Идти на страницу of
Похожие руководства по эксплуатации
Хорошее руководство по эксплуатации
Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации D-Link DFL-160. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции D-Link DFL-160 или обучающее видео для пользователей. Условием остается четкая и понятная форма.
Что такое руководство?
Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции D-Link DFL-160 можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.
К сожалению немного пользователей находит время для чтения инструкций D-Link DFL-160, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.
Из чего должно состоять идеальное руководство по эксплуатации?
Прежде всего в инструкции D-Link DFL-160 должна находится:
- информация относительно технических данных устройства D-Link DFL-160
- название производителя и год производства оборудования D-Link DFL-160
- правила обслуживания, настройки и ухода за оборудованием D-Link DFL-160
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам
Почему мы не читаем инструкций?
Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск D-Link DFL-160 это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок D-Link DFL-160 и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта D-Link, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания D-Link DFL-160, как это часто бывает в случае бумажной версии.
Почему стоит читать инструкции?
Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства D-Link DFL-160, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.
После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции D-Link DFL-160. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.
Содержание руководства
-
Страница 1
User Manu al DFL-160 V er 1.00 Network Security Sol ution http://www .dlink.com.tw Security Security SOHO UTM F irewall[...]
-
Страница 2
User Manual D-Link DFL-160 Firewall NetDefendOS Version 2.25 D-Link Corporation No. 289, Sinhu 3rd Rd, Neihu District, Taipei City 114, Taiwan R.O.C. http://www.DLink.com Published 2009-05-14 Copyright © 2009[...]
-
Страница 3
User Manual D-Link DFL-160 Firewall NetDefendOS Version 2.25 Published 2009-05-14 Copyright © 2009 Copyright Notice This publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this manual, nor any of the material contained herein, may be reproduced with[...]
-
Страница 4
Table of Contents 1. Product Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. The DFL-160 Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Страница 5
C. Apple Mac IP Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 D. D-Link Worldwide Offices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Страница 6
Chapter 1. Product Overview • The DFL-160 Solution, page 5 • Ethernet Interfaces, page 7 • The LED Indicators, page 9 1.1. The DFL-160 Solution The NetDefend SOHO UTM product is a D-Link hardware/software solution designed for situations where a conventional IP router connected to the public Internet in a small organization or home environmen[...]
-
Страница 7
"Inside" and "Outside" Networks The NetDefendOS provides the administrator with the ability to control and manage the traffic that flows between the trusted "inside" networks and the much more threatening public Internet that lies "outside". The "outside" Internet network is connected to the DFL-160[...]
-
Страница 8
1.2. Ethernet Interfaces Physical Interface Arrangement The DFL-160 has a number of physical Ethernet interfaces which can be used to plug into other Ethernet networks. The image below shows these interfaces at the back of the hardware unit. Interface Network Connections The illustration below shows the typical usage of network connections to the D[...]
-
Страница 9
are intended for connection to local, internal networks which will be protected from the outside internet by the highest security available from the DFL-160. Interfaces LAN1 to LAN4 are connected together via a switch fabric in the DFL-160 which means that traffic travelling between them will not be subject to the control of NetDefendOS. All four a[...]
-
Страница 10
1.3. The LED Indicators On the front portion of the DFL-160 casing are a set of indicator lights which show system status and Ethernet port activity. Power and Status The power light is illuminated when power is applied and the status light is illuminated after NetDefendOS has completed start up or if the boot menu has been entered prior to complet[...]
-
Страница 11
1.3. The LED Indicators Chapter 1. Product Overview 10[...]
-
Страница 12
Chapter 2. Initial Setup • Unpacking, page 11 • Web Browser Connection, page 13 • Browser Connection Troubleshooting, page 18 • Console Port Connection, page 19 2.1. Unpacking Package Contents Carefully open the product packaging and inside you will find the following: • The DFL-160 hardware unit. • The DFL-160 Quick Installation Guide.[...]
-
Страница 13
Environmental and Operating Parameters The following table lists the key environmental and operatíng parameters for the DFL-160 hardware. Parameter DFL-160 Value AC Input 100-240 VAC, 50/60 Hz, External supply Operating Temperature Range 0°C to +50°C Storage Temperature Range -40°C to +70°C Operational Humidity Range 10% to 90% RH Storage Humi[...]
