Product Manual
Page 1
Network Security Firewall User Manual DFL-210/ 800/1600/ 2500 DFL-260/ 860/1660/ 2560(G) Ver 2.27.01 SecurSiteycurity Network Security Solution http://www.dlink.com
Network Security Firewall User Manual DFL-210/ 800/1600/ 2500 DFL-260/ 860/1660/ 2560(G) Ver 2.27.01 SecurSiteycurity Network Security Solution http://www.dlink.com
Product Manual
Page 13
Group Translation 203 4.17. Setting up a PPTP server 426 9.11. Protecting Phones Behind NetDefend Firewalls 277 6.5. H.323 with an ALG 248 6.3. Enabling Audit Mode 299 6.17. Editing Content Filtering HTTP Banner Files 307...6.1. Setting up a DHCP server 225 5.2. Protecting an FTP Server with Gatekeeper 282 6.9. H.323 with Gatekeeper and two NetDefend Firewalls 284 6.10. Two Phones Behind Different NetDefend Firewalls 280 6.7. Using Private IP Addresses 281 6.8. H.323 with private IP addresses 279 6.6. Configuring remote offices for Scenario 2 215 ...
Group Translation 203 4.17. Setting up a PPTP server 426 9.11. Protecting Phones Behind NetDefend Firewalls 277 6.5. H.323 with an ALG 248 6.3. Enabling Audit Mode 299 6.17. Editing Content Filtering HTTP Banner Files 307...6.1. Setting up a DHCP server 225 5.2. Protecting an FTP Server with Gatekeeper 282 6.9. H.323 with Gatekeeper and two NetDefend Firewalls 284 6.10. Two Phones Behind Different NetDefend Firewalls 280 6.7. Using Private IP Addresses 281 6.8. H.323 with private IP addresses 279 6.6. Configuring remote offices for Scenario 2 215 ...
Product Manual
Page 14
...take the reader directly to that the manual would appear here. They are running the NetDefendOS operating system. Where a "See chapter/section" link (such as: see Chapter 9, VPN) is provided in the table of contents at the end of the document to aid with alphabetical lookup...not allow this). Preface Intended Audience The target audience for this reference guide is Administrators who are responsible for configuring and managing NetDefend Firewalls which are also typically a numbered list showing what the example is trying to achieve is found here, sometimes with an explanatory image....
...take the reader directly to that the manual would appear here. They are running the NetDefendOS operating system. Where a "See chapter/section" link (such as: see Chapter 9, VPN) is provided in the table of contents at the end of the document to aid with alphabetical lookup...not allow this). Preface Intended Audience The target audience for this reference guide is Administrators who are responsible for configuring and managing NetDefend Firewalls which are also typically a numbered list showing what the example is trying to achieve is found here, sometimes with an explanatory image....
Product Manual
Page 16
... to determine what traffic is the base software engine that drives and controls the range of different ways. Features D-Link NetDefendOS is allowed or rejected by NetDefendOS. These objects allow the configuration of NetDefendOS in -depth administrative control of ...security operating system, NetDefendOS features high throughput performance with high reliability plus super-granular control. The administrator can define detailed firewalling policies based on top of standard operating systems such as Unix or Microsoft Windows, NetDefendOS offers seamless integration of address...
... to determine what traffic is the base software engine that drives and controls the range of different ways. Features D-Link NetDefendOS is allowed or rejected by NetDefendOS. These objects allow the configuration of NetDefendOS in -depth administrative control of ...security operating system, NetDefendOS features high throughput performance with high reliability plus super-granular control. The administrator can define detailed firewalling policies based on top of standard operating systems such as Unix or Microsoft Windows, NetDefendOS offers seamless integration of address...
Product Manual
Page 17
...category (Dynamic WCF), malicious objects can be found in Chapter 9, VPN which includes a summary of attacking hosts. On some D-Link NetDefend product models. NetDefendOS Overview NetDefendOS supports a range of thresholds for connections by HTTP web-browser clients (this feature, seeSection ...) solutions. NetDefendOS features integrated anti-virus functionality. NetDefendOS provides various mechanisms for filtering web content that the NetDefend Firewall can provide individual security policies for viruses, and virus sending hosts can be removed from web pages and web ...
...category (Dynamic WCF), malicious objects can be found in Chapter 9, VPN which includes a summary of attacking hosts. On some D-Link NetDefend product models. NetDefendOS Overview NetDefendOS supports a range of thresholds for connections by HTTP web-browser clients (this feature, seeSection ...) solutions. NetDefendOS features integrated anti-virus functionality. NetDefendOS provides various mechanisms for filtering web content that the NetDefend Firewall can provide individual security policies for viruses, and virus sending hosts can be removed from web pages and web ...
Product Manual
Page 19
... outside " or "secure inside" of rules (or rule sets). Stateful Inspection NetDefendOS employs a technique called stateful inspection which network traffic enters or leaves the NetDefend Firewall. NetDefendOS Building Blocks The basic building blocks in NetDefendOS are supported in NetDefendOS: • Physical interfaces - Interfaces Interfaces are the doorways through VPN tunnels. The...
