i
DPX8000 Series Deep Service Switching Gateway
User Configuration Guide
Firewall Service Board Module v1.0
Страница 1: ...i DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1 0...
Страница 2: ...upport If you need any help please contact Hangzhou DPtech Technologies Co Ltd and its sale agent according to where you purchase their products Hangzhou DPtech Technologies Co Ltd Address 6th floor z...
Страница 3: ...duct upgrading or other reasons information in this manual is subject to change Hangzhou DPtech Technologies Co Ltd has the right to modify the content in this manual as it is a user guides Hangzhou D...
Страница 4: ...TECTION 13 1 6 2 BASIC ATTACK LOG QUERY 14 1 7 SESSIONS LIMIT 15 1 8 SERVICE LIMITATION 15 1 9 IPV4 BASIC DDOS PROTECTION 16 1 9 1 DEFEND OBJECT MANAGEMENT 16 1 9 2 CONFIGURATION AND TENDENCY 17 1 9 3...
Страница 5: ...3 2 L2TP 33 3 2 1 INTRODUCTION TO L2TP 33 3 2 2 L2TP 33 3 3 GRE VPN 34 3 3 1 INTRODUCTION TO THE GRE 34 3 3 2 CONFIGURING GRE CONFIGURATION 34 3 4 SSL VPN 35 3 4 1 INTRODUCTION TO THE SSL VPN 35 3 4 2...
Страница 6: ...status and monitoring 17 Figure1 19 DDOS defend settings 18 Figure1 20 Protection history 19 Figure1 21 Blacklist configuration 19 Figure1 22 Blacklist query 20 Figure1 23 Blacklist log query 20 Figur...
Страница 7: ...vii Figure4 1 IDS integration log 39...
Страница 8: ...Table1 10 Basic attack protection 13 Table1 11 Basic attack log query 14 Table1 12 Exceeding control 15 Table1 13 Defend object management 16 Table1 14 Traffic and status monitoring 17 Table1 15 DDOS...
Страница 9: ...and outgoing data packet and block intrusion from outside network the followings are provided by firewall including Packet filtering IPv6 packet filtering NAT NAT_PT Basic protection Sessions limitat...
Страница 10: ...is to inspect the source domain destination domain originator source IP originator destination IP originator source MAC originator destination MAC service IP fragment flow re mark action for every dat...
Страница 11: ...policy Status Specify whether the current policy is effective Action Specify whether permit the packet pass the device and further limit packet filtering policy Operation Click the copy icon and then...
Страница 12: ...service and valid for the packet filtering policy The action you can select is the pass discard or rate limitations Click Ok button in the upper right Caution It will perform by default if there is n...
Страница 13: ...IP of the packet filtering policy Source port type Displays the source port type of the packet filtering policy Destination port code Displays the destination port code of the packet filtering policy...
Страница 14: ...G configuration Table1 4 ALG configuration Item Description Protocol Displays the protocol name State Displays the enabling status of alg configuration 1 3 IPv6 packet filtering policy To enter the IP...
Страница 15: ...s shown in Figure1 7 Figure1 7 Source NAT Table1 5 describes the details of source NAT configuration Table1 5 Source NAT configuration Item Description ID Displays the serial number of source NAT poli...
Страница 16: ...AT ID In interface Displays the inbound interface of destination NAT policy Common address Displays the destination NAT policy Service Displays the service type of destination NAT policy Expert config...
Страница 17: ...al number Displays the serial number of one to one NAT policy Public interface Displays the outbound interface of one to one NAT policy One to one NAT Displays the inner address of one to one NAT poli...
Страница 18: ...gure the end IP address of address pool Operation Click the copy icon and the delete icon to do the operations To configure address pool configuration Click the button of the address pool except the f...
Страница 19: ...l of Alg configuration Table1 9 Alg configuration Item Description Protocol Displays the protocol name State Select whether to enable or disable the protocol 1 5 NAT_PT Enabling the NAT_PT function yo...
Страница 20: ...Firewall module Basic attack protection as shown in Figure1 13 Figure1 13 Basic attack protection Table1 10 describes the details of basic attack protection Table1 10 Basic attack protection Item Desc...
Страница 21: ...uery allow you to query the specific log from the database To enter the basic attack lo query page you choose Firewall module Basic attack protection Basic attack log query as shown in Figure1 14 Figu...
Страница 22: ...sion limitation Table1 12 describes the details of exceeding control Table1 12 Exceeding control Item Description Security zone user group Select the user group which will apply to the exceeding contr...
Страница 23: ...tion Defend object management as shown in Figure1 17 Figure1 17 Defend object management Table1 13 describes the details of defend object management Table1 13 Defend object management Item Description...
