1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

The Ip Rule Set; Security Policies - D-Link NetDefend DFL-210 User Manual

Network security firewall
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

3.5. The IP Rule Set

3.5. The IP Rule Set

3.5.1. Security Policies

Policy Characteristics
NetDefendOS Security Policies designed by the administrator, regulate the way in which traffic can
flow through a D-Link Firewall. Policies in NetDefendOS are defined by different NetDefendOS
rule sets. These rule sets share a common means of specifying filtering criteria which determine the
type of traffic to which they will apply. This set of criteria consists of:
Source Interface
Source Network
Destination Interface
Destination Network
Service
The NetDefendOS rule sets, all of which use the same five filtering parameters, include:
IP rules.
Pipe rules (see Section 10.1, "Traffic Shaping").
Policy-based Routing rules (see Section 4.3, "Policy-based Routing").
IDP rules (see Section 6.5, "Intrusion Detection and Prevention").
Authentication rules (source net/interface only - see Chapter 8, User Authentication).
Specifying Any Interface or Network
When specifying the filtering criteria in any of the rule sets specified above there are three useful
pre-defined options that can be used :
For a Source or Destination Network, the all-nets option is equivalent to the IP address 0.0.0.0/0
which will mean that any IP address is acceptable.
For Source or Destination Interface, the any option can be used so that NetDefendOS will not
care about the interface which the traffic is going to or coming from.
The Destination Interface can be specified as core. This means that traffic, such as an ICMP
Ping is destined for the D-Link Firewall itself and it is NetDefendOS that will respond to it.
An Interface or Interface Group where the packet is received at
the D-Link Firewall. This can also be a VPN tunnel.
The network that contains the source IP address of the packet.
This might be a NetDefendOS IP object which could define a
single IP address or range of addresses.
An Interface or an Interface Group from which the packet
would leave the D-Link Firewall. This can also be a VPN tunnel.
The network to which the destination IP address of the packet
belongs. This might be a NetDefendOS IP object which could
define a single IP address or range of addresses.
The protocol type to which the packet belongs. Service objects
define a protocol/port type. Examples might be HTTP or ICMP.
Custom services can also be defined.(see Section 3.2, "Services"
for more information.)
73
Chapter 3. Fundamentals

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Content for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Netdefend dfl-2500Dfl-1600Netdefend dfl-860Netdefend dfl-260Netdefend dfl-800 ... Show all

Table of Contents