 Click Finish The wizard closes 6 Prepare the wireless stations Chapter 7 Configuring a Wireless Network 179 ...

Страница 196: ...exadecimal characters 152 Bits The key length is 32 hexadecimal characters Some wireless card vendors call these lengths 40 104 128 respectively Note that WEP is generally considered to be insecure regardless of the selected key length 2 In the text box type the WEP key or click Random to randomly generate a key matching the selected length The key is composed of characters 0 9 and A F and is not ...

Страница 197: ...reless Security No T less Security Co Complete dialog box appears 5 Click Finish The wizard closes 6 Prepare the wireless stations See Preparing the Wireless Stations on page 182 Security he Wireless Security Complete dialog box appears Click Finish The wizard closes Chapter 7 Configuring a Wireless Network 181 ...

Страница 198: ...o the wireless stations administrator The wireless connect them to the WLAN Refer to the wireless cards documentation for details Note Some wireless cards have Infrastructure and Ad ho are also called Access Point and Peer to Peer Choose the Infrastructu Access Point mode c modes These modes re or You can set the wireless cards to either Long Preamble or Short Preamble Note The wireless cards regi...

Страница 199: ...in t Automatic see Manually Config Relocate the NetDefend firewall to a place with better reception and avoid obstru mounting the appliance in a high place with a direct line of sight to the wirele C ck microwave ovens and cordless or cellular phones I cann Che ect to the WLAN fro less station What that the encryption s atch the NetDefend firewall filtering is enabled s configured on the station e...

Страница 200: ...ns between wireless stations What should I do If you have many concurrently active wireless stations there may be collisions between them Such collisions may be the result of a hidden node problem not all of the stations are within range of each other and therefore are hidden from one another For example if station A and station C do not detect each other but both stations detect and are detected ...

Страница 201: ...RTS Threshold value equal to the Fragmentation Threshold va effectively disables RTS m not getting the full speed W lue a hat should I do The actual s with d Read er speed nabled in the ess point For a list of wireless stations that support 802 11g Super see www super ag com I peed is always less then the theoretical speed and degrades istance the section about reception problems Better reception ...

Страница 202: ......

Страница 203: ...track network activity using the Event Log The Event Log displays the most recent events and color codes them able 26 Event Log Color Coding n event marked in is color Indicates T A th Blue Changes in your setup that you have made yourself or as a result of a security update implemented by your Service Center R O tempts that were blocked by your custom security rules Viewing Reports ed Connection ...

Страница 204: ...a lock icon in the This information is useful for troubleshooting You can export the logs to an xls Microsoft technical support certain types of connections should be er the connections are incoming or outgoing blocked or a n see Using Rules on page 209 l the date and the time the event occurred and its type If ion attempt that was rejected by the firewall the event d destination IP address the de...

Страница 205: ...of the attacking The NetDefend firewall queries the Internet WHOIS server and a window displays the name of the entity to whom the IP address is registered and their contact information This information is useful in tracking down hackers 3 To refresh the display click Refresh 4 To save the displayed events to an xls file a Click Save nt is highlighted in red indicating a blocked attack on y machin...

Страница 206: ...wse to a destination directory of your choice r the configuration file and click Save tory 5 nts a Click Clear A confirmation message appears b Click OK All events are cleared d Type a name fo The xls file is created and saved to the specified direc To clear all displayed eve 190 D Link NetDefend firewall User Guide ...

Страница 207: ... the procedure Configuring Traffic Monitor Settings on page 193 In network traffic reports the traffic is color coded as described in the table below In the All QoS Classes report the traffic is color coded by QoS class Table 27 Traffic Monitor Color Coding for Networ Traf ks fic marked in this color Indicates Blue VPN encrypted traffic Red Traffic blocked by the firewall Green Traffic accepted by...

Страница 208: ...aper see Using Internet Setup on page 63 The selecte 3 To refresh all traffic reports click Refresh 4 To clear all traffic reports click Clear The list in ludes all cu Cho inf QoS Classes to display a report including all QoS classes For d report appears in the Traffic Monitor page Note T of your network This may lead to a certain amount of traffic of the type Traffic blocke es not indica he firew...

Страница 209: ... the NetDefend firewall should colle network traffic reports 1 Cl rts in the main menu and click the Traffic Monitor ta Monitor page appears gs Monitor Settings page appears 3 In the Sample monitoring data every field type the interval in seconds at which the NetDefend firewall should collect traffic data The default value is one sample every 1800 seconds 30 minutes 4 Click Apply Chapter 8 Viewing...

Страница 210: ...s file and view the file in Microsoft Excel c report rts in the main m 2 Click Ex A stan 3 Click Save File Download dialog box appears The Save s dialog box appears destination directory of your choice Save is created and saved to the specified Viewing Computers This option allows you to view the currently active computers on your network The active computers are graphically displayed each with it...

Страница 211: ...ireless station has been blocked from accessing the Internet through the NetDefend firewall the reason why it was blocked is shown in red If you are exceeding the maximum number of computers allowed by your license a warning message appears and the computers over the node limit are marked in red These computers are still protected but they are blocked from accessing the Internet through the NetDef...

Страница 212: ...e number of computers allowed by your license you can upgrade your product For further information see Upgrading Your Software ct for bject ing and editing network objects see g Network Objects on page 130 lay click Refresh 3 To view node limit information do the following a Click Node Limit ow appears with installed software product and the Product on page 379 Next to each computer an Add button ...

Страница 213: ...the Active Connections tab The Active Connections page appears The page displays the information in the table below 2 To refresh the display click Refresh 3 To view information on the destination machine click its IP address The NetDefend firewall queries the Internet WHOIS server and a window displays the name of the entity to which the IP address is registered and their contact information Chapt...

Страница 214: ...ss The destination IP address Destination Port he destination port Q O T oS Class The QoS class to which the connection belongs ptions An icon indicating further details The connection is encrypted The connection is being scanned by VStream Antivirus Viewing Wireless Statistics If your WLAN is enabled you can view wireless statistics for the WLAN or for individual wireless stations To view statist...

Страница 215: ...N Statistics his field Displays Wireless Mode The operation mode used by the WLAN followed by the transmission rate in Mbps MAC Address ce Domain s point s region Cou untry configured for the WLAN Cha LAN The MAC address of the NetDefend firewall s WLAN interfa The NetDefend acces ntry The co nnel The radio frequency used by the W Chapter 8 Viewing Reports 199 ...

Страница 216: ...number of unicast frames transmitted and received Broadcast Frames The number of broadcast frames transmitted and received Multicast Frames The number of multicast frames transmitted and received To view statistics for a wireless station 1 Click Reports in the main menu and click the Active Computers tab The Active Computers page appears The following information appears next to each wireless stat...

Страница 217: ... M Fr W nt s operation mode indicating the client s maximum speed are B G and 108G rmation see Basic WLAN Settings Fields on page 168 X s client supports Extended Range XR mode Possible values are rames OK The total number of frames that rrors The total n occurred iscarded The total num rames rames The number of unicast frames transmitted an roadcast The numb rames ulticast The number of multicast...

Страница 218: ...s Statistics This field Displays Cipher The security protocol used for the connection with the wireless client For more information see Wireless Security Protocols on page 163 202 D Link NetDefend firewall User Guide ...

Страница 219: ... HotS 256 ining an Exposed Host 261 D The default security policy includes the following rules Setting Your Security Policy This chapter escribes ho You Filtering an ce your security policy by subscribing to services such as Web ail Filtering For information on subscribing to services see Using on page 281 in ludes the following topics De Settin y Policy 203 el 204 vers fen e pot Def efault Securi...

Страница 220: ...ternal networks except the WLAN The W AN can only access tal using HTTPS unless a specific user defined rule g erver function see Using Network Printers on page lowed Access from the WAN t These rules are e firewall security level can easily d firewall rules For further inform on page 209 Firewall Security Level L the NetDefend Por allows this When usin the print s 423 access from al internal netw...

Страница 221: ...y level nbound traffic is blocked to the Internet ows file sharing NBT ports 137 High Enforces strict control on ming and outgoing All inbound traffic is blocked IMAP POP3 SMTP ftp newsgroups Telnet DNS IPSEC IKE and VPN traffic ces strict control on All i pe mitting safe All outbound traffic is allowed in connections except for Wind s the default level 138 139 and 445 ommended for nless you a spe...

Страница 222: ...present the security policy Security updates downloaded from a policy and change these definitions vel ain menu and click the Firewall tab To change the firewall security le 1 Click Security in the m The Firewall page appears 2 Drag the security lever to the desired level The NetDefend firewall security level changes accordingly 206 D Link NetDefend firewall User Guide ...

Страница 223: ...our own Web ser FTP server Note C fi imple Allow and Forward rules for comm s t to creating Allow and Forward rules in the pa a serv 1 Click Security in the main menu and click the Servers tab The Servers ess for each allowe on guring servers allows you to create s on ervices and it is equivalen Rules To allow ge For information on creating rules see Using Rules on page 209 ice to be run on a spec...

Страница 224: ...e IP address of the computer that will run the service one of your network computers or click the corresponding This C allow your computer to host the service To stop the for 1 Click Secur rvers tab The Servers es and a host IP address for each allowe sire The Host IP vice is cleared Apply warding of a service to a specific host ity in the main menu and click the Se page appears displaying a list ...

Страница 225: ...policy rules the accounting department will be able to connect to all company computers while the rest of the employees will not be able to access any sensitive information on the accounting department computers You can override the default security policy rules by creating firewall rules that allow specific DMZ computers such a manager s computer to connect to the LAN network and the accounting d...

Страница 226: ...specific IP address you can move the rule down in the the desired IP Rules ress and m than the first rule In the f exception is rule num igure below the general rule is rule number 2 and the ber 1 The NetD from the specified IP add outgoing FTP traffic efend fi ffic The following rul xist rewall will process rule 1 first allowing outgoing FTP tra ress and only then it will process rule 2 blocking ...

Страница 227: ...if your network uses Hide NAT Note You ca es that forward the same service low and orward This rule type enables you to do the following Permit incoming access from the Internet to a specific service in your internal network called Port Address ffic Shaper is andle releva e selected QoS class For example if Traffic Shaper is enabled coming traffic and you create an Allow and Forward rule ciating a...

Страница 228: ...ng Web traffic as specified in the bandwidth policy for the Urgent class For information on Traffic Shaper and QoS classes see Using Traffic Shaper on page 151 Note You cannot use an Allow rule to permit incoming traffic if the network or VPN uses Hide NAT However you can use Allow rules for static NAT IP addresses low This rule type enables you to do the following Permit outgoing access from your...

Страница 229: ...ick Security s tab The Rules p e a rule in the main menu and click the Rule ag appears 2 Do one of the following To add a new rule click Add Rule To edit an existing rule click the Ed it icon next to the desired rule Chapter 9 Setting Your Security Policy 213 ...

Страница 230: ... Type dialog box wizard o 3 Select the type of r ate 4 Click Next w rule ule you want to cre The p 2 Service dialog box appears The example below shows an Allo Ste 5 Complete the fields using the relevant information in the table below 214 D Link NetDefend firewall User Guide ...

Страница 231: ...tion Source dialog box appears 7 Complete the fields using the relevant information in the table below he Step 4 T Done dialog box appears 8 Click Finish The new rule appears in the Firewall Rules page Chapter 9 Setting Your Security Policy 215 ...

Страница 232: ...rule should apply Ports To specify the port range to which the rule applies type the start port number in the left text box and the end port numb r in the right text box ou do not enter a port range the rule will apply to all ports If you enter only one port number the range will include only that port Source Select the source of the connections you want to allow block Specified IP and type the de...

Страница 233: ...y of class o assign the specified connections QoS class If Traffic Shaper r information on Traffic Shaper and fic Shaper on page 151 rule Log accepted connections Log blocked onnections By default accepted connections are not logged and blocked connections y this behavior by changing the check box s state Service Select the QoS class to which you want t If Traffic Shaper is enabled Traffic Shaper ...

