Manuals / D-Link / Computer Equipment / Network Card

D-Link DFL-700 manual Open Example, Close Example

Models: DFL-700

1 141

Download 141 pages 4.85 Kb

Page 81

One event will be generated when a connection is established. This event will include information about protocol, receiving interface, source IP address, source port, destination interface, destination IP address and destination port.

Open Example:

Oct 20 2003 09:47:56 gateway EFW: CONN: prio=1 rule=Rule_8 conn=open connipproto=TCP connrecvif=lan connsrcip=192.168.0.10 connsrcport=3179 conndestif=wan conndestip=64.7.210.132 conndestport=80

In this line, traffic from 192.168.0.10 on the LAN interface is connecting to 64.7.210.132 on port 80 on the WAN side of the firewall (internet).

Another event is generated when the connection is closed. The information included in the event is the same as in the event sent when the connection was opened, with the exception that statistics regarding sent and received traffic is also included.

Close Example:

Oct 20 2003 09:48:05 gateway EFW: CONN: prio=1 rule=Rule_8 conn=close connipproto=TCP connrecvif=lan connsrcip=192.168.0.10 connsrcport=3179 conndestif=wan conndestip=64.7.210.132 conndestport=80 origsent=62 termsent=60

In this line, the connection in the other example is closed.

Image 81

D-Link DFL-700 manual Open Example, Close Example

Contents

Link DFL-700 Contents Firewall Servers Status 132 129Access Control supported Features and BenefitsIntroduction Introduction to FirewallsIntroduction to Local Area Networking Physical Connections LEDsSystem Requirements Package ContentsManaging D-Link DFL-700 Resetting the DFL700Administrative Access Administration SettingsAdd Admin access to an interface Add ping access to an interfaceEnable Snmp access to an interface Add Read-only access to an interfaceSystem InterfacesChange IP of the LAN or DMZ interface WAN Interface Settings Using Static IP WAN Interface Settings Using DhcpIP Address The IP address of the WAN interface. This is Password WAN Interface Settings Using PPPoEWAN Interface Settings Using Pptp WAN Interface Settings Using BigPond Password The password supplied to you by your ISPTraffic Shaping MTU Configuration Routing Add a new Static Route Remove a Static RouteGo to System and Routing Logging Enable Logging Enable Audit LoggingEnable E-mail alerting for ISD/IDP events Page Time Setting time and date manually Using NTP to sync timeChanging time zone Checking the Set the system time boxPolicy FirewallPolicy modes Action TypesSource and Destination Filter Service FilterSchedule Intrusion Detection / PreventionTraffic Shaping Add a new policy Enable the Delete policy checkbox Configure Intrusion DetectionEnable the Intrusion Detection / Prevention checkbox Change order of policyConfigure Intrusion Prevention Add a new mapping Port mapping / Virtual ServersDelete mapping Enable the Delete mapping checkboxAdd Administrative User Administrative usersChange Administrative User Access level Change Administrative User PasswordEnable the Change password checkbox Enable the Delete user checkbox Delete Administrative UserDFL-700 Radius Support UsersEnable Radius Support Enable User Authentication via Http / HttpsAdd User Change User PasswordDelete User Add new recurring schedule SchedulesAdding TCP, UDP or TCP/UDP Service ServicesAdding IP Protocol Grouping ServicesProtocol-independent settings Introduction to IPsec VPNIntroduction to Pptp Introduction to L2TPPoint-to-Point Protocol MPPE, Microsoft Point-To-Point Encryption Authentication ProtocolsL2TP/PPTP Clients Authentication protocolL2TP/PPTP Servers Authentication Protocol Introduction chapterMppe encryption Creating a LAN-to-LAN IPSec VPN Tunnel VPN between two networksCreating a Roaming Users IPSec VPN Tunnel VPN between client and an internal networkAdding a L2TP/PPTP VPN Server Adding a L2TP/PPTP VPN ClientVPN Advanced Settings Proposal Lists IKE Proposal ListIPSec Proposal List Trusting Certificates CertificatesLocal identities Certificates of remote peersIdentities Certificate AuthoritiesActive content handling Content FilteringEdit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Servers Dhcp Server SettingsEnable Dhcp Relay Enable Dhcp ServerDisable Dhcp Server/Relayer Enable by checking the Use built-in Dhcp Server boxDNS Relayer Settings Enable DNS RelayerEnable by checking the Enable DNS Relayer box Disable DNS Relayer Tools PingPing Example Dynamic DNS Add Dynamic DNS SettingsBackup Exporting the DFL-700’s ConfigurationRestoring the DFL-700’s Configuration Restart/Reset Restoring system settings to factory defaultsRestarting the DFL-700 Page Upgrade Upgrade FirmwareUpgrade IDS Signature-database Status SystemCPU Load Interfaces VPN Connections Dhcp Server Users Usage events How to read the logsDrop events Conn eventsClose Example Open ExampleStep by step guides LAN-to-LAN VPN using IPsec LAN IP 192.168.4.1, Subnet maskLocal net 192.168.4.0/24 Remote Net 192.168.1.0/24 Enable Automatically add a route for the remote networkLocal net 192.168.1.0/24 LAN IP 192.168.1.1, Subnet maskRemote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Activate and wait for the firewall to restart Settings for Main office Page Under Users in local database click Add new Select Local databasePage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Settings for Main office Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Windows XP client and Pptp server Settings for the Windows XP clientSelect Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 108 Select Do not dial the initial connection and click Next Page Click Properties Page Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Windows XP client and L2TP server 116 Settings for Main office Page Content filtering Select HTTP/HTML Content Filtering in the ALG dropdown Firewall-ServicesPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Traffic shaping Limit bandwidth to a serviceGuarantee bandwidth to a service Page Appendix a Icmp Types and Codes AppendixesPage ESP Appendix B Common IP Protocol NumbersLimited Warranty What Is Not Covered Wichtige Sicherheitshinweise Warnung CE Mark WarningAdvertencia de Marca de la CE AttenzioneVcci Warning Offices 138 Page 140