Zonedefense; Overview - D-Link NetDefend DFL-210 User Manual

Chapter 12. ZoneDefense
This chapter describes the D-Link ZoneDefense feature.
• Overview, page 420
• ZoneDefense Switches, page 421
• ZoneDefense Operation, page 422

12.1. Overview

ZoneDefense Controls Switches
ZoneDefense allows a D-Link Firewall to control locally attached switches. It can be used as a
counter-measure to stop a virus-infected computer in a local network from infecting other
computers.
When hosts or clients on a network become infected with viruses or another form of malicious code,
this can often show its presence through anomalous behavior, often by large numbers of new
connections being opened to outside hosts.
Using Thresholds
By setting up Threshold Rules, hosts or networks that are exceeding a defined connection threshold
can be dynamically blocked using the ZoneDefense feature. Thresholds are based on either the
number of new connections made per second, or on the total number of connections being made.
These connections may be made by either a single host or all hosts within a specified CIDR network
range (an IP address range specified by a combination of an IP address and its associated network
mask).
ACL Upload
When NetDefendOS detects that a host or a network has reached the specified limit, it uploads
Access Control List (ACL) rules to the relevant switches and this blocks all traffic for the host or
network displaying the unusual behavior. Blocked hosts and networks remain blocked until the
system administrator manually unblocks them using the Web or Command Line interface.
Note: ZoneDefense is not available on all D-Link models
The ZoneDefense feature is only available on the D-Link DFL-800, DFL-860,
DFL-1600 and DFL-2500 product models.
420