D-Link DFL-260E User Manual for DFL-260E - Page 541
ZoneDefense Operation, 12.3.1. SNMP, 12.3.2. Threshold Rules
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 541 highlights
12.3. ZoneDefense Operation Chapter 12. ZoneDefense 12.3. ZoneDefense Operation 12.3.1. SNMP Simple Network Management Protocol (SNMP) is an application layer protocol for complex network management. SNMP allows the managers and managed devices in a network to communicate with each other. SNMP Managers A typical managing device, such as a NetDefend Firewall, uses the SNMP protocol to monitor and control network devices in the managed environment. The manager can query stored statistics from the controlled devices by using the SNMP Community String. This is similar to a userid or password which allows access to the device's state information. If the community string type is write, the manager will be allowed to modify the device's state. Managed devices The managed devices must be SNMP compliant, as are D-Link switches. They store state data in databases known as the Management Information Base (MIB) and provide the information to the manager upon receiving an SNMP query. 12.3.2. Threshold Rules A threshold rule will trigger ZoneDefense to block out a specific host or a network if the connection limit specified in the rule is exceeded. The limit can be one of two types: • Connection Rate Limit - This can be triggered if the rate of new connections per second to the firewall exceeds a specified threshold. • Total Connections Limit - This can be triggered if the total number of connections to the firewall exceeds a specified threshold. Threshold rules have parameters which are similar to those for IP Rules. These parameters specify what type of traffic a threshold rule applies to. A single threshold rule has the parameters: • Source interface and source network • Destination interface and destination network • Service • Type of threshold: Host and/or network based Traffic that matches the above criteria and causes the host/network threshold to be exceeded will trigger the ZoneDefense feature. This will prevent the host/networks from accessing the switch(es). All blocking in response to threshold violations will be based on the IP address of the host or network on the switch(es). When a network-based threshold has been exceeded, the source network will be blocked out instead of just the offending host. For a general description of how Threshold Rules are specified and function, please see Section 10.3, "Threshold Rules". 12.3.3. Manual Blocking and Exclude Lists 541