D-Link DFL-860E User Manual for DFL-260E - Page 135
IP Rules, 3.6.1. Security Policies, Security Policy Characteristics
View all D-Link DFL-860E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 135 highlights
3.6. IP Rules Chapter 3. Fundamentals 3.6. IP Rules 3.6.1. Security Policies Before examining IP rule sets in detail, we will first look at the generic concept of security polices to which IP rule sets belong. Security Policy Characteristics NetDefendOS security policies are configured by the administrator to regulate the way in which traffic can flow through the NetDefend Firewall. Such policies are described by the contents of different NetDefendOS rule sets. These rule sets share a uniform means of specifying filtering criteria which determine the type of traffic to which they will apply. The possible filtering criteria consist of the following: Source Interface An Interface or Interface Group where the packet is received at the NetDefend Firewall. This could also be a VPN tunnel. Source Network The network that contains the source IP address of the packet. This might be a NetDefendOS IP object which could define a single IP address or range of addresses. Destination Interface An Interface or an Interface Group from which the packet would leave the NetDefend Firewall. This could also be a VPN tunnel. Destination Network The network to which the destination IP address of the packet belongs. This might be a NetDefendOS IP object which could define a single IP address or range of addresses. Service The protocol type to which the packet belongs. Service objects define a protocol/port type. Examples are HTTP and ICMP. Service objects also define any ALG which is to be applied to the traffic NetDefendOS provides a large number of predefined service objects but administrator defined custom services can also be created. Existing service objects can also be collected together into service groups. See Section 3.3, "Services" for more information about this topic. The NetDefendOS Security Policy Rule Sets The principle NetDefendOS rule sets that define NetDefendOS security policies, and which use the same filtering parameters described above (networks/interfaces/service), include: • IP Rules These determine which traffic is permitted to pass through the NetDefend Firewall as well as determining if the traffic is subject to address translation. The network filter for these rules can be IPv4 or IPv6 addresses (but not both in a single rule). They are described further later in this section. • Pipe Rules These determine which traffic triggers traffic shaping to take place and are described in Section 10.1, "Traffic Shaping". 135