Protocol-independent settings | D-Link DFL-200 instruction

Protocol-independent settings

Allow ICMP errors from the destination to the source – ICMP error messages are sent in several situations: for example, when an IP packet cannot reach its destination. The purpose of these error control messages is to provide feedback about problems in the communication environment.

However, ICMP error messages and firewalls are usually not a very good combination; the ICMP error messages are initiated at the destination host (or a device within the path to the destination) and sent to the originating host. The result is that the ICMP error message will be interpreted by the firewall as a new connection and dropped, if not explicitly allowed by the firewall rule-set. Now, allowing any inbound ICMP message to be able have those error messages forwarded is generally not a good idea.

To solve this problem, DFL-200 can be instructed to pass an ICMP error message only if it is related to an existing connection. Check this option to enable this feature for connections using this service.

ALG – Like other stateful inspection based firewalls, DFL-200 filters on information found in packet headers, for instance in IP, TCP, UDP and ICMP headers.

In some situations though, filtering on header data only is not sufficient. The FTP protocol, for instance, includes IP address and port information in the protocol payload. In these cases, the firewall needs to be able to examine the payload data and carry out appropriate actions. DFL-200 provides this functionality using Application Layer Gateways, also known as ALGs.

To use an Application Layer Gateway, the appropriate Application Layer Gateway definition is selected in the dropdown menu. The selected Application Layer Gateway will thus manage network traffic that matches the policy using this service.

Currently, DFL-200 supports two Application Layer Gateways, one is used to manage the FTP protocol and the other one is a HTTP Content Filtering ALG. For detailed information about how to configure the HTTP Application Layer Gateway, please see the Content Filtering chapter.

Image 41

D-Link DFL-200 manual Protocol-independent settings

Contents

Link DFL-200 Contents VPN Servers 111 125 122 Access Control supported Features and BenefitsIntroduction Introduction to Firewalls Introduction to Local Area Networking Physical Connections LEDs System Requirements Package Contents Managing D-Link DFL-200 Resetting the DFL-200 Administrative Access Administration Settings Add Admin access to an interface Add ping access to an interface Enable Snmp access to an interface Add Read-only access to an interface Change IP of the LAN or DMZ interface SystemInterfaces IP Address The IP address of the WAN interface. This is WAN Interface Settings Using Static IPWAN Interface Settings Using Dhcp Password WAN Interface Settings Using PPPoE WAN Interface Settings Using Pptp Password The password supplied to you by your ISP WAN Interface Settings Using BigPondMTU Configuration Routing Go to System and Routing Add a new Static RouteRemove a Static Route Logging Enable E-mail alerting for ISD/IDP events Enable LoggingEnable Audit Logging Page Time Setting time and date manually Using NTP to sync timeChanging time zone Checking the Set the system time box Policy FirewallPolicy modes Action Types Schedule Service FilterSource and Destination Filter Add a new policy Intrusion Detection / Prevention Enable the Delete policy checkbox Configure Intrusion DetectionEnable the Intrusion Detection / Prevention checkbox Change order of policy Configure Intrusion Prevention Add a new mapping Port mapping / Virtual Servers Delete mapping Enable the Delete mapping checkbox DFL-200 Radius Support Users Enable Radius Support Enable User Authentication via Http / Https Add User Change User PasswordEnable the Change password checkbox Delete User Enable the Delete user checkbox Add new recurring schedule Schedules Adding TCP, UDP or TCP/UDP Service Services Adding IP Protocol Grouping Services Protocol-independent settings Introduction to IPSec VPN Point-to-Point Protocol Introduction to PptpIntroduction to L2TP MPPE, Microsoft Point-To-Point Encryption Authentication Protocols L2TP/PPTP Clients Authentication protocol L2TP/PPTP Servers Authentication Protocol Introduction chapter Mppe encryption Creating a LAN-to-LAN IPSec VPN Tunnel VPN between two networks Creating a Roaming Users IPSec VPN Tunnel VPN between client and an internal network Adding a L2TP/PPTP VPN Server Adding a L2TP/PPTP VPN Client VPN Advanced Settings IPSec Proposal List Proposal ListsIKE Proposal List Trusting Certificates CertificatesLocal identities Certificates of remote peers Identities Active content handling Content Filtering Edit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Servers Dhcp Server Settings Enable Dhcp Relay Enable Dhcp ServerDisable Dhcp Server/Relayer Enable by checking the Use built-in Dhcp Server box Enable by checking the Enable DNS Relayer box DNS Relayer SettingsEnable DNS Relayer Disable DNS Relayer Ping Tools Ping Example Add Dynamic DNS SettingsDynamic DNS Restoring the DFL-200’s Configuration BackupExporting the DFL-200’s Configuration Restarting the DFL-200 Restart/Reset Restoring system settings to factory defaults Page Upgrade IDS Signature-database UpgradeUpgrade Firmware CPU Load StatusSystem Interfaces VPN Click Connections below it. a window will Connections Dhcp Server Logging Usage events How to read the logsDrop events Conn events Close Example Open Example Step by step guides LAN IP 192.168.4.1, Subnet mask LAN-to-LAN VPN using IPsec Remote Net 192.168.1.0/24 Enable Automatically add a route for the remote network Local net 192.168.1.0/24 LAN IP 192.168.1.1, Subnet mask Remote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Global policy parameters Settings for Main office Page Under Users in local database click Add new Select Local databasePage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Windows XP client and Pptp server Settings for the Windows XP client Select Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 104 Select Do not dial the initial connection and click Next Page Click Properties Page Name the new user HomeUser Enter password Retype password Page Windows XP client and L2TP server 112 Settings for Main office Page Content filtering Select HTTP/HTML Content Filtering in the ALG dropdown Firewall-ServicesPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Appendix a Icmp Types and Codes AppendixesPage ESP Appendix B Common IP Protocol Numbers Limited Warranty What Is Not Covered Wichtige Sicherheitshinweise Warnung CE Mark WarningAdvertencia de Marca de la CE Attenzione Vcci Warning Offices Singapore D-LINK International 132