1. DL manuals
  2. D-Link
  3. Network Router
  4. DFL-300 - Security Appliance
  5. User Manual

D-Link DFL-300 - Security Appliance User Manual

Other manuals for DFL-300 - Security Appliance: Quick Install Manual
Manual is about: FIREWALL VPN ROUTER

Summary of DFL-300 - Security Appliance

  • Page 1

    - 1 - firewall vpn router user’s manual doc. No.: 120602-01.

  • Page 2: Administration

    - 2 - contents administration 5 admin 6 setting 10 date/time 16 language 17 logout 18 software update 19 configuration 20 interface 21 multiple nat 25 hack alert 32 route table 33 dhcp 37 dns proxy 39 dynamic dns 44 address 49 interface 50 internal group 54 external 58 external group 62.

  • Page 3: Schedule

    - 3 - dmz 66 dmz group 70 service 74 pre-defined 75 custom 76 group 80 schedule 84 policy 88 outgoing 89 incoming 97 external to dmz & internal to dmz 103 dmz to external & dmz to internal 109 vpn 115 autokey ike 116 pptp server 120 pptp client 126 content filtering 130 url blocking 131 general bloc...

  • Page 4: Log

    - 4 - mapped ip 138 virtual server 142 log 150 traffic log 151 event log 154 log report 157 alarm 160 traffic alarm 161 event alarm 164 statistics 167 status 168 interface status 168 arp table 169 dhcp clients 170 setup examples 171.

  • Page 5: Administration

    - 5 - administration the firewall vpn router firewall administration and monitoring control is set by the system administrator. The system administrator can add or modify system settings and monitoring mode. The sub administrators can only read system settings but not modify them. In administration,...

  • Page 6

    Firewall administration setup on the left hand menu, click on administration, and then select administrator below it. The current list of administrator(s) shows up. Settings of the administration table: administrator name: the username of administrators for the firewall. The user admin cannot be rem...

  • Page 7

    Adding a new sub administrator: step 1. In the administration window, click the new sub admin button to create a new sub administrator. Step 2. In the add new sub administrator window: sub admin name: enter the username of new sub admin. Password: enter a password for the new sub admin. Confirm pass...

  • Page 8: Step 1. In

    Changing the sub-administrator’s password: step 1. In the administration window, locate the administrator name you want to edit, and click on modify in the configure field. Step 2. The modify administrator password window will appear. Enter in the required information: password: enter original passw...

  • Page 9

    Removing a sub administrator: step 1. In the administration table, locate the administrator name you want to edit, and click on the remove option in the configure field. Step 2. The remove confirmationpop-up box will appear. Step 3. Click ok to remove that sub admin or click cancel to cancel. - 9 -.

  • Page 10: Settings

    Settings the administrator may use this function to backup firewall configurations and export (save) them to an “administrator” computer or anywhere on the network; or restore a configuration file to the device; or restore the firewall back to default factory settings. Entering the settings window: ...

  • Page 11: Importing Firewall Settings:

    Importing firewall settings: step 1. Under firewall configuration, click on the browse button next to import system settings. When the choose file pop-up window appears, select the file to which contains the saved firewall settings, then click ok. Step 2. Click ok to import the file into the firewal...

  • Page 12

    Restoring factory default settings: step 1. Select reset factory settings under firewall configuration. Step 2. Click ok at the bottom-right of the screen to restore the factory settings. - 12 -.

  • Page 13

    Enabling e-mail alert notification: step 1. Select enable e-mail alert notification under e-mail settings. This function will enable the firewall to send e-mail alerts to the system administrator when the network is being attacked by hackers or when emergency conditions occur. Step 2. Smtp server ip...

  • Page 14: To-Firewall Packets Log

    To-firewall packets log select this option tothe firewall vpn router’s to-firewall packets log. Once this function is enabled, every packet to this appliance will be recorded for system manager to trace. - 14 -.

  • Page 15: Firewall Reboot

    Firewall reboot select this option tothe firewall vpn router’s firewall reboot. Once this function is enabled, the firewall will be rebooted. Step 1. Click setting in the administration menu to enter the settings window. Step 2. Reboot firewall:click reboot. Step 3. A confirmation pop-up box will ap...

  • Page 16: Date/time

    Date/time step 1. Click system →date/time. Step 2. Click the down arrow b to select the offset time from gmt. Step 3. Enter the server ip address or server name with which you want to synchronize. Step 4. Update system clock every minutes you can set the interval time to synchronize with outside ser...

  • Page 17: Language

    Language the software provides traditional chinese version , simplified chinese version and english version for you to choose. Step 1. Click language. Step 2. Select the language version you want traditional chinese version,simplified chinese version and english version). Step 3. Click ok to change ...

  • Page 18: Logout The Firewall

    Logout the firewall select this option to the firewall vpn router’s logout the firewall; this function protects your system while you are away step 1. Click logout the firewall. Step 2. Click ok to logout or click cancel to discard the change. - 18 -.

  • Page 19: Software Update

    Software update under software update, the admin may update the firewall vpn router’s software with a newer software. - 19 -.

  • Page 20: Configuration

    - 20 - configuration what is system configuration? In this section, the administrator can: (1) set up the internal, external and dmz ip addresses (2) set up the multiple nat (3) set up the firewall detecting functions (4) set up a static route (5) set up the dhcp server (6) set up dns proxy (7) set ...

  • Page 21: Interface

    Interface in this section, the administrator can set up the ip addresses for the office network. The administrator may configure the ip addresses of the internal (lan) network, the external (wan) network, and the dmz network. The netmask and gateway ip addresses are also configured in this section. ...

