D-Link DFL- 860 Bedienungsanleitung Seite 1

Firewall/UTM by D-LinkArvydas ŽiliukasD-Link Baltija, UABKlaip÷da, IT Klubas2011.02.04

ALG Objects• ALG acts as a mediator• ALG is capable to scan all traffic in Application level rather than TCP/IP stack• Following protocols are support

HTTP ALG OverviewNetDefendOS supports HTTP ALGs via the following subsystems:• Manage Active Web Page Content− Handles active content such as ActiveX,

Anti-Virus ALG Actions• When configuring ALG, the following parameters can be set.• In General Tab:− Fail mode behavior: In cases where file integrity

IPS, AV, WCF and Anti-SPAM licenses• Anti-SPAM is free. In opposite, IPS, AV and WCF are chargeable 12-month subscription licenses.• NetDefend IPS and

IPS Module Overview• NetDefendOS IPS feature addresses the above IPS issues with the following mechanisms:− IPS Rules− Pattern Matching− Action• NetDe

Setting IPS Rules and ActionsAfter pattern matching recognizes an intrusion in traffic subject to an IPS Rule one from actions associated with that Ru

Anti-Virus Module Overview• The main purpose of UTM Anti-Virus module feature is to provide the first level prevention from gateway side, not instead

Anti-Virus Module Overview contd.• NetDefend Firewall implements Stream-based Virus Scanning technology without caching the incoming files first, thus

Activating Anti-Virus Scanning• Association with an ALG.• Anti-Virus feature is based on ALG design, user could use the predefined object for quick de

Dynamic Web Content Filtering (WCF) Overview• NetDefendOS supports Dynamic (WCF) of web traffic, whichenables an administrator automatically to permit

D-Link Firewall/UTM introduction• D-Link firewalls DFL series are hardware standalone firewalls with D-Link proprietary NetDefendOS.• D-Link firewalls

User Authentication Introduction• User authentication is frequently used in services, such as HTTP, FTP and VPN.• NetDefendOS uses a username/Password

Run-Time Web Based Authentication• The most common application of User Authentication is Run-Time Web Based User Authentication which is similar to WA

NetDefend UTM Features MatrixDFL model Anti-Virus/IPS Performance IPS Signature NumberAnti-Virus Pattern Number File Size LimitationDFL-260E 35 / 70 M

Traffic Management• What is Causing Bandwidth Performance Problems?− More application traffic− Recreational traffic− Web-based applications− Voice

Traffic Management• How Traffic Management Works?− Queuing packets when traffic exceeds configured limits− Dropping packets if the packet buffers are

Traffic Management - What’s the Pipe?• Pipe is the central concept for all bandwidth.• Pipe simply measures the traffic pass though it and applies con

Pipe Rules• The Pipe Rules defines a traffic shaping policy by specifying what network traffic should flow through what pipes. • Pipe Rules is used to

Direction of a Pipe• Now the pipe have a 2Mbps limit and the physical connection can only handle 1Mbps in each direction. The pipe will never be full

Direction of a Pipe with Actual Example• The reason we're using two separate pipes, it is mainly easier to match to the physical capacity (especi

Pipe Chains• The Forward Chain List− These are the pipes that will be used for outgoing (leaving) traffic from the D-Link Firewall. One, none or a ser

NetDefendOS Introduction• NetDefendOS is a proprietary or close architecture, it haslesser OS vulnerability, and more reliability compared toothers wh

Pipe Precedence• Minimum Precedence: The lowest allowed priority for traffic in this pipe.• Default Precedence: The default precedence for the pipe. T

Bandwidth Limits• For each pipe, separate bandwidth limits may be optionally specified for each precedence level. In precedence are used then the tota

Grouping Users of a PipeExample of a pipe with traffic grouped per IP Address• Grouping may be performed on source network, source IP address, source

Dynamic Bandwidth Balancing• Dynamic Bandwidth Balancing is D-Link unique feature in firewall market− General QoS can provide bandwidth guarantee by s

ZoneDefenseTMTechnologyFirewall•Traditional Firewalls have limited ports & performance. So L3 network switching still relies on L3 switches•Whenev

ZoneDefenseTMTechnology•D-Link architecture is able to stop virus/worm spreading across the LAN•Communication quarantine is used in interaction of D

ZoneDefense configuration examples•ZoneDefense enabled xStack Switches are:DES-3526/50,DES-3528/52, DES-3828/52, DGS-3200, DGS-3400, DGS-3600

ZoneDefense configuration examples•Setup Threshold rules

ZoneDefense configuration examples•Add Threshold Action from the Threshold rules

ZoneDefense configuration examples•Check ZoneDefense and xStack Switch state

General D-Link Firewall Features Integrated Functions•SPI Firewall Protection•Virtual Private Network (VPN)•Denial of Service (DoS) Protection•URL/Jav

Q&A………………ZoneDefense Demo

D-Link NetDefend Firewall/UTM familyDFL-2500 DFL-2560DFL-2560GDFL-1600DFL-1660Small BusinessMedium BusinessEnterpriseDFL-800, DFL-860DFL-860EDFL-210/2

D-Link NetDefendOS overview• The fundamental objects within NetDefendOS include:− Address Book− Interfaces− Services− ALG Objects− Schedules− VPN Obje

NetDefend - Address BookThe Address Book contains named objects representing various type of addresses, including• IP addresses• IP networks• IP range

InterfacesNetDefendOS treats all interfaces as logical IP interfaces. • Physical Interfaces− Each physical interface represents a physical port. NetDe

ServicesService object could define• TCP/UDP service• ICMP service• IP protocol serviceA large number of Service objects come pre-defined with NetDefe