D-Link DFL-2500 User Guide - Page 65
Error Report & Connection Protection
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 65 highlights
46 Chapter 8. Logical Objects Service Group The services defined in the above options can be grouped in order to simplify security policy configuration. Consider a web server using standard HTTP as well as SSL encrypted HTTP (HTTPS, refer to 22.3 SSL/TLS(HTTPS) ). Instead of having to create two separate rules allowing both types of services through the firewall, a service group named, for instance, "Web", can be created, with the HTTP and the HTTPS services as group members (shown in the example below). Example: Specifying a "Web" service group WebUI : Follow the steps outlined below: 1. Adding a TCP service object "HTTP" with port 80. 2. Adding a TCP service object "HTTPS" with port 443. 3. Objects → Services → Add → Service Group General Name: Web Pick "HTTP" and "HTTPS" from Available list and put them into Selected list. Click OK. 8.2.2 Error Report & Connection Protection ICMP error message ICMP error messages provide feedback about problems in the communication environment, e.g. when an IP packet cannot reach its destination. However, ICMP error messages and firewalls are usually not a very good combination; the ICMP error messages are initiated at the destination host (or a device within the path to the destination) and sent to the originating host. The result is that the ICMP error message will be interpreted by the firewall as a new connection and dropped, if not explicitly allowed by the firewall rule-set. Allowing any inbound ICMP message to be able to have those error messages forwarded is generally not D-Link Firewalls User's Guide