User manual D-LINK DFL-2500
DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Diplodocs provides you a fast and easy access to the user manual D-LINK DFL-2500. We hope that this D-LINK DFL-2500 user guide will be useful to you.
You may also download the following manuals related to this product:
D-LINK DFL-2500 BROCHURE (2164 ko)
D-LINK DFL-2500 DATASHEET (2164 ko)
D-LINK DFL-2500 USER MANUAL (4740 ko)
D-LINK DFL-2500 INSTALLATION GUIDE (4120 ko)
D-LINK DFL-2500 LOG REFERENCE GUIDE (3818 ko)
D-LINK DFL-2500 COMMAND LINE INTERFACE REFERENCE GUIDE (2898 ko)
Manual abstract: user guide D-LINK DFL-2500
Detailed instructions for use are in the User's Guide.
[. . . ] .
xvi
xvii xvii xvii xviii
II
Product Overview
2
3 3
1 Capabilities 1. 1 Product Highlights . .
III
Introduction to Networking
6
7 9 9 9 9 10 11 11 11 13 13 14
2 The OSI Model 3 Firewall Principles 3. 1 The Role of the Firewall . 3. 2. 1 Attacks on Insecure pre-installed Components 3. 2. 2 Inexperienced Users on protected Networks . .
18
19 19 19 19 22 23 25 25 25 26 28 28 29 29 31 31 32 34 35 35
4 Configuration Platform 4. 1 Configuring Via WebUI . [. . . ] Application Layer Gateway ALG: select "ftp-outbound" that has been created. Rules (Using Public IPs) The following rule need to be added to the IP rules in the firewall if the firewall is using public IP's; make sure there is not rules disallowing or allowing the same kind of ports/traffic before these rules. The service in use is the "ftp-outbound", which should be using the ALG definition "ftp-outbound" as described earlier. Allow connections to ftp-servers on the outside: Rules - > IP Rules - > Add - > IP Rule: General: Name: Allow-ftp-outbound Action: Allow Service: ftp-outbound Address Filter: Source Destination Interface: lan wan Network: lannet all-nets Then click OK.
D-Link Firewalls User's Guide
18. 3. Rules (Using Private IPs) If the firewall is using private IP's, the following NAT rule need to be added instead. Rules - > IP Rules - > Add - > IP Rule: General: Name: NAT-ftp-outbound Action: NAT Service: ftp-outbound Address Filter: Source Destination Interface: lan wan Network: lannet all-nets NAT: Check Use Interface Address Then click OK.
18. 3
HTTP
Hyper Text Transfer Protocol (HTTP), is the primary protocol used to access the World Wide Web (WWW). It is a connectionless, stateless application layer protocol (OSI layer 7), which is based on the request/response architecture. The client, such as Web browser, typically sends a request by establishing a TCP/IP connection to a particular port (usually port 80) on a remote server. The server answers with a response string, followed by a message of its own, for example, a HTML file to be shown in the Web browser, an active-x component to be executed on the client, or an error message.
18. 3. 1
Components & Security Issues
To enable more advanced functions and extensions to HTTP services, some add-on components, known as "active contents", are usually accompanied with the HTTP response to the client computer. Application Layer Gateway (ALG)
ActiveX objects An ActiveX object is a HTTP component, which is downloaded and executed on the client computer. Because it is executed on the client, certain security issues exists, which could cause harm to the local computer system. JavaScript/VBScript In order to display more advanced and dynamic HTML pages, scripts can be used. A script is executed by the web browser, and can be used to control the browser functionality, validate user's input, or a number of other features. It could potentially be used by an attacker in an attempt to cause harm to a computer system, or to cause various annoyances, such as pop-up windows. Java Applets A java applet is written in JAVA programming language, and a java-enabled browser can download and execute this code on the client computer. An applet can contain malicious code, which lead to security problems. Cookies A cookie is a small text file, stored locally on the client computer. Its objective is to make a web server remember certain information about a user, which has been entered previously. This can also contain confidential information.
18. 3. 2
Solution
D-Link firewalls address the security issues shown in the previous section by Stripping Contents and URL Filtering. Stripping Contents In D-Link HTTP ALG configuration, some or all of the active contents mentioned previously can be stripped away from HTTP traffic upon administrator's requests. HTTP
157
URL Filtering A Uniform Resource Locator (URL) is an address to a resource on the WWW. As a part of a security policy, it might be useful to restrict access to certain sites, or even to block certain file types to be downloaded. [. . . ] It is not necessary to perform a shutdown before the firewall is powered off, as it does not keep any open files while running.
· Syntax: shutdown <seconds>
-- Shutdown in <n> seconds (default:
5)
Sysmsgs
Show the contents of the OS sysmsg buffer.
· Syntax:
sysmsgs
Example: Cmd> sysmsg Contents of OS sysmsg buffer: . . .
Settings
Shows the contents of the Settings configuration section.
· Syntax:
-- settings
Shows available groups of settings.
D-Link Firewalls User's Guide
335
Example: Cmd> sett Available categories in the Settings section: IP - IP (Internet Protocol) Settings TCP - TCP (Transmission Control Protocol) Settings ICMP - ICMP (Internet Control Message Protocol) ARP - ARP (Address Resolution Protocol) Settings State - Stateful Inspection Settings ConnTimeouts - Default Connection timeouts LengthLim - Default Length limits on Sub-IP Protocols Frag - Pseudo Fragment Reassembly settings LocalReass - Local Fragment Reassembly Settings VLAN - VLAN Settings SNMP - SNMP Settings DHCPClient - DHCP (Dynamic Host Configuration Protocol) Client Settings DHCPRelay - DHCP/BOOTP Relaying Settings DHCPServer - DHCP Server Settings IPsec - IPsec and IKE Settings Log - Log Settings SSL - SSL Settings HA - High Availability Settings Timesync - Time Synchronization Settings DNSClient - DNS Client Settings RemoteAdmin - Settings regarding remote administration Transparency - Settings related to transparent mode HTTPPoster - Post user-defined URLs periodically for e. g. dyndns registration, etc WWWSrv - Settings regarding the builtin web server HwPerformance - Hardware performance parameters IfaceMon - Interface Monitor RouteFailOver - Route Fail Over Default values IDS - Intrusion Detection / Prevention Settings PPP - PPP (L2TP/PPTP/PPPoE) Settings Misc - Miscellaneous Settings
D-Link Firewalls User's Guide
336
Chapter A. Console Commands Reference
-- settings <group name> Shows the settings of the specified group. Example: Cmd> settings arp ARP (Address Resolution ARPMatchEnetSender ARPQueryNoSenderIP ARPSenderIP UnsolicitedARPReplies ARPRequests ARPChanges StaticARPChanges ARPExpire ARPMulticast ARPBroadcast ARPCacheSize ARPHashSizeVLAN Protocol) Settings : DropLog : DropLog : Validate : DropLog : Drop : AcceptLog : DropLog : 900 ARPExpireUnknown : 3 : DropLog : DropLog : 4096 ARPHashSize : 512 : 64
Stats
Shows various vital stats and counters.
· Syntax: stats
Example: Cmd> stats Uptime : . . . [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE D-LINK DFL-2500
Click on "Download the user Manual" at the end of this Contract if you accept its terms, the downloading of the manual D-LINK DFL-2500 will begin.