Страница 234: ...hen defining an Allow and Forward rule Enabling Disabling Rules You can temporarily disable a user defined rule To enable disable a rule 1 Click Security in the main menu and click the Rules tab The Rules page appears 2 Next to the desired rule do one of the following To enable the rule click The button changes to and the rule is enabled To disable the rule click The button changes to and the rule...

Страница 235: ... the rule up in the table Click next to the desired rule to move the rule down in the table The rule s priority chang Deleting Rules es accordingly To delete an existing rule 1 Click Security in the main menu and click the Rules tab The Rules page appears 2 Click the Erase icon of the rule you wish to delete A confirmation message appears 3 Click OK The rule is deleted Chapter 9 Setting Your Secur...

Страница 236: ...haring operations and File Transfer Protocol FTP uploading among others firewall includes Check Point SmartDefense Services based on pplication Intelligence SmartDefense provides a combination of ds and attack blocking tools that protect your network in the s ompliance to standards xpected usage of protocols Protocol Anomaly Detection artDefense aids proper usage of Internet resources such as F in...

Страница 237: ...the settings it contains appear as nodes For information on each category and the nodes it contains see SmartDefense Categories on page 224 Each node represents an attack type a sanity check or a protocol or service that is vulnerable to attacks To control how SmartDefense handles an attack you must configure the relevant node s settings Chapter 9 Setting Your Security Policy 221 ...

Страница 238: ... Security in the main m The Smart efense pag The left pane displays a tree containing SmartDefense categories To expand a category click the icon next to it To collapse a category click the icon next to it 2 Expand the relevant category and click on the desired node 222 D Link NetDefend firewall User Guide ...

Страница 239: ...he following a Complete the fields using the relevant information in SmartDefense Categories on page 224 b Click Apply 4 To reset the node to its default values a Click Default A confirmation message appears b Click OK The fields are reset to their default values and your changes are saved Chapter 9 Setting Your Security Policy 223 ...

Страница 240: ...rtDefense includes the following IP and ICMP on page 229 e 39 n age 242 FTP on page 245 Microsoft Networks on page 249 IGMP on page 251 Denial of Service nial of Service DoS attacks are aimed at overwhelming the target with int where it is no longer able to respo vice requests This category includes the following atta Teardrop on page 224 Ping of Death on page 225 Non TCP Flooding on page 22 In a ...

Страница 241: ...on to take when a Teardrop atta of the following Track Specify whether to log Teardrop attacks by selecting one of the following Log Log the attack This is the default None Do not log the attack Ping of Death In a Ping of Death attack the attacker sends a fragmented PING request that exceeds the maximum IP packet size 64KB Some operating systems are unable to handle such requests and crash Chapter...

Страница 242: ...attack This is the default None No action Track Specify whether to log Ping of Death attacks by selecting one of the following Log Log the attack This is the default None Do not log the attack LAND In a LAND attack the attacker sends a SYN packet in which the source address and port are the same as the destination the victim computer The victim computer then tries to reply to itself and either reb...

Страница 243: ... by selecti Log Log the attack This is the default None Do not log the attack Non TCP Flooding Advanced firewal table In non TCP Flooding attacks the attacker sends high volumes of non TCP traffic Since such traffic cleared or reset and the firewall St from accepting ne ls maintain state information about connections in a State is connectionless the related state information cannot be ate table is...

Страница 244: ...eshold e following any additional non TCP connections None No action This is the default for non TCP connecti Select one of th Block Block Track Specif Non TCP Traffic y selecting one of the following g default ent Non TCP Traffic Type th conn Th e y whether to log non TCP connections that exceed the Max Percent threshold b Lo Log the connections None Do not log the connections This is the Max Per...

Страница 245: ... UDP and TCP header lengths dropping IP options and the TCP flags You can conf This category configure various protections against IP following and ICMP related attacks It includes the page 231 on page 232 Network Quota on pa Welchia on page 235 Cisco IOS DOS on page 236 Null Payload on page 238 cket Sanity Packet San verifying ve fying ri igure whether logs should be issued for offending packets ...

Страница 246: ... of the following True Disable relaxed UDP length verification The NetDefend firewall will drop packets that fail the UDP length verification check False Do not disable relaxed UDP length verification The NetDefend firewall will not drop packets that fail the UDP length verification check This is the default ecify whether to issue logs for packets that fail the packet sanity tests by ecting one of...

Страница 247: ...attacks by limiting the allowed size for ICMP echo requests Table 40 Max Ping Size Fields In this field Do this Action Max Specify what action to take when an ICMP echo response exceeds the Ping Size threshold by selecting one of the following Block Block the request This is the default None No action Track Specify whether to log ICMP echo responses that exceed the Max Ping Size threshold by selec...

Страница 248: ...attack common behavior and break the data section of a single packet into several fragmented packets Without reassembling the fragments it is not always possible to detect such an attack Therefore the NetDefend firewall always reassembles all the fragments of a given IP packet e sure there are no attacks or exploits in the packet e handled ts several smaller IP packets and transmitt or exploit an ...

Страница 249: ... Number of Incomplete Packets Type the maximum number of fragmented packets allowed Packets exceeding this threshold will be dropped The default value is 300 Timeout for Discarding Incomplete Packets When the NetDefend firewall receives packet fragments it waits for additional fragments to arrive so that it can reassemble the packet Type the number of seconds to wait before discarding incomplete p...

Страница 250: ...uota Fields In this field Do this Action Specify what action to take when the number of network connections ond per Source IP Block Block all new connections from the source Existing None No action from the same source reaches the Max Connections Sec threshold Select one of the following connections will not be blocked This is the default Track from a specific source that exceed the Max Connection...

Страница 251: ... a The default value is 100 Note Setting thi searching for other live computers to It does so by sending a specific ping packet to a target and waiting for the nals that the target is alive This flood of pings may disrupt network ivity ou can configure how the Welchia worm should be handled Welchia The Welchia worm After infecting a com infect reply that sig connect uses the MS DCOM vulnerability ...

Страница 252: ...ne of the lowing None Do not log the attack Spe fol Log Log the attack This is the default C ersion 4 IP isco IOS device is sent a specially crafted sequence of IPv4 packets with protocol type 53 SWIPE 55 IP Mobility 77 Protocol Independent Multicast PIM the router will stop nd traffic on that interface isco IOS DOS Cisco routers are configured to process and accept Internet Protocol v v4 packets ...

Страница 253: ...e of the following Block Block the attack This is the default None No action T N be protected rack Specify whether to log Cisco IOS DOS attacks by selecting one of the following Log Log the attack This is the default None Do not log the attack umber of Hops to Protect Type the number of hops from the enforcement module that Cisco routers should The default value is 10 Chapter 9 Setting Your Securi...

Страница 254: ...ket of the s Block Drop default yload Some worms such as Sasser use ICMP echo request packets with null payload to detect potentially vuln r You can configure how null payload ping packets should be handled Null Pa e able hosts Table 45 Null Payload F In this field Do this ields Action Specify wh ke when null payload p selecting one of the following at action to ta ing packets are detected by Bloc...

Страница 255: ...241 Strict TCP Out of state TCP packets are SYN ACK or data packets that arrive out of order before the TCP SYN packet ry allows you to configure various protections related to t includes the following on page 239 Note In normal conditions out of state TCP packets can occur after the firewall restarts since connections which were established prior to the reboot are unknown te an attack This is nor...

Страница 256: ... of the following n Specify what action to take when an out of state TCP packet arrives by Block Block the packets None No action This is the default Track Specify whether to log null payload ping packets by selecting one of the following Log Log the packets This is the default None Do not log the packets 240 D Link NetDefend firewall User Guide ...

Страница 257: ...he server against this attack by specify Table 47 Small PMTU Fields In this field Do this Action Specify what action to take when a packet is smaller tha Size threshold by selecting one of the following n the Minimal MTU Block Block the packet None No action This is the default Track Specify whether to issue logs for packets are smaller than the Minimal MTU Size threshold by selecting one of the f...

Страница 258: ... an attack This is most commonly done by attempting to access a port nse indicates whether or not the port is open pes of port scans Host Port Scan The attacker scans a specific host s ports to determine hich of open Sweep S fic port is o Port Scan An attacker can perform a port s and waiting for a response The respo This category includes the following ty w the ports are can The attacker scans va...

Страница 259: ... a period of seconds value in order for SmartDefense to consider the activity a scan Type the minimum number of ports that must be accessed within the In a period of seconds period in order for SmartDefense to detect the activity as a port scan For example if this value is 30 and 40 ports are accessed within a specified martDefense will detect the activity as a port scan value is 30 For Sweep Scan...

Страница 260: ...port scan For example if this value is 20 and the Number of ports accessed threshold is exceeded for 15 seconds SmartDefens will detect the activity as a port ot detect the activity as a port scan e scan If the threshold is exceeded for 30 seconds SmartDefense will n The default value is 20 seconds Track Specify whether to issue logs for scans by selecting one of the following None Do not issue lo...

Страница 261: ...ounce When connecting to an FTP server the client sends a PORT command specifying the IP address and port to which the FTP server should connect and send data An FTP Bounce attack is when an attacker sends a PORT command specifying the IP party instead of the attacker s own IP address The FTP server the You can configure how FTP bounce attacks should be handled address of a third n sends data to t...

Страница 262: ... y selecting one of the Log Log the attack This is the default e attacks b following None Do not log the attack Block Known Port an choos ports s You c e to block the FTP server from connecting to well known Note K is port This provides a second layer of prot preventing suc nown ports are published ports associated with services for example SMTP 25 ection against FTP bounce attacks by h attacks fr...

Страница 263: ... connection None No action This is the default Block Port Overflow FTP clients send PORT commands when connecting to the FTP sever A PORT f numbers between 0 and 255 separated by To enforce compliance to the FTP standard and prevent potential attacks against the FTP server you can block PORT commands that contain a number greater than 255 command consists of a series o commas Chapter 9 Setting You...

Страница 264: ...action Blocked FTP Command So ty and int u through the s me seldom used FTP commands may compromise FTP server securi egrity Yo can specify which FTP commands should be allowed to pass security rver and which should be blocked se To n drop down list select Block listed in the Blocked commands box will be blocked FTP command blocking is enabled by default enable FTP command blocking In the Actio Th...

Страница 265: ...commands box select the desired FTP command 2 Click Accept The FTP command appears in the Allowed commands box 3 Click Apply The FTP command will be allowed regardless of whether FTP command blocking is enabled or disabled orks System CIFS a protocol for sharing files and printers However this protocol is also w f propagation 1 In the Allowed commands box select the desired FTP comman Microsoft Ne...

Страница 266: ...to take when a CIFS worm attack is detected b Track Specif worm attacks by selecting one of the followi Log o attack No D g the attack This is the default CIFS worm patterns list Select the worm patterns to detect Patterns are matched against file names including file paths but excluding the disk shar tryin y whether to log CIFS ng L g the ne o not lo e name that the client is g to read or write f...

Страница 267: ...ry includes ftware hardware used by sending specially crafted IGMP attacks should be handled Table 53 IGMP Fields In this field Do this Action one Specif of Block Block the attack This is the default None No action y what action to take when an IGMP attack occurs by selecting the following Track Specify whether to log IGMP attacks by selecting one of the following Log Log the attack This is the de...

Страница 268: ...to non multicast None No action h packets MP pa y whether to allow or block IG Block Block IGMP packets tha addresses This is the default Peer to Peer SmartDefense can block peer to peer traffic by identifying the proprietary protocols and preventing the initial connection to the peer to peer networks This prevents not only downloads but also search operations This category includes the following ...