-
Страница 14
2.2. Web Browser Connection This section describes the steps for accessing a DFL-160 for the first time through a web browser. The user interface accessed in this way is known as the NetDefendOS Web Interface (or WebUI ). 1. Connect the Cables The DFL-160 and a management workstation (typically a Windows PC) running a web browser should be physical[...]
-
Страница 15
4. Connect to the DFL-160 by Surfing to the IP address 192.168.10.1 Using a web browser (Internet Explorer or Firefox is recommended), surf to the IP address 192.168.10.1 . This can be done using either HTTP or the more secure HTTPS protocol in the URL. These two alternatives are discussed next. A. Using HTTP Enter the address http://192.168.10.1 i[...]
-
Страница 16
The available management web interface language options are selectable at the bottom of this dialog. This defaults to the language set for the browser if NetDefendOS supports that language. Now login with the username admin and the password admin . The full web interface will now appear as shown below and you are ready to begin setting up the initi[...]
-
Страница 17
of time is fixed. After automatic logout occurs, the next interaction with the management web interface will take the browser to the login page. Connecting to the Internet In the typical DFL-160 installation the next step is to connect to the public Internet. To do this the WAN interface should be connected to your Internet Service Provider (ISP). [...]
-
Страница 18
features of the product and bring into use those which meet the needs of a particular installation. It is recommended that adminstrators familiarize themselves with the web interface by clicking on the main menu options and exploring the individual options available with each. The later part of this manual has a structure which reflects the naming [...]
-
Страница 19
2.3. Browser Connection Troubleshooting If the management interface does not respond after the DFL-160 has powered up and NetDefendOS has started, there are a number of simple steps to trouble shoot basic connection problems: 1. Check that the LAN interface is being used The most obvious problem is that the wrong DFL-160 interface has been used for[...]
-
Страница 20
2.4. Console Port Connection Initial setup of the DFL-160 can be done using only the web interface but DFL-160 also provides a Command Line Interface (CLI) which can be used for certain administrative tasks. This is accessed through a console connected directly to the unit's RS232 COM port, which is shown below. All CLI commands are listed in [...]
-
Страница 21
buffer allocated for output. This buffer limit means that a single large volume of console output may be truncated. This happens rarely and only with certain commands. The DFL-160 USB Port Next to the RS232 port is a USB port. This port is not used with the current version of NetDefendOS. The port is intended for use with features planned for futur[...]
-
Страница 22
2.4. Console Port Connection Chapter 2. Initial Setup 21[...]
-
Страница 23
Chapter 3. The System Menu • Administration, page 22 • Internet Connection, page 25 • LAN Settings, page 27 • DMZ Settings, page 30 • Logging, page 33 • Date and Time, page 35 • Dynamic DNS Settings, page 37 The System menu options allow the administrator to control and manage essential operating settings of the DFL-160. The sections [...]
-
Страница 24
The recommendation is to restrict the interfaces which allow management access and to always use the HTTPS protocol to ensure that management communication is encrypted. The only advantage in using HTTP for management access is to avoid the issue with certificates. NetDefendOS sends an unsigned certificate to the browser when using HTTPS and this m[...]
-
Страница 25
For instance, if HTTPS is used for management access and HTTPS inbound traffic is enabled (this is done in Section 4.3, “Inbound Traffic Options”) then both will use the port number 443 and there will be a problem. The port number for management traffic and normal HTTPS traffic must be unique. The solution is to change the HTTPS port for admini[...]
-
Страница 26
3.2. Internet Connection The options on this page allow the administrator to specify the communications protocol with which the WAN interface is connected to the public Internet via an Internet Service Provider (ISP). Your ISP will provide details of their connection. The first task is to make a physical Ethernet connection between the DFL-160&apos[...]
-
Страница 27
The Idle Timeout is the length of time with inactivity that passes before PPPoE disconnection occurs if the Dial-on-Demand is selected. DNS servers are set automatically after connection with PPPoE. D. PPTP Connection With this option, the username and password supplied by your ISP for PPTP connection should be entered. If DHCP is to be used with t[...]
-
Страница 28
3.3. LAN Settings The settings in this part of the management web interface determine how the DFL-160's LAN interface operates. These settings are very similar to the corresponding page for the DMZ interface (see Section 3.4, “DMZ Settings”). The Logical LAN Interface There are four physical interfaces in the DFL-160 hardware which are lab[...]