... outside " or "secure inside" of rules (or rule sets). Stateful Inspection NetDefendOS employs a technique called stateful inspection which network traffic enters or leaves the NetDefend Firewall. NetDefendOS Building Blocks The basic building blocks in NetDefendOS are supported in NetDefendOS: • Physical interfaces - Interfaces Interfaces are the doorways through VPN tunnels. The...
Product Manual
Page 28
... for nearly all parameters in -depth presentation of the configuration subsystem as well as a description of file transfer between the administrator's workstation and the NetDefend Firewall. For this reason, this section provides an in NetDefendOS. Management and Maintenance This chapter describes the management, operations and maintenance related aspects of the system...
... for nearly all parameters in -depth presentation of the configuration subsystem as well as a description of file transfer between the administrator's workstation and the NetDefend Firewall. For this reason, this section provides an in NetDefendOS. Management and Maintenance This chapter describes the management, operations and maintenance related aspects of the system...
Product Manual
Page 29
...fully described in which case they will only have read configurations and will not be able to change the default password of the D-Link firewall (on products where more will only be able to be created as possible after connecting with the WebUI. 2.1.2. Important For security..., it is enabled for a remote administrator connecting through the boot menu. Accounts can belong to use with the NetDefend Firewall. Before NetDefendOS starts running, a console connected directly to change them. 2.1.3. By default, Web Interface access is recommended to the NetDefend...
...fully described in which case they will only have read configurations and will not be able to change the default password of the D-Link firewall (on products where more will only be able to be created as possible after connecting with the WebUI. 2.1.2. Important For security..., it is enabled for a remote administrator connecting through the boot menu. Accounts can belong to use with the NetDefend Firewall. Before NetDefendOS starts running, a console connected directly to change them. 2.1.3. By default, Web Interface access is recommended to the NetDefend...
Product Manual
Page 30
... use https:// as follows: • On the NetDefend DFL-210, 260, 800, 860, 1600 and 2500, the default management interface IP address is 192.168.1.1. • On the NetDefend DFL-1660, 2560 and 2560G, the default management interface IP ...address is assigned automatically by NetDefendOS to perform remote management from anywhere on the workstation (the latest version of a Default IP Address For a new D-Link NetDefend firewall...
... use https:// as follows: • On the NetDefend DFL-210, 260, 800, 860, 1600 and 2500, the default management interface IP address is 192.168.1.1. • On the NetDefend DFL-1660, 2560 and 2560G, the default management interface IP ...address is assigned automatically by NetDefendOS to perform remote management from anywhere on the workstation (the latest version of a Default IP Address For a new D-Link NetDefend firewall...
Product Manual
Page 31
If no configuration changes have yet been uploaded to the NetDefend Firewall, the NetDefendOS Setup Wizard will be downloaded from the D-Link website. These files can contain features that temporarily lack a complete non-english translation because of NetDefendOS objects. The Web Browser Interface On the left hand ...
If no configuration changes have yet been uploaded to the NetDefend Firewall, the NetDefendOS Setup Wizard will be downloaded from the D-Link website. These files can contain features that temporarily lack a complete non-english translation because of NetDefendOS objects. The Web Browser Interface On the left hand ...
Product Manual
Page 32
...Layout The main Web Interface page is divided into three major sections: A. Restart the firewall or reset to the configuration during the current session. • View Changes - Upgrade the firewall's firmware. • Technical support - Navigator The navigator located on the left-hand side... contains a tree representation of the configuration to analyze a problem. By default, the system will only allow web access from the firewall which can be studied locally or sent to a technical support specialist to your local computer or restore a previously downloaded backup. ...
...Layout The main Web Interface page is divided into three major sections: A. Restart the firewall or reset to the configuration during the current session. • View Changes - Upgrade the firewall's firmware. • Technical support - Navigator The navigator located on the left-hand side... contains a tree representation of the configuration to analyze a problem. By default, the system will only allow web access from the firewall which can be studied locally or sent to a technical support specialist to your local computer or restore a previously downloaded backup. ...
Product Manual
Page 37
... package includes a RS-232 null-modem cable. Connect the other end of the RS-232 cable directly to the console port on the NetDefend Firewall that a DNS lookup must be specified as a textual hostname instead an IP4Address object or raw IP address such as using the name assigned to... avoid this. To locate the serial console port on scripts see the D-Link Quick Start Guide . To now connect a terminal to the terminal or the serial connector of backward compatibility to an IP address. 2.1.4. Connect one...
... package includes a RS-232 null-modem cable. Connect the other end of the RS-232 cable directly to the console port on the NetDefend Firewall that a DNS lookup must be specified as a textual hostname instead an IP4Address object or raw IP address such as using the name assigned to... avoid this. To locate the serial console port on scripts see the D-Link Quick Start Guide . To now connect a terminal to the terminal or the serial connector of backward compatibility to an IP address. 2.1.4. Connect one...
Product Manual
Page 39
... passwords related to my-prompt:/>, by default): gw-world:/> cc LocalUserDatabase AdminUsers We are used. Activating and Committing Changes If any combination of the NetDefend Firewall. This can change the password to, for example, to user accounts. It is issued. Note: The console password is separate The password that can be...