  • Page 22: External Interface

    - 22 - a private ip address only. If the new internal ip address is not 192.168.1.1, the administrator needs to set the ip address on the computer to be on the same subnet as the firewall and restart the system to make the new ip address effective. For example, if the firewall’s new internal ip addr...

  • Page 23: For Static Ip Address:

    - 23 - ping the firewall. If set to enable, the firewall vpn router will respond to echo request packets from the external network. Webui: select this to allow the firewall vpn router webui to be accessed from the external (wan) network. This will allow the webui to be configured from a user on the ...

  • Page 24: Dmz Interface

    - 24 - server. Ping: select this to allow the external network to ping the ip address of the firewall. This will allow people from the internet to be able to ping the firewall. If set to enable, the firewall vpn router will respond to echo request packets from the external network. Webui: select thi...

  • Page 25: Multiple Nat

    - 25 - multiple nat multiple nat allows local port to set multiple subnetworks and connect with the internet through different external ip addresses. For instance: the lease line of a company applies several real ip addresses 168.85.88.0/24,and the company is divided into r&d department, service, sa...

  • Page 26: Multiple Nat Settings

    Multiple nat settings click multiple nat in the configuration menu to enter multiple nat window. Multiple nat global port interface ip address:global port ip address. Local port interface ip address:local port ip address and subnet mask. Modify:modify the settings of multiple nat. Click modify to mo...

  • Page 27: Add Multiple Nat

    Add multiple nat - 27 - step 1. Click multiple nat in the configuration menu to enter multiple nat window. Step 2. Click the add button below to add multiple nat. Step 3. Enter the ip address in the website name column of the new window. 1.1 global port interface ip address: select global port ip ad...

  • Page 28: Modify Multiple Nat

    Modify multiple nat step 1. Click multiple nat in the configuration menu to enter multiple nat window. Step 2. Find the ip address you want to modify and click modify step 3. Enter the new ip address in modify multiple nat window. Step 4. Click the ok button below to change the setting or click canc...

  • Page 29: Delete Multiple Nat

    Delete multiple nat step 1. Click multiple nat in the configuration menu to enter multiple nat window. Step 2. Find the ip address you want to delete and click delete . Step 3. A confirmaion pop-up box will appear, click ok to delete the setting or click cancel to discard changes. - 29 -.

  • Page 30: Hacker Alert

    Hacker alert the administrator can enable the firewall vpn router’s auto detect functions in this section. When abnormal conditions occur, the firewall will send an e-mail alert to notify the administrator, and also display warning messages in the event window of alarm. Auto detect functions: detect...

  • Page 31

    - 31 - number of icmp packets per second that is allowed to enter the network/firewall. Once the icmp packets exceed this limit, the activity will be logged in alarm and an email alert is sent to the administrator. The default icmp flood threshold is set to 1000 pkts/sec. Detect udp flood: select th...

  • Page 32

    - 32 - detect land attack: some systems may shut down when receiving packets with the same source and destination addresses, the same source port and destination port, and when syn on the tcp header is marked. Enable this function to detect such abnormal packets. Default packet deny: denies all pack...

  • Page 33: Route Table

    Route table in this section, the administrator can add static routes for the networks. Entering the route table screen: click configuration on the left side menu bar, and then click route table below it. The route table window appears, in which current route settings are shown. Route table functions...

  • Page 34: Adding A New Static Route:

    Adding a new static route: step 1. In the route table window, click the new entry button. Step 2. In the add new static route window, enter new static route information. Step 3. In the interface field’s pull-down menu, choose the network to connect (internal, external or dmz). Step 4. Click ok to ad...

  • Page 35: Modifying A Static Route:

    Modifying a static route: step 1. In the route table menu, find the route to edit and click the corresponding modify option in the configure field. Step 2. In the modify static route window, modify the necessary routing addresses. Step 3. Click ok to apply changes or click cancel to cancel it. - 35 ...

  • Page 36: Removing A Static Route:

    Removing a static route: step 1. In the route table window, find the route to remove and click the corresponding remove option in the configure field. Step 2. In the remove confirmation pop-up box, click ok to confirm removing or click cancel to cancel it. - 36 -.

  • Page 37: Dhcp

    Dhcp in the section, the administrator can configure dhcp (dynamic host configuration protocol) settings for the internal (lan) network. Entering the dhcp window: step 1. Click configuration on the left hand side menu bar, and then click dhcp below it. The dhcp window appears in which current dhcp s...

  • Page 38: Enabling Dhcp Support:

    - 38 - enabling dhcp support: step 1. In the dynamic ip address window, click enable dhcp support. Step 2. Domain name: the administrator may enter the name of the internal network domain if preferred. Step 3. Domain name server: enter in the ip address of the dns server to be assigned to the intern...

  • Page 39: Dns-Proxy

    - 39 - dns-proxy the firewall vpn router’s administrator may use the dns proxy function to make the firewall vpn router firewall act as a dns server for the internal and dmz network. All dns requests to a specific domain name will be routed to the firewall’s ip address. For example, let’s say an org...

  • Page 40

    Entering the dns proxy window: click on configuration in the menu bar, and then click on dns proxy below it. The dns proxy window will appear. Below is the information needed for setting up the dns proxy: • domain name: the domain name of the server • virtual ip address: the virtual ip address respe...

  • Page 41: Adding A New Dns Proxy:

    Adding a new dns proxy: step 1: click on the new entry button and the add new dns proxy window will appear. Step 2: fill in the appropriate settings for the domain name and virtual ip address. Step 3: click ok to save the policy or cancel to cancel. - 41 -.

  • Page 42: Modifying A Dns Proxy:

    Modifying a dns proxy: step 1: in the dns proxy window, find the policy to be modified and click the corresponding modify option in the configure field. Step 2: make the necessary changes needed. Step 3:click ok to save changes or click on cancel to cancel modifications. - 42 -.

