D-Link DFL-800 Product Manual - Page 313
Anti-Virus with ZoneDefense, 4.6. Anti-Virus Options
UPC - 790069282133
View all D-Link DFL-800 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 313 highlights
6.4.6. Anti-Virus Options Chapter 6. Security Mechanisms 3. This reconfiguration causes a failover so the passive unit becomes the active unit. 4. When the update is completed, the newly active unit also downloads the files for the update and performs a reconfiguration. 5. This second reconfiguration causes another failover so the passive unit reverts back to being active again. These steps result in both NetDefend Firewalls in a cluster having updated databases and with the original active/passive roles. For more information about HA clusters refer to Chapter 11, High Availability. Anti-Virus with ZoneDefense Anti-Virus triggered ZoneDefense is a feature for isolating virus infected hosts and servers on a local network. While the virus scanning firewall takes care of blocking inbound infected files from reaching the local network, ZoneDefense can be used for stopping viruses to spread from an already infected local host to other local hosts. When the NetDefendOS virus scanning engine has detected a virus, the NetDefend Firewall will upload blocking instructions to the local switches and instruct them to block all traffic from the infected host or server. Since ZoneDefense blocking state in the switches is a limited resource, the administrator has the possibility to configure which hosts and servers that should be blocked at the switches when a virus has been detected. For example: A local client downloads an infected file from a remote FTP server over the Internet. NetDefendOS detects this and stops the file transfer. At this point, NetDefendOS has blocked the infected file from reaching the internal network. Hence, there would be no use in blocking the remote FTP server at the local switches since NetDefendOS has already stopped the virus. Blocking the server's IP address would only consume blocking entries in the switches. For NetDefendOS to know which hosts and servers to block, the administrator has the ability to specify a network range that should be affected by a ZoneDefense block. All hosts and servers that are within this range will be blocked. The feature is controlled through the Anti-Virus configuration in the ALGs. Depending on the protocol used, there exist different scenarios of how the feature can be used. For more information about this topic refer to Chapter 12, ZoneDefense. Example 6.19. Activating Anti-Virus Scanning This example shows how to setup an Anti-Virus scanning policy for HTTP traffic from lannet to all-nets. We will assume there is already a NAT rule defined in the IP rule set to NAT this traffic. Command-Line Interface First, create an HTTP Application Layer Gateway (ALG) Object with Anti-Virus scanning enabled: gw-world:/> set ALG ALG_HTTP anti_virus Antivirus=Protect Next, create a Service object using the new HTTP ALG: gw-world:/> add ServiceTCPUDP http_anti_virus Type=TCP DestinationPorts=80 ALG=anti_virus Finally, modify the NAT rule to use the new service: gw-world:/> set IPRule NATHttp Service=http_anti_virus 313