Related Manuals for DPtech DPX8000 Series
Summary of Contents for DPtech DPX8000 Series
- Page 1 DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0...
- Page 2 Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any help, please contact Hangzhou DPtech Technologies Co., Ltd. and its sale agent, according to where you purchase their products. Hangzhou DPtech Technologies Co., Ltd. Address: 6th floor, zhongcai mansion, 68 tonghelu, Binjiangqu, Hangzhoushi...
- Page 3 Owing to product upgrading or other reasons, information in this manual is subject to change. Hangzhou DPtech Technologies Co., Ltd. has the right to modify the content in this manual, as it is a user guides, Hangzhou DPtech Technologies Co., Ltd. made every effort in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind express or implied.
-
Page 4: Table Of Contents
Table of Contents CHAPTER 1 FIREWALL 1.1 I NTRODUCTION TO IREWALL 1.2 P ACKET ILTERING OLICY 1.2.1 P ACKET ILTERING OLICY 1.2.2 P ACKET ILTERING OLICY 1.2.3 ALG CONFIGURATION 1.3 IP PACKET FILTERING POLICY 1.4 NAT 1.4.1 I NTRODUCTION TO 1.4.2 S OURCE 1.4.3 D... - Page 5 CHAPTER 3 VPN 3.1.1 I NTRODUCTION TO 3.1.2 IP CONFIGURATION 3.1.3 DPVPN 3.1.4 X AUTH USER 3.1.5 IP SEC INTERFACE 3.1.6 D ISPLAY CONNECTIONS 3.1.7 O PERATION LOG 3.2 L2TP 3.2.1 I L2TP NTRODUCTION TO 3.2.2 L2TP 3.3 GRE VPN 3.3.1 I NTRODUCTION TO THE 3.3.2 C...
- Page 6 List of Figures Figure1-1 Firewall module ............................3 Figure1-2 Packet filtering policy ..........................3 Figure1-3 Packet filtering policy log ......................... 5 Figure1-4 Packet filtering policy log ......................... 6 Figure1-5 ALG configuration ............................ 7 Figure1-6 IPv6 packet filtering policy ........................7 Figure1-7 Source NAT ..............................
- Page 7 Figure4-1 IDS integration log ..........................39...
- Page 8 DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 List of Tables Table1-1 packet filtering policy ..........................4 Table1-2 Configuring action ............................4 Table1-3 Packet filtering policy log .......................... 6 Table1-4 ALG configuration ............................. 7 Table1-5 Source NAT configuration .........................
-
Page 9: Chapter 1 Firewall
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Chapter 1 Firewall 1.1 Introduction to Firewall Firewall can control the incoming and outgoing data packet and block intrusion from outside network, the followings are provided by firewall, including: ... -
Page 10: Packet Filtering Policy
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure1-1 Firewall module 1.2 Packet Filtering Policy 1.2.1 Packet Filtering Policy Packet filtering is to inspect the source domain, destination domain, originator source IP, originator destination IP, originator source MAC, originator destination MAC, service, IP fragment, flow re-mark, action for every data packet. -
Page 11: Table1-1 Packet Filtering Policy
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Table1-1 packet filtering policy Item Description Serial number Serial number of packet filtering policy. Source domain Specify the source domain. Destination domain Specify the destination domain. -
Page 12: Packet Filtering Policy Log
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Item Description Advanced filtering Select advanced filtering rule which will apply to the packet filtering policy. Behavior audit Select behavior audit rule which will apply to the packet filtering policy. -
Page 13: Alg Configuration
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure1-4 Packet filtering policy log Table1-3 describes the details of packet filtering policy log. Table1-3 Packet filtering policy log Item Description Serial number Displays the policy serial number. -
Page 14: Packet Filtering Policy
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure1-5 ALG configuration Table1-4 describes the details of ALG configuration. Table1-4 ALG configuration Item Description Protocol Displays the protocol name State Displays the enabling status of alg configuration 1.3 IPv6 packet filtering policy... -
Page 15: Nat
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 1.4 NAT 1.4.1 Introduction to NAT NAT (Network Address Translation) provides a way of translating the IP address in an IP packet header to another IP address. In practice, NAT is primarily used to allow users using private IP addresses to access public networks. -
Page 16: Destination Nat
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Configure the IP address and mask of source NAT policy Configure the public IP of the source NAT policy After you configured the advanced configuration, click the Ok button on the upper right. -
Page 17: One To One Nat
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Note: If you configure the server inner port in the advanced configuration, it will connect to the destination port after it switched destination NAT. 1.4.4 One to one NAT To enter the one to one NAT page, you choose Firewall module >... -
Page 18: Address Pool
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 1.4.5 Address pool To enter the address pool page, you choose Firewall module > Firewall > NAT > Address pool, as shown in Figure1-10. Figure1-10 Address pool Table1-8 describes the details of address pool. -
Page 19: Nat_Pt
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure1-11 ALG configuration Table1-9 describes the detail of Alg configuration. Table1-9 Alg configuration Item Description Protocol Displays the protocol name. State Select whether to enable or disable the protocol. -
Page 20: Basic Attack Protection
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 1.6 Basic attack protection 1.6.1 Basic attack protection Sometimes, there are some attacking packets transmitting in the network, which can disturb the host receiving normal packets. Basic attack protection can block the attack packets and send log. -
Page 21: Basic Attack Log Query
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Clear counter Clear the attack count statistics. Select how much time it sending log per second. Time interval(per second) Terms interval Select how many log it report the new log. -
Page 22: Sessions Limit
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Action Displays the action for the attack. To query the basic attack log query: Enter the desired to query parameter Click Search button to view the searching result. -
Page 23: Ipv4 Basic Ddos Protection
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure1-16 Service limitation 1.9 IPV4 Basic DDoS Protection 1.9.1 Defend Object Management Defend object management is to configure the defend object group, including IP address protected by DDoS attack protection and comment information. -
Page 24: Configuration And Tendency
