User Guide
Page 74
... should be auto-negotiated or locked to LAN (or one of the interface in 8.1 Address Book) 2. D-Link Firewalls User's Guide "lan ip" and "lan gate", and an IP4 Network - Specifying the IP4 Host - Interfaces → Ethernet: Click the item ...", "lannet", and the default gateway address "lan gate". Specifies if duplex should be adjusted here.) Media - Ethernet 55 Example: A LAN interface configuration The interface connected to full or half duplex. → Advanced: Automatic Route Creation check boxes Route Metric edit box (By checking these options and specifying...
... should be auto-negotiated or locked to LAN (or one of the interface in 8.1 Address Book) 2. D-Link Firewalls User's Guide "lan ip" and "lan gate", and an IP4 Network - Specifying the IP4 Host - Interfaces → Ethernet: Click the item ...", "lannet", and the default gateway address "lan gate". Specifies if duplex should be adjusted here.) Media - Ethernet 55 Example: A LAN interface configuration The interface connected to full or half duplex. → Advanced: Automatic Route Creation check boxes Route Metric edit box (By checking these options and specifying...
User Guide
Page 78
... interface. (The same ID will have the same VLAN ID if they are excellent tools for the VLAN interface. The D-Link Firewalls with gigabit Ethernet interfaces can easily be used on the terminating side.) Address Settings IP Address: Select the IP address this... Add → VLAN: Enter the following: General Name: Type a name for expanding the number of the gigabit D-Link Firewalls User's Guide Virtual LAN (VLAN) 59 Example: Configure a VLAN Interface in D-Link Firewalls. 9.2. VLAN ID: Select a suitable VLAN ID. WebUI : 1. Interface: Select the Ethernet interface to one ...
... interface. (The same ID will have the same VLAN ID if they are excellent tools for the VLAN interface. The D-Link Firewalls with gigabit Ethernet interfaces can easily be used on the terminating side.) Address Settings IP Address: Select the IP address this... Add → VLAN: Enter the following: General Name: Type a name for expanding the number of the gigabit D-Link Firewalls User's Guide Virtual LAN (VLAN) 59 Example: Configure a VLAN Interface in D-Link Firewalls. 9.2. VLAN ID: Select a suitable VLAN ID. WebUI : 1. Interface: Select the Ethernet interface to one ...
User Guide
Page 80
...the external network and to be done on an Ethernet network to the Internet through PPPoE to DHCP 9.3). Example: Configuring the firewall as a DHCP client To enable the firewall acting as a DHCP client and locate external DHCP ...multiple users on a per-user basis. It is used as a single DSL line, wireless device or cable modem. D-Link Firewalls User's Guide PPPoE 61 and usually accepts the first offer it receives. and then Click OK. 9.4... their broadband service. Clients can be used for each user: • Support security and access-control - 9.4.
...the external network and to be done on an Ethernet network to the Internet through PPPoE to DHCP 9.3). Example: Configuring the firewall as a DHCP client To enable the firewall acting as a DHCP client and locate external DHCP ...multiple users on a per-user basis. It is used as a single DSL line, wireless device or cable modem. D-Link Firewalls User's Guide PPPoE 61 and usually accepts the first offer it receives. and then Click OK. 9.4... their broadband service. Clients can be used for each user: • Support security and access-control - 9.4.
User Guide
Page 83
...client on the WAN interface. Authentication It is enabled, a new route will be routed over the PPPoE tunnel. Interfaces Example: A PPPoE Client configuration This example describes how to you by your service provider. The PPPoE client is configured on -demand: Disable Advanced If "Add ...demand Enable Dial-on the WAN interface and all traffic into the tunnel) Service Name: If your service provider. Then click OK D-Link Firewalls User's Guide We keep the default settings for this interface. Confirm Password: Retype the password. WebUI : PPPoE Client We will...
...client on the WAN interface. Authentication It is enabled, a new route will be routed over the PPPoE tunnel. Interfaces Example: A PPPoE Client configuration This example describes how to you by your service provider. The PPPoE client is configured on -demand: Disable Advanced If "Add ...demand Enable Dial-on the WAN interface and all traffic into the tunnel) Service Name: If your service provider. Then click OK D-Link Firewalls User's Guide We keep the default settings for this interface. Confirm Password: Retype the password. WebUI : PPPoE Client We will...
User Guide
Page 120
...;gure DNS servers in Address Book). The configured servers are used within the firewall can be considered as the DHCP server. Example: Configuring DNS server(s) WebUI : System → DNS: Primary Server: Enter the IP address of the server has been defined in... D-Link firewalls. Secondary Server: (Optional) Tertiary Server: (Optional) Then click OK. 101 Also, the DHCP server within the firewall whenever there is need to ...
