Home » D-Link Manuals » Networking » D-Link DFL-700 » Manual Viewer

D-Link DFL-700 Product Manual - Page 30

Intrusion Detection / Prevention, Traffic Shaping, Inspection Only, Prevention, Normal, Critical

UPC - 790069264535

Add to My Manuals
Save this manual to your list of manuals

Page 30 highlights

Intrusion Detection / Prevention The DFL-700 Intrusion Detection/Prevention System (IDS/IDP) is a real-time intrusion detection and prevention sensor that identifies and takes action against a wide variety of suspicious network activity. The IDS uses intrusion signatures, stored in the attack database, to identify the most common attacks. In response to an attack, the IDS will protect the networks behind the DFL-700 by dropping the traffic. To notify responsible parties of the malicious attack, the IDS will send e-mails to the system administrators if e-mail alerting is enabled and configured. D-Link updates the attack database periodically. There are two modes that can be configured, either Inspection Only or Prevention. Inspection Only will only inspect the traffic, and if the DFL-700 detects anything it will log, e-mail an alert (if configured), and pass on the traffic. If Prevention is used the traffic will be dropped and logged and if configured, an e-mail alert will be sent. Traffic Shaping The simplest way to obtain quality of service in a network, seen from a security as well as a functionality perspective, is to have the components in the network, not the applications, be responsible for network traffic control in well-defined choke points. Traffic shaping works by measuring and queuing IP packets, in transit, with respect to a number of configurable parameters. Differentiated rate limits and traffic guarantees based on source, destination and protocol parameters can be created; much the same way firewall policies are implemented. There are three different priorities when configuring the traffic shaping, Normal, High and Critical. Limit works by limiting the inbound and outbound traffic to the specified speed. This is the maximum bandwidth that can be used by traffic using this policy. Note however that if you have other policies using limit; which in total is more then your total internet connection and have configured the traffic limits on the WAN interface this limit is sometimes lowered to allow traffic with higher priorities to have precedence. By using Guarantee, you can traffic using a policy a minimum bandwidth, this will only work if the traffic limits for the WAN interface are configured correctly. 30

