D-Link DFL-1100 Product Manual - Page 36
Intrusion Detection / Prevention, Traffic Shaping, Policy Routing
![]() |
UPC - 790069270239
View all D-Link DFL-1100 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 36 highlights
Intrusion Detection / Prevention The DFL-1100 Intrusion Detection/Prevention System (IDS/IDP) is a real-time intrusion detection and prevention sensor that identifies and takes action against a wide variety of suspicious network activity. The IDS uses intrusion signatures, stored in the attack database, to identify the most common attacks. In response to an attack, the IDS will protect the networks behind the DFL-1100 by dropping the traffic. To notify responsible parties of the malicious attack, the IDS will send e-mails to the system administrators if e-mail alerting is enabled and configured. D-Link updates the attack database periodically. There are two modes that can be configured, either Inspection Only or Prevention. Inspection Only will only inspect the traffic, and if the DFL-1100 detects anything it will log, e-mail an alert (if configured), and pass on the traffic. If Prevention is used the traffic will be dropped and logged and if configured, an e-mail alert will be sent. Traffic Shaping The simplest way to obtain quality of service in a network, seen from a security as well as a functionality perspective, is to have the components in the network, not the applications, be responsible for network traffic control in well-defined choke points. Traffic shaping works by measuring and queuing IP packets, in transit, with respect to a number of configurable parameters. Differentiated rate limits and traffic guarantees based on source, destination and protocol parameters can be created; much the same way firewall policies are implemented. There are three different priorities when configuring the traffic shaping, Normal, High and Critical. Limit works by limiting the inbound and outbound traffic to the specified speed. This is the maximum bandwidth that can be used by traffic using this policy. Note however that if you have other policies using limit; which in total is more then your total internet connection and have configured the traffic limits on the WAN interface this limit is sometimes lowered to allow traffic with higher priorities to have precedence. By using Guarantee, you can traffic using a policy a minimum bandwidth, this will only work if the traffic limits for the WAN interface are configured correctly. Policy Routing Normal routing can be said to be a simple form of policy based routing; the "policy" is the routing table, and the only data that can be filtered on is the destination IP address of the packet. What is commonly referred to as policy based routing, is, simply put, an extension of what fields of the packet we look at to determine the routing decision. In the DFL-1100, each rule in the firewall policy can specify its own routing decision; in essence, we route according to the source and destination IP addresses and ports. Policy based routing can for example be used to route certain protocols through transparent proxies such as web caches and anti-virus scanners, without adding another point of failure for the network as a whole. It's very important to know that the proxy must support this also for it to work. 36
![](/manual_guide/products/dlink-dfl1100-product-manual-7ad74b3/36.png)