![D-Link DFL-700 [28/131] Firewall](/img/pdf.png)
D-Link DFL-700 [28/131] Firewall
28
Firewall
Policy
The Firewall Policy configuration section is the "heart" of the firewall. The policies are the
primary filter that is configured to allow or disallow certain types of network traffic through the
firewall. The policies also regulate how bandwidth management, traffic shaping, is applied to
traffic flowing through the WAN interface of the firewall.
When a new connection is being established through the firewall, the policies are
evaluated, top to bottom, until a policy that matches the new connection is found. The Action
of the rule is then carried out. If the action is Allow, the connection will be established and a
state representing the connection is added to the firewall's internal state table. If the action is
Drop, the new connection will be refused. The section below will explain the meanings of the
various action types available.
Policy modes
The first step in configuring security policies is to configure the mode for the firewall. The
firewall can run in NAT or No NAT (Route) mode. Select NAT mode to use DFL-1000 network
address translation to protect private networks from public networks. In NAT mode, you can
connect a private network to the internal interface, a DMZ network to the dmz interface, and a
public network, such as the Internet, to the external interface. Then you can create NAT mode
policies to accept or deny connections between these networks. NAT mode policies hide the
addresses of the internal and DMZ networks from users on the Internet. In No NAT (Route)
mode you can also create routed policies between interfaces. Route mode policies accept or
deny connections between networks without performing address translation. To use NAT
mode select Hide source addresses (many-to-one NAT) and to use No NAT (Route) mode
choose No NAT.
Action Types
Drop – Packets matching Drop rules will immediately be dropped. Such packets will be
logged if logging has been enabled in the Logging Settings page.
Reject – Reject works in basically the same way as Drop. In addition to this, the firewall
sends an ICMP UNREACHABLE message back to the sender or, if the rejected packet was a
TCP packet, a TCP RST message. Such packets will be logged if logging has been enabled
in the Logging Settings page.
Allow – Packets matching Allow rules are passed to the stateful inspection engine, which
will remember that a connection has been opened. Therefore, rules for return traffic will not be
required as traffic belonging to open connections is automatically dealt with before it reaches
the policies. Logging is carried out if audit logging has been enabled in the Logging Settings
page.
Содержание
- D link dfl 700 1
- Manual 1
- Network security firewall 1
- Contents 2
- Features and benefits 7
- Introduction 7
- Introduction to firewalls 7
- Introduction to local area networking 8
- Physical connections 9
- Note using a power supply with a different voltage rating than the one included with the dfl 700 will cause damage and void the warranty for this product 10
- Package contents 10
- System requirements 10
- Managing d link dfl 700 11
- Resetting the dfl700 11
- When a change is done to the configuration a new icon named activate change 11
- Administration settings 12
- Administrative access 12
- Add admin access to an interface 13
- Add ping access to an interface 13
- Add read only access to an interface 14
- Enable snmp access to an interface 14
- Change ip of the lan or dmz interface 15
- Interfaces 15
- System 15
- Wan interface settings using dhcp 16
- Wan interface settings using static ip 16
- Wan interface settings using pppoe 17
- Wan interface settings using pptp 18
- Traffic shaping 19
- Wan interface settings using bigpond 19
- Mtu configuration 20
- Routing 21
- Add a new static route 22
- Remove a static route 22
- Logging 23
- Enable audit logging 24
- Enable e mail alerting for isd idp events 24
- Enable logging 24
- Changing time zone 27
- Setting time and date manually 27
- Using ntp to sync time 27
- Action types 28
- Firewall 28
- Policy 28
- Policy modes 28
- Intrusion detection prevention 29
- Schedule 29
- Service filter 29
- Source and destination filter 29
- Traffic shaping 30
- Add a new policy 31
- Change order of policy 32
- Configure intrusion detection 32
- Delete policy 32
- Configure intrusion prevention 33
- Add a new mapping 34
- Port mapping virtual servers 34
- Delete mapping 35
- Add administrative user 36
- Administrative users 36
- Change administrative user access level 37
- Change administrative user password 37
- Delete administrative user 38
- Irreversible once the user is deleted it cannot be undeleted 38
- The dfl 700 radius support 39
- Enable radius support 40
- Enable user authentication via http https 40
- Add user 41
- Change user password 41
- Delete user 42
- Irreversible once the user is deleted it cannot be undeleted 42
- Add new recurring schedule 43
- Schedules 43
- Adding tcp udp or tcp udp service 44
- Services 44
- Adding ip protocol 45
- Grouping services 45
- Protocol independent settings 46
- Introduction to ipsec 47
- Introduction to l2tp 48
- Introduction to pptp 48
- Point to point protocol 48
- Authentication protocols 49
- Mppe microsoft point to point encryption 49
- Ms chap v1 49
- Ms chap v2 49
- L2tp pptp clients 50
- L2tp pptp servers 51
- Creating a lan to lan ipsec vpn tunnel 53
- Vpn between two networks 53
- Creating a roaming users ipsec vpn tunnel 54
- Vpn between client and an internal network 54
- Adding a l2tp pptp vpn client 55
- Adding a l2tp pptp vpn server 55
- Ike dh group 56
- Ike mode 56
- Keepalives 56
- Limit mtu 56
- Nat traversal 56
- Pfs perfect forward secrecy 56
- Vpn advanced settings 56
- Ike proposal list 57
- Ipsec proposal list 57
- Proposal lists 57
- Certificates 58
- Certificates of remote peers 58
- Local identities 58
- Trusting certificates 58
- Certificate authorities 59
- Identities 59
- Active content handling 60
- Content filtering 60
- Edit the url global whitelist 61
- Edit the url global blacklist 62
- Active content handling 63
- Dhcp server settings 64
- Servers 64
- Disable dhcp server relayer 65
- Enable dhcp relay 65
- Enable dhcp server 65
- Dns relayer settings 66
- Enable dns relayer 66
- Disable dns relayer 67
- Ping example 68
- Add dynamic dns settings 69
- Dynamic dns 69
- Backup 70
- Exporting the dfl 700 s configuration 70
- Restoring the dfl 700 s configuration 70
- Restart reset 71
- Restarting the dfl 700 71
- Restoring system settings to factory defaults 71
- Upgrade 73
- Upgrade firmware 73
- Upgrade ids signature database 73
- Status 74
- System 74
- Interfaces 75
- Connections 77
- Dhcp server 78
- Conn events 80
- Drop events 80
- How to read the logs 80
- Usage events 80
- Step by step guides 82
- Lan to lan vpn using ipsec 83
- Settings for branch office 83
- Settings for main office 85
- Lan to lan vpn using pptp 87
- Settings for branch office 87
- Settings for main office 90
- Lan to lan vpn using l2tp 94
- Settings for branch office 94
- Settings for main office 97
- A more secure lan to lan vpn solution 101
- Settings for branch office 101
- Settings for main office 104
- Settings for the windows xp client 105
- Windows xp client and pptp server 105
- Settings for main office 113
- Settings for the windows xp client 115
- Windows xp client and l2tp server 115
- Settings for main office 117
- Content filtering 119
- Intrusion detection and prevention 123
- Limit bandwidth to a service 126
- Limit bandwidth to one or more ip addresses 126
- Traffic shaping 126
- Guarantee bandwidth to a service 127
- Appendix a icmp types and codes 129
- Appendixes 129
- Appendix b common ip protocol numbers 131
Похожие устройства
- Gorenje GI 63398 BW Инструкция по эксплуатации
- Vitek VT-2131 Инструкция по эксплуатации
- Panasonic LUMIX DMC-SZ1 Инструкция по эксплуатации
- Korg EA-1 Инструкция по эксплуатации
- Panasonic NV-S88E Инструкция по эксплуатации
- D-Link DFL-800 Инструкция по эксплуатации
- Gorenje GI 63398 BBR Инструкция по эксплуатации
- Panasonic LUMIX DMC-SZ7 Инструкция по эксплуатации
- Korg DT-7 Инструкция по эксплуатации
- Panasonic NV-RZ2EN Инструкция по эксплуатации
- Protherm WH B200Z 1170 Инструкция по эксплуатации
- D-Link DFL-860 Инструкция по эксплуатации
- Gorenje GI 63398 BX Инструкция по эксплуатации
- Panasonic NV-RZ1ENC Инструкция по эксплуатации
- Panasonic LUMIX DMC-TZ30 Инструкция по эксплуатации
- Baxi Premier plus 150 Инструкция по эксплуатации
- D-Link DFL-860E Инструкция по эксплуатации
- Gorenje K 65343 BX Инструкция по эксплуатации
- Panasonic NV-RZ1EN Инструкция по эксплуатации
- Korg D8 Инструкция по эксплуатации