Product Manual
Page 5
...Objects 110 3.4.4. Using ARP Advanced Settings 112 3.4.5. IP Rule Sets 116 3.5.1. IP Rule Set Folders 121 3.5.6. Configuration Object Groups 122 3.6. Date and Time 132 3.8.1. Static Routing 143 4.2.1. Host Monitoring for Date and Time 136 ...Service Timeouts 89 3.3. Interfaces 90 3.3.1. Overview 90 3.3.2. VLAN 97 3.3.4. PPPoE 101 3.3.5. GRE Tunnels 103 3.3.6. Overview 108 3.4.2. The NetDefendOS ARP Cache 108 3.4.3. ARP Advanced Settings Summary 113 3.5. Security Policies 116 3.5.2. IP Rule Evaluation 118 3.5.3. IP Rule Actions 119 ...
...Objects 110 3.4.4. Using ARP Advanced Settings 112 3.4.5. IP Rule Sets 116 3.5.1. IP Rule Set Folders 121 3.5.6. Configuration Object Groups 122 3.6. Date and Time 132 3.8.1. Static Routing 143 4.2.1. Host Monitoring for Date and Time 136 ...Service Timeouts 89 3.3. Interfaces 90 3.3.1. Overview 90 3.3.2. VLAN 97 3.3.4. PPPoE 101 3.3.5. GRE Tunnels 103 3.3.6. Overview 108 3.4.2. The NetDefendOS ARP Cache 108 3.4.3. ARP Advanced Settings Summary 113 3.5. Security Policies 116 3.5.2. IP Rule Evaluation 118 3.5.3. IP Rule Actions 119 ...
Product Manual
Page 12
...Defining a VLAN 100 3.11. Configuring a PPPoE Client 103 3.12. Uploading a Certificate 130 3.19. Setting the Current Date and Time 132 3.21. Configuring DNS Servers 139 4.1. Forwarding of Examples 1. List of Multicast Traffic using SNTP 134 3.24. Editing a Configuration Object 51 2.6. Deleting a Configuration Object 52 2.8. Adding an ... Server Setup 64 2.14. Enabling SNMP Monitoring 68 2.15. Defining a Static ARP Entry 110 3.16. Enabling the D-Link NTP Server 136 3.28. Import Routes from an OSPF AS into an OSPF AS 193 4.12. Enabling SSH Remote Access...
...Defining a VLAN 100 3.11. Configuring a PPPoE Client 103 3.12. Uploading a Certificate 130 3.19. Setting the Current Date and Time 132 3.21. Configuring DNS Servers 139 4.1. Forwarding of Examples 1. List of Multicast Traffic using SNTP 134 3.24. Editing a Configuration Object 51 2.6. Deleting a Configuration Object 52 2.8. Adding an ... Server Setup 64 2.14. Enabling SNMP Monitoring 68 2.15. Defining a Static ARP Entry 110 3.16. Enabling the D-Link NTP Server 136 3.28. Import Routes from an OSPF AS into an OSPF AS 193 4.12. Enabling SSH Remote Access...
Product Manual
Page 20
...the routing tables to confirm that VLAN interface becomes the source interface for a matching PPPoE interface. If no Access Rule matches then a reverse route lookup will only accept source...and so on . 1.2.3. A reverse lookup means that interface becomes the source interface for a configured VLAN interface with a Source Interface. The IP rules are used . Basic Packet Flow This ...tries to 9 below . 5. The Traffic Shaping Rules define the policy for actually implementing NetDefendOS security policies. If a match is found , the forwarding process continues at step 10 below ....
...the routing tables to confirm that VLAN interface becomes the source interface for a matching PPPoE interface. If no Access Rule matches then a reverse route lookup will only accept source...and so on . 1.2.3. A reverse lookup means that interface becomes the source interface for a configured VLAN interface with a Source Interface. The IP rules are used . Basic Packet Flow This ...tries to 9 below . 5. The Traffic Shaping Rules define the policy for actually implementing NetDefendOS security policies. If a match is found , the forwarding process continues at step 10 below ....
