Download Print this page

Advertisement

Information Security gateway(ISG)
User Manual
DFL-M510
Security
Security
Network Security Solution
http://www.dlink.com

Advertisement

   Also See for D-Link DFL-M510

   Related Manuals for D-Link DFL-M510

   Summary of Contents for D-Link DFL-M510

  • Page 1

    Information Security gateway(ISG) User Manual DFL-M510 Security Security Network Security Solution http://www.dlink.com...

  • Page 3

    This publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this manual, nor any of the material contained herein, may be reproduced without written consent of D-Link. Copyright 2006 Version 1.02 Disclaimer The information in this document is subject to change without notice.

  • Page 4

    ) is a registered trademark of Nullsoft Inc. Player365 ( ) is a registered trademark of Live365, Inc. D-Link is a registered trademark of D-Link Systems, Inc. Java is a trademarks or registered trademark of Sun Microsystems, Inc. in the United States and other countries.

  • Page 5

    Safety Certifications CE, C-Tick, TUV, UL About this Manual This manual provides information for setting up and configuring the DFL-M510. This manual is intended for network administrators. Safety Information READ THIS IMPORTANT SAFETY INFORMATION SECTION. RETAIN THIS MANUAL FOR REFERENCE.

  • Page 7: Table Of Contents

    Table of Contents Chapter 1: Getting Started with the DFL-M510 ------------------------------------------------- 1 Identifying Components ..................1 Front View ....................... 1 Rear View ........................ 2 Configuring the DFL-M510 ..................3 Configuration Through the Command Line Interface ..........3 Configuration Through a Web-based Interface ............7 Running the Setup Wizard ..................

  • Page 8

    Chapter 4: User Authentication ---------------------------------------------------------------------- 63 The Use Authentication Screen ..................63 Accounts ........................ Chapter 5: Objects ------------------------------------------------------------------------------------------66 The Objects Screen ......................The Setup Hosts Tab .................... 67 Exporting a Host Database ................... 70 The Setup Groups Tab ..................72 Assign Hosts to Groups ..................

  • Page 9

    Appendix A: The Command Line Interface ------------------------------------------------------- 115 Terminal/SSH (Secure Shell) Connection .............. 115 Getting Started ..................... 116 CLI Command List ....................116 Help Command ....................117 Get Command ......................119 Set Command ......................120 “set system” command ..............120 “set time” command ............... 124 “set state”...

  • Page 10: Getting Started With The Dfl-m510

    In-Line mode with a hardware bypass function enabled. The hardware bypass ensures that if the DFL-M510 crashes, or experiences a power out or some other problem; your network is still up and running. This allows your network administrator to begin monitoring selected PCs, while checking for anything that may upset your current network environment.

  • Page 11: Rear View

    STATUS LEDS The following table describes the status LEDs on the front of the DFL-M510. Function Naming Color Status LED Description Power Power Green Power off Power Green System System Power off (System not ready) System ready and running ok...

  • Page 12: Configuring The Dfl-m510

    255.255.255.0 Default Gateway 192.168.9.254 1. Connect one end of the RS-232 cable to the console port on the DFL-M510 and the other end to the COM1 or COM2 port on the PC. (The pin-out definitions are shown below.) Terminal Emulation...

  • Page 13

    Data Bits Parity None Stop Bits Flow Control Nine 2. To open a connection in Windows 95/98/NT/2000/XP go to, Program Files Accessory → Communications → Super Terminal. 3. Once you access the Command Line Interface (CLI) with a terminal connection, press any key.

  • Page 14

    5. Use the get system command to get information on the DFL-M510. 6. Use the set system ip command to set the IP address.

  • Page 15

    7. After the system reboots, use set system gateway to set the default gateway. 8. After setting the IP address, Mask and Gateway, use the get system command to get correct information. Use the web-based interface to configure other parameters. See “Configuration Through a Web-based Interface”...

  • Page 16: Configuration Through A Web-based Interface

    Before accessing the GUI from any PC, you must install Java Run Time Environment (J2RE V1.4.2 or above). Then you can log on to the DFL-M510 from any computer on the network via a Web browser. You can download J2RE from www.java.com...

  • Page 17

    3. Click Run to start the installation. Follow the onscreen prompts to complete the installation. The following Security Warning appears. 4. Click Always to continue and prevent this screen appearing again. The login screen appears. The IP address shown above is only an example. Instead use the IP address for your network.

  • Page 18: Running The Setup Wizard

    7. To log out click the Close button at the top-right of the screen. RUNNING THE SETUP WIZARD The Setup Wizard helps you to quickly apply basic settings for the DFL-M510. You will need the following information for your network to complete the Setup Wizard: IP Address...

  • Page 19: Toolbar

    Policy Status. Also, you can obtain the information of pattern version in the Pattern Status. WIZARD The Wizard provides a handy ways for you to quickly apply system and policy settings for the DFL-M510. On DFL-M510, two wizards shown as below are provided - Setup Wizard and Policy Wizard.

  • Page 20: Setup Wizard

    SETUP WIZARD When initializing the DFL-M510 first time, the Setup Wizard will launch automatically after you logon the device. The Setup Wizard will guide you step-by-step through the entire procedure. After the procedure is completed, the basic system information for DFL-M510 is configured.