Страница 24: ...ion Configuration and tendency as shown in Figure1 18 Figure1 18 Traffic status and monitoring Table1 14 describes the details of traffic status and monitoring Table1 14 Traffic and status monitoring...
Страница 25: ...Auto learning the threshold Set the number of the threshold To modify DDOS defend settings Select whether to enable the manual configure the threshold and auto learning the threshold Set the number o...
Страница 26: ...n in Figure1 21 Figure1 21 Blacklist configuration Table1 16 describes the details of blacklist configuration Table1 16 Blacklist configuration Item Description Option Click the Enable blacklist optio...
Страница 27: ...odule Firewall Blacklist query as shown in Figure1 22 Figure1 22 Blacklist query Table1 17 describes the details of blacklist query Table1 17 Blacklist query Item Description IP address mask Displays...
Страница 28: ...o view the searching result Click the Export to CSV button and then you can export the log file Click the delete button and then you can delete the logs you have searched 1 11 QoS QoS can ensure bandw...
Страница 29: ...and then you can copy a VIP bandwidth guarantee rule Click the delete icon and then you can delete a VIP bandwidth guarantee rule 1 11 2 Traffic shaping To enter traffic shaping page you choose Firewa...
Страница 30: ...ARP spoofing VLAN ID Displays the VLAN ID scanned by anti ARP spoofing Interface Displays the interface scanned by anti ARP spoofing Type Displays the obtaining method of anti ARP spoofing 1 12 2 ARP...
Страница 31: ...ll Service Board Module v1 0 24 Figure1 27 ARP configuration Table1 21 describes the details of ARP configuration Table1 21 ARP configuration Item Description Interface name Displays the all interface...
Страница 32: ...stably working 2 1 2 Link config To enter the link config page you choose Firewall module Load balancing Link config as shown in Figure2 1 Figure2 1 Link load balancing Table2 1 describes the details...
Страница 33: ...e you choose Firewall module Load balancing ISP as shown in Figure2 2 Figure2 2 ISP Table2 2 describes the details of ISP Table2 2 ISP Item Description ISP name Displays the name of ISP Segment import...
Страница 34: ...onfiguration Guide Firewall Service Board Module v1 0 27 Figure2 3 Logic link group 2 3 Link health check To enter the link health check page you choose Firewall module Load balancing Link health chec...
Страница 35: ...ng encryption and data origin authentication it delivers these security services at the IP layer Through the IKE Internet Key Exchange protocol IPsec provides the auto negotiate exchange password and...
Страница 36: ...r types of ID obtaining method in which you can select one Auto hostname IP address Local certificate ID alias Displays auto Client ID In client ID item you can enable auto or remote certificate ID al...
Страница 37: ...iguration click Ok button on the upper right 3 1 3 DPVPN To enter the DPVPN page you choose Firewall module Firewall VPN IPsec DPVPN as shown in Figure3 2 Figure3 2 DPVPN Table3 3 describes the detail...
Страница 38: ...the IPsec page you choose Firewall module VPN IPsec IPsec interface as shown in Figure3 4 Figure3 4 IPsec interface 3 1 6 Display connections To enter the display connections page you choose Firewall...
Страница 39: ...display IPsec connections interface Select a query item and make a choice form local IP address and remote IP address and connection name Enter the keyword of display IPsec connection Click query but...
Страница 40: ...P provides the packet header compressing tunnel verification and vice versa the it cannot supported by PPTP 3 2 2 L2TP To enter the L2TP configuration page you choose Firewall module VPN L2TP as shown...
Страница 41: ...Item Description Tunnel interface NO Configure the GRE tunnel interface NO the number is from 1 to 64 Tunnel interface IP address Configure the GRE tunnel interface IP address Tunnel source interface...
Страница 42: ...L VPN page you choose Firewall module VPN SSL VPN as shown in Figure3 9 Figure3 9 SSL VPN Table3 7 describes the details of global configuration Table3 7 Global configuration Item Description Global c...
Страница 43: ...o visit Resource configuration Resource group which can be configure when IP resource existing Configure the information and description of resource group 3 4 3 Resource configuration To access the re...
Страница 44: ...configuration 3 4 5 Online user status To enter the online user status page you choose Firewall module VPN SSL VPN online user status as shown in Figure3 12 Figure3 12 Online user status 3 4 6 Operati...
Страница 45: ...DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1 0 38 Figure3 13 Operation log query...
Страница 46: ...er Configuration Guide Firewall Service Board Module v1 0 39 Chapter 4 IDS integration 4 1 IDS integration log To enter the IDS integration log page you choose Firewall module IDS Integration log as s...
