Page 1 DPtech FW1000 Series Firewall Products User Configuration Guide v1.0...
Page 2 Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any help, please contact Hangzhou DPtech Technologies Co., Ltd. and its sale agent, according to where you purchase their products. Hangzhou DPtech Technologies Co., Ltd. Address: 6th floor, zhongcai mansion, 68 tonghelu, Binjiangqu, Hangzhoushi...
Page 3 Owing to product upgrading or other reasons, information in this manual is subject to change. Hangzhou DPtech Technologies Co., Ltd. has the right to modify the content in this manual, as it is a user guides, Hangzhou DPtech Technologies Co., Ltd. made every effort in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind express or implied.
Page 4: Table Of Contents
Table of Contents CHAPTER 1 PRODUCT OVERVIEW 1.1 P RODUCT NTRODUCTION 1.2 WEB M ANAGEMENT 1.2.1 L OGGING IN TO THE ANAGEMENT NTERFACE 1.2.2 W NTERFACE AYOUT CHAPTER 2 SYSTEM MANAGEMENT 2.1 I NTRODUCTION TO YSTEM ANAGEMENT 2.2 D EVICE ANAGEMENT 2.2.1 D EVICE INFORMATION...
Page 5 2.16 M 2-53 ANAGEMENT CENTER CHAPTER 3 NETWORK MANAGEMENT 3-54 3.1 I 3-54 NTRODUCTION TO NETWORK MANAGEMENT 3.2 I 3-55 NTERFACE MANAGEMENT 3.2.1 N 3-55 ETWORKING CONFIGURATION 3.2.2 VLAN C 3-56 ONFIGURATION 3.2.3 I 3-57 NTERFACE CONFIGURATION 3.2.4 P 3-58 ORT AGGREGATION 3.2.5 P 3-59...
Page 6 3.11.2 RIP 3-94 3.11.3 OSPF 3-96 3.11.4 G 3-101 UARD ROUTE 3.12 IP 3-101 MULTICAST ROUTING 3.12.1 B 3-101 ASIC CONFIG 3.12.2 IGMP 3-102 SNOOPING 3.12.3 IGMP/IGMP 3-104 PROXY 3.12.4 PIM 3-106 3.12.5 MSDP 3-111 3.12.6 M 3-113 ULTICAST 3.12.7 M 3-113 ULTICAST SOURCE PROXY 3.12.8 M...
Page 7 3.22 D 3-138 IAGNOSTIC TOOLS 3.22.1 P 3-138 3.22.2 T 3-138 RACEROUTE 3.22.3 C 3-139 APTURE 3.23 LAN S 3-139 WITCH 3.23.1 S 3-139 PANNING TREE CHAPTER 4 FIREWALL 4-143 4.1 I 4-143 NTRODUCTION TO THE IREWALL 4.2 P 4-144 ACKET ILTERING OLICY...
Page 8 4.13.4 B 4-162 LACKNAME LOG QUERY 4.14 MAC/IP B 4-162 INDING 4.14.1 MAC/IP B 4-162 INDING 4.14.2 A 4-162 EARNING 4.14.3 U MAC B 4-166 INDING 4.14.4 U /IP B 4-165 INDING 4.14.5 B 4-167 INDING UERY 4.15 S 4-169 ESSION ANAGEMENT 4.15.1 S...
Page 9 CHAPTER 7 ACCESS CONTROL 7-195 7.1 R 7-195 IMITATION 7.1.1 I 7-195 NTRODUCTION TO THE IMITATION 7.1.2 R 7-196 IMIT 7.1.3 S 7-197 INGLE USER LIMIT 7.1.4 G 7-199 ROUP ANAGEMENT 7.1.5 N 7-200 ETWORK PPLICATION ROWSING 7.1.6 T 7-200 YPICAL CONFIGURATION FOR THE IMITATION 7.2 A...
Page 10 8.6.1 I SSL VPN 8-226 NTRODUCTION TO THE 8.6.2 SSL VPN 8-226 8.6.3 R 8-228 ESOURCES 8.6.4 U 8-229 SER MANAGEMENT 8.6.5 A 8-229 UTHENTICATION KEY 8.6.6 S 8-230 ECURITY POLICY 8.6.7 L 8-231 OG MANAGEMENT 8.6.8 R 8-232 EPORT FORMS CHAPTER 9 ONLINE BEHAVIOR MANAGEMENT 9-234 9.1 I...
Page 11 12.2 O 12-257 VERFLOW 12.2.1 O 12-257 VERFLOW PROTECT 12.3 H 12-257 OT STANDBY 12.3.1 H 12-257 OT STANDBY 12.3.2 H 12-258 ANDWORK SYNCHRONIZATION 12.3.3 B 12-258 ACKUP REBOOT 12.3.4 I 12-259 NTERFACE SYNCHRONIZATION GROUP List of Figures Figure1-1 WEB Management Interface ........................1-6 Figure1-2 Deploying of WEB Interface .........................
Page 12 Figure2-35 Upgrade progress interface ........................ 2-36 Figure2-36 URL classification filtering signature ....................2-36 Figure2-37 Signature version information ......................2-37 Figure2-38 Auto-upgrade settings ........................2-37 Figure2-39 Manual upgrade ..........................2-38 Figure2-40 Upgrade progress interface ........................ 2-39 Figure2-41 AV signature ............................2-39 Figure2-42 IPS signature ............................
Page 13 Figure3-21 IP address object ..........................3-65 Figure3-22 IP address object group ........................3-65 Figure3-23 IPv6 address ............................3-66 Figure3-24 MAC address ............................. 3-67 Figure3-25 MAC address group ........................... 3-67 Figure3-26 MAC address manage ........................3-68 Figure3-27 Account user ............................3-68 Figure3-28 Domain name .............................
Page 14 Figure3-68 IGMP snooping routing ........................3-104 Figure3-69 IGMP proxy ............................. 3-104 Figure3-70 IGMP SSM mapping ........................3-104 Figure3-71 IGMP Proxy ............................. 3-105 Figure3-72 IGMP status ............................. 3-106 Figure3-73 PIM ..............................3-107 Figure3-74 Static RP configuration ........................3-107 Figure3-75 Candidate RP configuration ......................3-108 Figure3-76 PIM interface configuration ......................
Page 15 Figure3-115 SVC mode ............................3-127 Figure3-116 CCC mode ............................3-127 Figure3-117 MARTINI mode ..........................3-127 Figure3-118 VPLS mode ............................ 3-127 Figure3-119 Display ARP ..........................3-128 Figure3-120 Static ARP ............................3-128 Figure3-121 Gratuitous ARP ..........................3-129 Figure3-122 Configure ARP probe period ......................3-129 Figure3-123 Anti-ARP snooping ........................
Page 16 Figure4-19 Address pool ............................ 4-155 Figure4-20 ALG configuration ........................... 4-156 Figure4-21 User-defined log ..........................4-156 Figure4-22 Basic attack protection ........................4-156 Figure4-23 Basic attack log query ........................4-158 Figure4-24 Network action manage ........................4-159 Figure4-25 Sessions Limit ..........................4-159 Figure4-26 Service Limit ............................ 4-160 Figure4-27 IPv4 blacklist configuration ......................
Page 17 Figure7-7 Network application browsing ......................7-200 Figure7-8 Access control ............................ 7-203 Figure7-9 Group management ..........................7-204 Figure7-10 Network application browsing ......................7-205 Figure7-11 URL classification filtering ......................7-207 Figure7-12 Customize URL classification ......................7-208 Figure7-13 Advanced URL filtering........................7-209 Figure7-14 Advanced URL filtering configuration .................... 7-210 Figure7-15 URL filter page push ........................
Page 18 Figure8-36 Online time ranking form ......................... 8-233 Figure8-37 Resource access form ........................8-233 Figure9-1 Traffic analysis........................... 9-234 Figure9-2 Traffic analysis........................... 9-234 Figure9-3 Policy configuration ........................... 9-235 Figure9-4 Advanced configuration ........................9-236 Figure9-5 Keyword filtering ..........................9-237 Figure9-6 Keyword filtering ..........................9-238 Figure10-1 Security center ..........................
Page 19 List of Tables Table2-1 Device information ..........................2-10 Table2-2 Device status ............................2-11 Table2-3 System threshold ........................... 2-13 Table2-4 SNMPv3 configuration ......................... 2-17 Table2-5 User management ..........................2-21 Table2-6 Current administrator ..........................2-22 Table2-7 Administrator settings configuration items ................... 2-22 Table2-8 Administrator authentication setting .....................
Page 20 Table3-14 BGP-VPN configuration items ......................3-81 Table3-15 RIP interface configuration ......................... 3-83 Table3-16 RIP advanced configuration ........................ 3-83 Table3-17 OSPF advanced configuration ......................3-85 Table3-18 OSPF area configuration ........................3-85 Table3-19 OSPF interface configuration ......................3-86 Table3-20 OSPF interface information......................... 3-87 Table3-21 OSPF neighbor information ........................
Page 21 Table4-4 One to one NAT configuration ......................4-151 Table4-5 Address pool configuration ......................... 4-152 Table4-6 Basic attack protection ........................4-157 Table4-7 Basic attack log query ......................... 4-158 Table4-8 Blacklist configuration ........................4-160 Table4-9 Blacklist query............................. 4-161 Table4-10 Blacklist log query ..........................4-162 Table4-11 MAC/IP binding ..........................
Page 22 Table9-3 Keyword filtering configuration items ....................9-237 Table9-4 Keyword filtering configuration items ....................9-238 Table10-1 Basic authentication configuration items ..................10-240 Table10-2 Webauth configuration items ......................10-241 Table10-3 TAC configuration items ......................... 10-242 Table10-4 Customer configuration ........................10-243 Table10-5 Web listen configuration items ......................10-244 Table10-6 Proscenium management .........................
Page 23: Chapter 1 Product Overview
Internet, understanding network system security status timely and accurately, which can detect the against security policy violation events, report logs and alarm in the real time. DPtech FW1000 Series are next-generation products designed for enterprise, telecom and industry users, providing users with all kinds of solutions under various network environments. DPtech FW1000 Firewall combines packet filtering function with VPN security protection;...
Page 24: Web Interface Layout
DPtech FW1000 Series Firewall Products User Configuration Guide Figure1-1 WEB Management Interface Caution: It is recommended that you should use IE 6.0 or higher. The resolution should be 1024 x 768 or higher. <Backward>, <Forward> and <Refresh> are not supported on the Web management interface. If you use these buttons, the Web page may not be displayed properly.
Page 25 DPtech FW1000 Series Firewall Products User Configuration Guide Figure1-2 Deploying of WEB Interface (1)Navigation bar (2)Shortcut area (3)Configuration area  Navigation bar: Lists all of the Web management function menus. You can choose the desired function menu, which is shown in the configuration area.
Page 26: Chapter 2 System Management
DPtech FW1000 Series Firewall Products User Configuration Guide Chapter 2 System Management 2.1 Introduction to System Management System management allows user to configure the related system management function, including:  Device management  SNMP configuration  RMON configuration  Administrator ...
Page 27: Device Management
DPtech FW1000 Series Firewall Products User Configuration Guide Figure2-1 System menu 2.2 Device Management 2.2.1 Device information Device information feature helps user to know the information about current system and the device, including system name, system time and system time zone, memory, external memory, serial number, PCB hardware version, software version, default management interface information, CPLD hardware version, Conboot version and power.
Page 28: Device Status
DPtech FW1000 Series Firewall Products User Configuration Guide Figure2-2 Device information Table2-1 describes the fields of device information. Table2-1 Device information Item Description System name Displays the name of the system. System time Displays the current time of the system.
Page 29: Table2-2 Device Status
DPtech FW1000 Series Firewall Products User Configuration Guide To enter the device status page, you can choose Basic > System management > Device management > Device status from navigation tree, as shown in Figure2-3. Figure2-3 Device status Table2-2 describes the details of device status.
Page 30: Device Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide 2.2.3 Device configuration 2.2.3.1 Device information settings Device information settings provide a function of modifying the system name and time. Users can modify the system threshold according to their requirement and select whether to enable the remote diagnostic function.
Page 31: Table2-3 System Threshold
DPtech FW1000 Series Firewall Products User Configuration Guide To enter the system time interface, you can choose Basic > System management > Device management > Information settings from navigation tree, as shown in Figure2-6. Figure2-6 System time settings To modify the system time, you can take the following steps: ...