Страница 269: ...t Track Specify whether to log peer to peer connections by selecting one of the following Log Log the connection None Do not log the connection This is the default Bl pr proprietary protocols should be blocked on all ports by Block Block the proprietary protocol on all ports This in effect prevents all communication using this peer to peer application This is the default None Do not block the prop...

Страница 270: ... headers This category includes the following nodes Skype Yahoo ICQ tant Messengers Note SmartDefense can detect instant messaging traffic regardless of the TCP port being used to initiate the session In each node you can configure how instant messaging connections of the selected type should be handled using the table below 254 D Link NetDefend firewall User Guide ...

Страница 271: ...y selecting one of the following Log Log the connection None Do not log the connection This is the default Block proprietary protocols on all ports Specify whether proprietary protocols should be blocked on all ports by selecting one of the following Block Block the proprietary protocol on all ports This in effect prevents all communication using this instant messenger application This is the defa...

Страница 272: ...he My HotSpot page Note HotSpot users are automatically logged out after one hour of inactivity Secure HotSpot is useful in any wired or wireless environment where Web based user authentication or terms of use approval is required prior to gaining access to the educational institutions libraries Internet cafés and so on The NetDefend firewall allows you to add guest users quickly and easily By def...

Страница 273: ...etwork segment traffic that does not pass rough p S th the firewall Setting U ecure HotSpot To set up Sec 1 En ure able Secure HotSpot for the desired networks e Enabling 258 ize Secure HotSpot as desired See Customiz g otSpot on page 259 3 Grant HotSpo A sions to users on the selected networks ee Adding and Editing Users on page 361 4 To exclude sp dding or editing their network ob See Adding a p...

Страница 274: ...tSpot tab The My HotSpot page appears e HotSpot 2 In the HotSpot Networks area do one of the following To enable Secure HotSpot for a specific network select the check box next to the network To disable Secure HotSpot for a specific network clear the check box next to the network 3 Click Apply 258 D Link NetDefend firewall User Guide ...

Страница 275: ...ain menu and click the My HotSpot tab The My HotSpot page appears g the information in the table below 2 Complete the fields usin Additional fields may appear 3 To preview the My HotSpot page click Preview A browser window opens displaying the My HotSpot page Chapter 9 Setting Your Security Policy 259 ...

Страница 276: ...a pr accept the terms of use before accessing the network The Allow a user to login from more than one computer at the same time check box Allow a user to login from more than one computer at the same time Select this option to allow a single user to log on to My HotSpot from multiple computers at the same time y HotSpot is ssword otected Select this option to require users to enter their username...

Страница 277: ...xposed host computer The exposed host receives all traffic that was not forwarded to another computer by use of Allow and Forward rules Warning Entering an IP address may make the designated computer vulnerable to hacker attacks Defining an exposed host is not recommended unless you are fully aware of the security risks exposed host 1 Click Security in the main menu and click the Exposed Host tab ...

Страница 278: ... the exposed host 3 Click Apply The selected computer is now defined as an exposed host The Exposed Host page appears 2 Click 3 Cl the Exposed Host field type the IP address of To clear the exposed host 1 Click Security in the main menu and click the Exposed Host tab Clear ick Apply No exposed host is defined 262 D Link NetDefend firewall User Guide ...

Страница 279: ...rus stores only minimal state information per connection it can scan thousands of connections rms When VStream Antivirus detects malicious content the action it takes depends on the protocol in which the virus was found See the table below In each case t Stateful Inspection and Application elligence technologies which performs virus scanning VStream Antivirus scans files for malicious content on t...

Страница 280: ...3 SMTP Rejects the virus infected email with error code 554 Sends a Virus detected message to the sender The standard TCP port 25 FTP Terminates the data connection Sends a Virus detected message to the FTP client The standard TCP port 21 TCP and UDP Terminates the connection Generic TCP and UDP ports other than those listed above Terminates the connection The sta Deletes the virus Note In protoco...

Страница 281: ...lf Email Antivirus is specific to email scanning incoming POP3 and orts POP3 information on not defined Enabling Disabling VStream Antivirus Email Antivirus is centralized redirecting traffic through the Service Center for scanning while V outgoing SMTP connections only while VStream Antivirus supp additional protocols including incoming SMTP and outgoing connections You can use either antivirus s...

Страница 282: ... daily database and a main database The daily Periodically the contents of the daily da ain database leaving the database a You can v ases currently in use database is updated frequently with the newest virus signatures tabase are moved to the m daily database empty This system of incremental updates to the main llows for quicker updates and saves on network bandwidth iew information about the VSt...

Страница 283: ...ing VStream Antivirus You can configure VStream Antivirus in the following ways Configuring the VStream Antivirus Policy on page 267 Configuring VStream Advanced Settings on page 275 Configuring the VStream Antivirus Policy VStream Antivirus includes a flexible mechanism that allows the user to define exactly which traffic should be scanned by specifying the protocol ports and source and destinati...

Страница 284: ...igher loc irus Policy table than the first rule In the figure below the general rule er 2 and the exception is rule number 1 etDefend firewa The N ll will process rule 1 first passing outgoing SMTP traffic from the specified IP address and only then it will process rule 2 scanning all outgoing SMTP traffic The following rule types exist VStream Antivirus Rule Types Table 59 VStream Antivirus Rule ...

Страница 285: ...If a virus is found it is blocked and logged Adding and Editing Rules To add or edit a rule 1 Click Antivirus in the main menu and click the Policy tab The Antivirus Policy page appears 2 Do one of the following To add a new rule click Add Rule To edit an existing rule click the Edit icon next to the desired rule Chapter 10 Using VStream Antivirus 269 ...

Страница 286: ...ep 1 Rule Type dialog box displayed 3 Select the type of rule you want to create 4 Click Next The Step 2 Service dialog box appears The example below shows a Scan rule 5 Complete the fields using the relevant information in the table below 270 D Link NetDefend firewall User Guide ...

Страница 287: ...ep 3 Destination Source dialog box appears 7 Complete the fields using the relevant information in the table below The Step 4 Done dialog box appears 8 Click Finish The new rule appears in the Firewall Rules page Chapter 10 Using VStream Antivirus 271 ...

Страница 288: ... select Specified IP and type the desired IP address in the filed provided To specify an IP address range select Specified Range and type the desired IP address range in the fields provided Click this option to specify that the rule should apply to a spe s service You must then select the desired service from the dr o m Service Click this option to specify that the rule should apply to a specific ...

Страница 289: ...rtal and network printers select This Gateway This option is not a Data Direction Select the direction of connections to which the rule should apply Download and Upload data The rule applies to downloaded and uploaded data This is the default Download data The rule applies to downloaded data that is data flowing from the destination of the connection to the source of the connection Upload data The...

Страница 290: ...Antivirus Policy page appears Click Antivirus in the main 2 Do one of the following Click next to the desired rule to move the rule up in the table Click next to the desired rule to move the rule down in the table The rule s priority changes accordingly Deleting Rules To delete an existing rule 1 Click Antivirus in the main menu and click the Policy tab The Antivirus Policy page appears 2 Click th...

Страница 291: ...ntivirus ad Click Antivirus in the main menu and click the Advanced tab The Advanced Antivirus Settings page appears 2 Complete the fields using the table below 3 Click Apply 4 To restore the default VStream Antivirus settings do the following a Click Default A confirmation message appears b Click OK Chapter 10 Using VStream Antivirus 275 ...

Страница 292: ...pes in email messages Select this option to block all emails containing potentially unsafe attachments Unsafe file types are DOS Windows executables libraries and drivers Compiled HTML Help files VBScript files s with CLSID in their name The following file extensions ade adp bas bat chm exe hlp hta inf ins isp js jse mst pcd pif reg scr File cmd com cpl crt lnk mdb mde msc msi msp sct shs shb url ...

Страница 293: ... scanned and the rest of the file is skipped efault Selecting this option reduces the load on the gateway by skipping safe file types This option is selected by d St Maximum nesting level Type the maximum number of nested content levels that Setting a higher number increases security Setting a lower number prevents attackers from overloading the gateway by The default value is 5 levels atus VStrea...

Страница 294: ...ng Pass file without scanning Scan only the number of compressible files and skip scanning archives that cannot be extracted because they are corrupt This is the default Block file Block the file When a password protected file is found in archive VStream Antivirus cannot extract and scan password protected files inside archive Specify how VStream Antivirus should handle such files by selecting one...

Страница 295: ...ty up to date with no need for user intervention However you can still check for updates manually if needed To update the VStream Antivirus virus signature database 1 Click Antivirus in the main menu and click the Antivirus tab The VStream Antivirus page appears 2 Click Update Now The VStream Antivirus database is updated with the latest virus signatures Chapter 10 Using VStream Antivirus 279 ...

Страница 296: ......

Страница 297: ...Service Center in your area This ch Co ect 281 s Information 287 r Service Center Connection 288 C D 289 W 290 A 294 Connecting to a Service Center apter includes the following topics ing to a Service Center nn Viewing Service Refreshing You onfiguring Your Account 288 isconnecting from Your Service Center eb Filtering utomatic and Manual Updates To connect to a Service Center 1 Click Services in ...

Страница 298: ...Connecting to a Service Center The Account page appears 2 In the Service Account area click Connect 282 D Link NetDefend firewall User Guide ...

Страница 299: ...d IP and then in the Specified ter s IP address as given to you by ste rator 5 Click Connect Make sure the Connect to a different Service Center check box is selected Do one of the following To connect to the Sofa To specify a Service Center choose IP field enter the desired Service Cen your sy Next m administ The ing screen appears Chapter 11 Using Subscription Services 283 ...

Страница 300: ...Login box appears Enter your gateway ID and registration key in the appropriate fields as given to you by The Conne The Confir log box appears with a list of services to which you are subscribed your service provider then click Next cting screen appears mation dia 284 D Link NetDefend firewall User Guide ...

Страница 301: ...in The ish following n If a new fi downloadi l minutes Once the download is plete the NetDef The Welcome page appears things happe rmware is available the NetDefend firewall may start ng it This may take severa com end firewall restarts using the new firmware Chapter 11 Using Subscription Services 285 ...

Страница 302: ...bed are now available on your nd listed as such on the Account page See Viewing on page 287 for further information NetDefend firewall a Services Information The Services submenu includes the services to which you are subscribed 286 D Link NetDefend firewall User Guide ...

Страница 303: ... Gateway ID Your gateway ID Subscription will end on The date on which your subscription to services will end Service The services available in your service plan Subscription The status of your subscription to each service Subscribed Not Subscribed Statu Connected You are connected to the service through the Service Center s The status of each service Connecting Connecting to the Service Center N ...

Страница 304: ...end firewall s connection to the Service Center and ref To refresh your Service Center connection 1 t page appears 2 In the Service Account area click Refresh The NetDefend firewall reconnects to the Service Center Your service settings are refreshed Configuring Your Account reshes your NetDefend firewall s service settings Click Services in the main menu and click the Account tab The Accoun This ...

Страница 305: ...our Service Center from your Service Center If desired you can disconnect To 1 Click Se enu and click the Account tab 2 In the Service Account area click Connect The NetDefend Services Wizard opens with the first Subscription Services dialog box displayed 3 Clear the Connect to a different Service Center check box 4 Click Next The Done screen appears with a success message 5 Click Finish The follo...

Страница 306: ...Web Filtering pop up window ice is enabled access to Web content is restricted ing to the catego able to view Web pages with no re Note Web Filtering is only available if you are connected to a Service Center and subscribed to this service Enabling Disabling Web Filtering Note If you are remotely managed contact your Service Center to change these settings To enable disable Web Filtering 1 Click S...

Страница 307: ...ked with an define which types of Web sites should be considered appropriate fo r office members by selecting the categories Categorie will r hile categories marked with emain visible w will be blocked and will requi tor password for viewing re the administra Note If yo settings u are remotely managed contact your Service Center to change these Chapter 11 Using Subscription Services 291 ...