  • Page 21

    2. You need to provide your IP Address, Subnet Mask, Default Gateway, and DNS Server address to enable the device to connect to your network. If the network was set by CLI, check the settings here. Type in the required information and click Next. Select the check boxes for the applications you want to block and click Next.

  • Page 22

    You can leave all the boxes unchecked to be sure the DFL-M510 is set up correctly. Later you can add applications to be blocked in the ” Policy menu. See Chapter 6 “Policy on page 75. 4. Select the No radio button and click Finish.

  • Page 23

    When the setup is successful, the following screen appears: 5. Click OK. The System status screen is shown for your information.

  • Page 24: Policy Wizard

    POLICY WIZARD The Policy Wizard helps you to simplify the policy configurations and apply policy settings for the DFL-M510. Follow the steps as below to experience the easy use and convenience of Policy Wizard: TO CREATE A NEW POLICY TEMPLATE VIA POLICY WIZARD...

  • Page 25

    2. You can choose to manually setup Host/Group information here or latter in the tree view list. To setup the Host/Group information, click the “Set up Host/Group Now” button, otherwise, click Next to continue. 3. In this step, you can choose either to create a new policy or to select an existing policy template.

  • Page 26

    To create a new policy, you need to provide a policy name in the “Template Name” field, and click Next to continue. Here Block Streaming Media is the example. To utilize an existing policy template, click the radio button “Choose an existing policy template”, and select an existing policy template from the pull down list.

  • Page 27

    4. Specify the corresponding action and schedule for the “Block Streaming Media” template. Here the “Block” checkbox is checked, and the schedule is “Always”. Click Next to continue.

  • Page 28

    5. Assign the “Block Streaming Media” template to a specific group. In this step, it is optional to assign the policy to a specific group. You can latter configure it in the “Policy Setting” Tab when you require. In this example, the policy does not apply to any specific group immediately.

  • Page 29

    6. After saving your new policy template, you can choose either to finish the Policy Wizard or to set up another policy template via the wizard. The Policy Wizard provides a simple and easy way to set up your policy setting, these configurations still can be modified latter in the configuration tabs of “Policy Setting”.

  • Page 30: Tools

    TOOLS The Tools includes the handy tools for the system maintenance, including Backup, Reset, Upgrade and Debug. Each of them will be described as below. BACKUP Go to the Toolbar, click Tools, Backup. The Backup window appears. Press Backup configuration to store the currents settings to a Backup configuration to file.

  • Page 31: Reset

    RESTORING A CONFIGURATION BACKUP 1. Click Browse. 2. Locate the DFL-M510.cbk file and click Open. 3. Click Restore to send the file to the device. 4. When the update completes, click Reboot to reboot the device. The configuration file includes the user-defined policy.

  • Page 32: Upgrade

    Rebooting or resetting the device closes the GUI. Log back on as you normally do. UPGRADE Go to the Toolbar, click Tools, Upgrade. The Firmware Upgrade window appears, see below. File Path Type the file path to the update file. Press Browse to locate the update file.

  • Page 33: Debug

    The Debug tool is a trouble shooting tool for your hardware provider. When you encounter hardware problems or configuration problems of DFL-M510, you can retrieve the debug information from the DFL-M510, and provide this file to your vendor for further analysis.

  • Page 34: Status

    STATUS The Status provides information on the current network and system settings. You can also find details of what applications can be monitored and incorporated into your policies. After you log on, go to Toolbar, and click Status to open the following screen: The Status screen gives you access to the following information: System Status Logging Status...

  • Page 35: System Status

    System Status The System tab information is updated every minute. You can also click the Refresh button to update the information. To view the System Status, click Status/System. IP Address Shows the IP Address (the default is 192.168.1.1) Shows the subnet mask (the default is 255.255.255.0) Subnet Mask Default Gateway Shows the default gateway (the default is 192.168.1.254...

  • Page 36

    Pattern Version Shows the pattern version Last time updated Shows the last time the pattern was updated Pattern number Shows the pattern number Boot Time/Up Time Shows the last time the device was booted up Shows the system device time Device Time CPU Utilization Shows CPU utilization, monitor CPU usage to prevent overload...

  • Page 37: Logging Status

    Logging Status To view the Logging Status, click Status/Logging. The log involves three lists of records. The system log records the device status changes and firmware operational conditions. It will statically list out incidents on the log windows when there are any. It is the administrator’s decision to activate the log display by clicking Refresh.

  • Page 38

    NAVIGATING LOGS Use the navigation arrows </> to jump to the first or last page. Use Prev/Next, to go to the previous or next page. Go to a specific page by selecting it from the Page drop-down arrow. THE REPORT for Network Status To view the Report for Network Status, click Status /Report.

  • Page 39: Report For Network Status

    INTERACTIVE REPORT After you click Generate, the report window opens. The above screen is described in the Real Time Monitor chapter. See “Monitoring Real Time Traffic”. Click Print to print the report. Click Save As to save the report to the local computer.

  • Page 40

    VIEWING A SAVED REPORT Reports are saved in HTML format and can be viewed in a Web browser. 1. Click Save As. 2. Type a name for the report and click Save As. 3. Open the file you saved in your Web browser. 4.