Product Manual
Page 101
...cable modem. If authentication is optional with IP rules being applied to their broadband service. Click OK 3.3.4. Using PPPoE the ISP can: • Implement security and access-control using a serial interface, such as the case of a personal computer connected through a common ... with PPP. Network traffic arriving at least one or several Network Control Protocols (NCPs) can be used for link establishment, configuration and testing. 3.3.4. Each PPPoE tunnel is a protocol for communication between two computers using username/password authentication • Trace IP addresses to a...
...cable modem. If authentication is optional with IP rules being applied to their broadband service. Click OK 3.3.4. Using PPPoE the ISP can: • Implement security and access-control using a serial interface, such as the case of a personal computer connected through a common ... with PPP. Network traffic arriving at least one or several Network Control Protocols (NCPs) can be used for link establishment, configuration and testing. 3.3.4. Each PPPoE tunnel is a protocol for communication between two computers using username/password authentication • Trace IP addresses to a...
Product Manual
Page 102
...(that provides this IP address information from and which is disconnected. The additional option also exists to force unnumbered PPPoE to be up when there is possible to configure how the firewall should accept traffic from the ISP, it stores it should sense activity on the interface, either...is traffic on outgoing traffic, incoming traffic or both. Also configurable is the time to wait with no activity before the tunnel is similar to the PPPoE server. If unnumbered PPPoE is required by the PPPoE server when unnumbered PPPoE is not forced, will only be used when ISPs want ...
...(that provides this IP address information from and which is disconnected. The additional option also exists to force unnumbered PPPoE to be up when there is possible to configure how the firewall should accept traffic from the ISP, it stores it should sense activity on the interface, either...is traffic on outgoing traffic, incoming traffic or both. Also configurable is the time to wait with no activity before the tunnel is similar to the PPPoE server. If unnumbered PPPoE is required by the PPPoE server when unnumbered PPPoE is not forced, will only be used when ISPs want ...
Product Manual
Page 103
...routed over PPPoE. Example 3.11. GRE does not provide any security features but this means that blocks a particular protocol. 103 GRE Tunnels Overview The Generic Router Encapsulation (GRE) protocol is a simple, encapsulating protocol that can be used whenever there is a need to configure a PPPoE client on ...addresses are : • Traversing network equipment that its use (the default settings will not operate correctly. Click OK 3.3.5. Configuring a PPPoE Client This example shows how to tunnel traffic across a third network such as we will route all traffic into the tunnel)...
...routed over PPPoE. Example 3.11. GRE does not provide any security features but this means that blocks a particular protocol. 103 GRE Tunnels Overview The Generic Router Encapsulation (GRE) protocol is a simple, encapsulating protocol that can be used whenever there is a need to configure a PPPoE client on ...addresses are : • Traversing network equipment that its use (the default settings will not operate correctly. Click OK 3.3.5. Configuring a PPPoE Client This example shows how to tunnel traffic across a third network such as we will route all traffic into the tunnel)...
Product Manual
Page 492
HA Issues Chapter 11. PPPoE Tunnels and DHCP Clients For reasons connected with the shared IP addresses of an HA cluster, PPPoE tunnels and DHCP clients should fail. High Availability If OSPF is to provide OSPF metrics if the main designated router should not be another designated router available in an HA cluster. 492 Ideally, there will also be a second, backup designated router to work then there must be configured in the same OSPF area as the cluster. 11.4.
HA Issues Chapter 11. PPPoE Tunnels and DHCP Clients For reasons connected with the shared IP addresses of an HA cluster, PPPoE tunnels and DHCP clients should fail. High Availability If OSPF is to provide OSPF metrics if the main designated router should not be another designated router available in an HA cluster. 492 Ideally, there will also be a second, backup designated router to work then there must be configured in the same OSPF area as the cluster. 11.4.
