Editing Policies; Ordering Policies In Policy Lists - D-Link DFL-500 User Manual

Hide thumbs Also See for DFL-500:

Manual (122 pages)

User manual (114 pages)

Quick install manual (8 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

Table of Contents

Editing policies

To edit a policy:

Go to Firewall > Policy .

Select the tab for the policy list containing the policy to edit.

Choose the policy to edit and select Edit

Edit the policy settings as required.

You can change any of the policy settings.

Select OK to save your changes.

Ordering policies in policy lists

The DFL-500 matches policies by searching for a match starting at the top of the policy list and moving down

until it finds the first match. You must arrange policies in the policy list from more specific to more general.

For example, the default policy is a very general policy because it matches all connection attempts. To create

exceptions to this policy, they must be added to the policy list above the default policy. No policy below the

default policy will ever be matched.

Policy matching in detail

When the DFL-500 receives a connection attempt at an interface, it must match the connection attempt to a

policy in either the Int to Ext or Ext to Int policy list. The DFL-500 starts at the top of the policy list for the

interface that received the connection attempt and searches down the list for the first policy that matches the

connection attempt source and destination addresses, service port, and time and date at which the

connection attempt was received. The first policy that matches is applied to the connection attempt. If no

policy matches, the connection is dropped.

The default policy accepts all connection attempts from the internal network to the Internet. From the internal

network, users can browse the web, use POP3 to get email, use FTP to download files through the DFL-500

and so on. If the default policy is at the top of the Int to Ext policy list, the firewall allows all connections from

the internal network to the Internet because all connections match the default policy.

A policy that is an exception to the default policy (for example, a policy to block FTP connections), must be

placed above the default policy in the Int to Ext policy list. Then, all FTP connection attempts from the internal

network would match the FTP policy and be blocked. Connection attempts for all other kinds of services

would not match with the FTP policy but they would match with the default policy. So the firewall would still

accept all other connections from the internal network.

Changing the order of policies in a policy list

To rearrange policies:

Go to Firewall > Policy .

Select the tab for the policy list that you want to rearrange.

Choose a policy to move and select Move To

Type a number in the Move to field to specify where in the policy list to move the policy and select OK.

Select Delete

to remove a policy from the list.

DFL-500 User Manual

to change its order in the policy list.

Table of Contents

Editing Policies; Ordering Policies In Policy Lists - D-Link DFL-500 User Manual

Editing policies

Ordering policies in policy lists

Related Manuals for D-Link DFL-500

Related Content for D-Link DFL-500

Table of Contents