...;gure DNS servers in Address Book). The configured servers are used within the firewall can be considered as the DHCP server. Example: Configuring DNS server(s) WebUI : System → DNS: Primary Server: Enter the IP address of the server has been defined in... D-Link firewalls. Secondary Server: (Optional) Tertiary Server: (Optional) Then click OK. 101 Also, the DHCP server within the firewall whenever there is need to ...
User Guide
Page 157
... user can be specified into the lannet auth users folder. WebUI : 1. Password: Enter the user's password. 138 Chapter 17. "user1". D-Link Firewalls User's Guide User Authentication Example: Configuring the local user database In the example of "users" group into more than one group. lannet auth users → Add → User...
... user can be specified into the lannet auth users folder. WebUI : 1. Password: Enter the user's password. 138 Chapter 17. "user1". D-Link Firewalls User's Guide User Authentication Example: Configuring the local user database In the example of "users" group into more than one group. lannet auth users → Add → User...
User Guide
Page 158
... typed above. Confirm Secret:Retype the string to its HTTP(TCP port 80) agent; 17.4. Scenarios: User Authentication Configuration 139 Example: Configuring a RADIUS server An external user authentication server can be appended under the Allow rule from the interface where authentication is...
... typed above. Confirm Secret:Retype the string to its HTTP(TCP port 80) agent; 17.4. Scenarios: User Authentication Configuration 139 Example: Configuring a RADIUS server An external user authentication server can be appended under the Allow rule from the interface where authentication is...
User Guide
Page 176
.... A URL can for the ALG. WebUI : 1. 18.3. D-Link Firewalls User's Guide The opposite requirement could also be downloaded. no removal of a security policy, it , while a whitelisted URL allows full access to certain trusted resources. Example: Configuring HTTP ALG In this example, a HTTP ALG in a similar way... Layer Gateways → Add → HTTP ALG: General: Enter a descriptive name for example be configured in a D-Link firewall is configured to be true - HTTP 157 URL Filtering A Uniform Resource Locator (URL) is added into the blacklist.
.... A URL can for the ALG. WebUI : 1. 18.3. D-Link Firewalls User's Guide The opposite requirement could also be downloaded. no removal of a security policy, it , while a whitelisted URL allows full access to certain trusted resources. Example: Configuring HTTP ALG In this example, a HTTP ALG in a similar way... Layer Gateways → Add → HTTP ALG: General: Enter a descriptive name for example be configured in a D-Link firewall is configured to be true - HTTP 157 URL Filtering A Uniform Resource Locator (URL) is added into the blacklist.
User Guide
Page 206
... Log Receiver for IDS Events 187 Figure 19.3: Signature Database Update 19.5 SMTP Log Receiver for Hold Time seconds before sending a new e-mail. Example: Configuring a SMTP Log Receiver In this example, an Intrusion Detection Rule is equal to receive notifications via e-mail of IDS events, a SMTP Log ...receiver can be sent if the number of events occurred in a user-configurable period of time. When an IDS event has occurred, the D-Link firewall will only be configured. 19.5. However, the e-mail will wait for IDS Events In order to , or bigger, than ...
... Log Receiver for IDS Events 187 Figure 19.3: Signature Database Update 19.5 SMTP Log Receiver for Hold Time seconds before sending a new e-mail. Example: Configuring a SMTP Log Receiver In this example, an Intrusion Detection Rule is equal to receive notifications via e-mail of IDS events, a SMTP Log ...receiver can be sent if the number of events occurred in a user-configurable period of time. When an IDS event has occurred, the D-Link firewall will only be configured. 19.5. However, the e-mail will wait for IDS Events In order to , or bigger, than ...
User Guide
Page 242
...64259;ce use the 10.0.1.0/24 network span with external firewall IP ip branch wan. IPsec 223 22.1.5 Scenarios: IPSec Configuration Example: Configuring a LAN-to-LAN IPSec Tunnel Figure 22.1: LAN-to the head office network. 22.1. This example describes how to configure a ...LAN-to-LAN IPSec tunnel, used to connect a branch office to -LAN Example Scenario. D-Link Firewalls User's Guide The following configuration will have to be done on both the head office firewall and the branch offi...
...64259;ce use the 10.0.1.0/24 network span with external firewall IP ip branch wan. IPsec 223 22.1.5 Scenarios: IPSec Configuration Example: Configuring a LAN-to-LAN IPSec Tunnel Figure 22.1: LAN-to the head office network. 22.1. This example describes how to configure a ...LAN-to-LAN IPSec tunnel, used to connect a branch office to -LAN Example Scenario. D-Link Firewalls User's Guide The following configuration will have to be done on both the head office firewall and the branch offi...
