Inbound Traffic Options - D-Link NetDefend SOHO DFL-160 User Manual

Netdefend soho utm firewall
Hide thumbs Also See for NetDefend SOHO DFL-160:
Table of Contents

Advertisement

4.3. Inbound Traffic Options

4.3. Inbound Traffic Options
This set of NetDefendOS options deals using firewalling to protect against inbound traffic. The term
inbound refers to connections that are initiated from the public Internet on the WAN interface.
These connections are typically made to access some resource that sits behind the DFL-160, such as
an HTTP server that is sitting on the DMZ network. By default, NO SUCH CONNECTIONS
ARE ALLOWED and the administrator must explicitly allow individual protocols by ticking one
or more of the checkboxes on this page of the web interface.
This page of the web interface is divided into 3 parts:
A. Inbound Traffic
B. Inbound Multicast
C. Custom Traffic
A. Inbound Traffic
A pre-defined list is displayed on this page of all the most common protocols. Ticking the checkbox
against a protocol name means that inbound traffic of just that protocol type will be allowed
through. The presentation of the first few checkboxes in the web interface is shown below.
The IP address for each service must be entered. Default IP addresses are already entered but these
probably need to be changed. The IP address entered would be a private IP address of the internal
host if NAT is being used or a public IP address if it is not.
If there are two IP addresses for a particular service (for instance 2 web servers) then the inbound
traffic to one could be allowed by ticking the box here and the inbound traffic to the other could be
allowed by creating a Custom Traffic rule as described below. If NAT is being used then the port
numbers for each server must be different (otherwise NAT cannot function).
A named Schedule can be defined and then associated with any protocol for inbound traffic.
Schedules specify times when a particular protocol is allowed. Schedules can also be defined for
outbound traffic protocols. More details can be found in Section 4.10, "Schedules".
B. Inbound Multicast
Multicast is an IP networking technique that allows a single host to broadcast messages to multiple
receiving clients. If such inbound traffic is allowed then the allowed IP address range can also be
specified.
Multimedia applications sometimes make use of multicast and the administrator should check with
the needs of internal users to determine if this option should be enabled. For example, "IP-TV" is an
Important: Changing the management access port number
Note that if HTTP or HTTPS is allowed then management access that uses the same
protocol must have the default port number changed. This is explained more fully in
Section 3.1, "Administration".
45
Chapter 4. The Firewall Menu

Advertisement

Table of Contents
loading

Table of Contents