Page 32 DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Mainboard temperature threshold Set the lower limit and upper limit of the mainboard temperature threshold. To configure system thresholds of the device, you can take the following steps:  Select Device Information Settings tab.
Page 33: Snmp Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide To enter the system parameter setting page, you can choose Basic > System management >Device management > System parameter settings, as shown in Figure2-10. Figure2-10 System parameter 2.2.3.3 Clear database Clear database function provides the function of clearing the database configuration. Clear the database and then the device will be rebooted.
Page 34: Snmp Version Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide 2.3.1 SNMP version configuration 2.3.1.1 SNMP Simple Network Management Protocol (SNMP) is the communication rule used for the management device and managed device in the network. It defines a series of information, method and grammar and used for the management device access and manage to the managed device.
Page 35: Table2-4 Snmpv3 Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide 2.3.1.2 SNMPv3 configuration Table2-4 describes the configuration items of SNMPv3. Table2-4 SNMPv3 configuration Item Description Username Allows you to configure a user name for the SNMPv3 Authenticate protocol Determining that the message is from a valid source. You should select an authenticate protocol, including none, MD5 and SHA.
Page 36 DPtech FW1000 Series Firewall Products User Configuration Guide  Select Basic > System management > SNMP configuration from navigation tree to enter the SNMP version interface.  Configure the device information, including device location, contact information, trap destination host. ...
Page 37: Rmon Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide 2.4 RMON configuration Remote Monitoring (RMON) defined by Internet Engineering Task Force (IETF), which is a kind of Management Information Base (MIB), reinforcement of the MIB II standard. RMON is mainly used to monitor one network segment or the whole network traffic, which is the widely used network management standard at present.
Page 38: History
DPtech FW1000 Series Firewall Products User Configuration Guide 2.4.2 History 2.4.2.1 History The history group periodically collects statistics on data at interfaces and saves the statistics in the history record table for query convenience. The statistics data includes bandwidth utilization, number of error packets, and total number of packets.
Page 39: Administrator
DPtech FW1000 Series Firewall Products User Configuration Guide Figure2-20 RMON log 2.5 Administrator 2.5.1 Introduction to administrator The administrator allows user to add, modify and delete an administrator. Administrators log in web management interface with different privilege, authentication method, and web access protocol and port.
Page 40: Table2-6 Current Administrator
DPtech FW1000 Series Firewall Products User Configuration Guide Table2-6 describes the details of current administrator. Table2-6 Current administrator Item Description Administrator Displays the name of the administrator who has logged into the web management interface. Logon time Displays the specific time of the administrator who has logged on the device.
Page 41 DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Consists of alphanumeric characters, case sensitive, and allows using space and special character. The length of the description is from 0 to 40 characters. Level Set the administrator permission level.
Page 42: Table2-8 Administrator Authentication Setting
DPtech FW1000 Series Firewall Products User Configuration Guide Caution： Default password cannot be used when you add an administrator, please confiure the password corresponding to the rule. You cannot lock administrator when you add the administrator. Default status is normal. If you require to lock the administrator, you should lock the administrator after you create it.
Page 43 DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Radius authentication To authenticate administrator’s name and password through Radius server, please configure the following parameters:  Server IP address  Authentication port number  Shared key  Authentication packet timeout time ...
Page 44: Table2-9 Login Parameter Settings
DPtech FW1000 Series Firewall Products User Configuration Guide Figure2-24 Login parameter settings Table2-9 describes the details of login parameter settings. Table2-9 Login parameter settings Item Description Idle timeout Set the idle timeout for the current administrator. If an administrator did not perform any operations in that time, the administrator will be quit by the system forcedly.
Page 45: Authority Management
DPtech FW1000 Series Firewall Products User Configuration Guide Caution： If an user has been locked, whether you enter correct password or not, the system will prompt you that the user has been locked, please try it again later ! 2.5.2 Authority management User can login to the web management page according to different privileges, and also user can login to the web management page as their requirements.
Page 46: Web Access Protocol
DPtech FW1000 Series Firewall Products User Configuration Guide 2.5.3 WEB access protocol On the web access protocol interface, you can configure web access protocol and port. To enter the WEB access protocol interface, you can choose Basic > System management > Administrator >...
Page 47: Remote User
DPtech FW1000 Series Firewall Products User Configuration Guide To enter the limited interface service page, you can choose Basic > System management > Administrator > Interface service limit from navigation tree, as shown in Figure2-27. Figure2-27 Interface service Table2-12 describes the configuration items of interface service.
Page 48: Configuration File
DPtech FW1000 Series Firewall Products User Configuration Guide Table2-13 Remote user Item Description Client IP Displays the IP address that the client used to login to the web. Client port Displays the login user port number. Login type Displays the client login type, including telnet and SSH method.
Page 49: Table2-14 Configuration File Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Figure2-29 Configuration file Table2-14 describes the configuration items of configuration file. Table2-14 Configuration file configuration items Item Description Configuration file Displays the name of the configuration file. The first line displays factory default configuration file.
Page 50: Hot Patching
DPtech FW1000 Series Firewall Products User Configuration Guide  Click Browse button which beside the file path, and select a configuration file to be downloaded, and click Download button  The downloaded configuration file displays in the configuration file list. Click the switch icon to switch configuration file.
Page 51: Signature Database
DPtech FW1000 Series Firewall Products User Configuration Guide To enter the patch page, you can choose Basic > System management > Administrator > Patch from navigation tree, as shown in Figure2-29. Figure2-30 Hot patching 2.8 Signature database 2.8.1 APP signature 2.8.1.1 Introduction to the APP signature...
Page 52: Table2-15 Version Information
DPtech FW1000 Series Firewall Products User Configuration Guide Table2-15 describes the details of the version information. Table2-15 Version information Item Description Current version Displays the release date, signature version and update time of the current APP signature. History version Displays the release date, signature version of the version which you have updated last time.
Page 53: Table2-17 Manual Upgrade Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Click the check box of the enable auto-upgrade, and then the configuration can be used. Start time Sets the auto-upgrade start time. Time interval Sets the auto-upgrade time interval. Upgrade address Sets the IP address for signature database auto-upgrading.
Page 54: Url Classification Filtering Signature
DPtech FW1000 Series Firewall Products User Configuration Guide Note: During signature database upgrade process, the interface will skip to the upgrade process interface. Figure2-35 Upgrade progress interface 2.8.2 URL classification filtering signature 2.8.2.1 Introduction to URL classification filtering signature URL classification filtering signature module displays URL classification filtering signature version information and allows user to upgrade URL classification filtering signature database automatically or manually.
Page 55: Table2-18 Version Information
DPtech FW1000 Series Firewall Products User Configuration Guide Figure2-37 Signature version information Table2-18 describes the details of the version information. Table2-18 Version information Item Description Current version Displays the release date, signature version and update time of the current URL classification filtering signature.
Page 56: Table2-19 The Auto-Upgrade Settings
DPtech FW1000 Series Firewall Products User Configuration Guide Table2-19 The auto-upgrade settings Item Description Enable Auto-upgrade Configure whether to enable or disable the auto-upgrade function. Click the check box of the enable auto-upgrade, and then the configuration can be used.
Page 57: Av Signature
DPtech FW1000 Series Firewall Products User Configuration Guide  Select which upgrade packet to be downloaded.  After you finish the above steps, click Confirm button in the right side in the upper right corner. Note ： During signature database upgrade process, the interface will skip to the upgrade process interface.
Page 58: License Management
DPtech FW1000 Series Firewall Products User Configuration Guide Figure2-42 IPS signature 2.8.5 License management License management module is the license registered page that allows you to import and export license file. To enter license management page, you can choose Basic > System Management > Signature database >...
Page 59: Software Version
DPtech FW1000 Series Firewall Products User Configuration Guide 2.9 Software version Software version provides the function of managing and upgrading device software version. To enter the software version interface, you can choose Basic > System Management > Software Version from navigation tree, as shown in Figure2-44.
Page 60: Ntp
DPtech FW1000 Series Firewall Products User Configuration Guide  Reboot your device. Configurations take effect. 2.10 NTP NTP is intended for the clock synchronization of all devices in the network, keeping time consistent for all devices, so that the devices can provide multiple applications based on time synchronization.
Page 61: Table2-23 Ntp Client Mode
DPtech FW1000 Series Firewall Products User Configuration Guide NTP server mode configuration steps:  Select server mode as NTP work mode  Configure NTP server address and domain name, select whether the server is a master server.  Configure NTP client segment and mask ...
Page 62: Virtual Management System
DPtech FW1000 Series Firewall Products User Configuration Guide 2.11 Virtual management system 2.11.1 Virtual management system configuration Virtual management system is a new system generated by the existing operation system. Meanwhile it also has the same function with original system that can be switched to the original system flexibly.
Page 63: Ovc
DPtech FW1000 Series Firewall Products User Configuration Guide 2.12 OVC To enter the OVC configuration page, you can choose Basic > System Management > OVC from navigation tree, as shown in Figure2-48. Figure2-49 OVC configuration 2.13 VRF VPN Routing and Forwarding (VRF) is a technology used in computer networks that allows multiple instances of a routing table to co-exist within the same router at the same time.
Page 64: Digital Certificate
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Interface Select one interface or several interfaces for each virtual interface. Manage server Select whether to enable the managing service function. Operation Click the copy icon that you can copy an entry of the VRF configuration.
Page 65: Table2-26 Device Information Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide To enter the device information configuration page, you can choose Basic > System management > Digital certification > Certification configuration from navigation tree, as shown in Figure2-52. Figure2-52 Device information configuration Table2-26 describes the configuration items of the device information configuration.