  • Page 41: Policy Status

    Click Application to select the application category which you want to know. It will display the current version in the right field. The following are the supported applications of Pattern version 3.21 on the DFL-M510. The latest pattern can be downloaded automatically after you register the product information and enable the auto download feature on the DFL-M510.

  • Page 42

    Shareaza v2.1.0.0 Morpheus 4.9.2 BearShare 5.1.0 Kuro 6.0 KaZaa 3.0 Pigo 3.3 GnuTella Grokster v2.6 DirectConnect 2.2.0 Beedo 2.0 PP365 2004 SoftEther 2.0 PacketiX (Softether) 2.10 build 5080 VNC 3.3.7 RealPlayer 10.5 Windows Media Player 10.0 H.323 RTSP Streaming Media iTunes 4.8 WinAmp 5.09 Radio365 1.1.11...

  • Page 43

    POP3 IMAP4 NNTP The DFL-M510 manages P2P downloads by using the P2P Protocol. In this architecture, no matter what version of the client you use, the DFL-M510 can manage it.

  • Page 44

    REQUEST NEW APPLICATION SUPPORT If there is a new application that the DFL-M510 can not support, you can use this function to request support. 1. Click User Request. The following screen appears. 2. Complete all information of the new application, and click Send. You will be...

  • Page 45: Pattern Status

    PATTERN STATUS To view the Pattern Status, click Status/Pattern Status. PATTERN INFORMATION This page will display the Pattern Information Last Update Shows the last time the pattern was updated Version of current pattern Shows the pattern version Number of pattern Shows the pattern number Pattern Updated Information This page will show the log when you update pattern.

  • Page 46: Chapter 2: System

    CHAPTER 2: SYSTEM The System menu is where you carry out the basic setup of the DFL-M510 such as integration with your network. The System menu also lets you set local time settings and carry out maintenance. THE SYSTEM SCREEN...

  • Page 47: The Date & Time Screen

    THE DATE AND TIME SCREEN Use Date and Time to adjust the time for your location. 1. Click System > Date and Time. The Date and Time window appears. 2. Click to the right of Current Date and Time. 3. Select the current date and click to return to the Date and Time screen.

  • Page 48

    4. In the Current Date and Time field, type in the current time and then choose the time zone for your location from the drop-down list. 5. Click Apply to confirm your settings. The following screen appears: 6. Click OK to exit. If your location uses daylight saving time: A.

  • Page 49: The Remote Management Screen

    THE REMOTE MANAGEMENT SCREEN Use Remote Management to enable system administration remotely. The following screen appears. The DFL-M510 can be remotely managed via HTTP or SSH. The Remote Access tab lets you control access rights. HTTP/SSH The descriptions for the HTTP and SSH fields are the same.

  • Page 50

    2. Click the Selected IP Address radio button and click Add. 3. Type in the IP Address and Subnet Mask for the PC that will access the DFL-M510 and click OK. The IP Address is added to the Selected IP Address window. Repeat steps 2 and 3 to add other IP Addresses.

  • Page 51: The Log Setting Screen

    When the settings are processed, the following screen appears: 5. Click OK to finish. THE LOG SETTING SCREEN Configure Log Type and Severity Notification to view log information on the device. Click System/Log Setting, the following screen appears. The Log Setting screen has two tabs. Click on a tab to view the settings.

  • Page 52

    On DFL-M510, there are three log types, including System, Policy and Malware Detection. System log setting enables you to log and view system related information on the DFL-M510. Policy log setting enables you further configure the logging for individual policy template. For Malware Detection log setting, it allows DFL-M510 log the information while the device detects any network health concern activities in your internal network.

  • Page 53

    LOG RECEIVER TAB Click the Log Receiver tab. The following screen appears. To export the logging information to external Syslog server, you need to activate the Server setting, meanwhile provide the IP address and port configuration of your Syslog server. Then specify the log type and severity notification you would like to export to and view on your Syslog server.

  • Page 54: Chapter 3: Interfaces

    CHAPTER 3: INTERFACES THE INTERFACE SCREEN The Network screen lets you configure settings for your network. 1. Click Interface. The Network Setting window appears. The Network screen has four tabs. Click on a tab to view the settings.

  • Page 55: Network Setting Tab

    NETWORK SETTING TAB Click the Network Setting tab. The following screen appears. Type a name for the device. Device Name Set the inactivity time out. Inactivity Timeout...

  • Page 56

    When more than one DFL-M510 is installed in your location, assign device names to help identify different units. DEVICE SETTING These fields display the IP address and related network information of the device. IP Address Device IP Address Subnet Mask...

  • Page 57

    ADMIN EMAIL To enable the network administrator to receive emails from the DFL-M510, the following fields must be completed. Email Address Type the administrator’s email address Type the IP of the SMTP server SMTP Server Type an ID if sender authentication is required...

  • Page 58

    All- Access from LAN and WAN (Note: This setting has no remote access restrictions; any IP address Server Access will have access to the DFL-M510.) WAN -Access from WAN only LAN- Access from LAN only The default option is Disable.

  • Page 59

    2. Click the Selected IP Address radio button and click Add. 3. Type in the IP Address and Subnet Mask for the PC that will access the DFL-M510 and click OK. The IP Address is added to the Selected IP Address window. Repeat steps 2 and 3 to add other IP Addresses.

