manualshive.com logo in svg

D-Link NetDefend DFL-260E, Руководство пользователя

D-Link NetDefend DFL-260E - мощный межсетевой экран с обширным функционалом. Пользователи могут загрузить Руководство по журналу регистрации событий с сайта manualshive.com бесплатно. Этот надежный мануал поможет вам использовать все возможности этого продукта для обеспечения безопасности вашей сети.

Поделиться
Скачать
background image

ICMPSendPerSecLimit

Maximum number of ICMP responses that will be
sent each second. (Default: 500)

SilentlyDropStateICMPErrors

Silently drop ICMP errors regarding statefully
tracked open connections. (Default: Yes)

Note

This object type does not have an identifier and is identified by the name of the type
only. There can only be one instance of this type.

3.52.9. IPsecTunnelSettings

Description

Settings for the IPsec tunnel interfaces used for establishing IPsec VPN connections to and from this
system.

Properties

IPsecMaxTunnels

Amount of IPsec tunnels allowed (0 = automatic).
(Default: 0)

IPsecMaxRules

Amount of IPsec rules allowed (0 = automatic).
(Default: 0)

IKESendInitialContact

Send 'initial contact' messages. (Default: Yes)

IKESendCRLs

Send CRLs in the IKE exchange. (Default: Yes)

IKECRLValidityTime

Maximum number of seconds a CRL is considered
valid (0=obey the 'next update' field in the CRL).
(Default: 86400)

IKEMaxCAPath

Maximum number of CA certificates in a certificate
path. (Default: 15)

IPsecCertCacheMaxCerts

Maximum number of entries in the certificate cache.
(Default: 1024)

IPsecBeforeRules

Pass IKE & IPsec (ESP/AH) traffic sent to the secur-
ity gateway directly to the IPsec engine without con-
sulting the ruleset. (Default: Yes)

IPsecGWNameCacheTime

Amount of time to keep an IPsec tunnel open when
the remote DNS name fails to resolve. (Default:
14400)

DPDMetric

Metric 10s of seconds with no traffic or other evid-
ence of life in tunnel before SA is removed.
(Default: 3)

FlowMetric

Minimum number of seconds without data traffic in
a flow to activate IKE DPD liveness checks from the
corresponding IKE SA. (Default: 15)

IPsecDPDNoWaitWorryTime

Do not wait for 10 times the value of DPD Metric
after the value of Flow Metric has expired without

3.52.9. IPsecTunnelSettings

Chapter 3. Configuration Reference

177

Содержание NetDefend DFL-260E

Страница 1: ...Network Security Solution http www dlink com NetDefendOS Ver 2 40 00 Network Security Firewall CLI Reference Guide Security Security...

Страница 2: ...rence Guide DFL 260E 860E 1660 2560 2560G NetDefendOS version 2 40 00 D Link Corporation No 289 Sinhu 3rd Rd Neihu District Taipei City 114 Taiwan R O C http www DLink com Published 2011 09 06 Copyrig...

Страница 3: ...particular purpose D Link reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of such revis...

Страница 4: ...cc 21 2 1 5 commit 22 2 1 6 delete 22 2 1 7 pskgen 23 2 1 8 reject 23 2 1 9 reset 25 2 1 10 set 25 2 1 11 show 26 2 1 12 undelete 28 2 2 Runtime 30 2 2 1 about 30 2 2 2 alarm 30 2 2 3 arp 30 2 2 4 ar...

Страница 5: ...2 57 uarules 66 2 2 58 updatecenter 67 2 2 59 userauth 68 2 2 60 vlan 69 2 3 Utility 70 2 3 1 ping 70 2 4 Misc 71 2 4 1 echo 71 2 4 2 help 71 2 4 3 history 72 2 4 4 ls 72 2 4 5 script 73 3 Configurati...

Страница 6: ...etEthernetDriver 107 3 16 7 R8139EthernetPCIDriver 108 3 16 8 R8169EthernetPCIDriver 108 3 16 9 SwitchEthernetDriver 108 3 17 EthernetDevice 110 3 18 HighAvailability 111 3 19 HTTPALGBanners 112 3 20...

Страница 7: ...7 3 51 3 ServiceICMPv6 168 3 51 4 ServiceIPProto 169 3 51 5 ServiceTCPUDP 170 3 52 Settings 171 3 52 1 ARPNDSettings 171 3 52 2 AuthenticationSettings 172 3 52 3 ConnTimeoutSettings 173 3 52 4 DHCPRel...

Страница 8: ...t 28 2 8 Block hosts 33 2 9 frags 41 2 10 List network objects which have names containing net 51 2 11 Show a range of rules 56 2 12 Interface ping test between all interfaces 57 2 13 Interface ping t...

Страница 9: ...for the option Example 1 Command option notation One of the usages for the help command looks like this help category COMMANDS TYPES Topic This means that help has an option called category which has...

Страница 10: ...s followed by ellipses it is possible to specify more than one routing table Since table name is optional as well the user can specify zero or more policy based routing tables gw world routes Virroute...

Страница 11: ...eference for all commands and configuration object types that are available in the command line interface for NetDefendOS 1 1 Running a command The commands described in this guide can be run by typin...

Страница 12: ...gw world activate h Full help for activate gw world help activate Help for the arp command Arp is also the name of a configuration object type so it is necessary to specify that the help text for the...