Page 66: Table2-27 Ca Server Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Figure2-53 CA server configuration Table2-27 describes the configuration items of CA server. Table2-27 CA Server configuration items Item Description CA ID Configure the CA ID Certificate application URL Configure the certificate application URL...
Page 67: Certificate Management
DPtech FW1000 Series Firewall Products User Configuration Guide Figure2-54 CRL server configuration Table2-28 describes the details of CRL server configuration Table2-28 CRL server configuration Item Description How to get URL Select how to get the URL. Obtain CRL URL Set the URL for manual configuring the CRL.
Page 68 DPtech FW1000 Series Firewall Products User Configuration Guide Figure2-55 Certificate management Key management is used to generate new key of the certificate and allows you to view or hide key information. To enter to the key management page, you can choose the Basic > System management > Digital certificate >...
Page 69: Table2-29 Certification Management
DPtech FW1000 Series Firewall Products User Configuration Guide Figure2-57 Certificate application Certificate management module provides two methods to obtain certificate, including import certificate offline and the obtain certificate online. To view certificate management, you can choose Basic> System management > Digital certification >...
Page 70: Installation Package
DPtech FW1000 Series Firewall Products User Configuration Guide CRL management provides these functions: offline import CRL function, start/stop CRL query, and export CRL files, and allows you to manage CRL, such as view the detailed information of a CRL and delete the CRL.
Page 71: Management Center
DPtech FW1000 Series Firewall Products User Configuration Guide To download an installation package:  Click Browse button and select an installation package to be downloaded  Click Download button 2.16 Management center Centralized management is a method of the firewall using an interface to manage several firewalls in the network.
Page 72: Chapter 3 Network Management
DPtech FW1000 Series Firewall Products User Configuration Guide Chapter 3 Network Management 3.1 Introduction to network management Network management provides the related function about device network management:  Interface management  3G Dial-up  Network object  Forwarding  IPv6_Tunnel ...
Page 73: Interface Management
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-1 Manage center 3.2 Interface management Interface management provides function of configuring network mode, such as networking configuration, VLAN configuration, interface configuration, port aggregation, and logic interface configuration. 3.2.1 Networking configuration User can configure the FW device’s interface working mode according to their requirement for the network mode and select the interface type.
Page 74: Vlan Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-2 Networking configuration 3.2.2 VLAN Configuration VLAN configuration provides the function of configuring VLAN ID and applying the VLAN ID to Layer 2 network mode interface for users. 3.2.2.1 VLAN Interface Configuration To enter the VLAN interface configuration page, you can choose Basic>...
Page 75: Interface Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-4 VLAN frame manage 3.2.3 Interface configuration 3.2.3.1 Interface configuration Service interface configuration allows user to view and modify the interface status of the device. To enter the interface configuration page, you can choose Basic> Network > Interface management > Interface configuration, as shown in Figure3-5.
Page 76: Port Aggregation
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-6 Interface rate beyond warning 3.2.4 Port aggregation 3.2.4.1 Port aggregation configuration Port aggregation binds multiple links together to form a logical channel, so that it can increase link bandwidth. In the meanwhile, those bound together links can dynamically backup with each other which enhance the link reliability.
Page 77: Port Mirroring
DPtech FW1000 Series Firewall Products User Configuration Guide 3.2.5 Port mirroring 3.2.5.1 Local mirroring To enter the local mirroring page, you can choose Basic> Network > Interface management > Local mirroring, as shown in Figure3-9. Figure3-9 Local mirroring 3.2.5.2 Remote source mirroring To enter the local mirroring page, you can choose Basic>...
Page 78 DPtech FW1000 Series Firewall Products User Configuration Guide 3.2.6.1 Sub interface configuration To enter the sub interface configuration page, you can choose Basic> Network > Interface management > Logic interface > Sub interface, as shown in Figure3-12. Figure3-12 Sub interface configuration 3.2.6.2 Loopback interface configuration...
Page 79: Gre
DPtech FW1000 Series Firewall Products User Configuration Guide 3.2.6.5 IPsec interface To enter the IPsec interface page, you can choose Basic> Network > Interface management > Logic interface > IPsec interface from navigation tree, as shown in Figure3-16. Figure3-16 IPsec interface 3.2.7 GRE...
Page 80: Network Object
DPtech FW1000 Series Firewall Products User Configuration Guide 3.4 Network object 3.4.1 Security zone 3.4.1.1 Introduction to security zone Traditional firewall policies are configured based on packet inbound and outbound interfaces on early dual-homed firewalls. With the development of firewalls, they can not only connect the internal and external network, but also connect the internal network, external network, and the Demilitarized Zone (DMZ).
Page 81: Table3-1 Security Zone Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Table3-1 Security zone configuration items Item Description Serial number Allows you to view the serial number of the security zone. Zone name Allows you to specify a name for the security zone.
Page 82: Ip Address
DPtech FW1000 Series Firewall Products User Configuration Guide untrusted network, and you need to use strict security rules to control access from the external network to the internal network and the server. You can deploy the external network in the Untrust zone with a lower priority and connect the interface gige 0_0 on Device to the external network.
Page 83: Table3-2 Ip Address Object Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-21 IP address object Table3-2 describes the configuration items of the IP address object. Table3-2 IP address object configuration items Item Description Serial number Displays the serial number of the IP address object.
Page 84: Ip V 6 Address
DPtech FW1000 Series Firewall Products User Configuration Guide Table3-3 IP address object group Item Description Displays the sequence number of the IP address object. Name Displays the name of the IP address object. Content Displays the net address object. Description Displays the description of the IP address object group.
Page 85: Mac Address
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-24 MAC address 3.4.4.2 MAC Address Group To enter the MAC address group page, you can choose Basic> Network > Network object > MAC address group from navigation tree, as shown in Figure3-25.
Page 86: Account
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-26 MAC address manage 3.4.6 Account A user, which is added into the account list can access to the Internet. 3.4.6.1 Account user To enter the account user page, you can choose Basic> Network > Network object > Account > Account user from navigation tree, as shown in Figure3-27.
Page 87: Domain Name
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Displays the sequence of account user. Account list Allows you to configure the account user manually. Description Allows you to configure the description of the account user. Operation Click copy or delete icon to do operations.
Page 88: Forwarding
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-29 Predefined service object 3.4.8.2 User-defined service object To enter the user-defined service object, you can choose Basic> Network > Network object > Service > User-defined service object from navigation tree, as shown in Figure3-30.
Page 89: Forwarding Mode
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-32 Forwarding 3.5.2 Forwarding mode To enter the forwarding mode page, you can choose Basic> Network > Network object > Forwarding > Forwarding mode from navigation tree, as shown in Figure3-33. Figure3-33 Forwarding mode 3.5.3 Neighbor discover...
Page 90: Trans
DPtech FW1000 Series Firewall Products User Configuration Guide 3.6 Trans_Tech 3.6.1 DS_LITE To enter the DS_Lite page, you can choose Basic> Network > Trans_Tech > DS_Lite from navigation tree, as shown in Figure3-35. Figure3-35 DS_Lite 3.7 6to4 tunnel To enter the 6to4 tunnel page, you can choose Basic> Network > 6 to4 tunnel from navigation tree, as shown in Figure3-37.
Page 91: Autoconfig
DPtech FW1000 Series Firewall Products User Configuration Guide 3.8 Autoconfig 3.8.1 Stateless configuration To enter the stateless configuration page, you can choose Basic> Network > Stateless configuration, as shown in Figure3-37. Figure3-37 Stateless configuration 3.9 IPv4 unicast routing 3.9.1 IPv4 unicast routing IPv4 unicast routing allows you to configure IPv4 static routing manually.
Page 92: Table3-7 Configure Static Route
DPtech FW1000 Series Firewall Products User Configuration Guide In actual, all route entries have their explicit next hop addresses. When data packet are sent, their destination address will be looked up in the routing table and find out which route can be matched. Only if you specify the next hop, link layer find the corresponding layer address and forward data packet.
Page 93: Routing Table
DPtech FW1000 Series Firewall Products User Configuration Guide 3.9.2.2 Monitoring To enter the health check page, you can choose Basic> Network > IPv4 unicast routing > Health check from navigation tree, as shown in Figure3-39. Figure3-39 Health check To configure static route, you should take the following steps: 1.
Page 94: Detailed Routing Table
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-40 Basic routing table Table3-8 describes the configuration items of the basic routing table. Table3-8 Basic routing table Item Description Destination network segment Allows you to view the destination network segment Subnet mask Allows you to view the destination subnet mask.
Page 95: Equal-Cost Route
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-41 Detailed routing table Table3-9 describes the configuration items of the detailed routing table. Table3-9 Detailed routing table configuration items Item Description Destination subnet Allows you to view the destination IP address.
Page 96: Bgp
DPtech FW1000 Series Firewall Products User Configuration Guide To enter the equal-cost route page, you can choose Basic> Network > IPv4 unicast routing > Equal-cost route load balancing from navigation tree, as shown in Figure3-42. Figure3-42 Equal-cost route 3.10.4 BGP 3.10.4.1 Introduction to BGP...
Page 97: Table3-11 Bgp Advanced Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Neighbor AS Displays neighbor AS The max hop of EBGP Displays the max hop of EBGP Authentication information Allows you to select a method of BGP authentication, include none and MD5.
Page 98: Table3-12 Bgp Advanced Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Table3-12 BGP advanced configuration Item Description Destination network segment Configure destination network segment for route aggregation. Subnet mask Configure the mask for the route aggregation. Advanced configuration Select the options: Compute AS-PATH attributes when route aggregating.
Page 99: Table3-14 Bgp-Vpn Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide  Select Basic> System > Virtual system from navigation tree to enter the virtual system interface, and click the enable virtual system configuration.  Select Basic> System > VRF from navigation tree to enter the VRF interface, and create a new VRF, such as VRF_A, select a virtual system and an interface for the VRF.
Page 100: Rip
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Neighbor status Displays the status of the neighbor. Local outbound interface ID Displays the ID of local outbound interface. Established time Displays the time when BGP neighbor is established. Timeout time Displays the timeout time of the BGP neighbor.