User Guide
Page 244
...Route: Enter the following: Interface: IPsecTunnel Network: On the head office firewall 10.0.2.0/24 and on how to gain remote access. Example: Configuring a IPSec Tunnel for roaming clients (mobile users) that connect to the head office to configure rules. Configure Rules Finally ... rules to the IPsec tunnel. The head office network use the 10.0.1.0/24 network span with external firewall IP ip wan. D-Link Firewalls User's Guide 22.1. IPsec 225 3. Configure Route Next step is to configure the route to allow traffic ...
...Route: Enter the following: Interface: IPsecTunnel Network: On the head office firewall 10.0.2.0/24 and on how to gain remote access. Example: Configuring a IPSec Tunnel for roaming clients (mobile users) that connect to the head office to configure rules. Configure Rules Finally ... rules to the IPsec tunnel. The head office network use the 10.0.1.0/24 network span with external firewall IP ip wan. D-Link Firewalls User's Guide 22.1. IPsec 225 3. Configure Route Next step is to configure the route to allow traffic ...
User Guide
Page 249
... & Tunnels Example: Configuring PPTP Server This example describes how to the PPTP server on 10.0.0.1 on the WAN interface, in the Per-user PPTP/L2TP IP Configuration section. PPTP clients will be used in . For more information, see 17.2.1Local User Database section. Then click OK D-Link Firewalls User's Guide...
... & Tunnels Example: Configuring PPTP Server This example describes how to the PPTP server on 10.0.0.1 on the WAN interface, in the Per-user PPTP/L2TP IP Configuration section. PPTP clients will be used in . For more information, see 17.2.1Local User Database section. Then click OK D-Link Firewalls User's Guide...
User Guide
Page 252
... server is to you by your service provider. Password: The password provided to set up when there is disconnected. Then click OK D-Link Firewalls User's Guide 22.2. WebUI : 1. PPTP/ L2TP 233 Example: Configuring PPTP Client This example describes how to you by your service provider. Confirm Password: Retype the password.
... server is to you by your service provider. Password: The password provided to set up when there is disconnected. Then click OK D-Link Firewalls User's Guide 22.2. WebUI : 1. PPTP/ L2TP 233 Example: Configuring PPTP Client This example describes how to you by your service provider. Confirm Password: Retype the password.
User Guide
Page 254
...user's password, and the encryption to access resources on the LAN interface. Example: Configuring L2TP/IPsec Server (PSK) This example describes how to many common attacks, e.g. By..., connections can work together to benefit from both flexibility and stronger security. L2TP encryption L2TP calls for MPPE for configuring L2TP clients and servers ... attacks. L2TP/IPsec The authentication methods addressed by sound encryption and authentication. Man-in D-Link Firewall In this section, guidelines and examples for encryption. L2TP clients will connect to the...
...user's password, and the encryption to access resources on the LAN interface. Example: Configuring L2TP/IPsec Server (PSK) This example describes how to many common attacks, e.g. By..., connections can work together to benefit from both flexibility and stronger security. L2TP encryption L2TP calls for MPPE for configuring L2TP clients and servers ... attacks. L2TP/IPsec The authentication methods addressed by sound encryption and authentication. Man-in D-Link Firewall In this section, guidelines and examples for encryption. L2TP clients will connect to the...
User Guide
Page 259
... L2TP server is located at 10.0.0.1 and all we need to create a pre-shared key to be routed over the L2TP tunnel. Then click OK D-Link Firewalls User's Guide Pre-Shared Key First of all traffic should be the same as configured on the L2TP/IPsec server) Passphrase...; Add → Pre-Shared Key: Enter the following: Name: Enter a name for the pre-shared key, L2TPKey for the IPsec authentication. VPN Protocols & Tunnels Example: Configuring L2TP/IPsec Client This example describes how to set up a L2TP client with IPsec, using pre-shared keys.
... L2TP server is located at 10.0.0.1 and all we need to create a pre-shared key to be routed over the L2TP tunnel. Then click OK D-Link Firewalls User's Guide Pre-Shared Key First of all traffic should be the same as configured on the L2TP/IPsec server) Passphrase...; Add → Pre-Shared Key: Enter the following: Name: Enter a name for the pre-shared key, L2TPKey for the IPsec authentication. VPN Protocols & Tunnels Example: Configuring L2TP/IPsec Client This example describes how to set up a L2TP client with IPsec, using pre-shared keys.