Страница 13: ...of informa tion is shown Ctrl D or Delete Delete the character to the right of the cursor Ctrl E or End Move the cursor to the end of the line Ctrl F or Right Arrow Move the cursor one character to th...

Страница 14: ...d lines up arrow for older command lines and down arrow to move back to a newer command line See also Section 2 4 3 history Example 1 3 Command line history Using the command line history via the arro...

Страница 15: ...ip a tab gw world add Address IP4Address example_ip Address Address was autocompleted gw world add Address IP4Address example_ip Address 1 2 3 4 Tab completion of references gw world set Address IP4Gr...

Страница 16: ...add or remove a member to the list without having to enter all the other members again Edit the default value gw world add LogReceiverSyslog example Address example_ip LogSeverity tab gw world add Lo...

Страница 17: ...s and options cannot be used unless the logged in user has administrator priviege This is indicated in this guide by a note following the command or Admin only written next to an option 1 6 User roles...

Страница 18: ...1 6 User roles Chapter 1 Introduction 18...

Страница 19: ...privilege 2 1 2 add Create a new object Description Create a new object and add it to the configuration Specify the type of object you want to create and the identifier if the type has one unless the...

Страница 20: ...ce silent key value pair Options force Add object even if it has errors silent Do not show any errors Category Category that groups object types Identifier The property that identifies the configurati...

Страница 21: ...base called exampledb Only objects in the current context can be accessed Example 2 2 Change context Change to a sub child context gw world cc LocalUserDatabase exampledb gw world exampledb Go back to...

Страница 22: ...lete the object even if it is referenced by other objects or if it is a context that has child objects that aren t deleted This may cause objects referring to the specified object or one of its childr...

Страница 23: ...en Generate random pre shared key Description Generate a pre shared key of specified size containing randomized key data If a key with the spe cified name exists the existing key is modified Otherwise...

Страница 24: ...ecursively will reject changes in the user database and all users gw world exampledb set User user1 Comments Something gw world exampledb set User user2 Comments that will be gw world exampledb set Us...

Страница 25: ...or privilege 2 1 10 set Set property values Description Set property values of configuration objects Specify the type of object you want to modify and the identifier if the type has one Set the proper...

Страница 26: ...ilable if the ob ject is already disabled enable Enable object This option is not available if the ob ject is already enabled Category Category that groups object types Identifier The property that id...

Страница 27: ...ay be contexts by Example 2 6 Show objects Show the properties of an individual object gw world show Address IP4Address example_ip gw world main show Route 1 gw world show Client DynDnsClientDyndnsOrg...

Страница 28: ...ation on 2 1 12 undelete Restore previously deleted objects Description Restore a previously deleted object This is possible as long as the activate command has not been called See also delete Example...

Страница 29: ...r The property that identifies the configuration object May not be applicable depending on the specified Type Type Type of configuration object to perform operation on Note Requires Administrator priv...

Страница 30: ...alarm history active Options active Show the currently active alarms history Show the 20 latest alarms 2 2 3 arp Show ARP entries for given interface Description List the ARP cache entries of specifie...

Страница 31: ...hardware addresses matching pattern hwsender Ethernet Address Sender ethernet address ip pattern Show only IP addresses matching pattern notify ip Send gratuitous ARP for ip num n Show only the first...

Страница 32: ...ats Show active ARP Transaction States Description Show active ARP Transaction States Usage ats num n Options num n Limit list to n entries Default 20 2 2 6 bigpond Show BigPond information Descriptio...

Страница 33: ...lock 100 100 100 0 24 serv FTP dest 50 50 50 1 time 6000 Usage blacklist show creationtime dynamic listtime info black white all Show information about the blacklisted hosts blacklist block host serv...

Страница 34: ...block unblock show Show information about the blacklisted hosts time seconds The time that the host will remain blocked unblock Unblock specified netobject Admin only white Show whitelist hosts only...

Страница 35: ...erface flush Flush CAM table information of specified interface cam flush Flush CAM table information Options flush Flush CAM table If interface is specified only entries using this interface are flus...

Страница 36: ...destip ip addr Close connections Options all Mark all connections close Close all connections that match the filter expres sion Admin only destiface interface Filter on destination interface destip ip...

Страница 37: ...it exists Usage crashdump 2 2 14 dhcp Display information about DHCP enabled interfaces or modify update their leases Description Display information about a DHCP enabled interface Usage dhcp List DH...

Страница 38: ...terface ip example if1 192 168 Usage dhcprelay Show the currently relayed DHCP sessions dhcprelay show rules routes display filter Show DHCP BOOTP relayer ruleset dhcprelay release ip address interfac...

Страница 39: ...ase BLACKLIST Release a specific types of IPs dhcpserver releaseip interface ip address Release an active IP Options fromentry Integer Shows dhcp server lease list from offset n leases Show DHCP serve...

Страница 40: ...ame Resolve domain name remove Remove all pending DNS queries 2 2 18 dnsbl DNSBL Description Show status of DNSBL Usage dnsbl show SMTP ALG clean Options clean Clear DNSBL statistics for ALG show Show...

Страница 41: ...s NEW ALL reassembly id free done num n Options done List done lingering reassemblies free List free instead of active num n List n entries Default 20 NEW ALL reassembly id Show in depth info about re...