Page 101: Table3-15 Rip Interface Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Table3-15 RIP interface configuration Item Description Interface name Displays the name of the interface. Enabling status Allows you to enable or disable an interface that run RIP protocol. Authentication information Allows you to configure RIP authentication information.
Page 102: Ospf
DPtech FW1000 Series Firewall Products User Configuration Guide 3.10.6 OSPF Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the Internet Engineering Task Force (IETF). OSPF has the following features: ...
Page 103: Table3-17 Ospf Advanced Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Table3-17 describes the details of the OSPF advanced configuration Table3-17 OSPF advanced configuration Item Description Route priority Configure the route priority of the device. Route device ID Configure the ID number of the router device.
Page 104: Table3-19 Ospf Interface Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide  Select an interface for the area configuration  Configure the advanced configuration for the area  Click Ok button in the upper right corner on the webpage Table3-19 describes the details of the OSPF interface configuration.
Page 105: Table3-20 Ospf Interface Information
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-49 OSPF interface information Table3-20 describes the details of the OSPF interface information. Table3-20 OSPF interface information Item Description Querying item Allows you to select an item to be queried Keyword Interface information that contains keyword.
Page 106: Is-Is
DPtech FW1000 Series Firewall Products User Configuration Guide Table3-21 describes the details of the OSPF neighbor information. Table3-21 OSPF neighbor information Item Description Querying item Allows you to select an item to be queried. Keyword Interface information that contains keyword.
Page 107: Table3-22 Is-Is Advanced Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-51 Configure IS-IS Table3-22 describes the details of IS-IS advanced configuration. Table3-22 IS-IS advanced configuration Item Description Level Displays the area. Configure the NET address. Redirect route Allows you to configure the redistributed route.
Page 108: Table3-24 Is-Is Neighbor
DPtech FW1000 Series Firewall Products User Configuration Guide  Click advanced configuration.  Configure IS-IS level, including Level1, Level2, and Level1and Level2  Configure the NET  Enable an interface  Click Ok button in the upper right corner. 3.10.7.2 IS-IS neighbor information To enter the configure IS-IS neighbor information page, you can choose Basic>...
Page 109: Guard Route
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-53 ISIS LSP Table3-25 describes the details of ISIS LSP information Table3-25 ISIS LSP Item Description LSP ID Displays the LSP ID. Level Displays the IS-IS Level. Sequence Number Displays the sequence number.
Page 110: Ipv 6 Unicast Routing
DPtech FW1000 Series Firewall Products User Configuration Guide 3.11 IPv6 unicast routing IPv6 unicast routing allows user to configure IPv6 static routing manually. After you configured IPv6 static routing, data packets will be transmitted to the desired destination. 3.11.1 Static route To enter the static route page, you can choose Basic>...
Page 111: Table3-26 Basic Routing Table
DPtech FW1000 Series Firewall Products User Configuration Guide To enter the basic routing table page, you can choose Basic> Network > IPv6 unicast routing > Basic routing table from navigation tree, as shown in Figure3-56. Figure3-56 Basic routing table Table3-26 describes the details of basic routing table.
Page 112: Ripng
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-57 Detailed routing table Table3-27 describes the details of the detailed routing table. Table3-27 Detailed routing table Item Description Destination subnet Allows you to view the destination IP address. Subnet mask Allows you to view the subnet mask of the destination IP address.
Page 113: Table3-28 Ripng Interface Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide 3.11.2.1 RIPng To enter the RIPng page, you can choose Basic> Network > IPv6 unicast routing > RIPng from navigation tree, as shown in Figure3-58. Figure3-58 RIPng configuration Table3-28 describes the details of RIPng interface configuration.
Page 114: Ospfv
DPtech FW1000 Series Firewall Products User Configuration Guide Table3-29 RIPng advanced configuration Item Description Route update timer Specify the update route time interval. Route aging timer Specify the route aging time. Garbage recycle timer Specify the deleted time interval of out routing table.
Page 115: Table3-30 Ospfv3 Area Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-59 OSPFv3 configuration OSPFv3 area configuration shows in Figure3-60. Figure3-60 OSPFv3 area configuration Table3-30 describes the details of OSPFv3 area configuration. Table3-30 OSPFv3 area configuration Item Description Create an area Create an OSPFv3 area.
Page 116: Table3-31 Ospfv3 Interface Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide To configure the OSPFv3 area configuration:  Click create an area  Type in area ID  Add the interface into the new created area.  Click Ok button in the upper right.
Page 117: Table3-32 Ospfv3 Advanced Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Table3-32 describes the details of OSPFv3 advanced configuration. Table3-32 OSPFv3 advanced configuration Item Description Router device ID Specify the router device ID Redistribute a route Specify the redistributed route of OSPF To configure OSPFv3 advanced configuration: ...
Page 118: Table3-34 Ospfv3 Neighbor Information
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Displays DR of an area Displays BDR of an area Neighbor count Displays the number interface neighbor. 3.11.3.3 OSPFv3 neighbor information To access the OSPFv3 interface information, you can click Basic >Basic > Network > IPv6 unicast routing >...
Page 119: Guard Route
DPtech FW1000 Series Firewall Products User Configuration Guide 3.11.4 Guard route To enter the guard route page, you can choose Basic> Network > IPv4 unicast routing > Guard, as shown in Figure3-54. Figure3-64 Guard route 3.12 IPv4 multicast routing The multicast technique effectively addresses the issue of point-to-multipoint data transmission. By allowing high-efficiency point-to-multipoint data transmission over an IP network, multicast greatly saves network bandwidth and reduces network load.
Page 120: Igmp Snooping
DPtech FW1000 Series Firewall Products User Configuration Guide Table3-35 Basic config Item Description Interface name Allows you to view all interfaces of the device. Enabling status Allows you to disable or enable the interface. Multicast border Allows you to configure multicast address and subnet mask.
Page 121: Table3-37 Igmp Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Quick leave Allows you to select whether to enable the quick leave function. With quick leave processing function enabled, when the device receives an IGMP leave message on a port, the device directly removes that port from the forwarding table entry for the specific group.
Page 122: Igmp/Igmp Proxy
DPtech FW1000 Series Firewall Products User Configuration Guide 3.12.2.3 IGMP snooping routing To enter the IGMP snooping routing page, you can choose Basic> Network > IPv4 multicast routing > IGMP proxy from navigation tree, as shown in Figure3-44. Figure3-68 IGMP snooping routing 3.12.3 IGMP/IGMP proxy...
Page 123: Table3-38 Igmp Proxy
DPtech FW1000 Series Firewall Products User Configuration Guide 3.12.3.3 IGMP proxy To enter the IGMP proxy page, you can choose Basic> Network > IPv4 multicast routing > IGMP/IGMP Proxy > IGMP proxy from navigation tree, as shown in Figure3-71. Figure3-71 IGMP Proxy Table3-38 describes the configuration items of IGMP proxy.
Page 124: Pim
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-72 IGMP status Table3-39 describes the configuration items of the IGMP status. Table3-39 IGMP status Item Description Number Displays the sequence number of the IGMP. Interface name Displays the name of the IGMP interface.
Page 125: Table3-40 Candidate Bsr Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-73 PIM Table3-40 describes the details of candidate BSR configuration. Table3-40 Candidate BSR configuration Item Description Candidate BSR enable status Select the enabling status of BSR, including enable and disable. Candidate BSR interface Configure the candidate BSR interface.
Page 126: Table3-42 Candidate Rp Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Static RP address Configure the static RP address. Static RP boundary Configure the static RP boundary. To configure candidate RP configuration, you can choose Basic> Network > IPv4 multicast routing > PIM >...
Page 127: Table3-44 Global Zone Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Enable mode Select whether to enable the PIM-SM or PIM-DM mode. Hello interval Select the Hello interval which counts in unit of second. DR priority Configure the DR priority. BSR border Select the enabling status of BSR border, including enable and disable.
Page 128: Table3-45 Global Zone Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Table3-45 Global zone configuration Item Description SCOPE Configure SCOPE. Hash mask length Set the hash mask length. Priority Set the priority. Operation Click insert or delete icon to do the operations. To configure global zone configuration, you should take the following steps: ...
Page 129: Msdp
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-79 BSR status 3.12.4.5 RP-Mapping To enter the RP-Mapping page, you can choose Basic> Network > IPv4 multicast routing > PIM > RP-Mapping from navigation tree, as shown in Figure3-80. Figure3-80 RP-Mapping 3.12.5 MSDP...
Page 130 DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-81 MSDP 3.12.5.2 Peer status To enter peer status page, you can choose Basic> Network > IPv4 multicast routing > MSDP > Peer status from navigation tree, as shown in Figure3-82. Figure3-82 Peer status 3.12.5.3 Cache status...
Page 131: Multicast Vpn
DPtech FW1000 Series Firewall Products User Configuration Guide 3.12.6 Multicast VPN To enter the Multicast VPN page, you can choose Basic> Network > IPv4 multicast routing > Multicast VPN from navigation tree, as shown in Figure3-84. Figure3-84 Multicast VPN 3.12.7 Multicast source proxy To enter the multicast source proxy page, you can choose Basic>...
Page 132: Multicast Static Routing
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-87 Multicast destination NAT 3.12.10 Multicast static routing To enter the multicast static routing page, you can choose Basic> Network > IPv4 multicast routing > Multicast static routing from navigation tree, as shown in Figure3-88.
Page 133 DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-90 PIM multicast routing table 3.12.11.3 IGMP mulitcast routing table To enter the IGMP multicast routing table page, you can choose Basic> Network > IPv4 multicast routing > IGMP multicast routing table, as shown in Figure3-91.
Page 134: Basic Config
DPtech FW1000 Series Firewall Products User Configuration Guide 3.13 IPv6 multicast routing 3.13.1 Basic Config To enter the basic config page, you can choose Basic> Network > IPv6 multicast routing > Basic config, as shown in Figure3-93. Figure3-93 Basic config Table3-46 describes the details of basic config.
Page 135: Pim
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-94 MLD snooping 3.13.2.2 MLD To enter the MLD page, you can choose Basic> Network > IPv6 multicast routing > MLD from navigation tree, as shown in Figure3-95. Figure3-95 MLD 3.13.2.3 MLD status To enter the MLD status page, you can choose Basic>...
Page 136: Table3-47 Global Zone Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide 3.13.3.1 PIM To enter the PIM page, you can choose Basic> Network > IPv6 multicast routing > PIM from navigation tree, as shown in Figure3-97. Figure3-97 PIM 3.13.3.2 Admin scope zone To enter the admin scope zone page, you can choose Basic> Network > IPv6 multicast routing > PIM > Admin scope zone from navigation tree, as shown in Figure3-98.