  • Page 60

    When the settings are processed, the following screen appears: 5. Click OK to finish.

  • Page 61: Interface Tab

    INTERFACE TAB Click the Interface tab. The following screen appears. LINK SETTING Set the Ethernet ports for the speed you want and click Apply. WAN - 10/100/Half/Full/Auto Interface Link Setup LAN -10/100/Half/Full/Auto INTERFACE STEALTH SETTING The LAN/WAN Ports can be configured in Stealth Mode by selecting On. WAN - On/Off Stealth Mode LAN - On/Off...

  • Page 62

    After you make changes, click Apply. The new settings are processed and the following screen appears: Click OK to finish.

  • Page 63: Parameter Tab

    PARAMETER TAB Click the Parameter tab. The following screen appears. This tab defines management parameters.

  • Page 64

    • Reset the Connection • Log the Event • Save the Packet Message Content In Bypass mode, the DFL-M510 works like a bridge with all rules and actions disabled. This mode is designed to help network administrators to Bypass debug and trace network abnormalities. When Bypass mode is selected, the DFL-M510 will not detect or take action to security events in the network.

  • Page 65

    1s, and the following 0s. DMZ Bypass prevents the DFL-M510 as a bottleneck in your intranet. For example, the IP address of Mail / FTP server could be assigned in the DMZ Bypass configuration to provide wire speed traffic from the...

  • Page 66

    SETTING UP THE DMZ BYPASS FUNCTION In the following example, a mail server with the IP address 10.10.10.250 is added to DMZ Bypass. 1. Type in the IP address and the Subnet mask of the mail server. 2. Click Save. HOST/GROUPS BYPASS Hosts within the intranet which do not need to be monitored are added to the Bypassed User/Group.

  • Page 67

    Available Select the User or Group and click >> to add the User/Group to the User/Group Bypassed User/Group list. Bypassed Lists Users and Groups that have been added. User/Group After you make changes, click Save. The new settings are processed and the following screen appears: Click OK to continue.

  • Page 68: Vlan Tab

    802.1D bridging domain. The default VLAN’s domain shrinks as untagged ports are defined in other VLANs. If your have VLAN environment, and require the DFL-M510 recognize the VLAN tags, please configure VLAN settings before connecting the DFL-M510 to the intranet.

  • Page 69

    CONFIGURING VLAN SETTINGS The following is an example of a network environment with four VLAN sets. Item Description VID1 VID2 VID3 VID4 Management VID2 Refer to the following to configure the VLAN setting. 1. Click Interface and then select the VLAN tab. VLAN Enabled Enables or disables the VLAN function VID1 - VID7...

  • Page 70

    2. Click the VLAN Enabled checkbox to enable VLAN. 3. Type in each VID in the VID1 to VID7 boxes. The DFL-M510 supports up to seven VLANs. The Management VID must be either PVID, or VID1 to VID7. Configurations depend on your environment.

  • Page 71

    VLAN STATUS Management IP Shows the device IP address Shows the Management VLAN Group ID Management VLAN VID1 - VID7 Shows the ID of each VLAN...

  • Page 72: User Authentication

    CHAPTER 4: USER AUTHENTICATION THE USER AUTHENTICATION SCREEN After you log on, click User Authentication to open the following screen. ACCOUNTS Shows the current number of accounts Name Shows the name for each account ’ Role Shows the shows the level of the user s policy: Administrator;...

  • Page 73

    CREATING A NEW ACCOUNT To create a new account click Add. The Account Edit dialog box appears. Name Type a name for the account. Password Type a password. Confirm Password Retype the password. Privilege Assign privilege status: Administrator; Read Only; or Write. Click OK to confirm.

  • Page 74

    To review or audit an account, click Login Status. The following screen appears: A log is created each time a user logs on or logs out. Monitor this list for added security. See “Toolbar, Logging” on page 28.

  • Page 75: Chapter 5: Objects

    CHAPTER 5: OBJECTS In DFL-M510, the term “Objects” mainly refers to Hosts and Groups. A host is a client computer with a network interface. A group is a set of hosts. The DFL-M510 learns host information from packets passing through the device. Host information includes the MAC address, IP address and VLAN address.

  • Page 76: The Setup Hosts Tab

    MAC Based Management is enough to fulfill the deployment environment where a switch is attached to the LAN port of your DFL-M510. However, if there is a router attached to your LAN port, the DFL-M510 will recognize the router mac address only, it...

  • Page 77

    Hosts within 150 Bypass Hosts Hosts that are not monitored The DFL-M510 can manage 200 hosts. If you select Block, hosts that exceed 200 have no Internet access. If you select Forward, Other Hosts those hosts will be allowed to access the Internet, but will not be monitored by the DFL-M510.

  • Page 78

    2. Select Move to Standby. Notice, the State icon is now green, indicating the host is now in the Other Hosts category. ADDING A HOST Refer to the following to add a host. 1. Click Add.

  • Page 79: Exporting A Host Database

    2. Type in the required information and click OK. The new host is added to host table. EXPORTING A HOST DATABASE You can export a host database to reuse or to import into another DFL-M5 10. Refer to the following to export a host database. 1.