Страница 42: ...ted to the HTTP Application Layer Gateway Description Show information about the WCF cache or list the overridden WCF hosts Usage httpalg override flush List or flush hosts that have overridden the wc...

Страница 43: ...only match the specified characters verbose Verbose wcfcache Show statistics of WCF functionality 2 2 23 httpposter Display HTTP Poster status Description Display configuration and status of configure...

Страница 44: ...by IDP idppipes unpipe all host ip addr Remove piping for the specified host Options all mark all hosts host ip addr Filter on source IP address show Lists hosts for which new connections are piped by...

Страница 45: ...rface Usage igmp Prints the current IGMP state igmp state Interface Prints the current IGMP state If an interface is specified more details are provided igmp query Interface MC address router address...

Страница 46: ...ress all Forcibly free IP assigned to subsystem ippool show verbose max n Show IP pool information Options all Free all IP addresses max n Limit list to n entries Default 10 release Forcibly free IP a...

Страница 47: ...d statistics for the configured LDAP databases Usage ldap List all LDAP databases ldap list List all LDAP databases ldap show LDAP Server Show LDAP database status and statistics ldap reset LDAP Serve...

Страница 48: ...itor hosts have been configured linkmon will monitor host reachability to detect link NIC problems Usage linkmon 2 2 33 logout Logout user Description Logout current user Usage logout 2 2 34 memory Sh...

Страница 49: ...Translated IP pool name NAT Pool name 2 2 36 nd Show Neighbor Discovery entries for given interface Description List the Neighbor Discovery cache entries of specified interfaces If no interface is giv...

Страница 50: ...ttern Show only hardware addresses matching pattern ip pattern Show only IP addresses matching pattern num n Show only the first n entries per interface Default 20 query ip Send Neighbor Solicitation...

Страница 51: ...twork objects Description Displays named network objects and their contents Example 2 10 List network objects which have names containing net netobjects net Usage netobjects String num num Options num...

Страница 52: ...ing Write the captured packets to disk pcapdump wipe Remove all captured packets from memory pcapdump cleanup Remove all captured packets release capture mode and delete all written capture files from...

Страница 53: ...memory default 512kb snaplen value Maximum length of each packet to capture srcport 0 65535 Source TCP UDP port filter start Start capture status Show capture status stop Stop capture tcp TCP filter...

Страница 54: ...palg Show PPTP ALG information Description Shows information and statistics of the PPTP ALGs Usage pptpalg Show all configured PPTP ALGs pptpalg sessions PPTP ALG verbose num Integer List all PPTP ses...

Страница 55: ...ys Description List the currently monitored interfaces and or gateways Usage routemon 2 2 44 routes Display routing lists Description Display information about the routing table s Contents of a named...

Страница 56: ...erbose Options all Also show routes for interface addresses flushl3cache Flush Layer 3 Cache lookup ip address Lookup the route for the given IP address nonhost Do not show single host routes num n Li...

Страница 57: ...t lower throughput result In the field Drop Fail the Drop column contains the number of packets that were dropped before ever reaching the crypto accelerator and the Fail column contains the number of...

Страница 58: ...a ping test over the interfaces selftest throughput interfaces Interface Run a throughput test over the interfaces selftest traffic interfaces Interface Run a traffic test over the interfaces selftest...

Страница 59: ...mes to execute the test Default 1 ping Run a ping test over the interfaces size Integer Size of media space to utilize in the test Set in MB Default 1 throughput Run a throughput test over the interfa...

Страница 60: ...meout Usage sessionmanager Show Session Manager status sessionmanager status Show Session Manager status sessionmanager list num n List active sessions sessionmanager info session name database Show i...

Страница 61: ...ess message text Message to send session name Name of session LOCAL SSH HTTP HTTPS Session type 2 2 49 settings Show settings Description Show the contents of the settings section category by category...

Страница 62: ...ns SIP registration and call information The flags option with snoop allows any combination of the following values 0x00000001 GENERAL 0x00000002 ERRORS 0x00000004 OPTIONS 0x00000008 PARSE 0x00000010...

Страница 63: ...ipalg registration SHOW FLUSH alg Show or flush current registration table sipalg calls alg Show active calls table sipalg session alg Show active SIP sessions sipalg connection alg Show SIP connectio...

Страница 64: ...IP counters Default show alg SIP ALG name ipaddr IP Address to snoop 2 2 52 sshserver SSH Server Description Show SSH Server status or start stop restart SSH Server Usage sshserver Show server status...

Страница 65: ...nd call information Usage sslvpn 2 2 54 stats Display various general firewall statistics Description Display general information about the firewall such as uptime CPU load resource consumption and ot...

Страница 66: ...onize time with timeserver s specified in settings Options force Force synchronization regardless of the MaxAdjust setting set Set system local time YYYY MM DD HH MM SS sync Synchronize time with time...

Страница 67: ...an update Usage updatecenter update ANTIVIRUS IDP ALL Initiate an update check of the specified database updatecenter removedb ANTIVIRUS IDP Remove the specified signature database updatecenter statu...

Страница 68: ...all authenticated users userauth list num n List all authenticated users userauth privilege List all known privileges usernames and groups userauth user user ip Show all information for user s with t...

