Zonedefense Operation; Snmp; Threshold Rules - D-Link NetDefend DFL-210 User Manual
Network security firewall ver. 1.05
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
12.3. ZoneDefense Operation
12.3. ZoneDefense Operation
12.3.1. SNMP
Simple Network Management Protocol (SNMP) is an application layer protocol for complex net-
work management. SNMP allows the managers and managed devices in a network to communicate
with each other.
SNMP Managers
A typical managing device, such as a D-Link Firewall, uses the SNMP protocol to monitor and con-
trol network devices in the managed environment. The manager can query stored statistics from the
controlled devices by using the SNMP Community String. This is similar to a userid or password
which allows access to the device's state information. If the community string type is write, the man-
ager will be allowed to modify the device's state.
Managed devices
The managed devices must be SNMP compliant, as are D-Link switches. They store state data in
databases known as the Management Information Base (MIB) and provide the information to the
manager upon receiving an SNMP query.
12.3.2. Threshold Rules
A threshold rule will trigger ZoneDefense to block out a specific host or a network if the connection
limit specified in the rule is exceeded. The limit can be one of two types:
•
Connection Rate Limit - This can be triggered if the rate of new connections per second to the
firewall exceeds a specified threshold.
•
Total Connections Limit - This can be triggered if the total number of connections to the fire-
wall exceeds a specified threshold.
Threshold rules have parameters which are similar to those for IP Rules. These parameters specify
what type of traffic a threshold rule applies to.
A single threshold rule has the parameters:
•
Source interface and source network
•
Destination interface and destination network
•
Service
•
Type of threshold: Host and/or network based
Traffic that matches the above criteria and causes the host/network threshold to be exceeded will
trigger the ZoneDefense feature. This will prevent the host/networks from accessing the switch(es).
All blocking in response to threshold violations will be based on the IP address of the host or net-
work on the switch(es). When a network-based threshold has been exceeded, the source network
will be blocked out instead of just the offending host.
For a general description of how Threshold Rules are specified and function, please see Sec-
tion 10.2, "Threshold Rules".
237
Chapter 12. ZoneDefense
Advertisement
Table of Contents