  • Page 80

    3. Enter a file name and click Save. 4. Click OK to confirm the export. 5. Click OK to continue.

  • Page 81: The Setup Groups Tab

    THE SETUP GROUPS TAB There is one Default Setup Group in the DFL-M510. The Setup Groups tab lets you add and configure additional Setup Groups. 1. To view the Setup Groups tab, click Objects > Setup Groups. GROUP SETTING Click to add a new Setup Group...

  • Page 82: Assign Hosts To Groups

    Add Subnet Click to add a sequential IP address range to a group. ASSIGNING HOSTS TO GROUPS You can assign a host to a group by checking the button crossing the host and the group. Refer to the following to add a host to a group. 1.

  • Page 83

    Select the host and click to add it to the Hosts in Selected Group window. Click Apply. 5. Click OK to finish. The new group is added to the Group Setting list.

  • Page 84: Chapter 6: Policy

    Keyword Filter Pattern Updates After the policy database is published and fetched, it is uploaded to the DFL-M510. To manage the users and applications, policies are defined and each of them complies with a company policy. Then each policy can be applied to a host or a group. We define a policy before applying it or creating a template.

  • Page 85: The Policy Setting Screen

    Every template, including the global template created by the device wizard, can be created or modified. The protocols displayed on the policy are described as follows. A. The IM Applications that can be managed by the DFL-M510 Item Protocol Management Type...

  • Page 86

    Web MSN Login ICQ5/ AIM 5.9.3759/ iChat 3.0.1 Chat File Transfer ICQ/ AIM/ iChat Audio Communication Video Communication Web ICQ Login 6.0.0.1921 Chat File Transfer Yahoo Messenger Audio Communication Video Communication Web Yahoo IM QQ V06.1.103.300/ QQ/ TM Login TM 2006 Gadu-Gadu Login Gadu-Gadu 7.1...

  • Page 87

    Application URL Keyword Upload Java Applet/ Active X Download Web Post Cookie B. The P2P/Remote Access Application that can be allowed/blocked by the DFL-M510 Item Protocol Software Version Internet File Shareaza 2.1.0.0 Sharing (P2P) BearShare 5.0.1.1 LimeWire 4.8.1 Gnutella Gnucleus 2.2.0.0 Morpheus 5.0...

  • Page 88

    10.5 MS Media Player 10.0 iTunes 4.9.0.17 Streaming QuickTime Media Winamp 5.09 Radio365 1.11 H.323 The DFL-M510 manages P2P downloads by using P2P Protocol. In this architecture, no matter what version of client is used, the DFL-M510 can manage it.

  • Page 89: The Template Setting Tab

    The DFL-M510 only supports HTTP download via Getright. The Policy Setting screen has the following three tabs: • “The Template Setting Tab” on page 80 • “The Assign Policy Tab” on page 83 • “The Policy Viewer Tab” on page 87 THE TEMPLATE SETTING TAB To view the Template Setting tab, click Policy >...

  • Page 90

    Changes made in the fields under Options apply to all patterns. THE OPTIONS PANE When a pattern is detected, the DFL-M510 takes certain management actions, such as blocking the connection, or notifying the administrator. There are five actions that can be taken:...

  • Page 91

    Send a message to the user and cut the web connection and replace it Web Message with a web page. When you turn off Messenger Service or enable Personal Firewall, the Win Popup Message function works correctly. DEFINING THE ACTIVE SCHEDULE It is possible to define the active time range of a pattern.

  • Page 92: The Assign Policy Tab

    DEFINE KEYWORD CONTENT Some patterns have constraint parameters. If such a pattern rule is selected, there is a constraint parameter section as following. Keyword: The user defined keyword to match the content of packets. THE ASSIGN POLICY TAB To view the Assign Policy tab, click Policy > Policy Setting > Assign Policy.

  • Page 93

    HOW TO ASSIGN A POLICY In the following example, the Security group is assigned a policy only allowing Web control such as Web browsing. 1. In the Template Setting tab, click Add to add a new template. 2. Configure Policy for application behavior management.

  • Page 94

    3. Click “Apply” to save the policy template. 4. Click the Assign Policy tab. Select the template you want to implement from the Available Templates pane...

  • Page 95

    5. Under Group/Host, select PM and click Apply.

  • Page 96: The Policy Viewer Tab

    THE POLICY VIEWER TAB In the Policy Viewer tab, you can view all policies of groups. In the example below, we check the policy of the PM group via the Assign Viewer tab, click Policy > Policy Setting > Policy Viewer, and then select PM in the Group/Host pane.

  • Page 97: User Defined Pattern

    USER DEFINED PATTERN The pattern database is made by a team of professional signature researchers. They are familiar with protocols, system vulnerability, and application patterns. After a new application pattern is detected, the pattern is put into the pattern database and published.

  • Page 98: Defining A Pattern By Protocol

    DEFINING A PATTERN BY PROTOCOL For example, a Streaming Media sees TCP 3001 ports to connect to Media servers. To block this Streaming Media game do the following. 1. In the User Defined Pattern screen, click Add. 2. Type in Streaming1 for the pattern name and click OK.

  • Page 99

    3. Input a pattern named Streaming 1, with category Streaming Media and TCP port 3001. 4. Click Save.

  • Page 100: Defining A Pattern By Server

    DEFINING A PATTERN BY SERVER In this scenario, a web chat application is always connecting to a network server with the IP address 140.126.21.4. You can block this web chat application and then click the Save button to add a new rule as follows. 1.