Страница 69: ...d Virtual LAN Interfaces or in depth information about a specified VLAN Usage vlan List attached VLANs vlan Interface Display VLANs connected to physical iface iface Options Interface Display VLAN inf...

Страница 70: ...p address pbr table count 1 10 length 4 8192 port 0 65535 udp tcp tos 0 255 verbose Options count 1 10 Number of packets to send Default 1 length 4 8192 Packet size Default 4 pbr table Route using PBR...

Страница 71: ...types The fastest way to get help is to simply type help followed by the topic that you want help with A topic can be for example a command name e g set or the name of a configuration object type e g...

Страница 72: ...ts device data accessible by SCP Description Lists device data which are available through SCP Example 2 18 Transfer script files to and from the device Upload scp myscript user sgw ip script myscript...

Страница 73: ...delete script files Script files are transfered to and from the device by the SCP protocol On the device they are stored in the script folder Example 2 22 Execute script script sgs add IP4Address Nam...

Страница 74: ...ce Force script execution name Name Name of script quiet Quiet script execution remove Remove script show Show script in console window store Store a script to persistent storage verbose Verbose mode...

Страница 75: ...2 4 5 script Chapter 2 Command Reference 75...

Страница 76: ...Pool page 99 DateTime page 100 Device page 101 DHCPRelay page 102 DHCPServer page 103 DNS page 105 Driver page 106 EthernetDevice page 110 HighAvailability page 111 HTTPALGBanners page 112 HTTPAuthBan...

Страница 77: ...cingInstance page 159 RouteBalancingSpilloverSettings page 160 RoutingRule page 161 RoutingTable page 162 ScheduleProfile page 166 Service page 167 Settings page 171 SSHClientKey page 190 UpdateCenter...

Страница 78: ...ied out LogEnabled Enable logging Default Yes LogSeverity Specifies with what severity log events will be sent to the specified log receivers Default Default Comments Text describing the current objec...

Страница 79: ...a specific IP6 host network or range Properties Name Specifies a symbolic name for the network object Identifier Address IPv6 address e g 1 2 3 4 1234 5678 9abc def0 1234 5678 9abc def0 1 2 32 or 1 2...

Страница 80: ...lic name for the network object Identifier Members Group members Comments Text describing the current object Optional 3 2 1 5 IP4HAAddress Description Use an IP4 HA Address item to define a name for a...

Страница 81: ...ional NoDefinedCredentials If this property is enabled the object requires user authentication but has no credentials user names or groups defined This means that the object only re quires that a user...

Страница 82: ...1 3 EthernetAddress 3 2 3 EthernetAddressGroup The definitions here are the same as in Section 3 2 1 4 EthernetAddressGroup 3 2 4 IP4Address The definitions here are the same as in Section 3 2 1 7 IP...

Страница 83: ...M For example 13 30 EndTime End Time of occurence in the format HH MM For example 14 15 Occurrence Specify type of occurrence Default Weekly Weekly Specifies days in week the schedule occurrence shoul...

Страница 84: ...umber of commands per second Default 20 Allow8BitStrings Allow 8 bit strings in control channel Default Yes AllowResumeTransfer Allow RESUME even in case of content scanning Default No Antivirus Disab...

Страница 85: ...T 120 Default Yes MaxTCPDataChannels Maximum number of TCP data channels per call Default 10 TranslateAddresses Automatic or Specific Default Automatic TranslateLogicalChannelAddresses Translate logi...

Страница 86: ...Action a value of zero will disable all compression checks Default 20 CompressionRatioAction The action to take when high compression threshold is violated all actions are logged Default Drop AllowEnc...

Страница 87: ...not exist Default No AllowUnknownCommands Allow unknown commands Default No FileListType Specifies if the file list contains files to allow or deny Default Block FailModeBehavior Standard behaviour on...

Страница 88: ...traffic in the PPTP tunnel Default 0 Comments Text describing the current object Optional 3 4 6 ALG_SIP Description Use a SIP ALG to manage SIP based multimedia sessions Properties Name Specifies a s...

Страница 89: ...llowed email size in kB Optional FileListType Specifies if the file list contains files to allow or deny Default Block FailModeBehavior Standard behaviour on error Allow or Deny Default Deny File List...

Страница 90: ...rerouted to AppendTXT Use TXT records will only be used if reaching the drop threshold Default No CacheSize Size of the IP Cache of checked sender IP addresses Default 0 CacheTimeout Timeout in second...

Страница 91: ...packet Default No AllowUnknownOptions Allow unknown options in request packet Default No MaxBlocksize Max value for the blksize option Optional MaxFileTransferSize Max size for transferred file Optio...

Страница 92: ...nterface the address shall be published on IP The IP address to be published or statically bound to a hardware address MACAddress The hardware address associated with the IP address Default 00 00 00 0...

Страница 93: ...ervice Specifies the service that will be whitelisted Schedule The schedule when the whitelist should be active Optional Comments Text describing the current object Optional Note If no Index is specif...

Страница 94: ...symbolic name for the certificate Identifier Type Local Remote or Request CertificateData Certificate data PrivateKey Private key NoCRLs Disable CRLs Certificate Revocation Lists Default No PKAType En...

Страница 95: ...the length of the list 3 8 2 DynDnsClientDLink Description Configure the parameters used to connect to the D Link DynDNS service Properties DNSName The DNS name excluding the dlinkddns com suffix User...