  • Page 43: Removing A Dns Proxy:

    Removing a dns proxy: step 1: in the dns proxy window, find the policy to be removed and click the corresponding remove option in the configure field. Step 2:a confirmation pop-up box will appear, click ok to remove the dns proxy or click cancel. - 43 -.

  • Page 44: Dynamic Dns

    Dynamic dns the dynamic dns (require dynamic dns service) allows you to alias a dynamic ip address to a static hostname, allowing your device to be more easily accessed by specific name. When this function is enabled, the ip address in dynamic dns server will be automatically updated with the new ip...

  • Page 45

    - 45 -.

  • Page 46: Dynamic Dns Settings

    Dynamic dns settings step 1: click dynamic dns in the configuration menu to enter dynamic dns window. Step 2: click add button. - 46 - step 3: c lick the information in the column of the new window. Service providers: select service providers. Register: to the service providers’ website. Wan ip addr...

  • Page 47: Modify Dynamic Dns

    Modify dynamic dns step 1: click dynamic dns in the configuration menu to enter dynamic dns window. Step 2: find the item you want to change and click modify. Step 3: enter the new information in the modify dynamic dns window. Step 4: click ok to change the settings or click cancel to discard change...

  • Page 48: Delete Dynamic Dns

    Delete dynamic dns step 1: click dynamic dns in the configuration menu to enter dynamic dns window. Step 2: find the item you want to change and click delete. Step 3: a confirmation pop-up box will appear, click ok to delete the settings or click cancel to discard changes. - 48 -.

  • Page 49: What Is The Address Table?

    - 49 - address the firewall vpn router office firewall allows the administrator to set interface addresses of the internal network, internal network group, external network, external network group, dmz and dmz group. What is the address table? An ip address in the address table can be an address of ...

  • Page 50: Internal

    Internal entering the internal window: step 1. Click internal under the address menu to enter the internal window. The current setting information such as the name of the internal network, ip and netmask addresses will show on the screen. - 50 -.

  • Page 51

    Adding a new internal address: step 1. In the internal window, click the new entry button. Step 2. In the add new address window, enter the settings of a new internal network address. Step 3. Click ok to add the specified internal network or click cancel to cancel the changes. - 51 -.

  • Page 52

    Modifying an internal address: step 1. In the internal window, locate the name of the network to be modified. Click the modify option in its corresponding configure field. The modify address window appears on the screen immediately. Step 2. In the modify address window, fill in the new addresses. St...

  • Page 53

    Removing an internal address: step 1. In the internal window, locate the name of the network to be removed. Click the remove option in its corresponding configure field. Step 2. In the remove confirmation pop-up box, click ok to remove the address or click cancel to discard changes. - 53 -.

  • Page 54: Internal Group

    Internal group entering the internal group window: the internal addresses may be combined together to become a group. Click internal group under the address menu to enter the internal group window. The current setting information for the internal network group appears on the screen. - 54 -.

  • Page 55: Adding An Internal Group:

    Adding an internal group: step 1. In the internal group window, click the new entry button to enter the add new address group window. Step 2. In the add new address group window: available address: list the names of all the members of the internal network. Selected address: list the names to be assi...

  • Page 56: Modifying An Internal Group:

    Modifying an internal group: step 1. In the internal group window, locate the network group desired to be modified and click its corresponding modify option in the configure field. Step 2. A window displaying the information of the selected group appears: available address: list names of all members...

  • Page 57: Removing An Internal Group:

    Removing an internal group: step 1. In the internal group window, locate the group to be removed and click its corresponding remove option in the configure field. Step 2. In the remove confirmation pop-up box, click ok to remove the group or click cancel to discard changes. - 57 -.

  • Page 58: External

    External entering the external window: click external under the address menu to enter the external window. The current setting information, such as the name of the external network, ip and netmask addresses will show on the screen. - 58 -.

  • Page 59

    Adding a new external address: step 1. In the external window, click the new entry button. Step 2. In the add new address window, enter the settings for a new external network address. Step 3. Click ok to add the specified external network or click cancel to discard changes. - 59 -.

  • Page 60

    Modifying an external address: step 1. In the external table, locate the name of the network to be modified and click the modify option in its corresponding configure field. Step 2. The modify address window will appear on the screen immediately. In the modify address window, fill in new addresses. ...

  • Page 61

    Removing an external address: step 1. In the external table, locate the name of the network to be removed and click the remove option in its corresponding configure field. Step 2. In the remove confirmation pop-up box, click ok to remove the address or click cancel to discard changes. - 61 -.

  • Page 62: External Group

    External group entering the external group window: click the external group under the address menu bar to enter the external window. The current settings for the external network group(s) will appear on the screen. - 62 -.

  • Page 63: Adding An External Group:

    Adding an external group: step 1. In the external group window, click the new entry button and the add new address group window will appear. Step 2. In the add new address group window the following fields will appear: name: enter the name of the new group. Available address: list the names of all t...

  • Page 64: Editing An External Group:

    Editing an external group: step 1. In the external group window, locate the network group to be modified and click its corresponding modify button in the configure field. Step 2. A window displaying the information of the selected group appears: available address: list the names of all the members o...

  • Page 65: Removing An External Group:

    Removing an external group: step 1. In the external group window, locate the group to be removed and click its corresponding modify option in the configure field. Step 2. In the remove confirmation pop-up box, click ok to remove the group or click cancel to discard changes. - 65 -.

  • Page 66: Dmz

    Dmz entering the dmz window: click dmz under the address menu to enter the dmz window. The current setting information such as the name of the internal network, ip, and netmask addresses will show on the screen. - 66 -.

