D-Link NetDefendOS User Manual page 848

ZoneDefense with Anti-Virus Scanning
ZoneDefense can also be used in conjunction with the NetDefendOS Anti-Virus scanning feature.
NetDefendOS can first identify a virus source through antivirus scanning and then block the
source by communicating with switches configured to work with ZoneDefense.
This feature can be activated via the following ALGs:
• HTTP - ZoneDefense can block an HTTP server that is a virus source.
• FTP - ZoneDefense can block a local FTP client that is uploading viruses.
• SMTP - ZoneDefense can block a local SMTP client that is sending viruses with emails.
Anti-virus scanning is described further in Section 6.5, "Anti-Virus Scanning" and in the sections
covering the individual ALGs.
ZoneDefense Limitations
There are some differences in ZoneDefense operation depending on the switch model:
• The first difference is the latency between the triggering of a blocking rule to the moment
when a switch actually starts blocking out the traffic matched by the rule. All switch models
require a short period of latency time to implement blocking once the rule is triggered. Some
models can activate blocking in less than a second while some models may require a minute
or more.
• A second difference is the maximum number of rules supported by different switches. Some
switches support a maximum of 50 rules while others support up to 800 (usually, in order to
block a host or network, one rule per switch port is needed). When this limit has been
reached no more hosts or networks will be blocked out.
Important: Clearing the ACL rule set on the switch
ZoneDefense uses a range in the ACL rule set on the switch. To avoid potential conflicts
in these rules and guarantee the firewall's access control, it is strongly recommended
that the administrator clear the entire ACL rule set on the switch before performing the
ZoneDefense setup.
848
Chapter 12: ZoneDefense