Страница 96: ...DNS name excluding the dyndns org suffix Username Username Password The password for the specified username Optional Comments Text describing the current object Optional Note If no Index is specified...

Страница 97: ...object Optional Note If no Index is specified when creating an instance of this type the object will be placed last in the list and the Index will be equal to the length of the list 3 8 7 LoginClient...

Страница 98: ...ties Port Port Identifier BitsPerSecond Bits per second Default 9600 DataBits Data bits Default 8 Parity Parity Default None StopBits Stop bits Default 1 FlowControl Flow control Default None Comments...

Страница 99: ...mask Specifies the netmask to assign to VPN clients DNS Specifies the IP address of a DNS server that a VPN client should be able to connect to Optional NBNSIP Specifies the IP address of a NBNS WINS...

Страница 100: ...ype of server for time synchronization UDPTime or SNTP Simple Network Time Protocol Default SNTP TimeSyncServer1 DNS hostname or IP Address of Timeserver 1 TimeSyncServer2 DNS hostname or IP Address o...

Страница 101: ...the current configuration was committed Default BaseConfiguration ConfigIP IP address of the user who committed the current configuration Optional ConfigDate Date when the current configuration was co...

Страница 102: ...the routing table the clients host route should be added to Default main MaxRelaysPerInterface Specifies how many relays are allowed per interface that means how many DHCP clients are allowed to be re...

Страница 103: ...r use as default gateway If unspecified or if 0 0 0 0 is spe cified the IP given to the client will be sent as gate way Optional Domain Domain name used for DNS resolution Optional LeaseTime The time...

Страница 104: ...Text describing the current object Optional Note If no Index is specified when creating an instance of this type the object will be placed last in the list and the Index will be equal to the length of...

Страница 105: ...erver2 IP of the secondary DNS Server Optional DNSServer3 IP of the tertiary DNS Server Optional Comments Text describing the current object Optional Note This object type does not have an identifier...

Страница 106: ...percentage Default 20 TxErrorPercentage Tx error percentage Default 7 ErrorTime Error time Default 10 Comments Text describing the current object Optional Note This object type does not have an identi...

Страница 107: ...daptor Properties Comments Text describing the current object Optional Note This object type does not have an identifier and is identified by the name of the type only There can only be one instance o...

Страница 108: ...the current object Optional Note This object type does not have an identifier and is identified by the name of the type only There can only be one instance of this type 3 16 8 R8169EthernetPCIDriver D...

Страница 109: ...ts Text describing the current object Optional Note This object type does not have an identifier and is identified by the name of the type only There can only be one instance of this type 3 16 9 Switc...

Страница 110: ...rnet adapter PCIPort Some Ethernet adapters have multiple ports that share the same bus and slot number This parameter specifies what port to be used Media Specifies if the link speed should be auto n...

Страница 111: ...packets to send in a burst Default 20 HAInitialSilence The number of seconds to stay silent on startup or after reconfiguration Default 5 UseUniqueSharedMac Use a unique shared mac address for each i...

Страница 112: ...rbidden HTML for the CompressionForbidden html web page ContentForbidden HTML for the ContentForbidden html web page URLForbidden HTML for the URLForbidden html web page RestrictedSiteNotice HTML for...

Страница 113: ...ge LoginAlreadyDone HTML for the LoginAlreadyDone html web page LoginChallenge HTML for the LoginChallenge html web page LoginChallengeTimeout HTML for the LoginChallenge html Timeout web page LogoutS...

Страница 114: ...in seconds until the URL is refetched Default 1200 AlwaysRepost Respost on each reconfiguration Default No PostValues HTTP POST the values Default No Comments Text describing the current object Optio...

Страница 115: ...MinLimit Lower limit Optional MaxLimit Upper limit Optional EnableMonitoring Enable disable monitoring Default No Comments Text describing the current object Optional Note If no Index is specified whe...

Страница 116: ...Identifier Type IP DNS E Mail or Distinguished name IP IP address Hostname Host name CommonName Common name of the owner of the certificate Optional OrganizationName Organization name of the owner of...

Страница 117: ...a service that will be used as a filter para meter when matching traffic with this rule Schedule By adding a schedule to a rule the security gateway will only allow that rule to trigger at those desi...

Страница 118: ...Specifies the bandwidth limit in kbps for hosts triggered by this action PipeNetwork Traffic shaping will only apply to hosts that are within this network Default 0 0 PipeNewConnections Enable piping...

Страница 119: ...ed packet MulticastSource Specifies the multicast source to be compared to the received packet RelayInterface Specifies the interface via which to relay IGMP mes sages TranslateMGroup Translate the mu...

Страница 120: ...o Index is specified when creating an instance of this type the object will be placed last in the list and the Index will be equal to the length of the list 3 25 IGMPRule Chapter 3 Configuration Refer...

Страница 121: ...eryResponseInterval The maximum time until a host client has to send an answer to a query Default 10000 LastMemberQueryInterval The maximum time until a host client has to send an answer to a group an...

Страница 122: ...ze Specifies the Blowfish preferred key size in bits Default 128 BlowfishMaxKeySize Specifies the maximum Blowfish key size in bits Default 448 TwofishMinKeySize Specifies the minimum Twofish key size...