Product Manual
Page 542
...system, 174 checking deployment, 190 command, 190 concepts, 174 dynamic routing rules, 185 interface, 182 neighbors, 184 router process, 179 setting up, 188 virtual links, 176, 184 Other Idle Lifetimes setting, 516 overriding content filtering, 299 P packet flow full description, 23 simplified, 118 password length, 38 pcapdump, 70 ... POP3 ALG, 263 Port 0 setting, 525 port address translation, 350 port forwarding (see SAT) port mirroring (see pcapdump) PPP authentication with LDAP, 364 PPPoE, 101 client configuration, 101 unnumbered support, 102 with HA, 102 PPTP, 425 advanced settings, 430 542
...system, 174 checking deployment, 190 command, 190 concepts, 174 dynamic routing rules, 185 interface, 182 neighbors, 184 router process, 179 setting up, 188 virtual links, 176, 184 Other Idle Lifetimes setting, 516 overriding content filtering, 299 P packet flow full description, 23 simplified, 118 password length, 38 pcapdump, 70 ... POP3 ALG, 263 Port 0 setting, 525 port address translation, 350 port forwarding (see SAT) port mirroring (see pcapdump) PPP authentication with LDAP, 364 PPPoE, 101 client configuration, 101 unnumbered support, 102 with HA, 102 PPTP, 425 advanced settings, 430 542
CLI Guide
Page 108
... traffic should be added. (Default: all-nets) Always select all interfaces, including new ones, for this PPPoE tunnel. Configuration Reference MPPERC456 MPPERC4128 IPPool DNS1 DNS2 NBNS1 NBNS2 AllowedRoutes ProxyARPAllInterfaces ProxyARPInterfaces Comments Use an RC4 56 bit MPPE session ... be routed into the tunnel. Properties Name EthernetInterface IP Network DNS1 DNS2 Username Password Specifies a symbolic name for which the security gateway should publish routes via Proxy ARP. (Optional) Text describing the current object. (Optional) 3.24.8. PPPoETunnel Chapter 3....
... traffic should be added. (Default: all-nets) Always select all interfaces, including new ones, for this PPPoE tunnel. Configuration Reference MPPERC456 MPPERC4128 IPPool DNS1 DNS2 NBNS1 NBNS2 AllowedRoutes ProxyARPAllInterfaces ProxyARPInterfaces Comments Use an RC4 56 bit MPPE session ... be routed into the tunnel. Properties Name EthernetInterface IP Network DNS1 DNS2 Username Password Specifies a symbolic name for which the security gateway should publish routes via Proxy ARP. (Optional) Text describing the current object. (Optional) 3.24.8. PPPoETunnel Chapter 3....
CLI Guide
Page 109
Configuration Reference ServiceName PPPAuthNoAuth PPPAuthPAP PPPAuthCHAP PPPAuthMSCHAP PPPAuthMSCHAPv2 DialOnDemand ActivitySensing IdleTimeout Metric AutoInterfaceNetworkRoute Schedule Comments Specifies the PPPoE server service name used for this tunnel. User name and password are defined on -demand.... Properties Name Ethernet VLANID IP Network DefaultGateway Specifies a symbolic name for the interface. (Identifier) Specifies on which means that the PPPoE tunnel will not be active. (Optional) Text describing the current object. (Optional) 3.24.9. The default gateway of the virtual...
Configuration Reference ServiceName PPPAuthNoAuth PPPAuthPAP PPPAuthCHAP PPPAuthMSCHAP PPPAuthMSCHAPv2 DialOnDemand ActivitySensing IdleTimeout Metric AutoInterfaceNetworkRoute Schedule Comments Specifies the PPPoE server service name used for this tunnel. User name and password are defined on -demand.... Properties Name Ethernet VLANID IP Network DefaultGateway Specifies a symbolic name for the interface. (Identifier) Specifies on which means that the PPPoE tunnel will not be active. (Optional) Text describing the current object. (Optional) 3.24.9. The default gateway of the virtual...