D-Link DFL-80 User Manual page 129

Ethernet vpn firewall

Hide thumbs Also See for DFL-80:

Quick installation manual (16 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

Table of Contents

Address Group

The usual way to setup different packet IP filters for the same policy is to create

one policy for each filter. If there are 10 IP addresses then 10 policies have to

be created. Address Group is used to simplify this kind of procedures. The

administrator creates a new group name in External Groups of Address menu

and adds all the related IP addresses into that group. After the group is created,

the group name will be shown in Address Table. When creating a control policy,

group name can be specified as the source or destination address. In this way,

only one policy is needed to achieve the same effect as ten policies in the

previous example.

Alarm

There are flow alarm and event alarm. Flow alarm's parameter is setup

before setting up policies. System checks whether the data packet flow

through each policy is higher the setup limit every 10 minutes. If it is, a

record will be added to flow alarm file. When the DFL-80 detects hacker

attacks, it records the attacking data in event alarm file, and sends E-mail to

system manger to take emergent steps.

DMZ

DMZ is the network between the firewall's external interface and routers.

DMZ's network number is allocated by ISPs. For example, when the network

number an ISP provides is 210.71.253.128 and subnet mask is

255.255.255.240. Machines inside DMZ can have IP addresses ranged from

210.71.253.128 to 210.71.253.140, sixteen different IP addresses. However,

only thirteen of the sixteen IP addresses ranged from 210.71.253.129 to

2210.71.253.141 are useable. 128 is the network number, 143 is the

Broadcasting Address, and 142 is used by router. Because DMZ is located

at the outside of a firewall and is not protected by firewall, it is considered to

be insecure. To fix the loophole, more firewall products provide a dedicate

DMZ interface to provide protection for DMZ connections. In the previous

example, the system manager segments the network into two sub-networks,

210.71/253.128/59 and 210.71.253.136/29 respectively. Since the route's IP

is 210.71.253.142, the external interface's IP must be one of 210.71.253.136/

29, and DMZ interface's IP must belong to 210.71.253.128/29. As the

following graph shows:

129

Table of Contents

D-Link DFL-80 User Manual page 129

Related Manuals for D-Link DFL-80

Related Products for D-Link DFL-80

Table of Contents