Page 137: Table3-48 Global Zone Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide To configure Global zone configuration, you can take the following steps:  Select to enable Global zone configuration and configure other configuration.  Click Ok button in the upper right corner on the webpage.
Page 138: Pim Multicast Routing Table
DPtech FW1000 Series Firewall Products User Configuration Guide 3.13.3.4 BSR status To enter the BSR status page, you can choose Basic> Network > IPv6 multicast routing > PIM > BSR status, as shown in Figure3-100. Figure3-100 BSR status 3.13.3.5 RP-Mapping To enter the RP-Mapping page, you can choose Basic>...
Page 139: Policy Based Routing
The policy-based routing (PBR) of DPtech is a technology that recognize different network packets thus forward these packets as the policy created in advance. PBR can classify the network packets according different key field and decide which policy-based routing should be used.
Page 140: Policy - Based Routing
DPtech FW1000 Series Firewall Products User Configuration Guide Table3-49 describes the configuration items of policy-based routing. Table3-49 Policy-based routing configuration items Item Description Displays the sequence number of the PBR policy. Source subnet Allows you to configure the source IP address of the PBR policy.
Page 141: Table3-50 Policy-Based Routing Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-105 Policy-based routing Table3-50 describes the configuration items of policy-based routing. Table3-50 Policy-based routing configuration items Item Description Displays the sequence number of the PBR policy. Source subnet Allows you to configure the source IP address of the PBR policy.
Page 142: Mpls
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-106 Monitoring 3.15 MPLS Multiprotocol Label Switching (MPLS) is a mechanism in high-performance telecommunications networks which directs and carries data from one network node to the next with the help of labels.
Page 143: Ldp
DPtech FW1000 Series Firewall Products User Configuration Guide To enter the configure ILM page, you can choose Basic> Network > MPLS > Configure ILM from navigation tree, as shown in Figure3-109. Figure3-109 Static ILM 3.15.3 LDP 3.15.3.1 LDP configuration To enter the LDP configuration page, you can choose Basic> Network > MPLS > LDP > LDP configuration from navigation tree, as shown in Figure3-110.
Page 144: L2Vpn Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-112 Display LDP adjacency 3.15.3.4 Display LDP interface To enter the display LDP interface page, you can choose Basic> Network >Policy-based routing from navigation tree, as shown in 错误!未找到引用源。. Figure3-113 Display LDP interface 3.15.4 L2VPN configuration...
Page 145 DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-115 SVC mode 3.15.4.3 CCC mode To enter the CCC mode configuration, you can choose Basic> Network >MPLS > L2VPN configuration > CCC mode from navigation tree, as shown in Figure3-116. Figure3-116 CCC mode 3.15.4.4 MARTINI mode...
Page 146: Arp Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide 3.16 ARP Configuration Address Resolution Protocol (ARP) is the protocol that converts IP address to the Ethernet MAC address. In local area network, when the host or other network device send data to the other host or device, they must know the network layer address (IP address) of each other.
Page 147: Anti-Arp-Snooping
DPtech FW1000 Series Firewall Products User Configuration Guide 3.16.1.3 Gratuitous ARP A gratuitous ARP reply is a reply to which no request has been made. Gratuitous ARP could mean both gratuitous ARP request and gratuitous ARP reply. Gratuitous in this case means a request/reply that is not normally needed according to the ARP specification but could be used in some cases.
Page 148: Mac Address Manage
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-123 Anti-ARP snooping 3.16.2.2 ARP configuration To enter the ARP configuration page, you can choose Basic> Network > ARP> ARP configuration from navigation tree, as shown in Figure3-124. Figure3-124 ARP configuration 3.16.2.3 ARP log To enter the ARP log page, you can choose Basic>...
Page 149: Dns Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-126 MAC address manage 3.18 DNS Configuration 3.18.1 Introduction to DNS DNS domain name system is used to provide domain and IP address switching function for users. 3.18.2 DNS To enter the DNS page, you can choose Basic> Network > DNS from navigation tree, as shown in Figure3-127.
Page 150: Dhcp Server
DPtech FW1000 Series Firewall Products User Configuration Guide clients is enabled on an interface, the interface can dynamically obtain an IP address and other configuration parameters from the DHCP server. 3.19.2 DHCP server To enter the DHCP server page, you can choose Basic> Network > DHCP > DHCP server from navigation tree, as shown in Figure3-128.
Page 151: Table3-52 Static Dhcp Server Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Operation Click copy or delete icon to do the operations. Table3-52 describes the details of static DHCP server configuration. Table3-52 Static DHCP server configuration Item Description Hostname Specify a hostname which is required to obtain static IP address.
Page 152: Dhcp Vserver
DPtech FW1000 Series Firewall Products User Configuration Guide 3.19.3 DHCPv6 server To enter the DHCPv6 server page, you can choose Basic> Network > DHCP > DHCPv6 server from navigation tree, as shown in Figure3-131. Figure3-129 DHCPv6 server 3.19.4 DHCP relay agent To enter the DHCP relay agent page, you can choose Basic>...
Page 153: Dhcp Ip Address Table
DPtech FW1000 Series Firewall Products User Configuration Guide To configure the DHCP relay configuration:  Click DHCP relay agent check box  Click the interface list and then select an interface to enable the DHCP relay.  Click the DHCP server list and then add a DHCP server IP address ...
Page 154: Bfd Session
DPtech FW1000 Series Firewall Products User Configuration Guide To enter the BFD interface, you can choose Basic> Network > BFD, as shown in Figure3-132. Figure3-132 Basic wireless Table3-55describes the configuration items of the BFD configuration. Table3-55 BFD configuration Item Description Interface Configure the BFD interface.
Page 155: Bfd Manual
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-133 Basic session 3.20.3 BFD manual To enter the BFD manual page, you can choose Basic> Network > BFD manual from navigation tree, as shown in Figure3-134. Figure3-134 Basic session 3.21 Basic wireless To enter the basic wireless address table interface, you can choose Basic>...
Page 156: Diagnostic Tools
DPtech FW1000 Series Firewall Products User Configuration Guide 3.22 Diagnostic tools 3.22.1 Ping Ping is used to test the reachability of a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer.
Page 157: Capture
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-137 Traceroute 3.22.3 Capture To enter the Capture page, you can choose Basic> Network > Diagnose tool > Capture from navigation tree, as shown in Figure3-138. Figure3-138 Capture 3.23 LAN Switch 3.23.1 Spanning tree 3.23.1.1 Select STP...
Page 158: Table3-56 Select Stp Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Table3-56 describes the configuration items of the select STP. Table3-56 Select STP configuration items Item Description Enable STP Select whether to enable the STP function. After the STP function enabled, you can enable the following function: STP, RSTP and MSTP.
Page 159: Table3-57 Mstp Region Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Figure3-141 RSTP 3.23.1.4 MSTP Spanning tree protocol (STP) is a layer 2 management protocol selectively block the redundancy links in a network to eliminate layer 2 loop, it also can backup links.
Page 160 DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Protocol message form Allows you to select protocol message form. Start BPDU protection Select whether to enable the global BPDU protection function. BPDU protection function can prevent the device from malicious attack by fabricate configuration information, so that it can avoid network oscillation.
Page 161: Chapter 4 Firewall
DPtech FW1000 Series Firewall Products User Configuration Guide Chapter 4 Firewall 4.1 Introduction to the Firewall Firewall module control incoming and outgoing data packet and block intrusion from outside network, the followings are provided by firewall, including:  Packet filtering policy ...
Page 162: Packet Filtering Policy
DPtech FW1000 Series Firewall Products User Configuration Guide Figure4-1 Firewall 4.2 Packet Filtering Policy 4.2.1 Packet Filtering Policy Packet filtering is to inspect the source domain, destination domain, originator source IP, originator destination IP, originator source MAC, originator destination MAC, service, IP fragment, flow re-mark, action for every data packet.
Page 163: Table4-1 Packet Filtering Policy Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Table4-1 Packet filtering policy configuration items Item Description Serial number Displays the serial number of the packet filtering policy. Name Configure a name for the packet filtering policy. Source domain Specify the source domain.
Page 164: Table4-2 Configuring Action
DPtech FW1000 Series Firewall Products User Configuration Guide Figure4-3 Configuring action Table4-2 describes the details of how to configure action. Table4-2 Configuring action Item Description Pass Allow packet to pass through the device. Discard Not allow packet pass through the device.
Page 165: Packet Filtering Policy Log
DPtech FW1000 Series Firewall Products User Configuration Guide  Click Ok button in the upper right corner on the webpage. Caution: It performs default packet filtering policy if there is no packet match packet filtering policy. The default is that interface with higher security level can access the interface with lower security level, but interface with lower security level cannot access higher security level interface.
Page 166: Nat
DPtech FW1000 Series Firewall Products User Configuration Guide Figure4-5 IPv6 packet filtering policy 4.3.2 IPv6 packet filtering log To enter the IPv6 packet filtering log page, you can choose Basic> Network > Firewall > Packet filtering policy > IPv6 packet filtering log from navigation tree, as shown in Figure4-6.
Page 167: Destination Nat
DPtech FW1000 Series Firewall Products User Configuration Guide Figure4-7 Source NAT 4.4.2.2 Address pool To enter the address pool page, you can choose Basic> Network > Firewall > Source NAT > Address pool from navigation tree, as shown in the Figure4-8.
Page 168: One To One Nat
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Service Allows you to select a kind of service. Intranet address Configure Intranet address. Advanced configuration Configure advanced configuration. VRRP Allows you to select whether is related to VRRP. State Allows you to select a state.
Page 169: Nton Nat
DPtech FW1000 Series Firewall Products User Configuration Guide Figure4-10 One to one NAT Table4-4 describes the configuration items of one to one NAT configuration. Table4-4 One to one NAT configuration Item Destination Serial number Displays the serial number of one to one NAT policy.
Page 170: Nat64
DPtech FW1000 Series Firewall Products User Configuration Guide Figure4-11 N to N NAT Table4-5 describes the details of address pool. Table4-5 Address pool configuration Item Description Shows the sequence number of N to N NAT. Net interface Allows you to select the Net interface.
Page 171: Nat64 Prefix
DPtech FW1000 Series Firewall Products User Configuration Guide 4.5.1 NAT64 prefix To enter the NAT64 prefix page, you can choose Basic> Network > Firewall > NAT64 prefix from navigation tree, as shown in Figure4-12. Figure4-12 NAT64 prefix 4.5.2 NAT64 addresss To enter the NAT64 transfer page, you can choose Basic>...
Page 172: Nat66
DPtech FW1000 Series Firewall Products User Configuration Guide 4.6 NAT66 4.6.1 Source NAT To enter the NAT66 source NAT page, you can choose Basic> Network > Firewall > NAT> Source NAT from navigation tree, as shown in Figure4-15. Figure4-15 Source NAT 4.6.2 Destination NAT...
Page 173: Address Pool
