D-Link DFL-800-AV-12 User Manual - Page 146
SMTP, Allow/Disallow Read, Remove Request Option, Block Unknown Options, Maximum Blocksize
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 146 highlights
6.2.5. SMTP Chapter 6. Security Mechanisms TFTP is widely used in enterprise environments for updating software and backing up configurations on network devices. TFTP is recognised as being an inherently insecure protocol and its usage is often confined to internal networks. The NetDefendOS ALG provides an extra layer of security to TFTP in being able to put restrictions on its use. General TFTP Options Allow/Disallow Read Allow/Disallow Write Remove Request Option Block Unknown Options The TFTP GET function can be disabled so that files cannot be retrieved by a TFTP client. The default value is Allow. The TFTP PUT function can be disabled so that files cannot be written by a TFTP client. The default value is Allow. Specifies if options should be removed from request. The default is False which means "don't remove". This option allows the blocking of any option in a request other than the blocksize, the timeout period and the file transfer size. The default is False which means "don't block". TFTP Request Options As long as the Remove Request Option described above is set to false (options aren't removed) then the following request option settings can be applied: Maximum Blocksize Maxiumum File Size Allow Directory Traversal The maximum blocksize allowed can be specified. The allowed range is 0 to 65464 bytes. The default value is 65464 bytes. The maximum size of a file transfer can be restricted. By default this is the absolute maximum allowed which 999,999 KBytes. This option can disallow directory traversal through the use of filenames contaning consecutive periods (".."). Allowing Request Timeouts The NetDefendOS TFTP ALG blocks the repetition of an TFTP request coming from the same source IP address and port within a fixed period of time. The reason for this is that some TFTP clients might issue requests from the same source port without allowing an appropriate timeout period. 6.2.5. SMTP Simple Mail Transfer Protocol (SMTP) is a text based protocol used for transferring email between mail servers over the Internet. Typically the local SMTP server will be located on a DMZ so that mail sent by remote SMTP servers will traverse the D-Link Firewall to reach the local server (this setup is illustrated later in Section 6.2.5.1, "DNSBL SPAM Filtering"). Local users will then use email client software to retrieve their email from the local SMTP server. SMTP ALG Options Key features of the SMTP ALG are: 146