D-Link DFL-200 manual Source and Destination Filter, Service Filter, Schedule

Page 28

Source and Destination Filter

Source Nets – Specifies the sender span of IP addresses to be compared to the received packet. Leave this blank to match everything.

Source Users/Groups – Specifies if an authenticated username is needed for this policy to match. Either make a list of usernames, separated by , or write Any for any authenticated user. If it’s left blank there is no need for authentication for the policy.

Destination Nets – Specifies the span of IP addresses to be compared to the destination IP of the received packet. Leave this blank to match everything.

Destination Users/Groups – Specifies if an authenticated username is needed for this policy to match. Either make a list of usernames, separated by , or write Any for any authenticated user. If it’s left blank there is no need for authentication for the policy.

Service Filter

Either choose a predefined service from the dropdown menu or make a custom.

The following custom services exist:

All – This service matches all protocols.

TCP+UDP+ICMP – This service matches all ports on either the TCP or the UDP protocol, including ICMP.

Custom TCP – This service is based on the TCP protocol.

Custom UDP – This service is based on the UDP protocol.

Custom TCP+UDP – This service is based on either the TCP or the UDP protocol.

The following is used when making a custom service:

Custom source/destination ports – For many services, a single destination port is sufficient. The source port most often be all ports, 0-65535. The http service, for instance, is using destination port 80. A port range can also be used, meaning that a range 137-139 covers ports 137, 138 and 139. Multiple ranges or individual ports may also be entered, separated by commas. For instance, a service can be defined as having source ports 1024- 65535 and destination ports 80-82, 90-92, 95. In this case, a TCP or UDP packet with the destination port being one of 80, 81, 82, 90, 91, 92 or 95, and the source port being in the range 1024-65535, will match this service.

Schedule

If a schedule should be used for the policy, choose one from the dropdown menu, these are specified on the Schedules page. If the policy should always be active, choose Always from the dropdown menu.

28

Image 28
Contents Link DFL-200 Contents VPN Servers 111 122 125Features and Benefits Access Control supportedIntroduction Introduction to FirewallsIntroduction to Local Area Networking LEDs Physical ConnectionsPackage Contents System RequirementsResetting the DFL-200 Managing D-Link DFL-200Administration Settings Administrative AccessAdd ping access to an interface Add Admin access to an interfaceAdd Read-only access to an interface Enable Snmp access to an interfaceInterfaces SystemChange IP of the LAN or DMZ interface WAN Interface Settings Using Dhcp WAN Interface Settings Using Static IPIP Address The IP address of the WAN interface. This is WAN Interface Settings Using PPPoE PasswordWAN Interface Settings Using Pptp MTU Configuration WAN Interface Settings Using BigPondPassword The password supplied to you by your ISP Routing Remove a Static Route Add a new Static RouteGo to System and Routing Logging Enable Audit Logging Enable LoggingEnable E-mail alerting for ISD/IDP events Page Time Using NTP to sync time Setting time and date manuallyChanging time zone Checking the Set the system time boxFirewall PolicyPolicy modes Action TypesSource and Destination Filter Service FilterSchedule Intrusion Detection / Prevention Add a new policyConfigure Intrusion Detection Enable the Delete policy checkboxEnable the Intrusion Detection / Prevention checkbox Change order of policyConfigure Intrusion Prevention Port mapping / Virtual Servers Add a new mappingEnable the Delete mapping checkbox Delete mappingUsers DFL-200 Radius SupportEnable User Authentication via Http / Https Enable Radius SupportEnable the Change password checkbox Change User PasswordAdd User Enable the Delete user checkbox Delete UserSchedules Add new recurring scheduleServices Adding TCP, UDP or TCP/UDP ServiceGrouping Services Adding IP ProtocolProtocol-independent settings VPN Introduction to IPSecIntroduction to L2TP Introduction to PptpPoint-to-Point Protocol Authentication Protocols MPPE, Microsoft Point-To-Point EncryptionAuthentication protocol L2TP/PPTP ClientsAuthentication Protocol Introduction chapter L2TP/PPTP ServersMppe encryption VPN between two networks Creating a LAN-to-LAN IPSec VPN TunnelVPN between client and an internal network Creating a Roaming Users IPSec VPN TunnelAdding a L2TP/PPTP VPN Client Adding a L2TP/PPTP VPN ServerVPN Advanced Settings IKE Proposal List Proposal ListsIPSec Proposal List Certificates Trusting CertificatesLocal identities Certificates of remote peersIdentities Content Filtering Active content handlingEdit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Dhcp Server Settings ServersEnable Dhcp Server Enable Dhcp RelayDisable Dhcp Server/Relayer Enable by checking the Use built-in Dhcp Server boxEnable DNS Relayer DNS Relayer SettingsEnable by checking the Enable DNS Relayer box Disable DNS Relayer Tools PingDynamic DNS Add Dynamic DNS SettingsPing Example Exporting the DFL-200’s Configuration BackupRestoring the DFL-200’s Configuration Restart/Reset Restarting the DFL-200Restoring system settings to factory defaults Page Upgrade Firmware UpgradeUpgrade IDS Signature-database System StatusCPU Load Interfaces VPN Connections Click Connections below it. a window willDhcp Server Logging How to read the logs Usage eventsDrop events Conn eventsOpen Example Close ExampleStep by step guides LAN-to-LAN VPN using IPsec LAN IP 192.168.4.1, Subnet maskEnable Automatically add a route for the remote network Remote Net 192.168.1.0/24LAN IP 192.168.1.1, Subnet mask Local net 192.168.1.0/24Remote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Global policy parameters Settings for Main office Page Select Local database Under Users in local database click Add newPage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Settings for the Windows XP client Windows XP client and Pptp serverSelect Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 104 Select Do not dial the initial connection and click Next Page Click Properties Page Name the new user HomeUser Enter password Retype password Page Windows XP client and L2TP server 112 Settings for Main office Page Content filtering Firewall-Services Select HTTP/HTML Content Filtering in the ALG dropdownPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Appendixes Appendix a Icmp Types and CodesPage Appendix B Common IP Protocol Numbers ESPLimited Warranty What Is Not Covered Wichtige Sicherheitshinweise CE Mark Warning WarnungAdvertencia de Marca de la CE AttenzioneVcci Warning Offices Singapore D-LINK International 132
Related manuals
Manual 14 pages 8.62 Kb Manual 12 pages 24 Kb