-
Страница 29
• NAT Mode This mode enables Dynamic Network Address Translation (NAT) use between the LAN and WAN interfaces. This means that the individual IP addresses of hosts on the LAN interface will be hidden from the public internet. All traffic coming from the public Internet to LAN hosts will be directed to the public IP address of the WAN interface an[...]
-
Страница 30
with a particular MAC address. When a request for a DHCP lease is received on the interface, NetDefendOS checks the MAC address of the requesting DHCP client against the list. If a match is found, the IP address that has been associated with the MAC address is the one that is handed out. The screenshot below shows how this option appears in the web[...]
-
Страница 31
3.4. DMZ Settings The settings in this part of the management web interface determine how the DFL-160's DMZ interface operates. These settings are very similar to the corresponding page for the LAN interface (see Section 3.3, “LAN Settings”). DMZ Interface Options There are three sections on this page of the web interface: A. DMZ Interface[...]
-
Страница 32
• Router Mode This is the mode used if NAT is not used. It means that each the individual hosts and users on the DMZ network need their own public IP addresses if they are to communicate with the public Internet. Although not recommended when WAN is connected to the public internet, there may be situations where NAT cannot be applied and the indi[...]
-
Страница 33
This feature allows the same IP address to be always allocated to a particular DHCP client. Transparent Mode and the Interface IP Address There are some considerations that should be noted with the DMZ IP address when transparent mode is enabled: • In transparent mode, the DMZ interface will take on the same IP address as the WAN interface. • I[...]
-
Страница 34
3.5. Logging NetDefendOS Log Messages During NetDefendOS operation, log messages are routinely generated to indicate when certain events occur. These messages form an important audit trail that show what has occurred during system operation and can dealt with in various ways. There are dozens of events for which event messages can be generated. The[...]
-
Страница 35
messages generated by NetDefendOS. By enabling this option, these log messages will be included. C. Email Alerts NetDefendOS can be configured to send emails to up to three email addresses when log messages are generated that are equal to or exceed a defined threshold. This threshold is referred to as the sensitivity . The sensitivity settings tran[...]
-
Страница 36
3.6. Date and Time A variety of NetDefendOS functions depend on the system date and time being set correctly for the DFL-160. It is therefore recommended to set the correct time and date as soon as possible. There are three time and date options: A. General B. Time zone and daylight saving time settings C. Automatic time synchronization A. General [...]
-
Страница 37
When usage of time servers is enabled, NetDefendOS will poll them on a regular basis and then adjust the DFL-160 system clock with the exact time. If the time server and the current time differ by more than one hour (60 minutes) then the time server is ignored. 3.6. Date and Time Chapter 3. The System Menu 36[...]
-
Страница 38
3.7. Dynamic DNS Settings A DNS feature offered by NetDefendOS is the ability to explicitly inform DNS servers when the external IP address of the DFL-160 has changed. This is sometimes referred to as Dynamic DNS (DDNS) and is useful where the DFL-160 has an external IP address that can change. By enabling this option, NetDefendOS acts as a dynamic[...]
-
Страница 39
3.7. Dynamic DNS Settings Chapter 3. The System Menu 38[...]
-
Страница 40
Chapter 4. The Firewall Menu • Outbound LAN Traffic Options, page 40 • Outbound DMZ Traffic Options, page 42 • Inbound Traffic Options, page 44 • VPN Options, page 46 • VPN Users, page 51 • Web Content Filtering, page 52 • Anti-Virus, page 61 • IDP Options, page 64 • Schedules, page 67 The options in the Firewall menu allow the ad[...]
-
Страница 41
against internal resources. • Time schedules can be set up which can be then used to specify the times when security policies are applied. • Lists of users that are allowed to access protected resources can be specified. The sections that follow describe the options in this menu in the order they appear. 4.1. Outbound LAN Traffic Options The Me[...]
-
Страница 42
For a custom protocol it is necessary to specify if the protocol uses TCP or UDP connections or both and to specify the port number the protocol will try and connect to at the other end of the connection. Specifying a Schedule A named Schedule can be defined through the Firewall > Schedules menu option and this can then be used with any individu[...]