Section	Page
Introduction	7
Features and Benefits	7
Introduction to Firewalls	7
Introduction to Local Area Networking	8
LEDs	9
Physical Connections	9
Package Contents	10
System Requirements	10
Managing D-Link DFL-700	11
Resetting the DFL-700	11
Administration Settings	12
Administrative Access	12
Add ping access to an interface	13
Add Admin access to an interface	13
Add Read-only access to an interface	14
Enable SNMP access to an interface	14
System	15
Interfaces	15
Change IP of the LAN or DMZ interface	15
WAN Interface Settings – Using Static IP	16
WAN Interface Settings – Using DHCP	16
WAN Interface Settings – Using PPPoE	17
WAN Interface Settings – Using PPTP	18
WAN Interface Settings – Using L2TP	19
WAN Interface Settings – Using BigPond	20
Traffic Shaping	20
MTU Configuration	21
Routing	22
Add a new Static Route	23
Remove a Static Route	23
Logging	24
Enable Logging	25
Enable Audit Logging	25
Enable E-mail alerting for IDS/IDP events	25
Time	26
Changing time zone	27
Using NTP to sync time	27
Setting time and date manually	27
Firewall	28
Policy	28
Policy modes	28
Action Types	28
Source and Destination Filter	28
Service Filter	29
Schedule	29
Intrusion Detection / Prevention	30
	30
Traffic Shaping	30
Add a new policy	31
Change order of policy	32
Delete policy	32
Configure Intrusion Detection	32
Configure Intrusion Prevention	33
Port mapping / Virtual Servers	34
Add a new mapping	34
Delete mapping	35
Administrative users	36
Add Administrative User	36
Change Administrative User Access level	37
Change Administrative User Password	37
Delete Administrative User	38
Users	39
The DFL-700 RADIUS Support	39
Enable User Authentication via HTTP / HTTPS	40
Enable RADIUS Support	40
Add User	41
Change User Password	41
Delete User	42
	42
Schedules	43
Add new recurring schedule	43
Add new one-time schedule	44
Services	45
Adding TCP, UDP or TCP/UDP Service	45
Adding IP Protocol	46
Grouping Services	46
Protocol-independent settings	47
VPN	48
Introduction to IPSec	48
Introduction to PPTP	48
Introduction to L2TP	49
Point-to-Point Protocol	49
Authentication Protocols	50
MPPE, Microsoft Point-To-Point Encryption	50
L2TP/PPTP Clients	51
L2TP/PPTP Servers	52
IPSec VPN between two networks	53
Creating a LAN-to-LAN IPSec VPN Tunnel	53
VPN between client and an internal network	54
	54
Creating a Roaming Users IPSec Tunnel	54
	54
Adding an L2TP/PPTP VPN Client	55
Adding an L2TP/PPTP VPN Server	55
VPN – Advanced Settings	56
Limit MTU	56
IKE Mode	56
IKE DH Group	56
PFS – Perfect Forward Secrecy	56
NAT Traversal	56
Keepalives	56
Proposal Lists	57
IKE Proposal List	57
IPSec Proposal List	57
Certificates	58
Trusting Certificates	58
Local identities	58
Certificates of remote peers	58
Certificate Authorities	58
Identities	59
Content Filtering	60
Edit the URL Global Whitelist	60
Edit the URL Global Blacklist	61
Active content handling	61
Servers	62
DHCP Server Settings	62
Enable DHCP Server	63
Enable DHCP Relay	63
Disable DHCP Server/Relay	63
DNS Relay Settings	64
Enable DNS Relayer	64
Disable DNS Relayer	64
Tools	65
Ping	65
Ping Example	65
Dynamic DNS	66
Add Dynamic DNS Settings	66
Backup	67
Exporting the DFL-700’s Configuration	67
Restoring the DFL-700’s Configuration	67
Restart/Reset	68
Restoring system settings to factory defaults	69
Upgrade	70
Upgrade Firmware	70
Upgrade IDS Signature-database	70
Status	71
System	71
Interfaces	72
VPN	73
Connections	74
DHCP Server	75
Users	76
How to read the logs	77
	77
USAGE events	77
	77
DROP events	77
CONN events	78
Step by Step Guides	79
LAN-to-LAN VPN using IPSec	80
Settings for Main office	82
LAN-to-LAN VPN using PPTP	84
Settings for Main office	86
LAN-to-LAN VPN using L2TP	90
Settings for Branch office	90
Settings for Main office	93
A more secure LAN-to-LAN VPN solution	97
Settings for Branch office	97
Settings for Main office	100
	100
Windows XP client and PPTP server	101
Settings for the Windows XP client	101
Settings for Main office	108
Windows XP client and L2TP server	111
Settings for the Windows XP client	111
Settings for Main office	113
Intrusion Detection and Prevention	115
Appendixes	118
Appendix A: ICMP Types and Codes	118
Appendix B: Common IP Protocol Numbers	120
Appendix C: Multiple Public IP addresses	121
Appendix D: HTTP Content Filtering	129
Warranty	135
Copyright Statement: No part of this publication or documentation accompanying this Product may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems, Inc., as stipulated by the United States Copyright Act of 1976. Contents are subject to change without prior notice. Copyright© 2005 by D-Link Corporation/D-Link Systems, Inc. All rights reserved.	137
	137
	137
	137
	137
	137

Match case Limit results 1 per page

Intrusion Detection / Prevention

The DFL-700 Intrusion Detection/Prevention System (IDS/IDP) is a real-time intrusion

detection and prevention sensor that identifies and takes action against a wide variety of

suspicious network activity. The IDS uses intrusion signatures, stored in the attack database,

to identify the most common attacks. In response to an attack, the IDS will protect the

networks behind the DFL-700 by dropping the traffic. To notify responsible parties of the

malicious attack, the IDS will send e-mails to the system administrators if e-mail alerting is

enabled and configured. D-Link updates the attack database periodically. There are two

modes that can be configured, either

Inspection Only

Prevention

. Inspection Only will

only inspect the traffic, and if the DFL-700 detects anything it will log, e-mail an alert (if

configured), and pass on the traffic. If Prevention is used the traffic will be dropped and

logged and if configured, an e-mail alert will be sent.

Traffic Shaping

The simplest way to obtain quality of service in a network, seen from a security as well as

a functionality perspective, is to have the components in the network, not the applications, be

responsible for network traffic control in well-defined choke points.

Traffic shaping works by measuring and queuing IP packets, in transit, with respect to a

number of configurable parameters. Differentiated rate limits and traffic guarantees based on

source, destination and protocol parameters can be created; much the same way firewall

policies are implemented.

There are three different priorities when configuring the traffic shaping,

Normal

High

and

Critical

Limit

works by limiting the inbound and outbound traffic to the specified speed. This is the

maximum bandwidth that can be used by traffic using this policy. Note however that if you

have other policies using limit; which in total is more then your total internet connection and

have configured the traffic limits on the WAN interface this limit is sometimes lowered to allow

traffic with higher priorities to have precedence.

By using

Guarantee

, you can traffic using a policy a minimum bandwidth, this will only

work if the traffic limits for the WAN interface are configured correctly.