Страница 308: ...iltering If To temporarily disable Web Filtering 1 Click Services in the main menu and click the Web Filtering tab The Web Filtering page appears 2 Click Snooze Web Filtering is temporarily disabled for all internal network computers desired you can temporarily disable the Web Filtering service 292 D Link NetDefend firewall User Guide ...

Страница 309: ...opens 3 he We page rnal network computers g page the button changes to Snooze To re enable the service click Resume either in the popup window or on t b Filtering The service is re enabled for all inte If you clicked Resume in the Web Filterin Chapter 11 Using Subscription Services 293 ...

Страница 310: ...le if you are connected to a Service Center bscribed to this service Chec anaged king for Software Updates when Remotely M If your NetDefend firewall is remotely managed it automatically checks for software updates and installs them without user intervention However you can still check for updates manually if needed To manually check for security and software updates 1 Click Services in the main m...

Страница 311: ...es when Locally Managed If your NetDefend firewall is locally managed you can set it to automatically check for software updates or you can set it so that software updates must be checked for manually To configure software updates when locally managed 1 Click Services in the main menu and click the Software Updates tab Chapter 11 Using Subscription Services 295 ...

Страница 312: ...ds its schedule Note Wh can still manually check fo 3 To set the NetDefend firewall so that software updates must be checked for manually dra The NetDefen ly 4 To manually che The system checks for new updates and installs them en the Software Updates service is set to Automatic you r updates g the Automatic Manual lever downwards d firewall does not check for software updates automatical ck for s...

Страница 313: ...ple they can securely read email use the company s intranet or access the company s database from home The are four types of VPN sites Remote Access VPN Server Makes a network remotely available to authorized users who connect to the Remote Access VPN Server using the VPNs Working With cribes how to use your NetDefend firewall as a Remote A VPN Cl er or gateway 297 Defend firewall as a VPN Server ...

Страница 314: ...Remote software Gateway network VPN must include at least one Remote Access V Server or gate type of VPN you want to y The type of VPN sites you include in a VPN depends on th create Site to Site or Remote Access Note A ve a static IP add dynamic IP add manag A Secu lient can have a dynamic IP address regardless of whether it is locally or remotely managed locally managed Remote Access VPN Server ...

Страница 315: ...Overview networks function as a single network You can use this type of VPN to mesh office branches into one corporate network Figure 12 Site to Site VPN Chapter 12 Working With VPNs 299 ...

Страница 316: ...owing ite to Site VPN Gateway or create a unnel to the first VPN site using the procedure Adding and page 308 b Then enable the Remote Access VPN Server using the procedure emote Access VPN b Enable the Remote Access VPN Server using the proce Up Your NetDefend firewall as a Remote Access V page 303 2 On the second VPN site s NetDefend firewall o the f a Define the first VPN site as a S PPPoE t Ed...

Страница 317: ...ffice network remotely available to authorized users su o the office Remote Access VPN PN Clients ote Access VPN Server or Site to S ore Remote Access VPN Clients You can use this ch as employees working from home who connect t Server with their Remote Access V Remote Acce Figure 13 ss VPN Chapter 12 Working With VPNs 301 ...

Страница 318: ...network Inter al security threats cause outages downtime and lost revenue Wired e internal network on page 308 See Setting Up Your NetDefend firewall as a Remote Acce page 303 You can use your NetDefend firewall as an internal VPN Server for enhanced wired and wireless security When the internal VPN Server is enabled VPN Client softw emote Access VPN session to the gateway This m authenticated The...

Страница 319: ...eless network may pose a significant security risk For information on setting up your NetDefend firewall as an internal VPN Server 03 Setting Up Your NetDefend firewall as a VPN Server see Setting Up Your NetDefend firewall as a VPN Server on page 3 an make your network available to authorized users connecting from the your internal networks You c Internet or from by setting up your NetDefend fire...

Страница 320: ...ote VPN Access for Users on page 367 To accept remote access connections from the Internet See Configuring the Rem To accept connection See Configuring the Internal VPN Serv 2 If you configured the internal VPN Server internal network computers See Installing SecuRemote on remote VPN access for users Note Disabling the VPN Server for a specific ty from internal networks will caus pe of connection ...

Страница 321: ...mote Access VPN Server To er 1 tab page appears configure the Remote Access VPN Serv Click VPN in the main menu and click the VPN Server The SecuRemote VPN Server 2 Select the llow SecuRemote users to connect from the Internet check box A Chapter 12 Working With VPNs 305 ...

Страница 322: ...l Bypass the 5 Click Apply Configuring the Internal VPN Server connecting to your internal network select the Bypass and access your internal network without restriction select the firewall check box The Remote Access VPN Server is enabled for the specified connection types To configure the internal VPN Server 1 Click VPN in the main menu and click the VPN Server tab The SecuRemote VPN Server page...

Страница 323: ...pecified connection types Ins To allow authenticated users co firewall and access your internal network without restricti the firewall check box Bypass NAT is always enable disabled Click Apply The internal VPN Server talling SecuRemote If r internal networks you must install the SecuRemote VPN Client on internal network computers that should be allowed to remotely access your network you configur...

Страница 324: ...cuRemote PN Client icon in the taskbar select Settings and then click Help Adding and Editing VPN Sites the main m link The VP 3 Follow the online instructions cuRemote for NetDefend page o SecuRemote is installed For inform on on using SecuRemote see the User Help To access User Help right click on the SecuRemote V To add or edit VPN sites nd click the VPN Sites tab 1 Click VPN in the main menu a...

Страница 325: ...ing VPN Sites The VPN Sites page appears with a list of VPN sites 2 VPN site click New Site Do one of the following To add a To edit a VPN site click Edit in the desired VPN site s row Chapter 12 Working With VPNs 309 ...

Страница 326: ...displayed 3 Do one of the following Select Remote Access VPN to establish remote access from your Remote Access VPN Client to a Remote Access VPN Server el ano VPN Gateway 4 Click Next ect Site to Site VPN to create a permanent bi directional connection to ther Site to Site S 310 D Link NetDefend firewall User Guide ...

Страница 327: ...og box appears 1 Enter want to 2 3 the IP address of the Remote Access VPN Server to which you connect as given to you by the network administrator To allow the VPN site to bypass the firewall and access your internal network without restriction select the Bypass the firewall check box Click Next Chapter 12 Working With VPNs 311 ...

Страница 328: ...you want to obtain the VPN network configuration Refer to VPN The following things happen in the order below If you chose Specify Configuration a second VPN Network Configuration g bo Network Configuration Fields on page 320 5 Click Next dialo x appears 312 D Link NetDefend firewall User Guide ...

Страница 329: ...he information in VPN Network Configuration Fields on page 320 and click Next The Auth entication Method dialog box appears 6 Complete the fields using the information in Authentication Methods Fields on page 322 7 Click Next Chapter 12 Working With VPNs 313 ...

Страница 330: ...hod ox appears If you selected Username and Password the VPN Login dialog b e the fields using the information in VPN Login Fields o 1 Complet n page 322 2 Click Next rs If you selected Automatic Login the Connect dialog box appea 314 D Link NetDefend firewall User Guide ...

Страница 331: ...onnect to the Remote Access V to Con Warning If you try to connect to the VPN site before c existing tunnels will be terminated ompleting the wizard all the Connecting ialog box appears 2 Click Next If you selected Try to Connect to the VPN Gateway screen appears and then the Contacting VPN Site screen appears The Site Name d 3 Enter a name for the VPN site You may choose any name 4 Click Next ...

Страница 332: ... page reappears If you added a VPN site the new site appears in the VPN Sites list If you edited a VPN site the modifications are reflected in the VPN Sites list Certificate Authentication Method If you selected Certificate the Connect dialog box appears 316 D Link NetDefend firewall User Guide ...

Страница 333: ...g If you try to connect to the VPN site befo existing tunnels will be terminated 2 Click Next ateway the Connecting screen appears and then the Contacting VPN Site screen appears re completing the wizard all If you selected Try to Connect to the VPN G The Site Name dialog box appears 3 Enter a name for the VPN site 4 Click You m e ay choose any nam Next Chapter 12 Working With VPNs 317 ...

Страница 334: ...rs in the VP eflected in the t RSA SecurID Authentication Method If you selected RSA SecurID the Site Name dialog box appears page reappears If you added a VPN site the new site app N Sites list If you edited a VPN site the modifications are r VPN Sites lis 318 D Link NetDefend firewall User Guide ...

Страница 335: ...ed screen appears Enter a name for the VPN 2 Click Next 3 pears in the VPN Sites list If you edited a VPN site the modifications are reflected in the Click Finish The VPN Sites page reappears If you added a VPN site the new site ap VPN Sites list Chapter 12 Working With VPNs 319 ...

Страница 336: ... connecting to a Check Point VPN 1 or NetDefend Site to Site VPN Gateway Specify Configuration Click this option to provide the netwo nfiguration manually Route All Traffic Click this option to route all network traffic through the VPN site remote offices and the remote offices are only allowed to access Internet resources through the central office you can choose to route all traffic from ote off...

Страница 337: ...tual tunnel interface VTI for this site so at it can participate in a route based VPN oute based VPNs allow routing connections over VPN tunnels so that mote VPN sites can participate in tworks For constantly changing net quent chang e Appliance via e r levant commands for OSPF refer to the NetDefend CLI Re is option is only available for when configuring a Site to Site VP ay Destination network T...

Страница 338: ...lect this option a certificate must have been installed Refer to rmation about tificate RSA SecurID Token Select this option to use an RSA SecurID token for VPN authentication orted in Remote Access manual login mode Installing a Certificate on page 345 for more info certificates and instructions on how to install a cer When authenticating to the VPN site you must enter a four digit PIN code and t...

Страница 339: ...formation on Automatic and Manual A Click this option to enable the NetDefend firewall to log on to the VPN site You must then fill in the Username and Password fields Automatic Login provides all the computers on your internal network with r further information on Automatic and a VPN Site on page 341 Username Type the user name to be used for logging on to the VPN site assword Type the password t...

Страница 340: ...y Address dialog box appears If you selected Site to Site VPN the VPN Gateway 1 Complete the fields using the information in VPN Gateway Address Field page 335 s on 2 Click Next g box appears The VPN Network Configuration dialo 324 D Link NetDefend firewall User Guide ...

Страница 341: ...fer to VPN Network Configuration Fields on page 320 4 Click Next If you chose Specify Configuration a second VPN Network Configuration dialog box appears Complete the fields using the information in VPN Network Configuration Fields on page 320 and then click Next Chapter 12 Working With VPNs 325 ...

Страница 342: ...ars Complete the fields using the information in Route Based VPN Fields on 6 an Authent page 33 The d then click Next ication Method dialog box appears 5 Complete the fi Fields on page 337 6 Click Next elds using the information in Authentication Methods 326 D Link NetDefend firewall User Guide ...

Страница 343: ...t the Authentication dialog box appears If you sele Shared Sec If you chose Download Configuration the dialog box contains additional fields 1 Complete the fields using the information in VPN Authentication Fields on page 337 and click Next Chapter 12 Working With VPNs 327 ...

Страница 344: ...ds dialog box appears 2 To configure advanced security settings click Show Advanced Settings New fields appear 3 Complete the fields using the information in Security Methods Fields on page 337 and click Next 328 D Link NetDefend firewall User Guide ...

Страница 345: ...teway check box This allows you to test the VPN connection Warning If you try to connect to the VPN site b leting the wizard all existing tunnels will be terminated Click If you selected Try to Connect to the VPN onne screen appears and then the Contacting VPN Site screen appe efore comp 5 Next Gateway the C cting ars Chapter 12 Working With VPNs 329 ...