-
Страница 43
4.2. Outbound DMZ Traffic Options The Meaning of Outbound These options determine what types of traffic can pass between the DMZ network and the WAN interface when the connection is initiated by a client or host on the DMZ network. For instance, the retrieval of data from a web server on the public Internet is still considered part of outbound traf[...]
-
Страница 44
Specifying a Schedule A named Schedule can be defined through the Firewall > Schedules menu option and this can then be used with any individual protocol allowed for outgoing traffic from the LAN interface. Schedules specify a period of time when a particular selection is valid. For example, the administrator might decide to not allow web surfin[...]
-
Страница 45
4.3. Inbound Traffic Options This set of NetDefendOS options deals using firewalling to protect against inbound traffic. The term inbound refers to connections that are initiated from the public Internet on the WAN interface. These connections are typically made to access some resource that sits behind the DFL-160, such as an HTTP server that is si[...]
-
Страница 46
C. Custom Traffic If a particular protocol does not appear in the standard list of protocols then a Custom Traffic "rule" can be created which allows incoming TCP or UDP traffic through on a specified port. As explained above, the custom rule must have a destination IP address specified which either an internal IP address if NAT is being [...]
-
Страница 47
4.4. VPN Options VPN Usage The Internet is increasingly used as a means to connect together computers since it offers efficient and inexpensive communication. The requirement therefore exists for data to traverse the Internet to its intended recipient without another party being able to read or alter it. VPN allows the setting up of a tunnel betwee[...]
-
Страница 48
In summary, a VPN allows the public Internet to be used for setting up secure communications or tunnels between DFL-160s or between a DFL-160 and other security gateway devices or clients. VPN with the DFL-160 NetDefendOS supports setting up tunnels using the following types of tunnel protocols for secure communication: • IPsec tunnels. • L2TP [...]
-
Страница 49
• IKE negotiates how IKE should be protected. • IKE negotiates how IPsec should be protected. • An IPsec tunnel is established which is used to securely transport data. The following sections are used in the web interface for IPsec setup: A. General B. Authentication C. Tunnel Type A. General Here, a textual Name for the tunnel is specified. [...]
-
Страница 50
Currently established IPsec tunnels can be listed and their usage examined through the IPsec option in the Status menu (see Section 6.8, “IPsec Status”). 4.4.2. L2TP/PPTP Client This option allows a tunnel to be set up where the DFL-160 acts as a L2TP or PPTP client. In this mode, a tunnel is set up where the DFL-160 connects to an L2TP or PPTP[...]
-
Страница 51
The Idle Timeout is the length of time with inactivity that passes before tunnel disconnection occurs. 4.4.3. L2TP/PPTP Server This option allows VPN tunnels to be set up based on the L2TP protocol, where the DFL-160 acts as a L2TP or PPTP server, receiving connection requests from external clients. Such clients are sometimes called roaming clients[...]
-
Страница 52
4.5. VPN Users The User Database This page in the web interface allows the administrator to enter the details of new users into the NetDefendOS user database and to also administer these users by making deletions or changes. There is no limit on the database size. The NetDefendOS user authentication database is used only with VPN. When external cli[...]
-
Страница 53
4.6. Web Content Filtering 4.6.1. Options The Web Content Filtering (WCF) options allow control over the types of web surfing allowed by clients on the LAN or DMZ . When web browsers try to access a URL on the public Internet through the WAN interface, NetDefendOS checks the URL against a D-Link URL database to find out what category it is. For ins[...]
-
Страница 54
B. Web Content Filter The option here is to enable or disable web content filtering. Note that HTTP and HTTPS traffic (or all traffic) should be allowed in the outgoing traffic options for the LAN or DMZ interfaces for clients on those networks to able to reach the public Internet. C. Categories The administrator adds the categories that are to be [...]
-
Страница 55
It is possible to explicitly allow or explicitly block certain URLs by adding one or more Static URL Filters . This is also referred to as whitelisting and blacklisting and the URLs specified in such filters are not looked up by the WCF subsystem. When defining a URL filter it is important to note that wildcarding can be used when specifying the UR[...]
-
Страница 56
online news publications and technology or trade journals. This does not include financial quotes, refer to the Investment Sites category (11), or sports, refer to the Sports category (16). Examples might be: • www.newsunlimited.com • www.dailyscoop.com Category 3: Job Search A web site may be classified under the Job Search category if its con[...]
