9.2.3. IPsec Roaming Clients with Certificates
.........................................
234
9.2.4. L2TP Roaming Clients with Pre-Shared Keys
.................................
234
9.2.5. L2TP Roaming Clients with Certificates
........................................
236
9.2.6. PPTP Roaming Clients
...............................................................
236
9.2.7. VPN Troubleshooting
.................................................................
237
9.3. IPsec
..................................................................................................
240
9.3.1. Overview
.................................................................................
240
9.3.2. Internet Key Exchange (IKE)
.......................................................
240
9.3.3. IKE Authentication
....................................................................
245
9.3.4. IPsec Protocols (ESP/AH)
...........................................................
247
9.3.5. NAT Traversal
..........................................................................
248
9.3.6. Proposal Lists
...........................................................................
249
9.3.7. Pre-shared Keys
........................................................................
250
9.3.8. Identification Lists
.....................................................................
251
9.4. IPsec Tunnels
......................................................................................
253
9.4.1. Overview
.................................................................................
253
9.4.2. LAN to LAN Tunnels with Pre-shared Keys
...................................
253
9.4.3. Roaming Clients
........................................................................
253
9.4.4. Fetching CRLs from an alternate LDAP server
................................
259
9.5. PPTP/L2TP
.........................................................................................
260
9.5.1. PPTP
.......................................................................................
260
9.5.2. L2TP
.......................................................................................
261
10. Traffic Management
......................................................................................
267
10.1. Traffic Shaping
..................................................................................
267
10.1.1. Introduction
............................................................................
267
10.1.2. Traffic Shaping in NetDefendOS
.................................................
268
10.1.3. Simple Bandwidth Limiting
.......................................................
269
10.1.4. Limiting Bandwidth in Both Directions
........................................
270
10.1.5. Creating Differentiated Limits with Chains
...................................
271
10.1.6. Precedences
............................................................................
272
10.1.7. Guarantees
..............................................................................
274
10.1.8. Differentiated Guarantees
..........................................................
274
10.1.9. Groups
...................................................................................
275
10.1.10. Recommendations
..................................................................
276
10.1.11. A Summary of Traffic Shaping
.................................................
277
10.2. Threshold Rules
.................................................................................
279
10.2.1. Overview
................................................................................
279
10.2.2. Connection Rate/Total Connection Limiting
..................................
279
10.2.3. Grouping
................................................................................
279
10.2.4. Rule Actions
...........................................................................
279
10.2.5. Multiple Triggered Actions
........................................................
280
10.2.6. Exempted Connections
..............................................................
280
10.2.7. Threshold Rules and ZoneDefense
..............................................
280
10.2.8. Threshold Rule Blacklisting
.......................................................
280
10.3. Server Load Balancing
........................................................................
281
10.3.1. Overview
................................................................................
281
10.3.2. Identifying the Servers
..............................................................
282
10.3.3. The Load Distribution Mode
......................................................
282
10.3.4. The Distribution Algorithm
........................................................
282
10.3.5. Server Health Monitoring
..........................................................
284
10.3.6. SLB_SAT Rules
......................................................................
284
11. High Availability
..........................................................................................
289
11.1. Overview
..........................................................................................
289
11.2. High Availability Mechanisms
..............................................................
291
11.3. High Availability Setup
.......................................................................
293
11.3.1. Hardware Setup
.......................................................................
293
11.3.2. NetDefendOS Setup
.................................................................
294
11.3.3. Verifying Cluster Functioning
....................................................
294
11.4. High Availability Issues
.......................................................................
296
12. ZoneDefense
................................................................................................
298
12.1. Overview
..........................................................................................
298
12.2. ZoneDefense Switches
.........................................................................
299
12.3. ZoneDefense Operation
.......................................................................
300
User Manual
7