D-Link DFL-260E User Manual for DFL-260E - Page 542
Manual Blocking and Exclude, Lists, Exclude Lists
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 542 highlights
12.3.3. Manual Blocking and Exclude Lists Chapter 12. ZoneDefense As a complement to threshold rules, it is also possible to manually define hosts and networks that are to be statically blocked or excluded. Manually blocked hosts and networks can be blocked by default or based on a schedule. It is also possible to specify which protocols and protocol port numbers are to be blocked. Exclude Lists can be created and used to exclude hosts from being blocked when a threshold rule limit is reached. Good practice includes adding to the list the firewall's interface IP or MAC address connecting towards the ZoneDefense switch. This prevents the firewall from being accidentally blocked out. Example 12.1. A simple ZoneDefense scenario The following simple example illustrates the steps needed to set up ZoneDefense. It is assumed that all interfaces on the firewall have already been configured. An HTTP threshold of 10 connections/second is applied. If the connection rate exceeds this limitation, the firewall will block the specific host (in network range 192.168.2.0/24 for example) from accessing the switch completely. A D-Link switch model DES-3226S is used in this case, with a management interface address 192.168.1.250 connecting to the firewall's interface address 192.168.1.1. This firewall interface is added into the exclude list to prevent the firewall from being accidentally locked out from accessing the switch. Web Interface Add a new switch into ZoneDefense section: 1. Go to: ZoneDefense > Switches > Add > ZoneDefense switch 2. Now enter: • Name: switch1 • Switch model: DES-3226S • IP Address: 192.168.1.250 3. For SNMP Community enter the Write Community String configured for the switch 4. Press Check Switch to verify the firewall can communicate with the switch and the community string is correct. 5. Click OK Add the firewall's management interface into the exclude list: 1. Go to: ZoneDefense > Exclude list 542