-
Страница 57
form of entertainment that is not specifically covered by another category. Some examples of this are music sites, movies, hobbies, special interest, and fan clubs. This category also includes personal web pages such as those provided by ISPs. The following categories more specifically cover various entertainment content types, Pornography / Sex (1[...]
-
Страница 58
A web site may be classified under the E-Banking category if its content includes electronic banking information or services. This category does not include Investment related content; refer to the Investment Sites category (11). Examples might be: • www.nateast.co.uk • www.borganfanley.com Category 13: Crime / Terrorism A web site may be class[...]
-
Страница 59
Category 18: Violence / Undesirable A web site may be classified under the Violence / Undesirable category if its contents are extremely violent or horrific in nature. This includes the promotion, description or depiction of violent acts, as well as web sites that have undesirable content and may not be classified elsewhere. Examples might be: • [...]
-
Страница 60
A web site may be classified under the Music Downloads category if it provides online music downloading, uploading and sharing facilities as well as high bandwidth audio streaming. Examples might be: • www.onlymp3s.com • www.mp3space.com Category 24: Business Oriented A web site may be classified under the Business Oriented category if its cont[...]
-
Страница 61
Category 29: Computing/IT A web site may be classified under the Computing/IT category if its content includes computing related information or services. Examples might be: • www.purplehat.com • www.gnu.org Category 30: Swimsuit/Lingerie/Models A web site may be categorized under the Swimsuit/Lingerie/Models category if its content includes inf[...]
-
Страница 62
4.7. Anti-Virus Overview The NetDefendOS Anti-Virus module protects against malicious code carried in file downloads. Files may be downloaded as part of a web-page in an HTTP transfer or in an FTP download or perhaps as an attachment to an email delivered through SMTP. Malicious code in such downloads can have different intents ranging from program[...]
-
Страница 63
leader in the field of virus detection. The database provides protection against virtually all known virus threats including trojans, worms, backdoor exploits and others. The database is also thoroughly tested to provide near zero false positives. NetDefendOS Anti-Virus scanning is a subscription based service and yearly subscriptions can be purcha[...]
-
Страница 64
the exclusion list such a file might not be scanned. To avoid this situation, NetDefendOS always performs MIME checking where it looks inside the file to determine what the true filetype of the data is. Only if the filetype determined by MIME checking is on the exclude list is virus scanning skipped. 4.7. Anti-Virus Chapter 4. The Firewall Menu 63[...]
-
Страница 65
4.8. IDP Options The Intrusion Threat Computer servers can sometimes have vulnerabilities which leave them exposed to attacks carried by network traffic. Worms, trojans and backdoor exploits are examples of such attacks which, if successful, can potentially compromise or take control of a server. A generic term that can be used to describe these se[...]
-
Страница 66
Enabling IDP for a Protocol The IDP page of the NetDefendOS web interface lists a set of protocols which can be scanned by the IDP subsystem. Selecting any of the protocols switches on IDP scanning. Dropping Connections or Only Logging When IDP is enabled, the administrator has two options for how detected intrusions are dealt with: • Log only. ?[...]
-
Страница 67
This category is similar to Scanners in that it is not protocol specific but provides an additional "catch all" protection against intrusion attempts that are not specific to a particular protocol. With both Worms and Malware and Scanners , it is important to use them with caution since they will use more processing resources by increasin[...]
-
Страница 68
4.9. Schedules Schedules are used to determine when certain features in NetDefendOS are enabled. For instance, it may be decided to allow web surfing from clients on the LAN interface only at certain times of the day. In this case, we would create a schedule that contained the times when surfing is allowed and then associate the schedule with the e[...]
-
Страница 69
The comments field allows some text explanation to be added to the schedule. It serves only as a reminder to the administrator what the schedule was intended for. 4.9. Schedules Chapter 4. The Firewall Menu 68[...]
-
Страница 70
4.9. Schedules Chapter 4. The Firewall Menu 69[...]
-
Страница 71
Chapter 5. The Tools Menu • Ping, page 70 The Tools menu provide access to features which can be helpful in overall system operation. The sections that follow describe the options in this menu in the order they appear. 5.1. Ping The ICMP ping protocol provides a simple query/response tool to determine if a particular network component is alive. A[...]
