Services, Organizing addresses into address groups | D-Link DFL-500

Organizing addresses into address groups

You can organize related addresses into address groups to make it easier to add policies. For example, if you add three addresses, and then add them to an address group, you only have to add one policy for the address group rather than three separate policies, one for each address.

You can add address groups to both interfaces. The address group can only contain addresses from that interface. Address groups are available in interface source or destination address lists.

Address groups cannot have the same names as individual addresses. If an address group is included in a policy, it cannot be deleted unless it is first removed from the policy.

•Go to Firewall > Address > Group .

•Select the interface list to which to add the address group: New Int Group, or New Ext Group.

Adding an internal address group

•Enter a Group Name to identify the address group.

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.

•To add addresses to the address group, select an address from the Available Addresses list and select the right arrow to add it to the Members list.

•To remove addresses from the address group, select an address from the Members list and select the left arrow to remove it from the group.

•Select OK to add the address group.

Services

Use services to control the types of communication accepted or denied by the firewall. You can add any of the predefined services to a policy. You can also create your own custom services and add services to service groups.

This section describes:

DFL-500 User Manual	32

Image 32

D-Link DFL-500 user manual Services, Organizing addresses into address groups, Go to Firewall Address Group

Contents

Link DFL-500 Regulatory Compliance Table of Contents Firewall configuration IPSec VPNs Logging and reporting Page NAT/Route mode and Transparent mode NAT/Route modeTransparent mode Introduction DFL-500 QuickStart Guide DFL-500 CLI Reference Guide Customer service and technical supportFor more information Mounting Package contentsGetting started Powering on Initial configuration Connecting to the web-based manager Bits per second Connecting to the command line interface CLIDFL-500 login Stop bits Flow control Next stepsData bits Parity NAT/Route mode settings NAT/Route mode installationPreparing to configure NAT/Route mode Using the setup wizard Using the command line interfaceStarting the setup wizard Reconnecting to the web-based manager Connecting to your networks Set system route number 1 gw1 Configuring your internal network Completing the configurationSetting the date and time DFL-500 NPG network connections Transparent mode installation Preparing to configure Transparent modeChanging to Transparent mode Transparent mode settings Administrator Password Configuring the Transparent mode management IP address Set system management ip 10.10.10.2 Configure the Transparent mode default gateway Setting the date and timeConnecting to your network DFL-500 network connections Firewall configuration Default policy Go to Firewall Policy Adding NAT/Route mode policiesChanging to NAT/Route mode Source Destination Schedule Service Action AuthenticationDynamic IP Pool Fixed Port VPN Tunnel Content filtering Web filter Adding a NAT/Route Int -Ext policy Adding Transparent mode policiesSource Destination Schedule Service Log Traffic Authentication Web filter Policy matching in detail Configuring policy listsAdding a Transparent mode Int -Ext policy Enabling and disabling policies AddressesChanging the order of policies in a policy list Adding addresses Deleting addressesGo to Firewall Address Adding a firewall address Services Organizing addresses into address groupsGo to Firewall Address Group Adding an internal address group Predefined services Providing access to custom servicesGrouping services Go to Firewall Service Custom Adding a service group SchedulesCreating one-time schedules Go to Firewall Schedule One-time Virtual IPs Creating recurring schedulesAdding a schedule to a policy Go to Firewall Schedule Recurring Static NAT Port Forwarding Adding static NAT virtual IPsGo to Firewall Virtual IP Using port forwarding virtual IPs Adding a static NAT virtual IP Adding policies with virtual IPs Go to Firewall Policy Ext IntAdding a Port Forwarding virtual IP Source IP pools Destination Schedule Service ActionAuthentication Log Traffic Web filter Go to Firewall IP/MAC Binding Setting IP/MAC bindingGo to Firewall IP/MAC Binding Static IP/MAC Adding an IP Pool Configuring IP/MAC binding for packets going to the firewall Adding IP/MAC addresses IP/MAC settings Viewing the dynamic IP/MAC listEnabling IP/MAC binding Go to Firewall IP/MAC Binding Dynamic IP/MAC Users and authentication Setting authentication