1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

Access Rule Settings - D-Link NetDefend DFL-210 User Manual

Network security firewall ver. 1.05
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

6.1.3. Access Rule Settings

Access Rules can provide an anti-spoofing capability by providing an extra filter for source address
verification. An Access Rule can verify that packets arriving at a given interface do not have a
source address which is associated with a network of another interface. In other words:
Any incoming traffic with a source IP address belonging to a local trusted host is NOT allowed.
Any outgoing traffic with a source IP address belonging to an outside untrusted network is NOT
allowed.
The first point prevents an outsider from using a local host's address as its source address. The
second point prevents any local host from launching the spoof.
6.1.3. Access Rule Settings
The configuration of an access rule is similar to other types of rules. It contains Filtering Fields as
well as the Action to take. If there is a match, the rule is triggered, and NetDefendOS will carry out
the specified Action.
Access Rule Filtering Fields
The Access Rule filtering fields used to trigger a rule are:
Interface: The interface that the packet arrives on.
Network: The IP span that the sender address should belong to.
Access Rule Action
The Access Rule actions that can be specified are:
Drop: Discard the packets that match the defined fields.
Accept: Accept the packets that match the defined fields for further inspection in the rule-set.
Expect: If the sender address of the packet matches the Network specified by this rule, the re-
ceiving interface is compared to the specified interface. If the interface matches, the packet is ac-
cepted in the same way as an Accept action. If the interfaces do not match, the packet is dropped
in the same way as a Drop action.
Turning Off Default Access Rule Messages
If, for some reason, the "Default Access Rule" log message is continuously being generated by some
source and needs to be turned off, then the way to do this is to specify an Access Rule for that
source with an action of Drop.
Troubleshooting Access Rule Related Problems
It should be noted that Access Rules are a first filter of traffic before any other NetDefendOS mod-
ules can see it. Sometimes problems can appear, such as setting up VPN tunnels, precisely because
Note
Logging can be enabled on demand for these Actions.
103
Chapter 6. Security Mechanisms

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Content for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Dfl-1600Netdefend dfl-2500Netdefend dfl-260Netdefend dfl-860Netdefend dfl-800 ... Show all

Table of Contents