-
Страница 72
5.1. Ping Chapter 5. The Tools Menu 71[...]
-
Страница 73
Chapter 6. The Status Menu • System Status, page 73 • Logging Status, page 75 • Anti-Virus Status, page 76 • Web Content Filtering Status, page 77 • IDP Status, page 78 • Connections Status, page 79 • Interfaces Status, page 80 • IPsec Status, page 82 • User Authentication Status, page 83 • Routes, page 84 • DHCP Server Status[...]
-
Страница 74
6.1. System Status The System Status page is the default page that is shown when the web interface opens after logging in to NetDefendOS as administrator. The status display is divided into three parts: A. System Resources B. UTM Statistics C. Log History A. System Resources Various graphical displays and numerical values show the current status of[...]
-
Страница 75
Clicking the More... link in the display will take you to the Logging option in the System menu for a more complete list of recent events and the filters to analyze them. The details of NetDefendOS logging can be found in Section 3.5, “Logging”. 6.1. System Status Chapter 6. The Status Menu 74[...]
-
Страница 76
6.2. Logging Status Various events that occur in NetDefendOS cause log messages to created. All possible log messages generated are documented in the accompanying DFL-160 Log Message Reference Guide . An external SysLog server can be configured to receive these events, as described in Section 3.5, “Logging”. That section also describes setting [...]
-
Страница 77
6.3. Anti-Virus Status This page of the web interface provides the ability to view and filter out the last 500 log messages generated by just the Anti-Virus subsystem. These same messages can also appear mixed in with other messages in the Logging page in the Status menu (described in Section 6.2, “Logging Status”). Log messages are visible in [...]
-
Страница 78
6.4. Web Content Filtering Status This page of the web interface provides the ability to view and filter out the last 500 log messages generated by just the Web Content Filtering (WCF) subsystem. These same messages can also appear mixed in with other messages in the Logging page in the Status menu (described in Section 6.2, “Logging Status”). [...]
-
Страница 79
6.5. IDP Status This page of the web interface provides the ability to view and filter out the last 500 log messages generated by just the IDP subsystem. These same messages can also appear mixed in with other messages in the Logging page in the Status menu (described in Section 6.2, “Logging Status”). Log messages are visible in 100 message bl[...]
-
Страница 80
6.6. Connections Status A connection in NetDefendOS refers to either a normal TCP/IP connection set up to perform a transfer of data or a UDP packet based "connection", where a stream of packets is being sent from a sender to a receiver (such as in a streaming video transfer). This page of the web interface shows the currently established[...]
-
Страница 81
6.7. Interfaces Status This option can show the current status for each of the DFL-160 interfaces. When one of the interfaces is selected from a drop-down box in this page, information about the interface's status is displayed, both in numerical and graphical form. The sections displayed for the chosen interface are: A. Interface Status B. Dri[...]
-
Страница 82
Secondly, the statistics for received (incoming) traffic are shown over the last 24 hours. An example is shown below (the image is also truncated on the right side). 6.7. Interfaces Status Chapter 6. The Status Menu 81[...]
-
Страница 83
6.8. IPsec Status List VPN Interfaces This option (the default) shows all the currently established VPN tunnels (also known as VPN interfaces ). An example of this display is shown below. List all active IKE SAs An IKE Security Association (SA) is an entity that defines the encryption methods and other parameters that will be used for data flowing [...]
-
Страница 84
6.9. User Authentication Status This page of the web interface displays the users who have been authenticated and are using a VPN tunnel. An example of the user authentication display is shown below. The Forcibly Logout Option For each user, the administrator has the option to force a logout of a user with this option. This can be useful if suspici[...]
-
Страница 85
6.10. Routes A Brief Overview of Routing A list of all routes are maintained by NetDefendOS in its internal routing table . The routing table indicates which networks can be found on which interface. When traffic arrives at the DFL-160 on one interface, the routing table is consulted by NetDefendOS to determine on which interface the traffic should[...]
-
Страница 86
6.11. DHCP Server Status As explained in Section 3.3, “LAN Settings” and Section 3.4, “DMZ Settings”, the LAN and DMZ interfaces can be configured to act as DHCP servers, allocating IP addresses from a predefined IP range to any users or hosts that require them. This option in the Status menu allows the administrator to see which DHCP serve[...]