DPtech FW1000 Series Firewall Products User Configuration Guide 4.7 DS_LITE_NAT Because of IPv4 address exhaustion, DS _Lite was designed to let an Internet service provider omit the deployment of any IPv4 address to the customer's Customer-premises equipment (CPE). Instead, only global IPv6 addresses are provided.
Page 174: User-Defined Log
DPtech FW1000 Series Firewall Products User Configuration Guide 4.8.1 ALG configuration To enter the ALG configuration page, you can choose Basic> Network > Firewall > ALG configuration from navigation tree, as shown in Figure4-20. Figure4-20 ALG configuration 4.8.2 User-defined log To enter the user-defined log interface, you can choose Basic>...
Page 175: Table4-6 Basic Attack Protection
DPtech FW1000 Series Firewall Products User Configuration Guide Table4-6 describes the details of basic attack protection. Table4-6 Basic attack protection Item Description Attack type Select an attack type of basic attack protection. Threshold Set the threshold of the basic attack protection.
Page 176: Basic Attack Log Query
DPtech FW1000 Series Firewall Products User Configuration Guide 4.9.2 Basic Attack Log Query Basic attack log query allow you to query the specific log from the database. To enter the basic attack lo query interface, you can choose Basic> Firewall > Basic attack protection > Basic attack log query from navigation tree, as shown in Figure4-23.
Page 177: Network Action Manage
DPtech FW1000 Series Firewall Products User Configuration Guide 4.10 Network action manage To enter the network action manage, you can choose Basic> Firewall > Basic attack protection > Network action manage from navigation tree, as shown in Figure4-24. Figure4-24 Network action manage 4.11 Session limit...
Page 178: Service Limit
DPtech FW1000 Series Firewall Products User Configuration Guide 4.12 Service limit To enter the service limit page, you can choose Basic> Firewall > Service Limit from navigation tree, as shown in Figure4-26. Figure4-26 Service Limit 4.13 Blacklist 4.13.1 IPv4 black list configuration Blacklist is an attack prevention mechanism that filters packets based on source IP address.
Page 179: Black List Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide To configure the black list, you can take the following steps:  Enter a source IP address which is listed in the blacked.  Enter the remaining time of blacklist.  Click the Confirm the selected configuration button in the upper right corner on the webpage.
Page 180: Mac/Ip Binding
DPtech FW1000 Series Firewall Products User Configuration Guide 4.13.4 Blacklist log query To enter the blacklist log query page, you can choose Basic> Firewall > Blacklist Log Query from navigation tree, as shown in Figure4-30. Figure4-30 Blacklist log query Table4-10 describes the details of blacklist log query.
Page 181 DPtech FW1000 Series Firewall Products User Configuration Guide To enter the auto learning page, you can choose Basic> Firewall > MAC/IP binding >Auto learning from navigation tree, as shown in Figure4-31. Figure4-31 Auto-learning Table4-11 describes the details of auto learning.
Page 182: Mac/Ip B
DPtech FW1000 Series Firewall Products User Configuration Guide 4.14.2 MAC/IP Binding User configure the IP address-to-MAC address binding relationship on the firewall, so that the firewall checks the IP address and MAC address in a packet and compares them to the addresses that are registered with firewall and forwards the packet only if they both match.
Page 183 DPtech FW1000 Series Firewall Products User Configuration Guide Table4-13 Switches table Item Description Switches IP address Specify the switches IP address. SNMP read community Specify community sting of the switches Operation Click copy icon or delete icon to do the operations.
Page 184: User Mac Binding
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description IP address Configure the IP address of the user/IP binding list. Operation Click the copy icon or delete icon to do the operations. To add username and IP address through manual configuration, you should take the following steps: ...
Page 185: Binding Log Query
DPtech FW1000 Series Firewall Products User Configuration Guide Table4-15 User/Mac binding Item Description Binding mode Manual configuration: add username and IP address through manual configuration. Automatic learning: learn username and IP address from the switch. Displays the sequence number of the user/IP binding list.
Page 186: Table4-16 Binding Log Query
DPtech FW1000 Series Firewall Products User Configuration Guide Figure4-35 binding log query Table4-16 describes the details of binding log query. Table4-16 binding log query Item Description Serial number Displays the serial number of the queried logs. Time Displays the time that the device detects the unmatched IP address and MAC address.
Page 187: Session Management
DPtech FW1000 Series Firewall Products User Configuration Guide 4.15 Session management Session management is mainly used for detecting translation layer data packets. Its substance is to trace the connection status for general TCP protocol and UDP protocol through layer protocol detection, which maintain and manage connection status uniformly.
Page 188: Session Parameter
DPtech FW1000 Series Firewall Products User Configuration Guide Responder Source Address: Port->Destination Displays the source port and destination port of the session responder. Address: Port Responder Packets/Bytes Displays the total packet numbers received by session initiator. Operation Click delete icon to delete this entry of session record.
Page 189: Session Monitoring
DPtech FW1000 Series Firewall Products User Configuration Guide Figure4-39 Session parameter 4.15.5 Session monitoring Session monitoring allows you to select a kind of session or multiple sessions to display. The session monitoring displays as a trend chart. To enter the session monitoring page, you can choose Basic> Firewall > Session Management > Session Monitoring from navigation tree, as shown in Figure4-40.
Page 190 DPtech FW1000 Series Firewall Products User Configuration Guide Figure4-41 Session log configuration Table4-18 describes the details of session log configuration Table4-18 Session log configuration Item Description Log type Allows you to select the log type, including NAT log and session log.
Page 191: Qos
DPtech FW1000 Series Firewall Products User Configuration Guide  ZTE format: syslog data packets transmitted as ZTE format. Method for sending log Allows you to select the log sending method, including share mode and send all.  Share mode: the device sends logs to log server according load sharing method.
Page 192 DPtech FW1000 Series Firewall Products User Configuration Guide Device interface Allows you an interface for bandwidth reservation. Uplink bandwidth Allows you to configure the uplink bandwidth Downlink bandwidth Allows you to configure the downlink bandwidth. Unit Transmission rate unit, including K, M, G.
Page 193 DPtech FW1000 Series Firewall Products User Configuration Guide Configuration for guarantee rate:  Select one application group or several network application groups  Configure the uplink guarantee rate  Configure the maximum uplink rate  Configure the downlink guarantee rate ...
Page 194: Advanced Qos
DPtech FW1000 Series Firewall Products User Configuration Guide 4.17 Advanced QoS Advanced QoS consists of the traffic marking, congestion management, congestion avoidance, and traffic shaping function. It executes Weighted Round Robin (WRR), Deficit Round Robin (DRR) scheduling method for IP packets and implements Weighted Random Early Detection (WRED), traffic policy and traffic shaping for IP packets.
Page 195: Congestion Avoidance
DPtech FW1000 Series Firewall Products User Configuration Guide DSCP DiffServ uses a 6-bit differentiated services code point (DSCP) in the 8-bit Differentiated services Field (DS field) in the IP header for packet classification purposes. The DS field and ECN field replace the outdated IPv4 TOS field.
Page 196: Congestion Management
DPtech FW1000 Series Firewall Products User Configuration Guide 4.17.3 Congestion management We adopt the queuing technology for congestion management generally. If we use queue algorithm for traffic classification, then we use a kind of priority algorithm to send out the traffic. Each queue algorithm is used for resolve the specific network traffic problems, which influences bandwidth resource allocation, time delay, Jitter.
Page 197: Traffic Shaping
DPtech FW1000 Series Firewall Products User Configuration Guide 4.17.4 Traffic shaping Traffic shaping is a measure that adjust traffic output rate actively. To enter the traffic shaping page, you can choose Basic> Firewall > QOS> Traffic shaping, as shown in Figure4-48.
Page 198: Arp Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Table4-23 Anti-ARP-Spoofing Item Description Option Select an anti-arp-spoofing entry and then click the option. IP address Displays the IP address scanned by anti-arp-spoofing. MAC address Displays the MAC address scanned by anti-arp-spoofing.
Page 199: Chapter 5 Log Management
DPtech FW1000 Series Firewall Products User Configuration Guide Enable state Enable/disable ARP configuration interface. Chapter 5 Log Management 5.1 Introduction to the Log Management Log management provides log management function for users, including:  System log  Operation log ...
Page 200: System Log
DPtech FW1000 Series Firewall Products User Configuration Guide Figure5-1 Log management menu 5.2 System Log 5.2.1 Latest Log Recent log provides the latest system log for users. To enter latest log interface, click Bascic > Log management > System log > Recent log, and then you can view at most 25 pieces log in this page, as shown in Figure5-2.
Page 201: System Log Query
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description  Fatal error can result the system cannot be use  Emergency error warn users must take emergency measures  Critical is the system is dangerous status  Common error will give you a hint ...
Page 202: System Log File Operation
DPtech FW1000 Series Firewall Products User Configuration Guide Note: You can select customize time scope and clik Query button, then you can view all system logs you’ve queried. Table5-2 describes the details of system log querying condition. Table5-2 System log querying condition...
Page 203: System Log Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Table5-3 System log file operation Item Description Serial umber Shows the sequence of system log Log file name Shows the time of system log creating, today is the current time. Operation Shows back up icon and delete icon.
Page 204: Operation Log
DPtech FW1000 Series Firewall Products User Configuration Guide 5.3 Operation Log 5.3.1 Latest Log On latest log interface, it shows latest log of operation log. To enter the latest log interface, you can click Basic > Log management > Operation log > Latest log, which shows latest 25 operation log, as shown in Figure5-6.
Page 205: Operation Log Query
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Shows the client type of operation log, including  Web type is the administrator managing the device through web.  Console type is the administrator managing the device through console port.
Page 206: Log File Operation
DPtech FW1000 Series Firewall Products User Configuration Guide Click the export button, and then you can make a choice from the pop up window that you can open the file to view the log content or save the operation log to the local system.
Page 207: Operation Log Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide Operation log file provides back up or delete operation log file as today or the desired day. Table5-7 Back up or delete operation file Item Description Serial number Shows the sequence of operation log...
Page 208: Service Log
DPtech FW1000 Series Firewall Products User Configuration Guide 5.4 Service Log 5.4.1 Service Log Configuration Service log configuration provides service log related configuration. To enter service log interface, you can click Basic > Log management > Service log, as shown in Figure5-10.
Page 209 DPtech FW1000 Series Firewall Products User Configuration Guide Item Description  The number of emails sent out Configuring the e-mail sent frequency every minute Domain name Set domain name of email user. 6-191...
Page 210: Chapter 6 Load Balancing