  • Page 67: Adding A New Dmz Address:

    Adding a new dmz address: step 1. In the dmz window, click the new entry button. Step 2. In the add new address window, enter the settings for a new dmz address. Step 3. Click ok to add the specified dmz or click cancel to discard changes. - 67 -.

  • Page 68: Modifying A Dmz Address:

    Modifying a dmz address: step 1. In the dmz window, locate the name of the network to be modified and click the modify option in its corresponding configure field. Step 2. In the modify address window, fill in new addresses. Step 3. Click ok on save the changes or click cancel to discard changes. - ...

  • Page 69: Removing A Dmz Address:

    Removing a dmz address: step 1. In the dmz window, locate the name of the network to be removed and click the remove option in its corresponding configure field. Step 2. In the remove confirmation pop-up box, click ok to remove the address or click cancel to discard changes. - 69 -.

  • Page 70: Dmz Group

    Dmz group entering the dmz group window: click dmz group under the address menu to enter the dmz window. The current settings information for the dmz group appears on the screen. - 70 -.

  • Page 71: Adding A Dmz Group:

    Adding a dmz group: step 1. In the dmz group window, click the new entry button. Step 2. In the add new address group window: available address: list names of all members of the dmz. Selected address: list names to assign to a new group. Step 3. Name: enter a name for the new group. Step 4. Add memb...

  • Page 72: Modifying A Dmz Group:

    Modifying a dmz group: step 1. In the dmz group window, locate the dmz group to be modified and click its corresponding modify button in the configure field. Step 2. A window displaying information about the selected group appears: available address: list the names of all the members of the dmz. Sel...

  • Page 73: Removing A Dmz Group:

    Removing a dmz group: step 1. In the dmz group window, locate the group to be removed and click its corresponding remove option in the configure field. Step 2. In the remove confirmation pop-up box, click ok to remove the group. - 73 -.

  • Page 74: Service

    - 74 - service in this section, network services are defined and new network services can be added. There are three sub menus under service which are: pre- defined, custom, and group. The administrator can simply follow the instructions below to define the protocols and port numbers for network comm...

  • Page 75: Pre-Defined

    Pre-defined entering a pre-defined window: click service on the menu bar on the left side of the window. Click pre- defined under it. A window will appear with a list of services and their associated ip addresses. This list cannot be modified. - 75 -.

  • Page 76: Custom

    Custom entering the custom window: click service on the menu bar on the left side of the window. Click custom under it. A window will appear with a table showing all services currently defined by the administrator. - 76 -.

  • Page 77: Adding A New Service:

    Adding a new service: step 1 in the custom window, click the new entry button and a new service table appears. Step 2 in the new service table: new service name: this will be the name referencing the new service. Protocol: enter the network protocol type to be used, such as tcp, udp, or other (pleas...

  • Page 78: Modifying Custom Services:

    Modifying custom services: step 1. In the custom table, locate the name of the service to be modified. Click its corresponding modify option in the configure field. Step 2. A table showing the current settings of the selected service appears on the screen step 3. Enter the new values. Step 4. Click ...

  • Page 79: Removing Custom Services:

    Removing custom services: step 1. In the custom window, locate the service to be removed. Click its corresponding remove option in the configure field. Step 2. In the remove confirmation pop-up box, click ok to remove the selected service or click cancel to cancel action. - 79 -.

  • Page 80: Group

    Group accessing the group window: click service in the menu bar on the left hand side of the window. Click group under it. A window will appear with a table displaying current service group settings set by the administrator. - 80 -.

  • Page 81: Adding Service Groups:

    Adding service groups: step 1. In the group window, click the new entry button. In the add service group window, the following fields will appear: available services: list all the available services. Selected services: list services to be assigned to the new group. Step 2. Enter the new group name i...

  • Page 82: Modifying Service Groups

    Modifying service groups : step 1. In the group window, locate the service group to be edited. Click its corresponding modify option in the configure field. Step 2. In the mod (modify) group window the following fields are displayed: available services: lists all the available services. Selected ser...

  • Page 83: Removing Service Groups:

    Removing service groups: step 1. In the group window, locate the service group to be removed and click its corresponding remove option in the configure field. Step 2. In the remove confirmation pop-up box, click ok to remove the selected service group or click cancel to cancel removing. - 83 -.

  • Page 84: Schedule

    Schedule the firewall vpn router office firewall allows the administrator to configure a schedule for policies to take affect. By creating a schedule, the administrator is allowing the firewall policies to be used at those designated times only. Any activities outside of the scheduled time slot will...

  • Page 85: Adding A New Schedule:

    Adding a new schedule: step 1: click on the new entry button and the add new schedule window will appear. Step 2: schedule name: fill in a name for the new schedule. Period 1: configure the start and stop time for the days of the week that the schedule will be active. Step 3: click ok to save the ne...

  • Page 86: Modifying A Schedule:

    Modifying a schedule: step 1: in the schedule window, find the policy to be modified and click the corresponding modify option in the configure field. Step 2:make needed changes. Step 3:click ok to save changes. - 86 -.

  • Page 87: Removing A Schedule:

    Removing a schedule: step 1: in the schedule window, find the policy to be removed and click the corresponding remove option in the configure field. Step 2:a confirmation pop-up box will appear, click on ok to remove the schedule. - 87 -.

  • Page 88: Policy

    Policy this section provides the administrator with facilities to sent control policies for packets with different source ip addresses, source ports, destination ip addresses, and destination ports. Control policies decide whether packets from different network objects, network services, and applica...

  • Page 89: Outgoing

    Outgoing this section describes steps to create policies for packets and services from the internal (lan) network to the external (wan) network. Entering the outgoing window: click policy on the left hand side menu bar, and then click outgoing under it. A window will appear with a table displaying c...