  • Page 101

    3. Input a rule name Web Chat 1, with category Web Control and servers, 140.126.21.4. 4. Click Save.

  • Page 102: The Schedule Screen

    The DFL-M510 supports 1500 sets of user-defined patterns by protocol and 1500 sets of user-defined patterns by Application Server. THE SCHEDULE SCREEN It is possible to define the active time range of a policy. The time range can be defined by the schedule.

  • Page 103: Message Setting

    To Add or Modify a schedule press the Add or Modify button to open the schedule editing dialog box. Modify the schedule name and check the hour tab to include or exclude the hour represented by the tab. MESSAGE SETTING In this section, you can edit popup or Web messages.

  • Page 104

    2. Under Popup Message to User, click Add. 3. Type a description and the content of the message and click OK.

  • Page 105: Keyword Filter

    When you turn off Messenger Service or enable Personal Firewall, the Win Popup Message function works correctly. KEYWORD FILTER The DFL-M510 provides the following keyword functions: • Web page keyword • URL keyword • MSN keyword These keyword functions are used to describe applications of MSN and Web browsers.

  • Page 106: Pattern Update

    You can register the DFL-M510 in D-Link's security portal by clicking on the "Register for Pattern Update or view current…" button. By clicking “Download Now”, you can immediately connect to the update server and manually download the latest pattern.

  • Page 107: Chapter 7: Real Time Monitor

    For Real-time Monitor to work properly, port 8801 - 8810 must be opened on the client PC to receive the analysis data from the DFL-M510. D-Link recommends not managing the DFL-M510 through a WAN link, since the Real-time Monitor feature would get data from the DFL-M510.

  • Page 108: Monitoring Real Time Traffic

    To monitor Real Time Traffic check the Real Time Traffic radio button. The number of bytes of all packets received ALL M510 The total amount of traffic the DFL-M510 can manage The number of bytes of packets that are identified as an application patter Drop...

  • Page 109: Monitoring Real Time Application

    Administrators can accumulate and analyze detected application patterns by information revealed from their packets. These are explained in the Top N analysis section. REFRESH TIME The system provides the new traffic status every thirty seconds. TRAFFIC LINES One line in the traffic chart means one meter of current time. Each line can be hidden or shown by clicking the check box before the specified label.

  • Page 110: Common Network Protocol

    The left of this screen displays the current application information; the right of this screen displays the accumulated application information for Top N analyzing. The right part is the same as the right part of real time traffic. There are three tables: the common network protocol table; the EIM table; and the health checking table.

  • Page 111: Health Checking

    Some packets try to get system authorized control and run as an operating system’s administrator without storing to the file system. These packets are invisible to almost all anti-virus software, but detectable by the DFL-M510. When those packets come from a host and are detected, the corresponding field shows a check mark to indicate the host has health concern problems.

  • Page 112: Eim

    The EIM table provides layer seven monitoring. A packet is classified by its application pattern and summarized into six categories: IM, P2P, Web application, file transfer, E-mail, and media. If a host is connecting to the Internet and identified as a category application, the table shows a check mark to indicate the host is currently running the application with that specific category.

  • Page 113: Two Levels Top 10 Analysis

    TWO LEVELS TOP 10 ANALYSIS Administrators can review detected application patterns by information revealed from its packets. All triggered incidents are categorized on the principle of sequence, health, time of occurrence, name of pattern, source address, destination address, counts, and responsive actions (dropping packets, disconnects, emailing the administrator in charge, or keeping logs of incidents,) and are all displayed in charts for administrators to quickly understand the present status of the network.

  • Page 114

    The lower list shows details of each category. When the IM category is chosen, the second level chart covers the first chart as follows: It would be understood that the MSN is the most frequent application within the IM category. If you press Reset, all data is erased.

  • Page 115

    TOP 10 APPLICATIONS / TOP 10 USERS In these charts, the first level shows the top 10 applications. When an application is chosen, the second level shows the top 10 users in the chosen application. The following means that the top application is MSN.

  • Page 116

    TOP 10 GROUPS/TOP 10 APPLICATIONS In these charts, the first level shows the top 10 groups. When a group is chosen, the second level shows the top 10 Applications. The following means that the top group is the default group.

  • Page 117

    TOP 10 USERS/TOP 10 APPLICATIONS In these charts, the first level shows the top 10 users. When a user is chosen, the second level shows the top 10 applications in the chosen user. The following means that the top user is Jeffrey.

  • Page 118

    TOP 10 HEALTH CONCERNS/TOP 10 USERS In these charts, the first level shows the top 3 health concerns. When a health concern is chosen, the second level shows the top 10 users in the chosen health concern. The following means that the top health concern is the illegal agent.

  • Page 119

    TOP 10 USER WITH HEALTH CONCERNS/TOP 10 HEALTH CONCERNS In these charts, the first level shows the top 10 users with health concerns. When a user is chosen, the second level shows the top 3 health concerns in the chosen user. The following means that the top user with health concern is CJHO.