Страница 123: ...dress of the interface Network The network of the interface DefaultGateway The default gateway of the interface Optional Broadcast The broadcast address of the connected network Optional EnableIPv6 TO...

Страница 124: ...MulticastTraffic Sets the multicast receive mode of the interface Default Auto VLanQoSInherit Set whether VLANs using the interface should in herit the IP QoS bits Default No EnableRouterAdvertisement...

Страница 125: ...ties Name Specifies a symbolic name for the interface Identifier Equivalent Specifies if the interfaces should be considered se curity equivalent that means that if enabled the in terface group can be...

Страница 126: ...s The lifetime of the IPsec connection in kilobytes Default 0 EncapsulationMode Specifies if the IPsec tunnel should use Tunnel or Transport mode Default Tunnel AuthMethod Certificate or Pre shared ke...

Страница 127: ...ive ICMP pings Metric Specifies the metric for the auto created route Default 90 AutoInterfaceNetworkRoute Automatically add a route for this interface using the given remote network Default Yes Comme...

Страница 128: ...PPAuthMSCHAPv2 Use MS CHAP v2 authentication protocol for this tunnel Default Yes MPPENone Allow authentication without Microsoft Point to Point Encryption MPPE Default Yes MPPERC440 Use an RC4 40 bit...

Страница 129: ...be listening on ServerIP Specifies the IP that the PPTP L2TP server should listen on this can be an IP of a interface or for ex ample an ARP published IP UseUserAuth Enable the use of user authentica...

Страница 130: ...e way should publish routes via Proxy ARP Optional Comments Text describing the current object Optional 3 28 8 PPPoETunnel Description A PPPoE interface is a PPP point to point protocol tunnel over an...

Страница 131: ...t Idle timeout in seconds for dial on demand Default 3600 Metric Specifies the metric for the auto created route Default 90 AutoInterfaceNetworkRoute Automatically add a route for this interface using...

Страница 132: ...which the security gate way should publish routes via Proxy ARP Optional Comments Text describing the current object Optional 3 28 10 VLAN Description Use a VLAN to define a virtual interface compatib...

Страница 133: ...ode which means that a switch route is added automatically for this virtual LAN in terface Default No AutoInterfaceNetworkRoute Automatically add a route for this virtual LAN inter face using the give...

Страница 134: ...ce Which interface to use when communicating with the DHCP server Optional PrefetchLeases Specifies the number of leases an IP Pool will keep prefetched Default 3 MaxFree Maximum number of free addres...

Страница 135: ...a filter para meter when matching traffic with this rule Schedule By adding a schedule to a rule the security gateway will only allow that rule to trigger at those desig nated times Optional NATActio...

Страница 136: ...specified log receivers Default Default Comments Text describing the current object Optional Note If no Index is specified when creating an instance of this type the object will be placed last in the...

Страница 137: ...Identifier Name Specifies the name of the folder Comments Text describing the current object Optional Note If no Index is specified when creating an instance of this type the object will be placed la...

Страница 138: ...mum Blowfish key size in bits Default 128 BlowfishKeySize Specifies the Blowfish preferred key size in bits Default 128 BlowfishMaxKeySize Specifies the maximum Blowfish key size in bits Default 448 T...

Страница 139: ...Comments Text describing the current object Optional 3 32 IPsecAlgorithms Chapter 3 Configuration Reference 139...

Страница 140: ...ault uid PassAttr Specifies a password attribute in LDAP database Optional GroupsAttr Specifies the group membership attribute used in the LDAP database Default memberOf GetGroups Retrieve group membe...

Страница 141: ...e to use when accessing the LDAP server Optional Password Specifies the password to use when accessing the LDAP server Optional Port Specifies the LDAP service port number Default 389 Comments Text de...

Страница 142: ...to Default 7 PingInterval Milliseconds between each monitor attempt Default 250 InitGracePeriod Do not allow triggering of the link monitor for this number of seconds after the last reconfiguration De...

Страница 143: ...etc Properties Name Specifies the username to add into the user database Identifier Password The password for this user Groups Specifies the user groups that this user is a member of e g Administrato...

Страница 144: ...o Comments Text describing the current object Optional 3 37 1 1 LogReceiverMessageException Description A log message exception is used to override the severity filter in the log receiver Properties L...

Страница 145: ...escription An SMTP event receiver is used for receiving emails for IDP events Properties Name Specifies a symbolic name for the log receiver Identifier IPAddress The IP address of the SMTP server Port...

Страница 146: ...the standard Syslog format Properties Name Specifies a symbolic name for the log receiver Identifier IPAddress Specifies the IP address of the log receiver Port Specifies the port number of the log s...

Страница 147: ...e IP Pool IPRange Specifies the range of IP addresses used for NAT translation StateKeepAlive The number of seconds that stateful NAT state will be kept in absence of new connections Default 120 MaxSt...

Страница 148: ...recedence 1 Optional LimitKbps2 Specifies the bandwidth limit in kbps for precedence 2 Optional LimitPPS2 Specifies the packet per second limit for precedence 2 Optional LimitKbps3 Specifies the bandw...

Страница 149: ...mit per group in kbps for precedence 3 Optional UserLimitPPS3 Specifies the throughput limit per group in PPS for precedence 3 Optional UserLimitKbps4 Specifies the bandwidth limit per group in kbps f...