-
Страница 87
6.11. DHCP Server Status Chapter 6. The Status Menu 86[...]
-
Страница 88
Chapter 7. The Maintenance Menu • The Update Center, page 87 • Licenses, page 89 • Backups, page 91 • Reset to Factory Defaults, page 92 • Upgrades, page 93 • Technical Support, page 94 The Maintenance menu options deal with routine administrative tasks such as backups and software upgrades. The sections that follow describe the options[...]
-
Страница 89
The default interval is Daily and this is recommended to keep the databases updated with the latest releases. It is not often that the databases are updated more than once in a day. C. History This tab shows the history of recent database updates and can also indicate if there were problems with server access or downloading. 7.1. The Update Center [...]
-
Страница 90
7.2. Licenses The license page shows information about the current license installed in the DFL-160. When the DFL-160 is initially delivered it comes with a standard license preinstalled which determines the capabilities of the system. Add On Services It is possible to expand the capabilities of the DFL-160 by purchasing a license for any of the fo[...]
-
Страница 91
• PPP Tunnels The maximum number of PPP tunnels which terminate at the WAN interface that can be created. To expand the capabilities of the standard product license, consult with your local D-Link representative. 7.2. Licenses Chapter 7. The Maintenance Menu 90[...]
-
Страница 92
7.3. Backups The administrator has the ability to take a snapshot of a NetDefendOS system at a given point in time and restore it when necessary. The snapshot can be of two types: • A configuration backup which does not include the installed NetDefendOS version. This is a recommended precaution to allow the configuration at a given point in time [...]
-
Страница 93
7.4. Reset to Factory Defaults Reset Through Software A restore to factory defaults can be applied so that it is possible to return to the original hardware state that existed when the DFL-160 was shipped by D-Link. When a restore is applied in this way, all configuration data is lost and the IDP and Ant-Virus databases are lost which means they mu[...]
-
Страница 94
7.5. Upgrades New releases of NetDefendOS are routinely made available by NetDefendOS. These releases are available as a single file which can be uploaded to the DFL-160 through this page in the web interface. NetDefendOS upgrades can be downloaded for free from your local D-Link site or from the D-Link NetDefend Center at http://security.dlink.com[...]
-
Страница 95
7.6. Technical Support This section of the web interface allows the user to easily download a file of useful troubleshooting information that can be emailed to technical support personnel. After clicking on the button Download support file , a file is automatically generated by the NetDefendOS and downloaded to the web interface and can be saved to[...]
-
Страница 96
7.6. Technical Support Chapter 7. The Maintenance Menu 95[...]
-
Страница 97
Chapter 8. The Console Boot Menu The NetDefendOS loader is the base software on top of which NetDefendOS runs and the administrator's direct interface to this is called the console boot menu (also known simply as the boot menu ). This section discusses the boot menu options. Accessing the Console Boot Menu The boot menu is only accessible thro[...]
-
Страница 98
A password should be set for console access. If a password is not set, anyone can use the console. After it is set, the console will prompt for the password before access is allowed to either the boot menu or the command line interface (CLI) (more on the CLI can be found in Appendix A, CLI Reference ). Initial Options with a Console Password Set If[...]
-
Страница 99
Chapter 9. Troubleshooting When the DFL-160 does not behave as expected, the following CLI tools are available to troubleshoot problems. The stat CLI Command If a serious NetDefendOS problem is suspected then the first step should be to use the console command: > stat The stat command will indicate the date and time of the last system shutdown a[...]
-
Страница 100
' ' Although dconsole output may be difficult to interpret by the administrator, it can be emailed to D-Link support representatives for further investigation. The dconsole command supersedes the crashdump command found in earlier versions of NetDefendOS. Restarting If a system is in a non-functional "frozen" state then system r[...]
-
Страница 101
Appendix A. CLI Reference This section summarizes in alphabetical order the command set that can be entered through a console connected to the RS232 console port on the DFL-160. Details of how to connect up a console device to the console COM port on the DFL-160 can be found in Section 2.4, “Console Port Connection”. Once the connection is made[...]