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 After you finish the above steps, click Ok button in the upper right corner. 1.9.2 Configuration and Tendency 1.9.2.1 Traffic Status and Monitoring You can view the current defend group traffic status and monitoring via configuration and tendency. -
Page 25: Protection History
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure1-19 DDOS defend settings Table1-15 describes the details of DDOS defend settings. Table1-15 DDOS defend settings Item Description Manual configure You can sleek the manual configure or auto-learning the threshold. -
Page 26: Blacklist
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure1-20 Protection history 1.10 Blacklist 1.10.1 Blacklist Blacklist is an attack prevention mechanism that filters packets based on source IP address. Blacklists are easier to configure and fast in filtering packets sourced from a particular IP address. -
Page 27: Blacklist Query
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 You can enter an IP address in the IP address/mask configuration column, which is the blacklist source IP address. Select an option for the remaining life time ... -
Page 28: Qos
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Table1-18 Blacklist log query Item Description Serial number Displays the serial number of a blacklist log query. Time Displays the time when attack beginning. IP address Displays the blacklisted IP address in blacklist log query. -
Page 29: Traffic Shaping
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Assuring rate settings Configure assuring rate settings which ensure the transmitting rate in all applications. Operation Click the copy icon, and then you can copy a VIP bandwidth guarantee rule. -
Page 30: Arp Configuration
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure1-26 Anti-ARP-Spoofing Table1-20 describes the details of Anti-ARP-Spoofing. Table1-20 Anti-ARP-Spoofing Item Description Option Select an anti-ARP-spoofing entry and then click the option. IP address Displays the IP address scanned by anti-ARP-spoofing. -
Page 31: Figure1-27 Arp Configuration
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure1-27 ARP configuration Table1-21 describes the details of ARP configuration. Table1-21 ARP configuration Item Description Interface name Displays the all interfaces name of the device. Enable state... -
Page 32: Chapter 2 Load Balancing
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Chapter 2 Load Balancing 2.1 Link Load Balancing 2.1.1 Introduction to Link Load Balancing Link load balancing is to establish several outbound interfaces according to the link of different operator, which taking full advantage of the resource, meanwhile it supports several link back up mutually, to ensure the network stably working. -
Page 33: Isp
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Route COST Configure the route cost (cost should be in 1-255) Health check state Select a health check state Operation Click the copy icon and the delete icon to do the operations. -
Page 34: Link Health Check
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure2-3 Logic link group 2.3 Link health check To enter the link health check page, you choose Firewall module > Load balancing > Link health check, as shown in Figure2-4. -
Page 35: Chapter 3 Vpn
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Chapter 3 VPN VPN (Virtual Private Network) which is defined as public network (usually is defined as Internet) to create a temporary, safe link, it is a secure and steady tunnel traversing promiscuous public network. It supports SSL, IPsec, L2TP, and GRE and provides safe and efficient protection for enterprise or government user. -
Page 36: Figure3-1 Ipsec Vpn Configuration
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure3-1 IPsec VPN configuration Table3-1 describes the configuration items of the IPsec VPN. Table3-1 IPsec VPN configuration Item Description Connection name Displays the name of IPsec configuration policy, which is configured by user. -
Page 37: Dpvpn
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Type in a name of IPsec rule which is correspond to the requirement Click Enable IPsec operation Configure the local IP address item, such as 10.66.0.11 ... -
Page 38: Xauth User
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 3.1.4 Xauth user To enter the Xauth user page, you choose Firewall module > VPN > IPSec > Xauth user, as shown in Figure3-3. Figure3-3 Xauth user 3.1.5 IPsec interface... -
Page 39: Operation Log
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Item Description Local IP address Displays local IP address of IPsec connection. Remote IP address Displays remote IP address of IPsec connection. Local protected network Displays local protected network of IPsec connection. -
Page 40: L2Tp
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 3.2 L2TP 3.2.1 Introduction to L2TP L2TP is a standard Internet tunnel protocol similar to the PPTP protocol, and both of them can encrypt network on the network stream. -
Page 41: Gre Vpn
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 3.3 GRE VPN 3.3.1 Introduction to the GRE Generic Routing Encapsulation (GRE) is a protocol designed for encapsulating and carrying the packets of one network layer protocol (for example, IP or IPX) over another network layer protocol (for example, IP). GRE is a tunneling technology and serves as a Layer 3 tunneling protocol. -
Page 42: Ssl Vpn
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 After you finished the above steps, you can click the Ok button on the upper right. 3.4 SSL VPN 3.4.1 Introduction to the SSL VPN SSL VPN is the most security technology to solve the remote user access the sensitive company data. -
Page 43: Resource Configuration
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Item Description Address range which allocate to users Resource configuration: Configure the segment which users require to visit. Configure the subnets to which the user connect Resource configuration: Configure the information and description of resource group. -
Page 44: Online User Status
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure3-11 Resource configuration 3.4.5 Online user status To enter the online user status page, you choose Firewall module > VPN > SSL VPN > online user status, as shown in Figure3-12. -
Page 45: Figure3-13 Operation Log Query
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Figure3-13 Operation log query... -
Page 46: Chapter 4 Ids Integration
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 Chapter 4 IDS integration 4.1 IDS integration log To enter the IDS integration log page, you choose Firewall module > IDS Integration log, as shown in Figure4-1.
Need help?
Do you have a question about the DPX8000 Series and is the answer not in the manual?
Questions and answers