  • Page 120: Chapter 8: Traffic Shaping

    CHAPTER 8: TRAFFIC SHAPING The Traffic Shaping enables bandwidth control over the Internet applications. System administrators can specify the bandwidth either for user groups or for applications.

  • Page 121: Traffic Shaping Policy For Applications

    DEFINING A TRAFFIC SHAPING POLICY FOR APPLICATIONS This scenario illustrates how to configure bandwidth limitation for applications. Here the example below demonstrates how to create a traffic shaping policy for BitTorrent. You can create a traffic shaping policy via click the Add for Application button, and then click the Apply button to add a traffic shaping policy as follows.

  • Page 122: Traffic Shaping Policy For User Groups

    3. Enable Traffic Shaping feature, and click Apply to take effective. DEFINING A TRAFFIC SHAPING POLICY FOR USER GROUPS This scenario illustrates how to configure bandwidth limitation for user groups. Here the example below demonstrates how to create a traffic shaping policy for the PM user group.

  • Page 123

    2. Provide the policy name UG_PM. In Group menu, select the PM user group; meanwhile assign bandwidth limitation, for instance 300KB for the user group. Then click the Apply button to add a new policy. 3. Click Apply to take the policy effective.

  • Page 124: The Command Line Interface

    DFL-M510 and its arguments via an RS-232 serial cable. The DFL-M510 devices provides terminal emulation and SSH connection service. Administrators can attach an RS-232 cable to the RS-232 console port on the DFL-M510, and log in with the super terminal program provided by Windows 95/98/2000/NT/XP; or use the remote login command line interface by using terminal connection software with SSHv2 encryption function.

  • Page 125: Getting Started

    Copyright (C) 2005 D-Link Corp. <www.dlink.com> DFL-M510 login: CLI Command List You can use the console or SSH to connect the DFL-M510. After login, you can use the CLI commands to configure the DFL-M510. The complete CLI commands are described as follows.

  • Page 126: Help Command

    Help Command Help is used for getting information of other command’s usage and argument configuration. Main Example Command description command command help get Display all information of “get” command. help set Display all information of “set” command. history help history Display all information of “help”...

  • Page 127

    (D) help exit >> help exit exit - Log out (E) help reboot >> help reboot reboot - Reboot system (F) help reset >> help reset reset - Reset system configurations to manufacturing defaults (G) help set >> help ping ping - Ping utility...

  • Page 128: Get Command

    Get Command This command will display all kinds of configuration information of the DFL-M510. Main Example Command description command command Display system configurations, including IP, system get system password and etc. time get time Display device clock setting state get state...

  • Page 129: Set Command

    (C) get state >> get state Operation mode: In-Line (D) get interface >> get interface Interface: WAN: auto. LAN: auto. Set Command Use this command to set the system’s parameter. Main Command description command command system Set system configurations, including IP, password and etc. time Set device clock state...

  • Page 130

    Set the VLAN environment vlan set system vlan related parameters name set system name Set device’s name Postfix Prefix Command comman Example command command command description set system Set TCP detect tcptimeout connection -2592000 tcptimeout timeout 6000 set system Turn on wan detect policy port’s policy wan on...

  • Page 131

    Prefix Example Command description command command set system vlan on Turn on VLAN function set system set system vlan off Turn off VLAN function vlan 1 - 4094 set system vlan 1 Set VLAN ID EXAMPLE (A) set system ip >>...

  • Page 132

    (F) set system detect policy wan on >> set system detect policy wan on Apply policy check for wan interface OK. (G) set system detect policy wan off >> set system detect policy wan off Remove policy check for wan interface OK. (H) set system detect policy lan on >>...

  • Page 133: Set Time" Command

    (N) set system detect tcpcoldstart 250 >> set system detect tcpcoldstart 250 Change TCP cold start duration time OK. (O) set system vlan on >>set system vlan on Turn on VLAN function. (P) set system vlan off >>set system vlan off Turn off VLAN function.

  • Page 134: Set State" Command

    Change time successfully ! Current time : (GMT + 0) Mon Apr 18 10:57:43 2005 DST time : (GMT + 0) Mon Apr 18 10:57:43 2005 System duration: 0 days 1:9:1 “SET STATE” COMMAND Prefix Example Command description command Set ISG to execute normally based on its inline Set state inline configured policy...

  • Page 135: Set Remote" Command

    “SET REMOTE” COMMAND Prefix Postfix Command description command command command command Enable remote access using browser from wan port Enable remote access using browser from lan port access Enable remote access using browser from wan and lan port Disable remote access using disable set remote browser...

  • Page 136

    EXAMPLE (A) set remote http access wan >> set remote http access wan Do you want to apply this setting immediately? Your current ssh/http connection will be cut off. (y/n) (B) set remote http access lan >> set remote http access lan Do you want to apply this setting immediately? Your current ssh/http connection will be cut off.

  • Page 137

    (H) set remote ssh access lan >> set remote ssh access lan Do you want to apply this setting immediately? Your current ssh/http connection will be cut off. (y/n) (I) set remote ssh access all >> set remote ssh access all Do you want to apply this setting immediately? Your current ssh/http connection will be cut off.