Страница 150: ...Specifies the default precedence for the pipe If a packet enters this pipe without a set precedence it gets assigned this value Should be higher than or equal to the minimum precedence Default 0 Prece...

Страница 151: ...estination IP of the received packet Service Specifies a service that will be used as a filter para meter when matching traffic with this rule Schedule By adding a schedule to a rule the security gate...

Страница 152: ...involved Properties Name Specifies a symbolic name for the pre shared key Identifier Type Specifies the type of the shared key PSKAscii Specifies the PSK as a passphrase PSKHex Specifies the PSK as a...

Страница 153: ...1813 RetryTimeout The retry timeout in seconds used when trying to contact the RADIUS accounting server If no re sponse has been given after for example 2 seconds the security gateway will try again b...

Страница 154: ...ult 1812 RetryTimeout The retry timeout in seconds used when trying to contact the RADIUS accounting server If no re sponse has been given after for example 2 seconds the security gateway will try aga...

Страница 155: ...SKHex Specifies the PSK as a hexadecimal key IDType Selects the type of remote identity to use IDValue Specify the remote identity of the tunnel ID Comments Text describing the current object Optional...

Страница 156: ...a HTTP Default No HTTPS Enable remote management via HTTPS Default No Network Specifies the network for which remote access is granted Comments Text describing the current object Optional 3 45 2 Remot...

Страница 157: ...oup 1 key exchange al gorithm Default Yes AllowAES128 Allow AES 128 encryption algorithm Default Yes AllowAES192 Allow AES 192 encryption algorithm Default Yes AllowAES256 Allow AES 256 encryption alg...

Страница 158: ...number of retires allowed before the session is closed Default 3 AccessLevel The access level to grant the user that logs in Default Admin LocalUserDatabase Specifies the local user database to use fo...

Страница 159: ...ultiple routes to the same destination Properties RoutingTable Specify routingtable to deploy route load balancing in Identifier Algorithm Specify which algorithm to use when balancing the routes Defa...

Страница 160: ...nder the threshold limit to trigger state change for the af fected routes Default 30 OutboundThreshold Outbound threshold limit Optional OutboundUnit The outbound units Default kbps InboundThreshold I...

Страница 161: ...n of IP addresses to be compared to the destination IP of the received packet SourceInterface Specifies the name of the receiving interface to be compared to the received packet DestinationInterface S...

Страница 162: ...s which interface packets destined for this route shall be sent through Gateway Specifies the IPv6 address of the next router hop used to reach the destination network If the network is directly conne...

Страница 163: ...sender address in ARP queries If no address is specified the security gate way s interface IP address will be used Optional Network Specifies the network address for this route RouteMonitor Specifies...

Страница 164: ...and a monitoring method Properties Method Monitoring method Default ICMP IPAddress Specifies the IP address of the host to monitor Port Specifies the TCP port to monitor PollingInterval Delay in milli...

Страница 165: ...or this route shall be sent through Network Specifies the network address for this route Metric Specifies the metric for this route Default 0 ProxyARPAllInterfaces Always select all interfaces includi...

Страница 166: ...ive on Wednesdays Optional Thu Specifies during which intervals the schedule profile is active on Thursdays Optional Fri Specifies during which intervals the schedule profile is active on Fridays Opti...

Страница 167: ...ice Identifier MessageTypes Specifies the ICMP message types that are applic able to this service Default All EchoRequest Enable matching of Echo Request messages Default No EchoRequestCodes Specifies...

Страница 168: ...G An Application Layer Gateway ALG capable of managing advanced protocols can be specified for this service Optional MaxSessions Specifies how many concurrent sessions that are per mitted using this s...

Страница 169: ...eturn Enable passing an ICMP error message only if it is related to an existing connection using this service Default No ALG An Application Layer Gateway ALG capable of managing advanced protocols can...

Страница 170: ...Type Specifies whether this service uses the TCP or UDP protocol or both Default TCP SourcePorts Specifies the source port or the port ranges applic able to this service Default 0 65535 SYNRelay Enab...

Страница 171: ...AcceptLog StaticARPChanges ARP packets that would cause static entries to be changed Default DropLog ARPExpire Lifetime of an ARP entry in seconds Default 900 ARPExpireUnknown Lifetime of an unknown...

Страница 172: ...citations before giving up address resolution Default 3 NDMaxUnicastSolicit Number of Neighbor Solicitations before giving up a zombie during dead peer detection Default 3 NDBaseReachableTime Multiple...

Страница 173: ...CP connections being formed Default 60 ConnLife_TCP Connection idle lifetime for TCP Default 262144 ConnLife_TCP_FIN Connection idle lifetime for TCP connections being closed Default 80 ConnLife_UDP C...

Страница 174: ...cy for saving the relay list to disk Default Re confShut AutoSaveRelayInterval Seconds between auto saving the relay list to disk Default 86400 Note This object type does not have an identifier and is...

Страница 175: ...since first re ceived fragment Default 90 ReassDoneLinger How long to remember a completed reassembly watching for old dups Default 20 ReassIllegalLinger How long to remember an illegal reassembly wat...

Страница 176: ...ing else it is megabyte Default Yes MemoryLogRepetition Should a log message be sent for each poll result that is in the Alert Critical or Warning level or should a log message only be sent when a new...