  • Page 90: Step 2:

    Configure: modify settings. Move: this sets the priority of the policies, number 1 being the highest priority. Adding a new outgoing policy: step 1: click on the new entry button and the add new policy window will appear. Step 2: source address: select the name of the internal (lan) network from the...

  • Page 91

    - 91 - action: select permit or deny from the drop down list to allow or reject the packets travelling between the source network and the destination network. Logging: select enable to enable flow monitoring. Statistics: select enable to enable flow statistics. Alarm threshold: set a maximum flow ra...

  • Page 92: Group Under Service).

    Modifying an outgoing policy: step 1: in the outgoing policy section, locate the name of the policy desired to be modified and click its corresponding modify option under the configure field. Step 2: in the modify policy window, fill in new settings. Note: to change or add selections in the drop-dow...

  • Page 93: Configure Field.

    Removing the outgoing policy: step 1. In the outgoing policy section, locate the name of the policy desired to be removed and click its corresponding remove option in the configure field. Step 2. In the remove confirmation dialogue box, click ok to remove the policy or click cancel to cancel removin...

  • Page 94: Enabled Monitoring Function:

    Enabled monitoring function: log: if logging is enabled in the outgoing policy, the firewall vpn router will log the traffic and event passing through the firewall. The administrator can click log on the left menu bar to get the flow and event logs of the specified policy. Note: system administrator...

  • Page 95

    Alarm: if logging is enabled in the outgoing policy, the firewall vpn router will log the traffic alarms and event alarms passing through the firewall. The administrator can click alarm on the left menu to get the logs of flow and event alarms of the specified policy. Note: the administrator can als...

  • Page 96

    Statistics: if statistics is enabled in the outgoing policy, the firewall vpn router will display the flow statistics passing through the firewall. Note: the administrator can also get flow statistics in statistics. Please refer to statistics in chapter 11 for more details. - 96 -.

  • Page 97: Incoming

    Incoming this chapter describes steps to create policies for packets and services from the external (wan) network to the internal (lan) network including mapped ip and virtual server. Enter incoming window: step 1: click incoming under the policy menu to enter the incoming window. The incomingtable ...

  • Page 98

    - 98 - option: specify the monitoring functions on packets from external networks to virtual server/mapped ip travelling through the firewall. Configure: modify settings or remove incoming policy. Move: this sets the priority of the policies, number 1 being the highest priority..

  • Page 99: Adding An Incoming Policy:

    Adding an incoming policy: step 1: under incoming of the policy menu, click the new entry button. Step 2: source address: select names of the external networks from the drop down list. The drop down list contains the names of all external networks defined in the external section of the address menu....

  • Page 100

    - 100 - be sent if flow rates are higher than the specified value. Step 3: click ok to add new policy or click cancel to cancel adding new incoming policy..

  • Page 101: Modifying Incoming Policy:

    Modifying incoming policy: step 1: in the incoming window, locate the name of policy desired to be modified and click its corresponding modify option in the configure field. Step 2: in the modify policy window, fill in new settings. Step 3: click ok to save modifications or click cancel to cancel mo...

  • Page 102: Removing An Incoming Policy:

    Removing an incoming policy: step 1: in the incoming window, locate the name of policy desired to be removed and click its corresponding [remove] in the configure field. Step 2: in the remove confirmation window, click ok to remove the policy or click cancel to cancel removing. - 102 -.

  • Page 103: Virtual Server Menu.

    External to dmz & internal to dmz this section describes steps to create policies for packets and services from the external (wan) networks to the dmz networks. Please follow the same procedures for internal (lan) networks to dmz networks. Enter [external to dmz] (or [internal to dmz]) window: click...

  • Page 104

    - 104 - action: control actions, to permit or deny packets from external networks to dmz travelling through the firewall vpn router. Option: specify the monitoring functions of packets from external network to dmz network travelling through firewall. Configure: modify settings or remove policies..

  • Page 105: Step 2:

    Adding a new external to dmz policy: step 1: click the new entry button and the add new policy window will appear. Step 2: source address: select names of the external networks from the drop down list. The drop down list contains the names of all external networks defined in the external section of ...

  • Page 106: Step 3:  Click Ok.

    - 106 - entitled services for details) action: select permit or deny from the drop down list to allow or reject the packets travelling from the specified external network to the dmz network. Logging: select enable to enable flow monitoring. Statistics: select enable to enable flow statistics. Alarm ...

  • Page 107: Configure Field.

    Modifying an external to dmz policy: step 1: in the external to dmz window, locate the name of policy desired to be modified and click its corresponding modify option in the configure field. Step 2: in the modify policy window, fill in new settings. Step 3: click ok to do save modifications. - 107 -.

  • Page 108: Configure Field.

    Removing an external to dmz policy: step 1: in the external to dmz window, locate the name of policy desired to be removed and click its corresponding remove option in the configure field. Step 2: in the remove confirmation pop-up box, click ok to remove the policy. - 108 -.

  • Page 109

    Dmz to external & dmz to internal this section describes steps to create policies for packets and services from dmz networks to external (wan) networks. Please follow the same procedures for dmz networks to internal (lan) networks. Entering the dmz to external window: click dmz to external under pol...

  • Page 110

    - 110 - router. Option: specify the monitoring functions on packets from the dmz network to external networks travelling through the firewall. Configure: modify settings or remove policies move: this sets the priority of the policies, number 1 being the highest priority..

  • Page 111: Step 2:

    Adding a dmz to external policy: step 1: click the new entry button and the add new policy window will appear. Step 2: source address: select the name of the dmz network from the drop down list. The drop down list will contain names of dmz networks defined in dmz section of the address menu. To add ...

  • Page 112

    - 112 - action: select permit or deny from the drop down list to allow or reject the packets travelling from the specified dmz network to the external network. Logging: select enable to enable flow monitoring. Statistics: click enable to enable flow statistics. Alarm threshold: set a maximum flow ra...