Страница 346: ...6 Enter e VPN site You m e 7 To keep the tunnel to the VPN site alive even if there is no network traffic between the NetDefend firewall and the VPN site select Keep this site alive Click Next a name for th ay choose any nam 8 330 D Link NetDefend firewall User Guide ...

Страница 347: ...d firewall should The VPN Sites page reappears If you added a VPN site the new site appears in site the modifications are reflected in the Certificate Authentication Method ping in order to keep the tunnel to the VPN site alive 2 Click Next The VPN Site Created screen appears 9 Click Finish the VPN Sites list If you edited a VPN VPN Sites list If you selected Certificate the following things happe...

Страница 348: ...tication dialog box appears Complete the fields using the information in VPN Authentication Fields on page 337 and click Next The Security Methods dialog box appears 1 To configure advanced security settings click Show Advanced Settings 332 D Link NetDefend firewall User Guide ...

Страница 349: ...nfo 337 and click Next rmation in Security Methods Fields on page The Connect dialog box appears 3 To try to connect to the R the VPN Gateway check b emote Access VPN Server select the Try to Connect to ox This allows you to test the VPN connection Chapter 12 Working With VPNs 333 ...

Страница 350: ...dialog box appears 4 Click Next If you selected Try to Con happen The Connecting screen appears The Contacting VPN Site scree The Site Nam 5 Enter a name for the VPN site You may choose any name 6 To keep the tunnel to the VPN site alive even if there is no network traffic between the NetDefend firewall and the VPN site select Keep this site alive 7 Click Next 334 D Link NetDefend firewall User Gu...

Страница 351: ...up to three IP addresses which the NetDefend firewall should e tunnel to the VPN site alive The VPN Site Created screen appears 8 Click Finish The VPN Sites page reappears If you added a VPN site the new site appears in the VPN Sites list If you edited a VPN site the modifications are reflected in the VPN Sites list ping in order to keep th 2 Click Next Chapter 12 Working With VPNs 335 ...

Страница 352: ...your internal network without restriction T In able 67 Route Based VPN Fields this field Do this T Type a local IP address for this end of the VPN tunnel unnel Local IP Tunnel Remote IP Type the IP address of the remote end of the VPN tunnel O Type the cost of this link for dynamic routing purposes The default value is 10 If OSPF is not enabled this setting is not used OSPF is enabled using the Ne...

Страница 353: ... been installed Refer to Installing a Certificate on page 345 for more information about certificates and instructions on how to install a certificate Table 69 VPN Authentication Fields In this field Do this Topology User Type the topology user s user name Topo Passwor Use Shared Secret Type the shared secret to use for secure communications with the VPN site This shared secret is a string used to...

Страница 354: ...oti he interval in minutes between IKE Phase 1 key negotiations This me but impacts heavily on e SA lifetime around its default value The default value is 1440 minutes one day Phase 2 for VPN traffic Automatic The NetDefend firewall automatically selects the best security methods supported by the site This is the default A specific group A group with more bits ensures a stronger key but lowers per...

Страница 355: ...abled This is the default Enabling PFS will g and renew th PFS increases security but lowers performance It is recommended to D gr ellman group to use Automatic The NetDefend firewall automatically selects a A group with more bits ensures a stronger key but lowers performance Rene n IPSec SA key negotiations This is lt value is 3600 seconds one hour iffie Hellman Select the Diffie H oup group This...

Страница 356: ... The VPN site is deleted nabling Disabling a VPN Site E You can only connect to VPN sites that are enabled To enable disable a VPN site page appears with a list of VPN sites o he following 1 Click VPN in the main menu and click the VPN Sites tab The VPN Sites 2 T enable a VPN site do t a Click the icon in the desired VPN site s row mation m OK The icon cha A confir essage appears b Click nges to a...

Страница 357: ...g on and traffic is sent to the VPN site a VPN tunnel is established Only the computer from which you logged on can use the tunnel To sh ers your home network you must log on to the VPN site from those computers using the same user name and password u need to manually log on to Remote Access VPN Ser anual Login You do not need to manually log o rver configured for Automatic Login or a Site t mpute...

Страница 358: ... a VPN site through the NetDefend Portal 1 Click VPN in the main menu and click the VPN Login tab The VPN Login page appears 2 From the Site Name list select the site to which you want to log on Note Disabled VPN sites will not appear in the Site Name list 3 Type your user name and password in the appropriate fields 4 Click Login 342 D Link NetDefend firewall User Guide ...

Страница 359: ...iguration If when adding the VPN site you NetDefend firewall attempts to create a tunnel to the VPN site Once the NetDefend f Status box appears The Status field displays Connected The VPN Login Status box remains open until you manually log off the Log VPN site ging on through the my vpn page Note You don t need to know the my firewall page administrator s password in order to use the my vpn page...

Страница 360: ...uration the NetDefend firewall downloads the network configuration If when adding the VPN site you specified a network configuration the NetDefend firewall attempts to create a tunnel to the VPN site The VPN Login Status box appears The Status field tracks the connection s progress ecting the Status field changes to Connected Th e VP Once the NetDefend firewall has finished conn e VPN Login Status...

Страница 361: ...d provide verifiable information e c ished Name DN identifying information of the entity as well as the public key information about itself After two entities excha encrypting inform etween themselves using the public keys in the tificates The certificate also includes a fingerprint a unique text used to identify the certificate You can email your certificate s fingerprint to the remote user Upon ...

Страница 362: ...a PKCS 12 file obtain one from your network security administrator porting a Certificate on page 350 Note To use unique certificate Do not use the same certificate for more than one g certificates authentication each NetDefend firewall should have a ateway Note If your NetDefend firewall is central generated and downloaded to your appliance In this ca generate a self signed certificate ly managed ...

Страница 363: ...icate page appears 2 Click Install Certificate The NetDefend Certificate Wizard opens with the Certificate Wizard dialog box displayed 3 Click Generate a self signed security certificate for this gateway Chapter 12 Working With VPNs 347 ...

Страница 364: ...ars 4 5 The NetDefend firewall generates the certificate This may take a few seconds Complete the fields using the information in the table below Click Next The Done dialog box appears displaying the certificate s details 6 Click Finish 348 D Link NetDefend firewall User Guide ...

Страница 365: ...ays the following information The gateway s certificate The gateway s name The gateway certificate s fingerprint The CA s certificate The name of the CA that issued the certificate in this case the NetDefend gateway The CA certificate s fingerprint hich the gateway s certificate and The starting and ending dates between w the CA s certificate are valid Chapter 12 Working With VPNs 349 ...

Страница 366: ...u must renew the certificate when it expires Name be visible to remote users inspecting the certificate This field is filled in automatically with the gateway s MAC address If alid Until Use the drop down lists to specify the month day certificate sho Not Importing a Certificate To install a certificate the main menu and click the Certificate tab 2 Click Install Certificate The NetDefend Certifica...

Страница 367: ... browser from which to locate and select the file Th 5 The Import Certificate Passphrase dialog box appears This may take a few mo e filename that you selected is displayed Click Next ments 6 Type the pass phrase you received from the network security administrator Chapter 12 Working With VPNs 351 ...

Страница 368: ...he gateway s certificate and the CA s certificate are valid Uninstalling a Certificate The CA s c The CA certificate s finge The starting a nding dates between w If you uninstall the certificate no certificate will exist on the NetDefend firewall and you will not be abl install th o use certificate authenticatio e to connect to the VPN if a certificate is required You cannot un e certificate if th...

Страница 369: ...ured for Automatic Login and Site to Site nnel is ver your computer attem munication with a computer at the VPN site The tunnel is closed when not in use for a period of time A tu com created whene pts any kind of Note A closed the site remains open and if you attempt to communicate with the site the tunnel will be reestablished Remote Acc l Login A tunnel is uter attempts any kind of communicatio...

Страница 370: ... includes the information described in the table below 2 To refresh the table click Refresh Table 72 VPN Tunnels Page Fields This field Displays Type The currently active security protocol IPSEC Source The IP address or address range of the entity from which the tunnel originates The entity s type is indicated by an icon See VPN Tunnel Icons on page 355 354 D Link NetDefend firewall User Guide ...

Страница 371: ...end firewall supports AES 3DES and DES encryption Establish nel was established This information is presented in the format hh mm ss where ss seconds rity The type of encr Message Authentication Code MAC used to verify message This information is presented in the following format Encryption type Authentication type The encryption and authentication schemes used f strongest of those used at the two...

Страница 372: ...it is recommended to do the following The NetDefend firewall stores traces for all recent IKE negotiations If you want to view only new IKE trace data clear all IKE trace data currently stored on the NetDefend firewall Close all existing VPN tunnels except for the problematic tunnel so as to make it easier to locate the problematic tunnel s IKE negotiation trace in the exported file To clear all c...

Страница 373: ...ry This file contains lished VPN tunnels 7 Use the IKE View tool to open and view the elg file or send the file to technical support VPN Tunnels on page 353 2 Click Reports in the main menu and click the VPN Tunnels tab The VPN Tunnels page appears with a table of open tunnels to VPN sites 3 Click Save IKE Trace A standard File Download dialog box appears The Save As dialog 5 Browse to a destinati...

Страница 374: ......

Страница 375: ...RADIUS Authentication 368 Configuring the RA 372 Changing Your Password ribes how to manage NetDefend firewall users You can defi ir passwords and assign them various permissions Changing rd 359 Users HotSpot Users 365 ing Users 367 ce DIUS Vendor Specific Attribute You can change y To change your p 1 Click Users in click the Internal Users tab Managing Users our password at any time assword the m...

Страница 376: ... Internal Users page appears 2 your username click Edit rd opens displaying the Set User Details dialog box In the row of The Account Wiza 3 Edit the Password and Confirm password fields 360 D Link NetDefend firewall User Guide ...

Страница 377: ...ng and Editing Users ick Finish This procedure explains how to add and edit users For information on quickly adding guest HotSpot users via a shortcut that the firewall provides see Adding Quick Guest HotSpot Users on page 365 Users in the main menu and click the Internal Users tab al Users page appears NetDefend To add or edit a user 1 Click The Intern Chapter 13 Managing Users 361 ...

Страница 378: ... New User existing user click Edit next to the desire user Th unt Wizard opens d x To edit an e Acco isplaying the Set User Details dialog bo 3 Complete the fields using the information in Set User Details Fields on page 363 4 Click Next 362 D Link NetDefend firewall User Guide ...

Страница 379: ... 6 Click Finish e user is saved T In this field Do this you are using 5 Complete the fields using the information in Set Use Th able 74 Set User Details Fields Usern Enter a username for the user ame P Enter a password for the user Use five to 25 characters letters or numbers for the new password Confirm Re enter the user s password assword Password Chapter 13 Managing Users 363 ...

Страница 380: ...l on to the NetDefend Portal but liance page For example you could assign this administrator level to technical support personnel who need to view the Event Log The default level is No Access changed dministrator Level Read Write The user can log on to the NetDefend Portal and modify system settings Read Only The user can log cannot modify system settings or export the app configuration via the Se...

Страница 381: ...Users The NetDefend firewall provides a shortcut for quickly adding a guest HotSpot user This is useful in situations where you want to grant temporary network access to gue xample in an Int guest user s details in one click By default the quick guest user has the following characteristics e in the format guest number number is a unique d password Expires in 24 hours Administration Level No Access...

Страница 382: ...g the Save Quick Guest dialog box create a guest user Users the main menu n The Internal Quick Guest Acco The 3 In the Expires field click on the arrows to specify the expiration date and time e user details click Print The guest user is saved You can edit the guest user s Adding and Editing Users o 4 To print th 5 Click Finish details and permissions using the procedure n page 361 ...

Страница 383: ...ed users appears in red 2 To delete a use he desired user s row click the Erase icon onfirmation mess A c age appears OK ll expired users do the following ation message b Click OK The expired users are delete Setting Up Remote VP b Click The user is deleted 3 To delete a a Click Clear Expired A confirm appears d N Access for Users If you are using your NetDefend firewall as a Remote Access VPN Ser...