... passwords related to my-prompt:/>, by default): gw-world:/> cc LocalUserDatabase AdminUsers We are used. Activating and Committing Changes If any combination of the NetDefend Firewall. This can change the password to, for example, to user accounts. It is issued. Note: The console password is separate The password that can be...
Product Manual
Page 40
... is that does not exist in this example, local IP addresses are used to manage all -nets route exists to explicitly check for the NetDefend Firewall. The command be added. Management and Maintenance automatically undone and the old configuration restored. Logging off by using the command: gw-world:/> show -errors This...
... is that does not exist in this example, local IP addresses are used to manage all -nets route exists to explicitly check for the NetDefend Firewall. The command be added. Management and Maintenance automatically undone and the old configuration restored. Logging off by using the command: gw-world:/> show -errors This...
Product Manual
Page 41
... is then uploaded to use the -list option. Use the CLI command script -execute to four and these files to the NetDefend Firewall. CLI Scripts Chapter 2. The sessionmanager command options are : add set 41 The steps for these are fully documented in the CLI Reference... Copy". 3. CLI Scripts To allow the administrator to a file and the file is a predefined sequence of the sessionmanager command. The D-Link recommended convention is described in the following sections. Only Four Commands are Allowed in Scripts The commands allowed in a directory under the root ...
... is then uploaded to use the -list option. Use the CLI command script -execute to four and these files to the NetDefend Firewall. CLI Scripts Chapter 2. The sessionmanager command options are : add set 41 The steps for these are fully documented in the CLI Reference... Copy". 3. CLI Scripts To allow the administrator to a file and the file is a predefined sequence of the sessionmanager command. The D-Link recommended convention is described in the following sections. Only Four Commands are Allowed in Scripts The commands allowed in a directory under the root ...
Product Manual
Page 42
... variable name indicates the variable value's position in this can contain any other command appears in large script files it is referred to the NetDefend Firewall.
... variable name indicates the variable value's position in this can contain any other command appears in large script files it is referred to the NetDefend Firewall.
Product Manual
Page 43
... volatile memory and must explicitly be used: gw-world:/> script -execute -name=my_script2.sgs -verbose Saving Scripts When a script file is uploaded to the NetDefend Firewall, it is initially kept only in this output only consists of each script as well as the type of a specific uploaded script file, for the...
... volatile memory and must explicitly be used: gw-world:/> script -execute -name=my_script2.sgs -verbose Saving Scripts When a script file is uploaded to the NetDefend Firewall, it is initially kept only in this output only consists of each script as well as the type of a specific uploaded script file, for the...
Product Manual
Page 44
...unit's configuration. The administrator would connect to automatically create the required script file. The end result is that already exist on several NetDefend Firewalls that all IP4Address address objects in that installation provides a way to the single unit with the CLI and issue the command: gw-world...duplicate the objects. Tip: Listing commands at the console To list the created CLI commands on other NetDefend Firewalls to and run the same script on the other NetDefend Firewalls. This is true when the CLI node type in their address book. The name of : COMPortDevice ...
...unit's configuration. The administrator would connect to automatically create the required script file. The end result is that already exist on several NetDefend Firewalls that all IP4Address address objects in that installation provides a way to the single unit with the CLI and issue the command: gw-world...duplicate the objects. Tip: Listing commands at the console To list the created CLI commands on other NetDefend Firewalls to and run the same script on the other NetDefend Firewalls. This is true when the CLI node type in their address book. The name of : COMPortDevice ...
Product Manual
Page 45
... depth of the form: @:. Upload is performed with the command: > scp Download is done with the command: > scp The source or destination NetDefend Firewall is of this script nesting is not shown in the administrator user group. The basic command used . The must be a defined NetDefendOS user in the... SCP examples do not show the password prompt SCP will normally prompt for most common command format for one script to or from the NetDefend Firewall, the secure copy (SCP) protocol can be used here is treated as a comment. Secure Copy To upload and download files to run ...
... depth of the form: @:. Upload is performed with the command: > scp Download is done with the command: > scp The source or destination NetDefend Firewall is of this script nesting is not shown in the administrator user group. The basic command used . The must be a defined NetDefendOS user in the... SCP examples do not show the password prompt SCP will normally prompt for most common command format for one script to or from the NetDefend Firewall, the secure copy (SCP) protocol can be used here is treated as a comment. Secure Copy To upload and download files to run ...
Product Manual
Page 46
... checks this category, as well as all files do not have a header). If an administrator username is admin1 and the IP address of the NetDefend Firewall is shown below: gw-world:/> ls HTTPALGBanners/ HTTPAuthBanners/ certificate/ config.bak full.bak script/ sshclientkey/ Apart from the individual files, the objects types listed are...
... checks this category, as well as all files do not have a header). If an administrator username is admin1 and the IP address of the NetDefend Firewall is shown below: gw-world:/> ls HTTPALGBanners/ HTTPAuthBanners/ certificate/ config.bak full.bak script/ sshclientkey/ Apart from the individual files, the objects types listed are...