  • Page 113

    Modifying a dmz to external policy: step 1: in the dmz to external window,locates the name of policy desired to be modified and click its corresponding modify option in the configure field. Step 2: in the modify policy window, fill in new settings. Note: to change or add selections in the drop-down ...

  • Page 114

    Removing a dmz to external policy: step 1. In the dmz to external window, locate the name of policy desired to be removed and click its corresponding remove option in the configure field. Step 2. In the remove confirmation dialogue box, click ok. - 114 -.

  • Page 115: Vpn

    - 115 - vpn the firewall vpn router firewall’s vpn (virtual private network) is set by the system administrator. The system administrator can add, modify or remove vpn settings. What is vpn? To set up a virtual private network (vpn), you don’t need to configure an access policy to enable encryption....

  • Page 116: Autokey Ike

    Autokey ike this chapter describes steps to create a vpn connection using autokey ike. Autokey ike (internet key exchange) provides a standard method to negotiate keys between two security gateways. For example, with two firewall devices, ike allows new keys to be generated after a set amount of tim...

  • Page 117: Adding The Autokey Ike:

    Adding the autokey ike: step 1. Click the new entry button and the vpn auto keyed tunnel window will appear. Step 2: preshare key: the ike vpn must be defined with a preshared key. The key may be up to 128 bytes long. Esp/ah: the ip level security headers, ah and esp, were originally proposed by the...

  • Page 118: Modifying An Autokey Ike:

    To frequent re-keying, which could affect performance. Modifying an autokey ike: step 1: in the autokey ike window, locate the name of policy desired to be modified and click its corresponding modify option in the configure field. Step 2: in the modify policy window, fill in new settings. Step 3: cl...

  • Page 119

    Removing autokey ike: step 1. Locate the name of the autokey ike desired to be removed and click its corresponding delete option in the configure field. Step 2. In the remove confirmation pop-up box, click ok to remove the autokey ike or click cancel to cancel deleting. - 119 -.

  • Page 120: Pptp Server

    Pptp server entering the pptp server window - 120 - step 1. Select vpn→pptp server. Pptp server: click modify to select enable or disable. Client ip range: 192.26.145.1-254 : display the ip addresses range for pptp client connection. User name: displays the pptp client user’s name for authentication...

  • Page 121: Select Vpn→Pptp Server.

    - 121 - step 1. Step 2. Modifying pptp server design select vpn→pptp server. Click【modify】after the client ip range. Step 3. In the【modify server design 】window, enter appropriate settings. Disable pptp:check to disable pptp server. Enable pptp:check to enable pptpserver. 1.Encyption: the default is...

  • Page 122: Adding Pptp Server

    Adding pptp server - 122 - step 1. Select vpn→pptp server. Click newentry. Step 2. Enter appropriate settings in the following window. User name: specify the pptp client. This should be unique. Password: specify the pptp client password. Remote client: single machine: check to connect to single comp...

  • Page 123

    Step 3. Click ok to save modifications or click cancel to cancel modifications - 123 -.

  • Page 124: Modifying Pptp Server

    Modifying pptp server - 124 - step 1. Select vpn→pptp server. Step 2. Step 3. In the【pptp server】window, find the pptp server that you want to modify. Click 【configure】and click 【modify】. Enter appropriate settings. Step 4. Click ok to save modifications or click cancel to cancel modifications.

  • Page 125: Removing Pptp Server

    Removing pptp server - 125 - step 1. Step 2. Step 3. Select vpn→pptp server. In the【pptp server】window, find the pptp server that you want to modify. Click 【configure】and click 【remove】. Click ok to remove the pptp server or click cancel to exit without removal..

  • Page 126: Pptp Client

    Pptp client entering the pptp client window - 126 - step 1. Select vpn→pptp client. Server address:display the pptp server ip addresses.. User name:displays the pptp client user’s name for authentication. Client ip:displays the pptp client’s ip address for authentication.。 uptime:displays the connec...

  • Page 127: Adding A Pptp Client

    - 127 - step 1. Adding a pptp client select vpn→pptp client. User name: specify the pptp client. This should be unique. Password: specify the pptp client password. Server address: enter the pptp server’s ip address. Remote client: single machine: check to connect to single computer. Multi-machine: c...

  • Page 128: Modifying Pptp Client

    Modifying pptp client - 128 - step 1. Select vpn→pptp client. Step 2. Step 3. In the【pptp client】window, find the pptp server that you want to modify. Click 【configure】and click 【modify】. Enter appropriate settings. Step 4. Click ok to save modifications or click cancel to cancel modifications.

  • Page 129: Removing Pptp Client

    Removing pptp client - 129 - step 1. Step 2. Step 3. Select vpn→pptp client. In the【pptp client】window, find the pptp client that you want to modify. Click 【configure】and click 【remove】. Click ok to remove the pptp client or click cancel to exit without removal..

  • Page 130: Content Filtering

    - 130 - content filtering content filtering includes url blocking and general filtering. Content filtering includes「url blocking」and 「 general blocking」。 (一) url blocking:the device manager can use a complete domain name, key word, “〜” or “*” to make rules for specific websites. (二) general blocking...

  • Page 131: Url Blocking

    Url blocking the administrator may setup url blocking to prevent internal network users from accessing a specific website on the internet. Any web request coming from an internal network computer to a blocked website will receive a blocked message instead of the website. Entering the url blocking wi...

  • Page 132: Step 1: After

    Adding a url blocking policy: step 1: after clicking new entry, the add new block string window will appear. Step 2: enter the url of the website to be blocked. Step 3: click ok to add the policy. Click cancel to discard changes. - 132 -.