Страница 384: ...d Portal s RADIUS page However you can configure the RADIUS server to pass the NetDefend firewall a specific set of permissions to grant the authenticated user instead of these default permissions This is done by co te VSA with a set of attributes ission information for specific users If the VSA is configured for a A to the NetDefend gateway as part of the uest and the gateway assigns the user per...

Страница 385: ...ssion set for this To The page appears user use RADIUS authentication 1 Click Users in the main menu and click the RADIUS tab RADIUS 2 Complete the fields using the table below Apply 3 Click 4 To restore the default RADIUS settings do the following a Click Default Chapter 13 Managing Users 369 ...

Страница 386: ...Defend firewall sends a request to the primary RADIUS server first If the primary RADIUS server does not respond after three attempts the NetDefend firewall will send the request to the secondary RADIUS server Address ddress of the computer that will run the RADIUS service one of your network computers or click the corresponding This To clear the text box click Clear Port Type the port number on t...

Страница 387: ...bute is configured for a user the fields in this area will have no effect and the user will be granted the permissions specified in the VSA If the VSA is not configured for the user the permissions configured in Administr No Access The user cannot access the NetDefend Portal Read Write The user can log on to the NetDefend Portal and modify system settings meout Type the interval of time in seconds...

Страница 388: ...r Specific Attribute For detailed instructions and examples refer to the Configuring the RADIUS Vendor Specific Attribute white paper To assign permissions to specific RADIUS authenticated users 1 Create a remote access policy as follows a Assign the policy s VSA attribute 26 the SofaWare vendor code 6983 b For each permission you want to grant configure the relevant attribute of the VSA with the ...

Страница 389: ...1 String none The user cannot ac level of access to the NetDefend Portal NetDefend Portal but cannot m can log on to the NetDefend Portal and modi VPN n he user can remotely access the network via VPN VPN This permission is only relevant if the NetDefend Remote Access VPN Server is enabled The teway must ve a certificate Indicates whether 2 String true T the user ca access the network from a Remot...

Страница 390: ...ss the Internet via My HotSpot false The user HotSpot This permission is only relevant if the Secure HotSpot feature is enabled cannot access the Internet via My U hether e Web 4 String true The user can override Web Filtering false The user cannot override Web Filtering This permission is only relevant if the Web Filtering service is enabled FP Indicates w the user can overrid Filtering 374 D Lin...

Страница 391: ...n V etDefend firewall This chapter includes the following topics Updating the Firmware 377 Registering Your NetDefend firewall 383 Configuring Syslog Logging 384 Configuring SSH Configuring SN Setting the Time on the Appliance 397 Using Diagnostic Tools 401 Backing Up the NetDefend firewall Configuration 415 Diagnostics 421 g the NetDefend firewall 422 iewing Firmware Status The firm You can view ...

Страница 392: ...following information Tabl T xample e 78 Firmware Status Fields his field Displays For e WAN MAC Address The MAC address used for the Internet connection 00 80 11 22 33 44 Firmware Version The current version of the firmware 6 0 Installed Product The licensed software and the number of allowed nodes NetDefend unlimited nodes 376 D Link NetDefend firewall User Guide ...

Страница 393: ...formed If au rod ct features and protection against ne ler r the availability of Software Updates and other services For information on subscribing to services see Co ge 281 e Software Updates service you must update your 1 The Firmware page appears are Update tomatically These updates include new p u w security threats Check with your resel fo nnecting to a Service Center on pa If you are not sub...

Страница 394: ...date image file appears in the Browse text box 5 Click Upload Your NetDefend firewall firmware is updated Updating may take a few minutes during which time the PWR SEC LED may start flashing red or orange Do not power off the appliance At the end of the process the NetDefend firewall restarts automatically A browse window appears 378 D Link NetDefend firewall User Guide ...

Страница 395: ...ou have today There is no need to replace your hardware You can also purchase node upgrades as needed u can upgrade your NetDefend fire Note To purchase the Power Pack or node upgrades contact your NetDefend firewall provider To upgrade your product you must install the new Product Key To install a Product Key 2 1 Click Setup in the main menu and click the Firmware tab The Firmware page appears Cl...

Страница 396: ...opens with the Install Product Key dialog box displayed Enter a d 3 Click ent Product Key iffer Product Key field enter the new Product Key 4 In the 5 Click Next The Installe dialog box appears d New Product Key 6 Click Next 380 D Link NetDefend firewall User Guide ...

Страница 397: ...dialog box appears 7 Do one of the following To register your NetDefend firewall later on clear the I want to register my product check box and then click Next To register your NetDefend firewall now do the following 1 Click Next Chapter 14 Maintenance 381 ...

Страница 398: ...r your contact information in the appropriate fields 3 To receive email notifications regarding new firmware versions ears The third Registration dialog box appears and services select the check box 4 Click Next The Registration screen app 382 D Link NetDefend firewall User Guide ...

Страница 399: ...e or otherwise disclose any of your personal or contact details without your explicit permission To register your NetDefend firewall 1 Click Setup in the main menu and click the Firmware tab The Firmware page appears 2 Click Upgrade Product The NetDefend Licensing Wizard opens with the Install Product Key dialog box 3 e settings 4 Click Next 5 d g box appears 7 Enter your contact information in th...

Страница 400: ...otocol used for the communication attempt for example TCP or UDP This same information is also available in the Event Log page see Viewing the However while the Event Log can display hundreds of Furthermore Syslog time each event occurred If the event is a by the firewall the event details include t Event Log on page 187 logs a Syslog server can store an unlimited number of logs servers can provid...

Страница 401: ...Syslog Serv Type the IP address of the computer that will run the Syslog service twork computers or click This Computer to allow your er one of your ne computer to host the service C Click to clear the Syslog Server field slog server efault port 514 UDP lear Syslog Port Type the port number of the Sy Default Click to reset the Syslog Port field to the d Chapter 14 Maintenance 385 ...

Страница 402: ... page 386 Using a console connected to the NetDefend firewall For information see Using the Serial Console on page 388 Using an SSH client See Configuring SSH on page 392 Using the NetDefend Portal mmand line in the following ways You can control your appliance via the NetDefend Portal s command line interface To control the appliance via the NetDefend Portal 1 Click Setup in the main menu and cli...

Страница 403: ...Controlling the Appliance via the Command Line The Tools page appears 2 Click Command The Command Line page appears 3 In the upper field type a command Chapter 14 Maintenance 387 ...

Страница 404: ...sole to the NetDefend firewall and use the consol ntrol the appliance via the command lin Yo e to co e Note Your terminal emulation software must be set to 57600 bps N 8 1 To For information on locating the serial port see Rear Panel 2 Click Network in the main menu and click the Ports tab control the appliance via a console 1 Connect the serial console to your NetDefend firewall s serial port usi...

Страница 405: ...rts page appears 3 In the RS232 drop down list select Console 4 Click Apply You can now control the NetDefend firewall from the serial console For information on all supported commands refer to the NetDefend CLI Reference Guide Chapter 14 Maintenance 389 ...

Страница 406: ... and click the Management tab The Management page appears 2 Specify from where HTTPS access to the NetDefend Portal should be granted See Access Options on page 391 for information Warning If remote HTTPS is enabled your NetDefend firewall settings can be changed remotely so it is especially important to make sure all NetDefend firewall users passwords are difficult to guess 390 D Link NetDefend f...

Страница 407: ...e desired IP address range in the fields provided 4 Click Apply now access the NetDefend Portal through the Internet using the procedure S o The HTTPS configuration is saved If you configured remote HTTPS you can Accessing the NetDefend Portal Remotely on page 44 Table 80 Access Options elect this ption To allow access from Internal Network The internal network only This disables remote access cap...

Страница 408: ...wall users can control the unit via the command line using the SSH Secure Shell management protocol You can enable users to do so via the Internet by configuring remote SSH access You can also integrate the NetDefend firewall with SSH based management systems Note The NetDefend firewall supports SSHv2 clients only The SSHv1 protocol contains security vulnerabilities and is not supported To configu...

Страница 409: ...fficult to guess If you selected IP Address Range additional fields appear 3 If you selected IP Address Range enter the desired IP address range in the fields provided 4 Click Apply The SSH configuration is saved If you configured remote SSH access you can now control the NetDefend firewall from the Internet using an SSHv2 client For information on all supported commands refer to the NetDefend CLI...

Страница 410: ...NMP access The NetDefend firewall supports the following SNMP MIBs SNMPv2 MIB RFC1213 MIB IF MIB IP MIB All SNMP access is read only To configure SNMP 1 Click Setup in the main menu and click the Management tab The Management page appears 2 Specify from where SNMP access should be granted See Access Options on page 391 for information If you selected IP Address Range additional fields appear 394 D...

Страница 411: ...e in the fields ed 4 In the Community field type the name of the SNMP community string SNMP clients uses the SNMP community string as a password when connecting to the NetDefend firewall The default value is public It is recommended to change this string 5 To configure advanced SNMP settings click provid Advanced Chapter 14 Maintenance 395 ...

Страница 412: ...8 Configure the SNMP clients w Table 81 Advanc MP Settings System Location Ty e a description of the appliance s location Th e visible to SN seful for admi oses p is information will b MP clients and is u nistrative purp System Contact Ty of the contact person This information will be visible to SNMP clients and is useful for administrative purposes pe the name 396 D Link NetDefend firewall User G...

Страница 413: ...he time displayed in the NetDefend Portal during initial appliance setup If desired you can change the date and time using the procedure below To set the time 1 Click Setup in the main menu and click the Tools tab The Tools page appears 2 Click Set Time The NetDefend Set Time Wizard opens displaying the Set the NetDefend Time dialog box Chapter 14 Maintenance 397 ...

Страница 414: ...Time Wizard Fields on page 400 4 The following things happen in the order below If you selected Specify date and time the Specify Date and Time dialog rs Click Next box appea Set the date time and time zone in the fields provided then click Next 398 D Link NetDefend firewall User Guide ...

Страница 415: ...u selected Use a Time Server the Time Servers dialog box appears Complete the fields using the information in Time Servers Fields on page 0 then click Next The Date and Time Updated screen appears 40 5 Click Finish Chapter 14 Maintenance 399 ...

Страница 416: ...yed to the right of this option Use a Time Server Synchronize the applianc Time Protocol NTP server Specify date and time Set the appliance to a specific date and time nce s time e time with a Network Table 83 Time Servers Fields In this field Do this Primary Server Type the IP address of the Primary NTP server Secondary Server Type the IP address of the Sec d is optional Clear e field S ondary NT...

Страница 417: ...g IP Tools on page 402 T Display a list of all routers used to Using IP Tools on page 402 W a specific IP address or DNS name is registered This P raceroute connect from the NetDefend firewall to a specific IP address or DNS name HOIS Display the name and contact information of the entity to which Using IP Tools on page 402 information is useful in tracking down hackers acket Sniffer Capture netwo...

Страница 418: ...k Go If you selected Ping the following things happen The NetDefend firewall sends packets to the specified the IP address or DNS name The IP Tools window opens and displays the percentage of packet loss and the amount of time it each packet took to reach the specified host and return round trip in milliseconds If you selected Traceroute the following things happen The NetDefend firewall connects ...

Страница 419: ...routers used to make the If you selected WHOIS the following thi The NetDefend firewall queries the Inte tit or DNS tact info ngs happen rnet WHOIS server y to which the IP address rmation A window displays the name of the en name is registered and their con Chapter 14 Maintenance 403 ...

Страница 420: ...nalyze the file or you can al runs on mputing platforms and w etherea click the e appears 2 Click Sniffer The Packet Sniffer window opens niffer tool which enables you etDefend port This is useful tr can use a free protocol analyzer su send it to technical support Ethere can be downloaded from http ww To use Packet Sniffer 1 Click Setup in the main menu and The Tools pag all popular co l com Tools...