User Guide
Page 285
Example: SLB Configuration Figure 24.2: A SLB Scenario D-Link Firewalls User's Guide it translates the public server farm IP address to match the traffic flow and trigger the SLB . • Specifying Distribution ... address. 266 Chapter 24. Server Load Balancing (SLB) 24.2.4 Packets Flow by selecting the objects with filtering fields for enabling SLB function in D-Link firewalls are outlined as a server farm by SAT In D-Link firewalls, load-balancing enabled SAT rule is triggered;
Example: SLB Configuration Figure 24.2: A SLB Scenario D-Link Firewalls User's Guide it translates the public server farm IP address to match the traffic flow and trigger the SLB . • Specifying Distribution ... address. 266 Chapter 24. Server Load Balancing (SLB) 24.2.4 Packets Flow by selecting the objects with filtering fields for enabling SLB function in D-Link firewalls are outlined as a server farm by SAT In D-Link firewalls, load-balancing enabled SAT rule is triggered;
User Guide
Page 295
.... Custom Options Here you can be left empty. It is usually a TFTP server. This can be left to (None). When finished, click OK D-Link Firewalls User's Guide WebUI : • Configure DHCP Server System → DHCP Settings → DHCP Server → Add → DHCP Server: ... DHCP requests on the internal interface (LAN)(Refer to (None). This can be left to (None). 276 Chapter 26. DHCP Server & Relayer Example: Configuring the firewall as a DHCP server This example describes how to configure a DHCP server on ) IP Address Pool: 192.168.1.10-192.168...
.... Custom Options Here you can be left empty. It is usually a TFTP server. This can be left to (None). When finished, click OK D-Link Firewalls User's Guide WebUI : • Configure DHCP Server System → DHCP Settings → DHCP Server → Add → DHCP Server: ... DHCP requests on the internal interface (LAN)(Refer to (None). This can be left to (None). 276 Chapter 26. DHCP Server & Relayer Example: Configuring the firewall as a DHCP server This example describes how to configure a DHCP server on ) IP Address Pool: 192.168.1.10-192.168...
User Guide
Page 296
... the address book named as "ip-dhcp". In such a case, for the client when it requires a different server on the local network. Example: Configuring the firewall as a DHCP relayer Configuration in the same physical network area to be able to the client. DHCP Relayer 277 26.2 DHCP... only propagated on every network, and the benefit of the DHCP server has been defined in the local network to the server. D-Link Firewalls User's Guide A DHCP relayer takes the place of DHCP relayer.
... the address book named as "ip-dhcp". In such a case, for the client when it requires a different server on the local network. Example: Configuring the firewall as a DHCP relayer Configuration in the same physical network area to be able to the client. DHCP Relayer 277 26.2 DHCP... only propagated on every network, and the benefit of the DHCP server has been defined in the local network to the server. D-Link Firewalls User's Guide A DHCP relayer takes the place of DHCP relayer.
User Guide
Page 315
... lost. 28.6 Scenario: Setting Up Zone Defense The following simple example illustrates the steps needed ). This firewall interface is used in D-Link firewalls. 296 Chapter 28. Zone Defense uses the ACL rule set up Zone Defense function in this limit has been reached no more ...hosts or networks will be blocked out. Example: Configuring Zone Defense In this limitation, the firewall will initially purge all the interfaces on the firewall have been provided by the ...
... lost. 28.6 Scenario: Setting Up Zone Defense The following simple example illustrates the steps needed ). This firewall interface is used in D-Link firewalls. 296 Chapter 28. Zone Defense uses the ACL rule set up Zone Defense function in this limit has been reached no more ...hosts or networks will be blocked out. Example: Configuring Zone Defense In this limitation, the firewall will initially purge all the interfaces on the firewall have been provided by the ...
User Guide
Page 326
... addresses from the 192.168.10.0/24 network. • The WAN interfaces on each other using a crossover Ethernet cable. 29.3.2 Creating a High Availability cluster Example: Configuring the Firewall as cluster members. This includes configuration of the interfaces on the cluster members are designated as indicated by this guide, only... for the interfaces are both connected to setup a complete High Availability cluster. 29.3.1 Planning the High Availability cluster As an example throughout this guide, two D-Link Firewalls are used for network traffi...
... addresses from the 192.168.10.0/24 network. • The WAN interfaces on each other using a crossover Ethernet cable. 29.3.2 Creating a High Availability cluster Example: Configuring the Firewall as cluster members. This includes configuration of the interfaces on the cluster members are designated as indicated by this guide, only... for the interfaces are both connected to setup a complete High Availability cluster. 29.3.1 Planning the High Availability cluster As an example throughout this guide, two D-Link Firewalls are used for network traffi...