  • Page 133: Step 1:

    Modifying a url blocking policy: step 1: in the url blocking window, find the policy to be modified and click the corresponding modify option in the configure field. Step 2: make the necessary changes needed. Step 3: click on ok to save changes or click on cancel to cancel modifications. - 133 -.

  • Page 134: Step 1:

    Removing a url blocking policy: step 1: in the url blocking window, find the policy to be removed and click the corresponding remove option in the configure field. Step 2: a confirmation pop-up box will appear, click on ok to remove the policy or click on cancel to discard changes. Blocked url site:...

  • Page 135: General Blocking

    General blocking to let popup、activex、java、cookie in or keep them out. Step 1: click content filtering in the menu. Step 2: 【 general blocking】detective functions. Popup filtering:prevent the pop-up boxes appearing. Activex filtering:prevent activex packets. Java filtering:prevent java packets. Cook...

  • Page 136: Virtual Server

    - 136 - virtual server the firewall vpn router office firewall separates an enterprise’s intranet and internet into internal networks and external networks respectively. Generally speaking, in order to allocate enough ip addresses for all computers, an enterprise assigns each computer a private ip a...

  • Page 137

    - 137 - virtual server to the private internal ip address of the physical server that supports the services. Therefore users from the external network can access servers of the internal network by requesting the service from the ip address provided by virtual server..

  • Page 138: Mapped Ip

    Mapped ip internal private ip addresses are translated through nat (network address translation). If a server is located in the internal network, it has a private ip address, and outside users cannot connect directly to internal servers’ private ip address. To connect to an internal network server, ...

  • Page 139: Adding A New Ip Mapping:

    Adding a new ip mapping: step 1. In the mapped ip window, click the new entry button the add new mapped ip window will appear. External ip: select the external public ip address to be mapped. Internal ip: enter the internal private ip address or dmz ip address which will be mapped 1-to-1 to the exte...

  • Page 140: Modifying A Mapped Ip:

    Modifying a mapped ip: step 1. In the mapped ip table, locate the mapped ip desired to be modified and click its corresponding modify option in the configure field. Step 2. Enter settings in the modify mapped ip window. Step 3. Click ok to save change or click cancel to cancel. Note: a mapped ip can...

  • Page 141: Removing A Mapped Ip:

    Removing a mapped ip: step 1. In the mapped iptable, locate the mapped ip desired to be removed and click its corresponding remove option in the configure field. Step 2. In the remove confirmation pop-up window, click ok to remove the mapped ip or click cancel to cancel. - 141 -.

  • Page 142: Virtual Server

    - 142 - virtual server virtual server is a one-to-many mapping technique, which maps a real ip address from the external interface to private ip addresses of the internal network. This is done to provide services or applications defined in the service menu to enter into the internal network. Unlike ...

  • Page 143: Adding A Virtual Server:

    Adding a virtual server: step 1. Click an available virtual server from virtual server in the virtual server menu bar to enter the virtual server configuration window. In the following, virtual server is assumed to be the chosen option: step 2. Click the click here to configure button and the add ne...

  • Page 144

    When disable appears in the drop-down list, no virtual server can be added. - 144 -.

  • Page 145

    Modifying a virtual server ip address: step 1. Click the virtual server to be modified virtual server under the virtual server menu bar. A new window appears displaying the ip address and service of the specified virtual server. Step 2. Click on the virtual server’s ip address button at the top of t...

  • Page 146: Removing A Virtual Server:

    Removing a virtual server: step 1. Click the virtual server to be removed in the corresponding virtual server option under the virtual server menu bar. A new window displaying the virtual server’s ip address and service appears on the screen. Step 2. Click the virtual server’s ip address button at t...

  • Page 147

    Setting the virtual server’s services: step 1. For the virtual server which has already been set up with an ip address, click the new service button in the table. Step 2. In the virtual server configurations window: virtual server ip: displays the external ip address assigned to the virtual server e...

  • Page 148

    Modifying the virtual server configurations: step 1. In the virtual server window’s service table, locate the name of the service desired to be modified and click its corresponding modify option in the configure field. Step 2. In the virtual server configuration window, enter the new settings. Step ...

  • Page 149

    Removing the virtual server service: step 1. In the virtual server window’s service table, locate the name of the service desired to be removed and click its corresponding remove option in the configure field. Step 2. In the remove confirmation pop-up box, click ok to remove the service or click can...

  • Page 150: Log

    - 150 - log the firewall vpn router office firewall supports traffic logging and event logging to monitor and record services, connection times, and the source and destination network address. The administrator may also download the log files for backup purposes. The administrator mainly uses the lo...

  • Page 151: Traffic Log

    Traffic log the administrator queries the firewall for information, such as source address, destination address, start time, and protocol port, of all connections. Entering the traffic log window: click the traffic log option under log menu to enter the traffic logwindow. Traffic log: the table in t...

  • Page 152

    Downloading the traffic logs: the administrator can backup the traffic logs regularly by downloading it to the computer. Step 1. In the traffic log window, click the download logs button at the bottom of the screen. Step 2. Follow the file download pop-up window to save the traffic logs into a speci...

  • Page 153: Clearing The Traffic Logs:

    Clearing the traffic logs: the administrator may clear on-line logs to keep just the most updated logs on the screen. Step 1. In the traffic log window, click the clear logs button at the bottom of the screen. Step 2. In the clear logs pop-up box, click ok to clear the logs or click cancel to cancel...

  • Page 154: Event Log

    Event log when the firewall vpn router firewall detects events, the administrator can get the details, such as time and description of the events from the event logs. Entering the event log window: click the event log option under the log menu and the event log window will appear. The table in the e...