Страница 177: ...number of seconds a CRL is considered valid 0 obey the next update field in the CRL Default 86400 IKEMaxCAPath Maximum number of CA certificates in a certificate path Default 15 IPsecCertCacheMaxCert...

Страница 178: ...n too low unicast Hop Limit values Default DropLog HopLimitMinMulticast The minimum IP multicast Hop Limit value accep ted on receipt Default 3 HopLimitOnLowMulticast What action to take on too low mu...

Страница 179: ...eceived packets with TTL 0 this should never happen Default Yes Log0000Src Log invalid 0 0 0 0 source address Default Drop Block0Net Block 0 source addresses Default DropLog Block127Net Block 127 sour...

Страница 180: ...l Strip the DontFragment flag for packets of this size or smaller Default 65535 MulticastIPEnetOnMismatch What action to take when ethernet and IP multicast addresses do not match Default DropLog Note...

Страница 181: ...ommunication Default 2000 MaxSKIPLen SKIP Simple Key management for IP VPN pro tocol Default 2000 MaxOSPFLen OSPF Open Shortest Path First routing protocol Default 1480 MaxIPIPLen IPIP FWZ Encapsulate...

Страница 182: ...ttings Description Advanced log settings Properties LogSendPerSecLimit Limits how many log packets the security gateway may send out per second Default 2000 Note This object type does not have an iden...

Страница 183: ...ault 2 IGMPQueryInterval The interval ms between general queries sent by the Security Gateway Default 125000 IGMPQueryResponseInterval The maximum time ms until a host client has to send an answer to...

Страница 184: ...traffic to the security gateway regard less of configured IP Rules Default Yes HTTPSCertificate Specifies which certificate to use for HTTPS traffic Only RSA certificates are supported Optional SNMPBe...

Страница 185: ...e Default 5 RouteFailOver_ConsecSuccess Number of consecutive success before route is marked as available Default 5 Transp_CAMToL3CDestLearning Do L3 Cache learning based on destination IPs and MACs i...

Страница 186: ...C4_5 6_SHA1 Enable cipher TLS_RSA_EXPORT1024_WITH_RC4_56_SHA1 Default Yes TLS_RSA_EXPORT512_WITH_RC4_40 _MD5 Enable cipher TLS_RSA_EXPORT1024_WITH_RC4_40_MD5 Default No TLS_RSA_EXPORT512_WITH_RC2_40 _...

Страница 187: ...everseOpens Log reverse connection attempts through an estab lished connection Default Yes LogStateViolations Log packets that violate stateful tracking rules for instance TCP connect sequences Defaul...

Страница 188: ...G Force unused URG fields to zero prevents small in formation leak Default Yes TCPOPT_WSOPT The WSOPT Window Scale option common Default ValidateLogBad TCPOPT_SACK The SACK SACKPERMIT Selective ACK op...

Страница 189: ...L TCP NULL packets without SYN ACK FIN or RST normally invalid used by scanners Default DropLog TCPSequenceNumbers Validation of TCP sequence numbers Default Val idateLogBad TCPAllowReopen Allow clien...

Страница 190: ...Name Specifies a symbolic name for the key Identifier Type DSA or RSA Default DSA Subject Value of the Subject header tag of the public key file Optional PublicKey Specifies the public key Comments T...

Страница 191: ...pecifies the day of month when the automatic up date is runs UpdateWeekday Specifies the day of week when the automatic update is runs Default mon Hourly Specififes the number of hours between periodi...

Страница 192: ...ce RadiusServers Specifies the authentication servers that will be used to authenticate users matching this rule LDAPServers Specifies the authentication servers that will be used to authenticate user...

Страница 193: ...entication serv er If no values are received the manually specified values will be used Default No MultipleUsernameLogins Specifies how multiple username logins will be handled Default AllowMultiple R...

Страница 194: ...ith what severity log events will be sent to the specified log receivers Default Default Comments Text describing the current object Optional Note If no Index is specified when creating an instance of...

Страница 195: ...3 55 UserAuthRule Chapter 3 Configuration Reference 195...

Страница 196: ...lg 42 httpposter 43 hwm 43 I idppipes 44 ifstat 44 igmp 45 ippool 46 L languagefiles 46 ldap 47 license 47 linkmon 48 logout 48 ls 72 M memory 48 N natpool 49 nd 49 ndsnoop 50 netobjects 51 P pcapdump...

Страница 197: ...106 Ethernet 123 EthernetAddress 80 82 EthernetAddressGroup 80 82 EthernetDevice 110 EventReceiverSNMP2c 144 F FragSettings 174 G GRETunnel 124 H HighAvailability 111 HTTPALGBanners 112 HTTPAuthBanner...

Страница 198: ...Settings 184 RemoteMgmtSNMP 156 RemoteMgmtSSH 157 Route 163 Route6 162 RouteBalancingInstance 159 RouteBalancingSpilloverSettings 160 RoutingRule 161 RoutingSettings 185 RoutingTable 162 S SchedulePro...

Отзывы:

Нет отзывов

Похожие инструкции для NetDefend DFL-260E

PaloAlto Networks PA-200 Quick Start preview
PA-200
Бренд: PaloAlto Networks Страницы: 2
GROM Audio NetSpective User Manual preview
NetSpective
Бренд: GROM Audio Страницы: 153

Бренды по названию

Популярные бренды

Загрузить еще бренды