Страница 421: ...ing on the ackets 5 Click Stop to stop collecting packets box appears The Save As dialog box appears 7 Browse to a destination directory of your choice 8 Type a name for the configuration file and click Save The cap file is created and saved to the specified directory 9 Click Cancel to close the Packet Sniffer window A standard File Download dialog 6 Click Save Chapter 14 Maintenance 405 ...

Страница 422: ... marks ter string way Select this option to capture incom gateway only If this option is not selected Pack traffic on the interface lter String Type the filter string t packets that m ring the captured packets Only tion will be saved ents see Filter String Syntax on yntax go to man html For detailed inform http www tcpdump o Note Do not enclose t If you do not specify a fil the selected interface ...

Страница 423: ...page 413 udp on page 414 For detailed information on filter syntax refer to http www tcpdump org and ate filter ts ter string elem element element ilter String Syntax The following represents a li and on page 407 tring elements PURPOSE The and element is used to concaten must match all concatenated fil SYNTAX element and element and element element string elements The filtered packe ents Chapter 1...

Страница 424: ...ETERS IP Address or String The computer to which the packet is his can be the following address host name at a dst PURPOSE The dst element captures all packets SYNTAX dst destination P destination sent T An IP A EXAMPLE The following filter string saves packets th 192 168 10 1 dst 192 168 10 1 re destined for the IP address packets d dst port PURPOSE The dst port element captures all SYNTAX dst po...

Страница 425: ...ng filter string saves packets th dst port 80 to capture packets of a specific ether protocol YNTAX er proto protocol ng The protocol type of the packet wing ip ip6 arp rarp lk aarp dec net sca lat mopdl moprc iso stp ipx or es ARP packets ether proto arp ether proto PURPOSE The ether proto element is used type S eth PARAMETERS protocol Stri This can be the follo ata netbeui EXAMPLE The following ...

Страница 426: ... is sent This can be the following An IP address A host name EXAMPLE The following filter string saves all packets that either originated from IP address 192 168 10 1 or are destined for that same IP address host 192 168 10 1 not PURPOSE The not element is used to negate filter string elements SYNTAX not element element PARAMETERS element String A filter string element 410 D Link NetDefend firewal...

Страница 427: ...10 1 or IP address 192 168 10 10 src 192 168 10 1 or src 192 168 10 10 or UR Th or must match at least on ing elements The filtered packets ents SYNTAX element or element or elem element element elem PARAMETERS EXAMPLE he following f ther originate fr PURPOSE ets originat stined for a specific NTAX port The element captures all pack port port ing from or de SY port port Note This e page 413 a leme...

Страница 428: ...tring T which the packet is sent This can be th An IP address A host name llowing filter string saves packets that or address 192 168 10 1 src 192 168 10 1 rc URPOSE The src element captures all pack ecific source SYNTAX src PARAMETERS source he computer from e following EXAMPLE The fo iginated from IP rt T nt captures all packets from a specific port S src port port src po PURPOSE he src port ele...

Страница 429: ...POSE he tcp element cap is element ca ted elements ip proto tc Note When not prepended to other elemen uivalent of p ent P nt String A port re string element that should be restricted to saving following dst port C tined for a specific po port Captu from or destined src port Captur from a specific p ts the tcp element is the eq SYNTAX tcp tcp elem ARAMETERS eleme lated filter only TCP packets This...

Страница 430: ... other elements udp element ERS nt String A port re t should be restricted to sav DP packets This can be the following dst port C for a specific po port Captures al s originating from or destined t src port C P packets originating from E ring captures all UDP packets the udp element is the equivalent of SYNTAX udp udp PARAMET eleme lated filter string element tha ing only U apture all UDP packets ...

Страница 431: ...planation of the CLI script f supported CLI nds see the NetDefend CLI Reference G Exporting the NetDefend firewall Configuration g file and use this ll your settings The file If desired you can edit the ormat and the comma uide Exporting the NetDefend firewall configuration creates a configuration file onfiguration ain menu and click the Tools pears 2 ad dialog box appear ick Save box appears 4 ti...

Страница 432: ...rder to restore your NetDefend firewall s co m a configuration file you m T d firewall configuration 1 Click Setup in the main menu and click t s tab s page appears t page appears nfiguration fro ust import the file o import the NetDefen he Tool The Tool 2 Click Impor The Import Settings 3 llowing t Settings field type the full p onfiguration file Do one of the fo In the Impor ath to the c 416 D L...

Страница 433: ...t ation file 4 Click Upload A confirmatio OK The NetDefend firewall settings are imported The Import of implementing each configuration command uration file s c abl Note If the appliance s IP add your computer may be discon ress changed as nected from the e to see the results a result of the configuration import network therefore you may not be Chapter 14 Maintenance 417 ...

Страница 434: ...ation erases all your settings You will new password and reconfigure yo Internet or information on performing these tasks see Setting Up the Y etDefend firewall to default ment i r by manually pressing the Reset button hardware located at the back of the NetDefend firewall T firewall to factory def ia the Web interface Setup in the main menu and click the 2 ry Settings and password information ur ...

Страница 435: ... version that shipped with the appliance select the check box 4 Click OK The Please Wait screen appears The NetDefend firewall returns to its factory defaults The NetDefend firewall is restarted the PWR SEC LED flashes quickly This may take a few minutes The Login page appears Chapter 14 Maintenance 419 ...

Страница 436: ... the NetDefend firewall to boot up until the system is ready PWR SEC LED flashes slowly or illuminates steadily in green light For information on the appliance s front and rear panels see the relevant Getting to Know Your Appliance section in TIntroductionT on page 1 Warning If you choose to reset the NetDefend firewall by disconnecting the power cable and then reconnecting it be sure to leave the...

Страница 437: ...click the Tools tab The Tools page appears 2 Click Diagnostics Technical information about your NetDefend firewall appears in a new window 3 To save the displayed information to an html file a Click Save A standard File Download dialog box appears b Click Save The Save As dialog box appears c Browse to a destination directory of your choice d Type a name for the configuration file and click Save T...

Страница 438: ...y rebooting it may solve the problem To reboot the NetDefend firewall 1 Click Setup in the main menu and click the Firmware tab The Firmware page appears 2 Click Restart A confirmation message appears 3 Click OK The Please Wait screen appears The NetDefend firewall is restarted the PWR SEC LED flashes quickly This may take a few minutes The Login page appears ...

Страница 439: ...ed printers to the appliance and share them across the network Note When using computers with a Windows 2000 XP operating system the NetDefend firewall supports connecting up to four USB based printers to the appliance When using computers with a MAC OS X operating system the NetDefend firewall supports connecting one printer The appliance automatically detects printers as they are plugged in and ...

Страница 440: ...llationT on page 35 2 Turn the printer on 3 In the NetDefend Portal click Setup in the main menu and click the Printers tab The Printers page appears If the NetDefend firewall detected the printer the printer is listed on the page 4 If the printer is not listed check that you connected the printer correctly then click Refresh to refresh the page 5 Write down the port number allocated to the printe...

Страница 441: ...e the replacement printer s port number to the old printer s port number and you can skip the next step 7 Configure each computer from which you want to enable printing to the network printer See TConfiguring Computers to Use Network PrintersT on page 425 Configuring Computers to Use Network Printers Perform the relevant procedure on each computer from which you want to enable printing via the Net...

Страница 442: ...ntrol Panel window opens 3 Click Printers and Faxes The Printers and Faxes window opens 4 Right click in the window and click Add Printer in the popup menu The Add Printer Wizard opens with the Welcome dialog box displayed 5 Click Next The Local or Network Printer dialog box appears 6 Click Local printer attached to this computer ...

Страница 443: ...cally detect and install my Plug and Play printer check box 7 Click Next The Select a Printer Port dialog box appears 8 Click Create a new port 9 In the Type of port drop down list select Standard TCP IP Port 10 Click Next The Add Standard TCP IP Port Wizard opens with the Welcome dialog box displayed 11 Click Next ...

Страница 444: ...field type the NetDefend firewall s LAN IP address or my firewall You can find the LAN IP address in the NetDefend Portal under Network My Network The Port Name field is filled in automatically 13 Click Next The Add Standard TCP IP Printer Port Wizard opens with the Additional Port Information Required dialog box displayed 14 Click Custom 15 Click Settings ...

Страница 445: ...log box opens 16 In the Port Number field type the printer s port number as shown in the Printers page 17 In the Protocol area make sure that Raw is selected 18 Click OK The Add Standard TCP IP Printer Port Wizard reappears 19 Click Next The Completing the Add Standard TCP IP Printer Port Wizard dialog box appears 20 Click Finish ...

Страница 446: ...odel If your printer does not appear in the lists insert the CD that came with your printer in the computer s CD ROM drive and click Have Disk 22 Click Next 23 Complete the remaining dialog boxes in the wizard as desired and click Finish The printer appears in the Printers and Faxes window 24 Right click the printer and click Properties in the popup menu The printer s Properties dialog box opens 2...

Страница 447: ... the latest version of the MAC OS X operating system Note This procedure may not apply to earlier MAC OS X versions To configure a computer to use a network printer 1 If the computer for which you want to enable printing is located on the WAN create an Allow rule for connections from the computer to This Gateway See TAdding and Editing RulesT on page 213 2 Choose Apple System Preferences ...

Страница 448: ...inters 432 D Link NetDefend firewall User Guide The System Preferences window appears 3 Click Show All to display all categories 4 In the Hardware area click Print Fax The Print Fax window appears 5 In the Printing tab click Set Up Printers ...

Страница 449: ...ect IP Printing 8 In the Printer Type drop down list select Socket HP Jet Direct 9 In the Printer Address field type the NetDefend firewall s LAN IP address or my firewall You can find the LAN IP address in the NetDefend Portal under Network My Network 10 In the Queue Name field type the name of the required printer queue For example the printer queue name for HP printers is RAW ...

Страница 450: ...e 11 In the Printer Model list select the desired printer type A list of models appears 12 In the Model Name list select the desired model 13 Click Add The new printer appears in the Printer List window 14 In the Printer List window select the newly added printer and click Make Default ...

Страница 451: ...rinter is processing a print job Restarting The printer server is restarting Fail An error occurred See the Event Log for details TViewing the Event LogT on page 187 2 To refresh the display click Refresh Changing Network Printer Ports When you set up a new network printer the NetDefend firewall automatically assigns a port number to the printer If you want to use a different port number you can e...

Страница 452: ...menu and click the Printers tab The Printers page appears 2 In the printer s Printer Server TCP Port field type the desired port number 3 Click Apply Resetting Network Printers You can cause a network printer to restart the current print job by resetting the network printer You may want to do this if the print job has stalled To reset a network printer 1 Click Setup in the main menu and click the ...

Страница 453: ...problems you may encounter while using the NetDefend firewall Note For information on troubleshooting wireless connectivity see TTroubleshooting Wireless ConnectivityT on page 183 This chapter includes the following topics HConnectivityH 438 HService Center and UpgradesH 442 HOther ProblemsH 443 Troubleshooting ...

Страница 454: ...o to http my firewall and see whether Connected appears on the Status Bar Make sure that your NetDefend firewall network settings are configured as per your ISP directions Check your TCP IP configuration according to TInstalling and Setting up the NetDefend firewallT on page 15 If Web Filtering or Email Filtering are on try turning them off Check if you have defined firewall rules which block your...

Страница 455: ...hernet adapter MAC address onto the NetDefend firewall For instructions see TConfiguring the Internet ConnectionT on page 53 Some cable ISPs require using a hostname for the connection Try reconfiguring your Internet connection and specifying a hostname For further information seeT Configuring the Internet ConnectionT on page 53 I cannot access http my firewall or http my vpn What should I do Veri...