  • Page 138: Set Interface" Command

    “SET INTERFACE” COMMAND Main command Sub command Command description interface Set interface link mode EXAMPLE (A) set interface >> set interface Interface. WAN: auto LAN: auto Setup WAN port configuration : Specify auto mode or speed [auto / 10 / 100] : Specify stealth mode [on / off] : Setup LAN port configuration : Specify auto mode or speed [auto / 10 / 100] :...

  • Page 139: Exit Command

    Exit command shell EXAMPLE (A) exit >> exit Logout Welcome to D-Link DFL-M510 Console Environment Copyright (C) 2005 D-Link Corp. <www.dlink.com> DFL-M510 login: Reboot Command Use this command to reboot system. Main Sub command Example Command description...

  • Page 140: Reset Command

    Reset Command Use this command to reset system configuration to default settings. Main Sub command Example Command description command Reset system configuration to default settings, reset none reset type "y" to load default setting. EXAMPLE (A) reset >> reset This will set the system configuration to the default values, and then reboot the system.

  • Page 141: Appendix B: Glossary

    APPENDIX B: GLOSSARY Bandwidth The transmission capacity of a given device or network A Binary Digit (either a one or a zero); a single digit number in base-2. A bit is the smallest unit of computerized data. Bridge A device that connects two different kinds of local networks, such as a wireless network to a wired Ethernet.

  • Page 142

    FCC (Federal Communications Commission) The FCC (Federal Communications Commission) is in charge of allocating the electromagnetic spectrum and thus the bandwidth of various communication systems. Firewall A hardware or software "wall" that restricts access in and out of a network. Firewalls are most often used to separate an internal LAN or WAN from the Internet.

  • Page 143

    IRC (Internet Relay Chat) It is a way for multiple users on a system to “chat” over the network. ISP (Internet Service Providers) Provide connections into the Internet for home users and businesses. There are local, regional, national, and global ISPs. You can think of local ISPs as the gatekeepers into the Internet.

  • Page 144

    Router A device that connects two networks together. Routers monitor, direct and filter information that passes between these networks. RS-232 RS-232 is an EIA standard which is the most common way of linking data devices together. Server A computer, or a software package, that provides a specific kind of service to client software running on other computers.

  • Page 145

    URL (Uniform Resource Locator) URL is an object on the Internet or an intranet that resides on a host system. Objects include directories and an assortment of file types, including text files, graphics, video and audio. A URL is the address of an object that is normally typed in the Address field of a Web browser.

  • Page 146: Features And Specifications

    APPENDIX C: FEATURES AND SPECIFICATIONS Hardware Specification Ethernet 2 x 10/100 M auto-sensing auto-crossing with frog light Other port RS232(9 pin) LCD Module Blue background with white light LCD Panel Power AC LINE 100-240V AC 50-60Hz 0.8A MAX Dimension (L*D*H, mm) 440mm * 250mm * 44mm Features Specification Application Detection / Prevention / Management...

  • Page 147

    11. Morpheus 12. Bearshare 13. WimMX Web Browser Web Mail Login Application (HTTP/HTML) Web Uploading Post/Put Control Web Download Upload Web Posting Download Web IM Web URL Filter Keyword Web Content Cookie Retrieval Java Applet Anti-WebPage ActiveX/Java /ActiveX Applet Download Kidnap Webpage Application File...

  • Page 148: Lcm Module

    Helper Identification Hosts generated by Victim Trojan affected Hosts Spyware/ADware affected Hosts Intruded Hosts LCM Module Main Menu Sub-Menu Description Firmware Ver Device Status System Info. Policy Ver Policy Number Current Date Current Time Dev. Up Time CPU Load Memory Usage Current Session WAN RX Traffic Info.

  • Page 149: Other Specifications

    WAN Link Mode WAN Stealth Reset Reset Confirm Reboot Reboot Confirm Other Specifications Performance: 30-40 Mbps (All function enabled), Wires peed for L3 switching Concurrent Users: 150 Concurrent TCP Sessions: 4,000...

  • Page 150: Mechanic & Id Design Front Led Indicators

    Mechanic & ID Design Front LED indicators Function Naming Color Status LED description Power off Power Power Green Power on Power off (System not ready) System System Green System ready and running ok System bypass not enable Bypass Bypass System bypass or failed Ethernet link ok, and the speed is 10Mbps Inbound (left)

  • Page 151: Physical Environment

    Physical Environment Power ~ 25W Open Frame Switching Power Supply, Input AC range 100 ~ 240V 50/60Hz. Operation Temperature 0 – 60 Storage Temperature -20 – 70 Humidity Operation: 10%~90% RH Storage: 5%~90% RH...

  • Page 152: Index

    Hosts, assigning to groups 53 HTTP/SSH, remote management 30 Interface tab 28 Keyword content, template 65 Keyword filter 76 LCM Button Description 2 Log tab 94 Log, searching for 95 Logging on the DFL-M510 7 Logs, navigating 95 Maintenance screen 39...

  • Page 153

    Network analysis 84 Network screen 23 Network Setting tab 23 Network, status 98 Operation mode, inline, bypass, monitor 32 Parameter tab 32 Pattern, user defined 68 Policy rule, by server 71 Policy rule, defining 69 Policy screen 55 Policy Setting screen 58 Policy Status tab 100 Policy Viewer tab 68 Policy, how to assign 66...

Comments to this Manuals

Symbols: 0
Latest comments: