D-Link DFL-200 Intrusion Detection / Prevention , Add a new policy

Intrusion Detection / Prevention

The DFL-200 Intrusion Detection/Prevention System (IDS/IDP) is a real-time intrusion

detection and prevention sensor that identifies and takes action against a wide variety of

suspicious network activity. The IDS uses intrusion s ignatures, stored in the attack database,

to identify the most common attacks. In response to an attack, the IDS protect the networks

behind the DFL-200 by dropping the traffic. To notify of the attack the IDS sends an email to

the system administrators if email alerting is converted. There are two modes that can be

configured, either Inspection Only or Prevention. Inspection Only will only inspect the traffic

and if the DFL-200 sees anything it will log, email an alert (if configur ed) and pass on the

traffic, if Prevention is used the traffic will be dropped and logged and if configured a email

alert will be sent.

D-Link updates the attack database periodically. Since firmware v ersion 1.30.00 automatic

updates are possible. If IDS or IDP is enabled for at least one of the policies or port mappings,

auto updating of the IDS database will be enabled. The firewall will then automatically

download the latest database from the D-Link website.

Add a new policy

Follow these steps to add a new outgoing policy.

Step 1. Choose the LAN->WAN policy list from the available policy lists.

Step 2. Click on the Add new link.

Step 3. Fill in the following values:

Name: Specifies a symbolic name for the rule. This name is used mainly as a rule

reference in log data and for easy reference in the policy list.

Action: Select Allow to allow this type of traffic.

Source Nets: – Specifies the sender span of IP addresses to be compared to the

received packet. Leave this blank to match everything.

Source Users/Groups: Specifies if an authenticated username is needed for this policy to

match. Either make a list of usernames, separated by , or write Any for any authenticated

user. If it’s left blank there is no need for authentication for the policy.

Destination Nets: Specifies the span of IP addresses to be compared to the destination

IP of the received packet. Leave this blank to match everything.

Destination Users/Groups: Specifies if an authenticated username is needed for this

policy to match. Either make a list of usernames, separated by , or write Any for any

authenticated user. If it’s left blank there is no need for authentication for the policy.

Service: Either choose a predefined service from the dropdown menu or make a custom.

Schedule: Choose what schedule should be used for this polic y to match, choose Always

for no scheduling.

Click the Apply button below to apply the change or click Cancel to discard changes