Страница 456: ... Ethernet card There may be an IP address conflict in your network Check that the TCP IP settings of all your computers are configured to obtain an IP address automatically I changed the network settings to incorrect values and am unable to correct my error What should I do Reset the network to its default settings using the button on the back of the NetDefend firewall unit See TResetting the NetD...

Страница 457: ...P 256 TCP 264 ESP IP protocol 50 TCP 981 I cannot receive audio or video calls through the NetDefend firewall What should I do To enable audio video you must configure an IP Telephony H 323 virtual server For instructions see TConfiguring ServersT on page 207 I run a public Web server at home but it cannot be accessed from the Internet What should I do Configure a virtual Web Server For instructio...

Страница 458: ...ress that exceeds the licensed node limit the Active Computers page displays a warning message and marks nodes over the node limit in red These nodes will not be able to access the Internet through the NetDefend firewall but will be protected The Event Log page also warns you that you have exceeded the node limit To upgrade your NetDefend firewall to support more nodes purchase a new Product Key C...

Страница 459: ...ation see TSetting the Time on the ApplianceT on page 397 I cannot use a certain network application What should I do Look at the Event Log page If it lists blocked attacks do the following Set the NetDefend firewall s firewall level to Low and try again If the application still does not work set the computer on which you want to use the application to be the exposed host For instructions see TDef...

Страница 460: ......

Страница 461: ...Technical Specifications Table 86 NetDefend Appliance Attributes Attribute DFL CP310 DFL CPG310 General Dimensions width x height x depth 20 x 3 1 x 15 5 cm 7 9 x 1 2 x 6 1 inches 20 x 3 1 x 15 5 cm 7 9 x 1 2 x 6 1 inches Weight 0 69 kg 1 55 lbs 0 69 kg 1 55 lbs Power supply nominal input voltage frequency All Models 100 240VAC 50 60Hz All Models 100 240VAC 50 60Hz Power supply nominal output volt...

Страница 462: ...cm 11 4 x 9 8 x 3 inches 29 x 25 x 7 6 cm 11 4 x 9 8 x 3 inches Retail box weight 1 35 kg 3 lbs 1 35 kg 3 lbs Environmental Conditions Temperature Storage Transport 5 C to 70 C 5 C to 70 C Temperature Operation 5 C 50 C 5 C 50 C Humidity Storage Operation 5 90 at 25 C None condensed 5 90 at 25 C None condensed Applicable Standards Shock Vibration CNS1219 C6343 CNS1219 C6343 Safety EN60950 IEC60950...

Страница 463: ...pecifications 447 Attribute DFL CP310 DFL CPG310 Quality ISO9001 2000 TL9000 HW R3 0 ISO14001 Ohsas18001 1999 ISO9001 2000 TL9000 HW R3 0 ISO14001 Ohsas18001 1999 Mean Time Between Failures MTBF 68 000 Hours at 30 ºC 68 000 Hours at 30 ºC ...

Страница 464: ...de Table 87 NetDefend Wireless Attributes Attribute DFL CPG310 series Operation Frequency 2 412 2 484 MHz Transmission Power 79 4 mW Modulation OFDM DSSS 64QAM 16QAM QPSK BPSK CCK DQPSK DBPSK WPA Authentication Modes EAP TLS EAP TTLS PEAP EAP GTC PEAP EAP MSCHAP V2 ...

Страница 465: ...e 73 23 EEC Low Voltage Directive LVD Directive 99 05 EEC Radio Equipment and Telecommunications Terminal Equipment Directive In accordance with the following standards Table 88 NetDefend Appliance Standards Attribute DFL CP310 DFL CPG310 EMC EN 55022 1998 EN 61000 3 2 1995 EN 61000 3 3 1995 EN 61000 4 2 1995 EN 61000 4 3 1995 EN 61000 4 4 1995 EN 61000 4 5 1995 EN 61000 4 6 1996 EN 50081 1 1992 E...

Страница 466: ...9 1993 EN 61000 4 10 1993 EN 61000 4 11 1994 EN 61000 4 12 1995 Safety EN 60950 2000 IEC 60950 1999 EN 60950 2000 IEC 60950 1999 The CE mark is affixed to this product to demonstrate conformance to the R TTE Directive 99 05 EEC Radio Equipment and Telecommunications Terminal Equipment Directive and FCC Part 15 Class B The product has been tested in a typical configuration For a copy of the Origina...

Страница 467: ... or modifications to this product not explicitly approved by the manufacturer could void the user s authority to operate the equipment and any assurances of Safety or Performance and could result in violation of Part 15 of the FCC Rules This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 this device may not cause harmful interference and 2 this...

Страница 468: ......

Страница 469: ... computer to the Internet via the cable television network Cable modems offer a high speed always on connection Certificate Authority The Certificate Authority CA issues certificates to entities such as gateways users or computers The entity later uses the certificate to identify itself and provide verifiable information For instance the certificate includes the Distinguished Name DN identifying i...

Страница 470: ...rewall DNS The Domain Name System DNS refers to the Internet domain names or easy to remember handles that are translated into IP addresses An example of a Domain Name is www sofaware com Domain Name System Domain Name System The Domain Name System DNS refers to the Internet domain names or easy to remember handles that are translated into IP addresses An example of a Domain Name is www sofaware c...

Страница 471: ...it number that identifies each computer sending or receiving data packets across the Internet When you request an HTML page or send e mail the Internet Protocol part of TCP IP includes your IP address in the message and sends it to the IP address that is obtained by looking up the domain name in the Uniform Resource Locator you requested or in the e mail address you re sending a note to At the oth...

Страница 472: ...rement unit for the rate of data transmission MTU The Maximum Transmission Unit MTU is a parameter that determines the largest datagram than can be transmitted by an IP interface without it needing to be broken down into smaller units The MTU should be larger than the largest datagram you wish to transmit un fragmented Note This only prevents fragmentation locally Some other link in the path may h...

Страница 473: ...iple computer users on an Ethernet local area network to a remote site or ISP through common customer premises equipment e g modem PPTP The Point to Point Tunneling Protocol PPTP allows extending a local network by establishing private tunnels over the Internet This protocol it is also used by some DSL providers as an alternative for PPPoE R RJ 45 The RJ 45 is a connector for digital transmission ...

Страница 474: ...uting through the Internet For example when an HTML file is sent to you from a Web server the Transmission Control Protocol TCP program layer in that server divides the file into one or more packets numbers the packets and then forwards them individually to the IP program layer Although each packet has the same destination IP address it may get routed differently through the network At the other e...

Страница 475: ...ource depends on the Internet application protocol On the Web which uses the Hypertext Transfer Protocol an example of a URL is http www sofaware com V VPN A virtual private network VPN is a private data network that makes use of the public telecommunication infrastructure maintaining privacy through the use of a tunneling protocol and security procedures VPN tunnel A secure connection between a R...

Страница 476: ......

Страница 477: ...t Overflow 247 Block rules explained 213 Blocked FTP Commands 248 C CA explained 345 453 cable modem connection 58 67 explained 453 cable type 35 certificate explained 345 generating self signed 346 importing 350 installing 345 uninstalling 352 Cisco IOS DOS 236 command line interface controlling the appliance via 386 D DHCP configuring 94 explained 454 options 101 DHCP Server enabling disabling 9...

Страница 478: ... 454 F File and Print Sharing 249 firewall levels 204 rule types 211 setting security level 204 firmware explained 375 454 updating manually 377 viewing status 375 FTP Bounce 245 G gateways backup 119 default 108 119 139 explained 454 ID 287 master 119 Site to Site VPN 297 H Hide NAT enabling disabling 107 explained 107 456 high availability configuring 119 explained 119 Host Port Scan 242 HTTPS c...

Страница 479: ...g 105 explained 455 hiding 107 IP Fragments 232 IPSEC VPN mode 455 ISP explained 456 L LAN cable 35 configuring High Availability for 119 connection 54 56 65 explained 456 ports 35 LAND 226 licenses 194 375 421 438 upgrading 379 link configurations modifying 149 logs exporting 187 viewing 187 M MAC address 456 Manual Login 341 Max Ping Size 231 MTU explained 77 456 N NetBIOS explained 456 network ...

Страница 480: ...ceMode about 110 configuring 110 P packet 87 139 401 455 457 Packet Sanity 229 Packet Sniffer filter string syntax 407 using 404 Pass rules explained 268 password changing 359 setting up 39 Peer to Peer 252 Ping 401 Ping of Death 225 Port based VLAN about 111 adding and editing 114 ports managing 145 modifying assignments 147 modifying link configurations 149 resetting to defaults 150 viewing stat...

Страница 481: ...03 305 explained 297 Remote Access VPN sites 311 reports active computers 194 active connections 197 event log 187 node limit 194 traffic 191 viewing 187 wireless statistics 198 routers 90 119 401 438 457 rules security 209 VStream Antivirus 267 S Scan rules explained 268 Secure HotSpot customizing 259 enabling disabling 258 quick guest users 365 setting up 257 using 256 SecuRemote explained 302 i...

Страница 482: ...r connecting to 281 disconnecting from 289 refreshing a connection to 288 services software updates 294 Web Filtering 290 Setup Wizard 39 54 Site to Site VPN gateways 308 explained 297 installing a certificate 345 PPPoE tunnels 308 Small PMTU 241 SmartDefense categories 224 configuring 221 using 220 SNMP configuring 394 explained 394 software updates checking for manually 294 explained 294 source ...

Страница 483: ... setting up for Windows XP 2000 16 Teardrop 224 technical support 14 Telstra 73 Traceroute 401 Traffic Monitor configuring 193 exporting reports 194 using 191 viewing reports 191 traffic reports exporting 194 viewing 191 Traffic Shaper advanced 151 enabling 63 151 explained 151 restoring defaults 160 setting up 153 simplified 151 using 151 troubleshooting 437 U UDP explained 458 URL explained 459 ...

Страница 484: ... creation and closing of 353 establishing 341 explained 297 459 viewing 353 VStream Antivirus about 263 configuring 267 configuring advanced settings 275 configuring policy 267 enabling disabling 265 rules 268 updating 279 viewing database information 266 VStream Antivirus rules adding and editing 269 changing priority 274 deleting 274 enabling disabling 273 types 268 W WAN cable 35 connections 20...

Страница 485: ...ndex 469 wireless stations preparing 182 viewing 198 WLAN configuring 161 defined 459 preparing stations for 182 troubleshooting connectivity 183 viewing statistics for 198 WPA 161 163 WPA2 163 WPA PSK 161 163 ...

Отзывы:

Нет отзывов

Похожие инструкции для CP310 - DFL - Security Appliance

NetDefend DFL-260E

Бренд: D-Link Страницы: 652

NetDefend DFL-CP310

Бренд: D-Link Страницы: 485

PA-7050 PAN-AIRDUCT

Бренд: PaloAlto Networks Страницы: 3

Observer Gigastor GS-8P-384T

Бренд: Viavi Страницы: 8

Бренд: Nexcom Страницы: 71

Бренд: EVOC Страницы: 33

Бренд: NETGEAR Страницы: 2

FortiGate-3016B

Бренд: Fortinet Страницы: 2

Бренд: Fortinet Страницы: 2

FortiGate-1240B

Бренд: Fortinet Страницы: 2

Бренд: Fortinet Страницы: 2

FortiGate Voice-80C

Бренд: Fortinet Страницы: 2

FortiGate FortiGate-800F

Бренд: Fortinet Страницы: 2

FortiGate FortiGate-60B

Бренд: Fortinet Страницы: 2

Бренд: Fortinet Страницы: 2

Бренд: Fortinet Страницы: 16

FortiGate FortiGate-50B

Бренд: Fortinet Страницы: 52

FortiGate FortiGate-800

Бренд: Fortinet Страницы: 64

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды