Error Report & Connection Protection - D-Link DFL-1600 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1600:
- Quick manual (22 pages) ,
- User manual (552 pages) ,
- Log reference manual (476 pages)
Table of Contents
Advertisement
46
Service Group
The services defined in the above options can be grouped in order to
simplify security policy configuration. Consider a web server using standard
HTTP as well as SSL encrypted HTTP (HTTPS, refer to
SSL/TLS(HTTPS)
allowing both types of services through the firewall, a service group named,
for instance, "Web", can be created, with the HTTP and the HTTPS
services as group members (shown in the example below).
Example:
WebUI
:
Follow the steps outlined below:
1. Adding a TCP service object "HTTP" with port 80.
2. Adding a TCP service object "HTTPS" with port 443.
3. Objects
Services
General
Name: Web
Pick "HTTP" and "HTTPS" from Available list and put them into
Selected list.
Click OK.
8.2.2
Error Report & Connection Protection
ICMP error message
ICMP error messages provide feedback about problems in the
communication environment, e.g. when an IP packet cannot reach its
destination. However, ICMP error messages and firewalls are usually not a
very good combination; the ICMP error messages are initiated at the
destination host (or a device within the path to the destination) and sent to
the originating host. The result is that the ICMP error message will be
interpreted by the firewall as a new connection and dropped, if not
explicitly allowed by the firewall rule-set. Allowing any inbound ICMP
message to be able to have those error messages forwarded is generally not
). Instead of having to create two separate rules
Specifying a "Web" service group
Add
D-Link Firewalls User's Guide
Chapter 8. Logical Objects
22.3
Service Group
Advertisement
Table of Contents
