D-Link DWC-1000 User Manual - Page 304

useful when the Default Outbound Policy is Block Always so the IT admin can, Outbound Policy is

Get D-Link DWC-1000 PDF manuals and user guides View all D-Link DWC-1000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 304 highlights

Wireless Controller User Manual Traffic t h ro u g h each n etwo rk s egmen t (LA N, Op t io n , DM Z) can b e t racked b ased on whether the packet was accepted or dropp ed by the firewall. Accepted Packets are thos e that were s ucces s fully trans ferred through the co rres p o n d in g n et wo rk s eg men t (i.e. LA N t o Op t io n ). Th is o p t io n is p art icu larly u s efu l wh en t h e Defau lt Ou t b o u n d Po licy is "Blo ck A lway s " s o t h e IT ad min can mo n it o r t raffic t h at is p as s ed t h ro u g h t h e firewall.  Exampl e : If A ccep t Packet s fro m LA N t o Op t io n is en ab led an d t h ere is a firewall ru le t o allo w SSH t raffic fro m LA N, t h en wh en ev er a LA N mach in e t ries t o make an SSH co n n ect io n , t h o s e p acket s will b e accep t ed an d a mes s ag e will b e lo g g ed . (A s s u min g t h e lo g o p t io n is s et t o A llo w fo r t h e SSH firewall rule.) Dropped Packets are packets that were intentionally blocked from being trans ferred t h ro u g h t h e co rrespo ndin g n et work s eg men t. Th is o p tio n is u s efu l wh en t h e Defau lt Outbound Policy is "Allow Always ".  Exampl e : If Dro p Packet s fro m LA N t o Op t io n is en ab led an d t h ere is a firewall ru le t o b lo ck SSH t raffic fro m LA N, t h en wh en ev er a LA N mach in e t ries t o make an SSH co n n ect io n , t h o s e p acket s will b e d ro p p ed a n d a mes s ag e will b e lo g g ed . (M ake s u re t h e lo g o p t io n is s et t o allo w fo r t h is firewall rule.)  En ab lin g accep t ed p acket lo g g in g t h ro u g h t h e firewall may g en erat e a s ig n ifican t v o lu me o f lo g mes s ag es d ep en d in g o n t h e t y p ical n et wo rk t raffic. Th is is reco mmen d ed fo r d eb u g g in g p u rp o s es o n ly . In ad d it io n t o n et work s egmen t lo g gin g, u n icast an d mu lt icast t raffic can b e lo g g ed . Unicas t packets have a s ingle des tination on the network, whereas broadcas t (or mu lt icas t ) p acket s are s en t t o all p o s s ib le d es t in at io n s s imu lt an eo u s ly . On e o t h er us eful log control is to log packets that are dropped due to configured bandwidth p ro files o v er a p art icu lar in t erface. Th is d ata will in d icat e t o t h e ad min wh et h er t h e b an d wid t h p ro file h as t o b e mo d ified t o acco u n t fo r t h e d es ired in t ern et t raffic o f LA N u s ers . 302

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
Wireless Controller
User Manual
302
Traffic through each network segment (LAN, Option, DMZ) can be tracked based on
whether the packet was accepted or dropped by the firewall.
Accepted Packets are those that were successfully transferred through the
corresponding network segment (i.e. LAN to Option). This option is particularly
useful when the Default Outbound Policy is “Block Always” so the IT admin can
monitor traffic that is passed through the firewall.
Example
: If Accept Packets from LAN to Option is enabled and there is a
firewall rule to allow SSH traffic from LAN, then whenever a LAN machine
tries to make an SSH connection, those packets will be accepted and a
message will be logged. (Assuming the log option is set to Allow for the
SSH firewall rule.)
Dropped Packets are packets that were intentionally blocked from being transferred
through the corresponding network segment. This option is useful when the Default
Outbound Policy is “Allow Always”.
Example
: If Drop Packets from LAN to Option is enabled and there is a
firewall rule to block SSH traffic from LAN, then whenever a LAN machine
tries to make an SSH connection, those packets will be dropped and a
message will be logged. (Make sure the log option is set to allow for this
firewall rule.)
Enabling accepted packet logging through the firewall may generate a
significant volume of log messages depending on the typical network
traffic. This is recommended for debugging purposes only.
In addition to network segment logging, unicast and multicast traffic can be logged.
Unicast packets have a single destination on the network, whereas broadcast (or
multicast) packets are sent to all possible destinations simultaneously. One other
useful log control is to log packets that are dropped due to configured bandwidth
profiles over a particular interface. This data will indicate to the admin whether the
bandwidth profile has to be modified to account for the desired internet traffic of
LAN users.