  • Page 155

    Downloading the event logs: step 1. In the event log window, click the download logs button at the bottom of the screen. Step 2. Follow the file download pop-up window to save the event logs into a specific directory on the hard drive. - 155 -.

  • Page 156: Clearing The Event Logs:

    Clearing the event logs: the administrator may clear on-line event logs to keep just the most updated logs on the screen. Step 1. In the event log window, click the clear logs button at the bottom of the screen. Step 2. In the clear logs pop-up box, click ok to clear the logs or click cancel to canc...

  • Page 157: Log Report

    Log report the log report step 1. Click log log report. Step 2. Log mail configuration:when the log mail files accumulated up to 300kbytes, router will notify administrator by email with the traffic log and event log.。 note: before enabling this function, you have to enable e-mail alarm in administr...

  • Page 158: Step 2.  Go To Log

    Enable log mail support & syslog message log mail configuration /enable log mail support step 1. Firstly, go to admin –select enable e-mail alert notification under e-mail settings. Enter the e-mail address to receive the alarm notification. Click ok. Step 2. Go to log log report. Check to enable lo...

  • Page 159: Click Ok.

    Disable log mail support & syslog message step 1. Go to log log report. Uncheck to disable log mail support. Click ok. Step 2. Go to log log report. Uncheck to disable settings message. Click ok. - 159 -.

  • Page 160: Alarm

    - 160 - alarm in this chapter, the administrator can view traffic alarms and event alarms that occur and the firewall has logged. Firewall has two alarms: traffic alarm and event alarm. Traffic alarm: in control policies, the administrator set the threshold value for traffic alarm. The system regula...

  • Page 161: Traffic Alarm

    Traffic alarm entering the traffic alarm window: click the traffic alarm option below alarm menu to enter the traffic alarm window . The table in the traffic alarm window displays the current traffic alarm logs for connections. Time: the start and stop time of the specific connection. Source: name o...

  • Page 162: Cancel To Cancel.

    Clearing the traffic alarm logs: step 1. In the traffic alarm window, click the clear logs button at the bottom of the screen. Step 2. In the clear logs pop-up box, click ok to clear the logs or click cancel to cancel. - 162 -.

  • Page 163

    Downloading the traffic alarm logs: the administrator can back up traffic alarm logs regularly and download it to a file on the computer. Step 1. In the traffic alarm window, click the download logs button on the bottom of the screen. Step 2. Follow the file download pop-up box to save the traffic a...

  • Page 164: Event Alarm

    Event alarm entering the event alarm window: click the event alarm option below the alarm menu to enter the event alarm window. The table in event alarm window displays current traffic alarm logs for connections. Time: log time. Event: event descriptions. - 164 -.

  • Page 165: Clearing Event Alarm Logs:

    Clearing event alarm logs: the administrator may clear on-line logs to keep the most updated logs on the screen. Step 1. In the event alarm window, click the clear logs button at the bottom of the screen. Step 2. In the clear logs pop-up box, click ok. - 165 -.

  • Page 166

    Downloading the event alarm logs: the administrator can back up event alarm logs regularly by downloading it to a file on the computer. Step 1. In the event alarm window, click the download logs button at the bottom of the screen. Step 2. Follow the file download pop-up box to save the event alarm l...

  • Page 167: Statistics

    Statistics in this chapter, the administrator queries the firewall vpn router office firewall for statistics of packets and data which passes across the firewall. The statistics provides the administrator with information about network traffics and network loads. What is statistics statistics are th...

  • Page 168: Status

    Status in this section, the firewall vpn router displays the status information about the firewall. Status will display the network information from the configuration menu. The administrator may also use status to check the dhcp lease time and mac addresses for computers connected to the firewall. I...

  • Page 169: Arp Table

    Arp table entering the arp table window: click on status in the menu bar, and then click arp table below it. A window will appear displaying a table with ip addresses and their corresponding mac addresses. For each computer on the internal, external, and dmz network that replies to an arp packet, th...

  • Page 170: Dhcp Clients

    Dhcp clients entering the dhcp clients window: click on status in the menu bar, and then click on dhcp clients below it. A window will appear displaying the table of dhcp clients that are connected to the firewall vpn router. The table will list host computers on the internal network that obtain its...

  • Page 171: Setup Examples

    Setup examples example 1: allow the internal network to be able to access the internet example 2: the internal network can only access yahoo.Com website example 3: outside users can access the internal ftp server through virtual servers example 4: install a server inside the internal network and hav...

  • Page 172

    Step 4 when the following screen appears, the setup is completed. - 172 -.

  • Page 173: Example 2:

    Example 2: the internal network can only access yahoo.Com website. Step 1. Enter the external window under the address menu. Step 2. Click the new entry button. Step 3. In the add new address window, enter relating parameters. Step 4. Click ok to end the address table setup. Step 5. Go to the outgoi...

  • Page 174

    Step 8. When the following screen appears, the setup is completed. - 174 -.

  • Page 175: Example 3:

    Example 3: outside users can access the internal ftp server through virtual servers step 1. Enter virtual server under the virtual server menu. Step 2. Click the ‘click here to configure’ button. Step 3. Select an external ip address, then click ok. Step 4. Click the new service button on the bottom...

  • Page 176

    Step 7. Go to the incoming window under the policy menu, and then click on the new entry button. Step 8. In the add new policy window, set each parameter, then click ok. - 176 -.

  • Page 177

    Step 9. An incoming ftp policy should now be created. - 177 -.

  • Page 178: Example 4:

    Example 4: install a server inside the internal network and have the internet (external) users access the server through ip mapping step 1. Enter the mapped ip window under the virtual server menu. Step 2. Click the new entry button. Step 3. In the add new ip mapping window, enter each parameter, an...

  • Page 179

    Step 8. Open all the services. (any) step 9. The setup is completed. - 179 -.