DPtech FW1000 Series Firewall Products User Configuration Guide Chapter 6 Load Balancing 6.1 Link Load Balancing 6.1.1 Introduction to Link Load Balancing In the information age, people more and more rely on network. In order to avoid the network availability risk of an ISP exit fault and solve the network access problem caused by bandwidth resource limitation, enterprise will hire two or more ISP links (Such as China Telecom, China Netcom).
Page 211: Link Health Check
DPtech FW1000 Series Firewall Products User Configuration Guide Figure6-1 Interface config 6.1.2.2 Interface config Click Add configuration button, you can view the basic configuration of the ISP, as shown in Figure6-2. Figure6-2 Interface config 6.1.3 Link health check To enter the interface config interface, you can choose Service > Load balancing > Link config, as shown in Figure6-3.
Page 212: Isp
DPtech FW1000 Series Firewall Products User Configuration Guide 6.1.4 ISP To enter the ISP interface, you can click Service > Load balancing > ISP, as shown in Figure6-3. 6-194...
Page 213: Chapter 7 Access Control
DPtech FW1000 Series Firewall Products User Configuration Guide Figure6-3 ISP configuration Chapter 7 Access Control 7.1 Rate Limitation 7.1.1 Introduction to the Rate Limitation Network traffic can be divided into several service types according to different network protocols such as HTTP service, FTP service, E-mail service that can be implemented different rate limitation is call bandwidth rate limitation.
Page 214: Rate Limit
DPtech FW1000 Series Firewall Products User Configuration Guide Figure7-1 Access control menu 7.1.2 Rate Limit 7.1.2.1 Rate limit To enter the rate limit interface, you can choose Service > Access control > Rate limit > Rate limit, as shown in Figure7-2.
Page 215: Single User Limit
DPtech FW1000 Series Firewall Products User Configuration Guide 7.1.2.2 User group parameter You can configure the user group parameter, including net user group, uplink and downlink rate speed, unit(bps). Figure7-3 User group parameter Table7-2 describes the configuration items of user group parameter...
Page 216: Table7-3 Single User Limit
DPtech FW1000 Series Firewall Products User Configuration Guide Figure7-4 Single user limit Table7-3 describes the configuration items of single user limit. Table7-3 Single user limit Item Description Name Configure a name for the single user limit. Limit parameter Select a status for the rule of rate limitation.
Page 217: Group Management
DPtech FW1000 Series Firewall Products User Configuration Guide Table7-4 describes the configuration items of the single user rate limit parameter. Table7-4 Single user rate limit Item Description NetUserGroup Configure a name for the user group parameter. Configure the rate speed for the uplink.
Page 218: Network Application Browsing
DPtech FW1000 Series Firewall Products User Configuration Guide 7.1.5 Network Application Browsing To enter network application browsing interface, you can choose Service > Access control > Rate limitation > Browsing, as shown in Figure7-7. Figure7-7 Network application browsing 7.1.6 Typical configuration for the Rate Limitation 7.1.6.1 Network requirement...
Page 219 DPtech FW1000 Series Firewall Products User Configuration Guide 7.1.6.2 Configuration requirement 7.1.6.3 Configuration procedures  Choose Basic > Network management > Network user group > IP user group  WAN interface: eth0/3, access method: PPPoE, type the name and password provided by ISP.
Page 220: Access Control
DPtech FW1000 Series Firewall Products User Configuration Guide  Click the add button and type the name: research and development department.  IP address range: 192.168.4.0-192.168.4.255, mask: 24 exclude IP: 192.168.4.8. Click the Ok button in the upper right corner.
Page 221: Access Control
DPtech FW1000 Series Firewall Products User Configuration Guide 7.2.2 Access Control To access to the access control interface, you can choose Service > Access control > Access control, as shown in Figure7-8. Figure7-8 Access control Table7-5 describes the configuration items of access control.
Page 222 DPtech FW1000 Series Firewall Products User Configuration Guide Figure7-9 Group management To configure the network application group management, you can take the following steps: In the left box, the system pre-defined box, double click the user-defined application, and then you can configure a name for it.
Page 223: Typical Configuration For The Access Control
DPtech FW1000 Series Firewall Products User Configuration Guide Figure7-10 Network application browsing 7.2.4 Typical configuration for the Access Control 7.2.4.1 Network requirement On the firewall device, you can configure the access control for the marketing department, IP segment is 192.168.3.2-192.168.3.10, exclude the IP address192.168.3.6, and then do the following operations: For the marketing department, block Tencent QQ, PPLivet.
Page 224 DPtech FW1000 Series Firewall Products User Configuration Guide 7.2.4.2 Configuration requirement 7.2.4.3 Configuration procedures  Choose Basic > Network management > Network user group > IP user group  WAN interface: eth0/3, access method: PPPoE, type the name and password provided by ISP.
Page 225: Url Filtering
DPtech FW1000 Series Firewall Products User Configuration Guide  Choose Service > Access control > Group management to enter the group management interface.  Create an application group, yyz, from the user-defined tree drag Tencent QQ and PPLive to the yyz.
Page 226: Customize Url Classification
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Configure URL filtering parameter; you can select the customized URL classification. Black/white list Select an action for the rule of URL filtering. Send log Select whether to enable send log function:...
Page 227: Advanced Url Filtering
DPtech FW1000 Series Firewall Products User Configuration Guide 7.3.3 Advanced URL Filtering To enter the advanced URL filtering interface, you can click Service > Access control > URL filtering > Advanced URL filtering, as shown in Figure7-13. Figure7-13 Advanced URL filtering Table7-8 describes the configuration items of the advanced URL filtering.
Page 228: Url Filter
DPtech FW1000 Series Firewall Products User Configuration Guide Figure7-14 Advanced URL filtering configuration Table7-9 describes the configuration items of the filter parameter. Table7-9 URL filter parameter configuration items Item Description Filter type Select a type of the filter parameter. Filter parameter In the filter parameter column, you should configure the filter parameter: IP address: filtering according to the IP address.
Page 229: Typical Configuration For The Rate Limitation
DPtech FW1000 Series Firewall Products User Configuration Guide Figure7-15 URL filter page push The URL filter page push provides the custom template allowing user to customize the page push information, as shown in Figure7-16. Figure7-16 URL page push 7.3.5 Typical configuration for the Rate Limitation 7.3.5.1 Network requirement...
Page 230 DPtech FW1000 Series Firewall Products User Configuration Guide 7.3.5.2 Configuration requirement The following is the network diagram for the URL configuration, as shown in Figure7-17. Figure7-17 Advanced URL filtering 7.3.5.3 Configuration procedures  Choose Basic > Network management > Network user group > IP user group ...
Page 231 DPtech FW1000 Series Firewall Products User Configuration Guide  Type the name: marketing department.  IP address range: 192.168.3.2-192.168.3.10, exclude IP: 192.168.3.6. Click the Ok button in the upper right corner.  Click the add button and type the name: research and development department.
Page 232: Sql Injection Protection
DPtech FW1000 Series Firewall Products User Configuration Guide 7.4 SQL Injection Protection SQL injection is a technique often used to attack databases through a website. SQL injection attack a website through WWW normal port and it seems like the common webpage, firewall device cannot alarm for the SQL injection and if an administrator does not view the IIS log, SQL injection for a long time will not detected, so that the SQL injection protection is especially important.
Page 233: Introduction To Ipsec
DPtech FW1000 Series Firewall Products User Configuration Guide  L2TP  PPTP   SMAD 8.1.1 Introduction to IPSec Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.
Page 234: Table8-2 Ipsec Vpn Client Access Mode And Gateway-Gateway Mode
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Advanced configuration Select whether to enable the NAT traverse function Select whether to enable the NAT session keepalive mechanism, configuring the intervals for sending NAT session keepalive packets (default is 20 Sec)
Page 235 DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Advanced configuration Click the pencil icon that you can enter the advanced configuration interface, including  Negotiation mode  IPSec Encryption Failed Action  IPSec Security Protocol  IKE Security Proposal ...
Page 236: Ipsec Policy Mode
DPtech FW1000 Series Firewall Products User Configuration Guide  Configure remote device ID and then from the four options you should select the obtaining method as your requirement example: auto  Configure an IP segment for the source IP address packet, example: 1.1.1.0\24, configure an IP segment for the destination IP address packet, example: 2.2.2.0\24...
Page 237: Net Protect
DPtech FW1000 Series Firewall Products User Configuration Guide 8.1.5 Net protect To enter the Net protect interface, you can choose Service > VPN > IPsec > Net protect, as shown in Figure8-4. Figure8-4 Net protect 8.1.6 SA To enter the SA interface, you can choose Service > VPN > IPsec > SA, as shown in Figure8-5.
Page 238: L2Tp
DPtech FW1000 Series Firewall Products User Configuration Guide 8.2.2 L2TP To enter the L2TP configuration interface, you can click Service > VPN > L2TP, as shown in Figure8-7. Figure8-7 L2TP configuration Table8-3 describes the configuration items of LNS. Table8-3 LNS configuration items...
Page 239: L2Tp User Authentication
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description Remote LNS Displays the remote LNS. IP Trigger Mode Displays the IP trigger mode. Advanced Configuration Displays the advanced configuration. To batch import configuration, you can take the following steps: ...
Page 240: L2Tp Online Status
DPtech FW1000 Series Firewall Products User Configuration Guide Figure8-9 L2TP IP pool 8.2.5 L2TP online status To enter the L2TP online status interface, you can click Service > VPN > L2TP online status, as shown in Figure8-10. Figure8-10 L2TP online status 8.3 PPTP...
Page 241: Gre
DPtech FW1000 Series Firewall Products User Configuration Guide Table8-5 PNS configuration Item Description Tunnel name Displays the name of the tunnel. Local tunnel IP Configure local tunnel IP address. PPP authentication mode Select PPP authentication method Client IP address range Configure the start IP address of the IP address pool and configure a size of the IP address pool.
Page 242: Table8-7 Gre Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Figure8-12 GRE configuration Table8-7 describes the configuration items of GRE. Table8-7 GRE configuration items Item Description Tunnel interface NO Configure the GRE tunnel interface number (the number is from 1 to 64).
Page 243: Smad
DPtech FW1000 Series Firewall Products User Configuration Guide 8.5 SMAD 8.5.1 SMAD To enter the SMAD interface, you can click Service > VPN > SMAD, as shown in Figure8-13. Figure8-13 SMAD 8.5.2 SMAD blacklist To enter the SMAD blacklist interface, you can click Service > VPN > SMAD blacklist, as shown in Figure8-14.
Page 244: Ssl Vpn
DPtech FW1000 Series Firewall Products User Configuration Guide 8.6 SSL VPN 8.6.1 Introduction to the SSL VPN SSL VPN is the most simple and the safest technology to resolve remote user access sensitive company data. Compare with the complicated IPsec VPN, SSL VPN use the simple method to realize remote connection. Every computer with browser can use SSL VPN software, for the reason of SSL VPN embedded into the browser, which don’t need you to set up client software on every host like traditional IPsec VPN.
Page 245 DPtech FW1000 Series Firewall Products User Configuration Guide 8.6.2.2 IP pool configuation To enter the IP pool configuration interface, you can choose Service > VPN > SSL VPN > IP pool configuration, as shown in Figure8-17. Figure8-17 IP pool configuration 8.6.2.3 Domain configuration...