time outAdding user names and configuring authentication Adding user names and configuring authentication Adding a user name DisableDeleting user names from the internal database Configuring Radius support Example Radius configurationAdding Radius servers Deleting Radius servers Configuring user groups Adding user groups Deleting user groups Adding a user group IPSec VPNs Interoperability with IPSec VPN products Configuring AutoIKE key IPSec VPN See Adding a remote gateway Configuring a VPN concentrator for hub and spoke VPN Configuring manual key IPSec VPNConfiguring dialup VPN Configuring the VPN concentrator Configuring the member VPNs Configuring IPSec redundancy Local ID Adding a remote gatewayGo to VPN Ipsec Remote Gateway Adding a remote gateway Dialup User selected About dialup VPN authenticationNat-traversal Keepalive Frequency Main mode with no user group selected About DH groups About the P1 proposalLocal ID Empty Key Go to VPN Ipsec AutoIKE Key Adding an AutoIKE key VPN tunnelAbout NAT traversal About the P2 proposal About replay detectionAutokey Keep Alive Concentrator Adding an AutoIKE key VPN tunnel Go to VPN Ipsec Manual Key Adding a manual key VPN tunnelAbout perfect forward secrecy PFS Adding a VPN concentrator Adding a manual key VPN tunnel Adding an encrypt policy Adding a VPN concentrator VPN Tunnel Allow inbound Go to Firewall Policy Int-ExtAdding an encrypt policy Viewing VPN tunnel status Allow outbound Inbound AutoIKE key tunnel status Testing a VPNViewing dialup VPN connection status Page Pptp VPN configuration Pptp and L2TP VPNs Pptp VPN between a Windows client and the DFL-500 NPG Configuring the DFL-500 NPG as a Pptp gatewayGo to VPN Pptp Pptp Range Example Pptp Range configuration Source Destination Service Action L2TP VPN configuration Configuring the DFL-500 NPG as an L2TP gatewayGo to VPN L2TP L2TP Range L2TP VPN between a Windows client and the DFL-500 NPG Sample L2TP address range configuration Web content filtering Enabling web content FilteringBlocking web pages that contain unwanted content Configuring content filtering Backing up and restoring the banned word list Changing the content block messageClearing the banned word list Go to Web Filter URL Block Blocking access to URLsConfiguring URL blocking Clearing the URL block list Changing the URL block messageDownloading the URL block list Uploading a URL block list Go to Web Filter Script Filter Exempting URLs from content or URL blockingRemoving scripts from web pages Adding URLs to the Exempt URL List Clearing the Exempt URL listDownloading the Exempt URL list Go to Web Filter Exempt URL Uploading an Exempt URL list Configuring Logging Go to Log&Report Log settingLogging and reporting Recording logs on a remote computer Selecting what to log Configuring alert emailExample log settings Configuring alert email Go to System Network DNS Administration System status Upgrading the DFL-500 NPG firmware Execute ping Enter File Name image.out Enter Tftp Server AddressEnter Local Address Backing up system settings Restoring system settingsRestoring system settings to factory defaults Displaying the DFL-500 NPG serial number Changing to Transparent mode System status monitor Restarting the DFL-500 NPGShutting down the DFL-500 NPG Network configuration System status monitorCPU usage Memory usage Up time Total Number of Sessions Protocol From IP From Port To IP To Port Expire Clear Configuring the internal interface Configuring the external interfaceConfiguring the internal interface Go to System Network Interface Configuring the external interface with a static IP address Configuring the external interface for PPPoE Configuring the external interface Https Ping SSH Snmp Configuring routing Configuring the management interface Transparent modeSetting DNS server addresses Adding routing gateways Go to System Network Routing Table Adding a default routeAdding routes to the routing table Configuring the routing table Adding routes Transparent modeEnabling RIP server support Go to System Network Routing Providing Dhcp services to your internal network Default Route Exclusion RangeGo to System Network Dhcp Starting IP Ending IP Netmask Lease Duration Domain Example Dynamic IP list System configurationSample Dhcp settings Example date and time setting Setting system date and timeGo to System Config Time Adding and editing administrator accounts Go to System Config AdminChanging web-based manager options Read Write Only Configuring Snmp Go to System Config Snmp 100 Glossary 101 102 103 Index 104 CLI 105 Dhcp 106 Snmp 107 PFS 108 Transparent mode manual key Adding VPN tunnel IPSec VPN 109 NTP 110 Pptp 111 Smtp 112 VPN 113 IPSec VPN Remote Gateway user groups Deleting 114 115 Technical Support 116 Registration Card 117 118 Limited Warranty 119 120 121 Registration 122