Page 246: Resources
DPtech FW1000 Series Firewall Products User Configuration Guide Figure8-20 Portals management 8.6.3 Resources 8.6.3.1 Resource configuration To enter the resources interface and configure the IP resource configuration, you can choose Service > VPN > SSL VPN > Resource, as shown in Figure8-21.
Page 247: User Management
DPtech FW1000 Series Firewall Products User Configuration Guide 8.6.4 User management 8.6.4.1 User management To enter the share space interface, you can choose Service > VPN > SSL VPN > Share space, as shown in Figure8-23. Figure8-23 User configuration 8.6.4.2 User status To enter the user status interface, you can choose Service >...
Page 248: Security Policy
DPtech FW1000 Series Firewall Products User Configuration Guide 8.6.6 Security policy 8.6.6.1 Security set To enter the security set interface, you can choose Service > VPN > SSL VPN > Security set, as shown in Figure8-26. Figure8-26 Security set 8.6.6.2 Security rule To enter the security rule interface, you can choose Service >...
Page 249: Log Management
DPtech FW1000 Series Firewall Products User Configuration Guide Figure8-29 Policy configuration 8.6.7 Log management 8.6.7.1 Log query To enter the log query interface, you can choose Service > VPN > SSL VPN > Log query, as shown in Figure8-30. Figure8-30 Log query 8.6.7.2 Log configuration...
Page 250: Report Forms
DPtech FW1000 Series Firewall Products User Configuration Guide 8.6.8 Report forms 8.6.8.1 User stat form To enter the user stat form interface, you can choose Service > VPN > SSL VPN > User stat form, as shown in Figure8-33. Figure8-33 User stat form 8.6.8.2 Flux stat form...
Page 251 DPtech FW1000 Series Firewall Products User Configuration Guide Figure8-36 Online time ranking form 8.6.8.5 Resource access form To enter the resource access form interface, you can choose Service > VPN > SSL VPN > Resource access form, as shown in Figure8-37.
Page 252: Chapter 9 Online Behavior Management
DPtech FW1000 Series Firewall Products User Configuration Guide Chapter 9 Online Behavior Management 9.1 Introduction to Online Behavior Management Online behavior management module provides the following features:  Traffic analysis  Behavior analysis  Keyword filtering To view the online behavior management menu, you can choose Service > Behavior > Traffic analysis, as shown in Figure9-1.
Page 253: Behavior Analysis
DPtech FW1000 Series Firewall Products User Configuration Guide Table9-1 describes the configuration items of traffic statistic. Table9-1 Traffic statistic configuration items Item Description Interface traffic statistics Enable whether to enable the interface traffic statistic. Traffic statistics per IP address Select whether to enable the traffic statistics per IP address function, and configure the sending interval and network user group.
Page 254: Advanced Configuration
DPtech FW1000 Series Firewall Products User Configuration Guide  Select a user or an user group for the behavior analysis policy  In the save detail column, you can select an item and several items of behavior analysis policy ...
Page 255: Table9-3 Keyword Filtering Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Figure9-5 Keyword filtering Table9-3 describes the configuration items of keyword filtering function Table9-3 Keyword filtering configuration items Item Description Name Enter a name for the keyword filtering rule. Action Select an action for the keyword filtering rule, including warning or block.
Page 256: Table9-4 Keyword Filtering Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Figure9-6 Keyword filtering Table9-3 describes the configuration items of keyword filtering function Table9-4 Keyword filtering configuration items Item Description Name Enter a name for the keyword filtering rule. Action Select an action for the keyword filtering rule, including warning or block.
Page 257: Chapter 10 Portal Authentication
DPtech FW1000 Series Firewall Products User Configuration Guide Chapter 10 Portal Authentication 10.1 Introduction to the Portal Authentication Portal authentication provides several authentication mechanisms, which allows user to authenticate their user name and password before access to the Internet. ...
Page 258: Table10-1 Basic Authentication Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Table10-1 illustrates configuration items of the basic authentication. Table10-1 Basic authentication configuration items Item description Web auth Allows you to enable or disable web auth function. Terminal auth Allows you to enable or disable terminal auth function.
Page 259: Table10-2 Webauth Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Figure10-3 Webauth configuration Table10-2 describes the configuration items of webauth configuration. Table10-2 Webauth configuration items Item Description NAT traverse configuration Allows you to configure the NAT traverse configuration, including authenticated protocol configuration, authentication policy configuration.
Page 260: Table10-3 Tac Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide 10.1.1.3 TAC configuration To enter the TAC configuration interface, you can choose Service > User authentication > Webauth configuration > TAC configuration, as shown in Figure10-4. Figure10-4 TAC configuration Table10-3 describes the configuration items of TAC.
Page 261: Web Authentication Notice
DPtech FW1000 Series Firewall Products User Configuration Guide Figure10-5 Customer configuration Table10-4 describes the configuration items of the customer configuration. Table10-4 Customer configuration Item Description Login page Select an option that the login page will skip to the specific page ...
Page 262: Web Listen
DPtech FW1000 Series Firewall Products User Configuration Guide Table10-5 describes the configuration items of web listen. Table10-5 Web listen configuration items Item Description Serial number Displays the sequence number of the web auth notice. Title Configure the title of the notice.
Page 263: Table10-6 Proscenium Management
DPtech FW1000 Series Firewall Products User Configuration Guide Table10-6 Proscenium management Item Description Proscenium administrator Configure the user name for proscenium administrator. Password Configure the password for the proscenium administrator. Access address of proscenium Configure the device bridge interface IP address or WAN interface address.
Page 264: Terminal Management
DPtech FW1000 Series Firewall Products User Configuration Guide Room number of the user Room number of the user. Real name of the user Real name of the user. Identification card Configure the identification card number of the user. Operation Allows you to modify, add or delete an administrator.
Page 265: Table10-9 Usb Data Leakage Monitor
DPtech FW1000 Series Firewall Products User Configuration Guide Remind check level Select the remind check level. Remind install Configure the remind install, including not install, forcible install and remind install. 10.1.5.2 USB Data Leakage Monitor To enter the USB leakage monitor interface, you can choose Service > User authentication > Portal authentication >...
Page 266: Online User
DPtech FW1000 Series Firewall Products User Configuration Guide Table10-10 Terminal configuration items Item Description Terminal name Configure a name for the terminal. MAC address Configure the terminal MAC address. IP address Configure the terminal IP address. Physical position of terminal Configure the physical position of the terminal.
Page 267: Local Account User
DPtech FW1000 Series Firewall Products User Configuration Guide 10.1.7 Local account user 10.1.7.1 Local account authentication user Local account authentication user is mainly to authenticate and manage local user. To enter the local authentication user interface, you can choose Service > User authentication > Portal > Local authentication user, as shown in Figure10-14.
Page 268: Blackname List
DPtech FW1000 Series Firewall Products User Configuration Guide  Configure the repeat password for the local authentication user.  Select user account group and select the real name user group.  Configure the description for the local account user. ...
Page 269: Table10-13 Local Account Authentication Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Figure10-16 Remote synchronization Table10-13 describes the configuration items of the local account authentication. Table10-13 Local account authentication configuration items Item Description Username Display the user name of the User account group Displays the user account group of the...
Page 270: Chapter 11 Ids Integration
DPtech FW1000 Series Firewall Products User Configuration Guide Chapter 11 IDS Integration 11.1 Introduction Firewall device added up with IDS cooperation function in order to cooperate with IDS device. IDS device can detect network traffic if attacks exist and sent SNMIP Trap information to the firewall device with blocking information, including source IP address and destination IP address of the packets.
Page 271: Chapter 12 High Availability
During data communication process, software and hardware error may result network disconnection, causing data transmission failure. To avoid data communication disconnected, DPtech FW has provides Virtual Router Redundancy Protocol (VRRP) technology using back up solution when communication line or device failure, so that it ensure data communication smoothly and enhance network robustness and availability.
Page 272: Table12-1 Vrrp Configuration Items
DPtech FW1000 Series Firewall Products User Configuration Guide Figure12-2 VRRP configuration Table12-1 describes the configuration items of VRRP. Table12-1 VRRP configuration items Item Description VRID Virtual router identification. A virtual router consists of a group of routers with same VRID.
Page 273: Monitor Ip Address Object
DPtech FW1000 Series Firewall Products User Configuration Guide Item Description 2.Configure tracking interface: 3. Configure monitor IP: Status Displays the relationship of master and server. Operation Click Add button or the delete button that you can add or delete an entry of the VRRP configuration.
Page 274: Monitoring
DPtech FW1000 Series Firewall Products User Configuration Guide Table12-2 Monitor IP address object configuration items Item Description Name Displays the monitor IP address object name. Monitor IP Displays the monitor IP address. Monitor interval(second) Displays the monitor interval. Current status Displays the current status of monitor IP address status.
Page 275: Hot Standby
DPtech FW1000 Series Firewall Products User Configuration Guide 12.2 Overflow 12.2.1 Overflow protect To enter the overflow protect interface, you can choose Service > High availability >Overflow protect, as shown in the Figure12-7. Figure12-6 Overflow protect 12.3 Hot standby 12.3.1 Hot standby...
Page 276: Table12-3 Hot Standby Details Of The Hot Standby
DPtech FW1000 Series Firewall Products User Configuration Guide Table12-3 Hot standby details of the hot standby Item Description Hot standby configuration Hot standby configuration. There are four option allows you to choose, including disable hot standby, common hot standby, advanced hot standby, advanced hot standby, dissymmetrical hot standby, silence hot standby.
Page 277: Table12-4 Interface Synchronization Group
DPtech FW1000 Series Firewall Products User Configuration Guide 12.3.4 Interface synchronization group To enter the interface synchronization group interface, you can choose Service > High availability > Interface synchronization group, as shown in the Figure12-10. Figure12-10 Interface synchronization group Table12-4 describes the configuration items of the interface synchronization group.

DPtech FW1000 Series User Configuration Manual

Table of Contents

List of Tables

Chapter 1 Product Overview

Chapter 2 System Management

Chapter 3 Network Management

Chapter 4 Firewall

Chapter 5 Log Management

Chapter 6 Load Balancing

Chapter 7 Access Control

Chapter 8 Vpn

Chapter 9 Online Behavior Management

Chapter 10 Portal Authentication

Chapter 11 Ids Integration

Chapter 12 High Availability

Quick Links

Chapters

Need help?

Questions and answers

Related Manuals for DPtech FW1000 Series

Summary of Contents for DPtech FW1000 Series