-
Страница 102
Example: DFL-160:/> arpsnoop all ARP snooping active on interfaces: lan wan dmz ARP on wan: gw-world requesting wan_ip ARP on lan: 192.168.123.5 requesting lan_ip Buffers This command can be useful for troubleshooting. For example, if an unexpectedly large number of packets begin queuing or when traffic does not seem to be flowing for an unknown[...]
-
Страница 103
Shows the contents of the most recently used buffer. Example: DFL-160:/> buff . Decode of buffer number 1059 lan: Enet 0050:dadf:7bbf > 0003:325c:cc00 type 0x0800 len 1058 IP 192.168.123.10 -> 193.13.79.1 IHL:20 DataLen:1024 TTL:254 Proto:ICMP ICMP Echo reply ID:6666 Seq:0 CfgLog Shows the results of the most recent reconfiguration or star[...]
-
Страница 104
Displays the contents of the file crashdump.dmp stored by NetDefendOS. The file contains critical diagnostic information which can help determine the reason for a critical system event. Syntax: crashdump Dconsole Displays a list of event information that is useful in pinpointing the occurrence of critical system errors. Syntax: dconsole DHCP Syntax[...]
-
Страница 105
Syntax: dns Options: -list - List pending DNS queries. -query=<domain-name> - Resolve domain name. -remove - Remove all pending DNS queries. Example: DFL-160:/> dns DNS client is initialized. Using servers: DNS Server 0 : 10.5.0.19 DNS Server 1 : Not set DNS Server 2 : Not set Frags Shows the 20 most recent fragment reassembly attempts. Th[...]
-
Страница 106
HTTPPoster_URL3: Host : "" Port : 0 Path : "" Post : "" User : "" Pass : "" Status: (not configured) IfStat Syntax: ifstat Shows a list of the interfaces installed. Example: DFL-160:/> ifstat Configured interfaces: Iface IP Address PBR membership Interface type ----- ---------- -------------- ---[...]
-
Страница 107
The Dropped counter in the software section states the number of packets discarded as the result of structural integrity tests or rule set drops. The IP Input Errs counter in the software section specifies the number of packets discarded due to checksum errors or IP headers broken beyond recognition. The latter is most likely the result of local ne[...]
-
Страница 108
Killsa Kills all IPsec and IKE SAs for the specified IP-address. Syntax: killsa <ipaddr> Example: DFL-160:/> killsa 192.168.0.2 Destroying all IPsec & IKE SAs for remote peer 192.168.0.2 License Shows the content of the license-file. Syntax: license Lockdown Sets local lockdown on or off. During local lockdown, only traffic from admin [...]
-
Страница 109
using PBR table "main". Echo reply from 192.168.12.1 seq=0 time= 10 ms TTL=255 DFL-160:/> ping 192.168.12.1 -v Sending 1 ping to 192.168.12.1 from 192.168.14.19 using PBR table "main". ... using route "192.168.12.0/22 via wan, no gw" in PBR table "main" Echo reply from 192.168.12.1 seq=0 time=<10 ms TTL[...]
-
Страница 110
Proxy ARP on : Local IP : (use iface IP in ARP queries) Metric : 0 Flags : Rules Shows the contents of the Rules configuration section. Syntax: rules [<options>] [<range>] Options: -schedule - Filter out rules that are not currently allowed by selected schedules. -type - Type of rules to display. -verbose - show all parameters of the ru[...]
-
Страница 111
ARPExpireUnknown : 15 ARPMulticast : DropLog ARPBroadcast : DropLog ARPCacheSize : 4096 ARPHashSize : 512 ARPHashSizeVLAN : 64 Shutdown Instructs NetDefendOS to perform a shutdown in a given number of seconds. It is not necessary to perform a shutdown before the system is powered off. Syntax: shutdown <seconds> If the <seconds> paramete[...]
-
Страница 112
(LBlock: 360424 bytes) 2003-04-24 00:03:46 Available KernelPoolMemory: 1048560 bytes (LBlock: 1048560 bytes) 2003-04-24 00:03:46 Available UserPoolMemory: 198868948 bytes 2003-04-24 00:03:46 Drive 0x00 present: (C/H/S/SC/M): (0x50/0x2/0x12/0x24/0xb3f) 2003-04-24 00:03:46 Drive 0x80 present: (C/H/S/SC/M): (0x3f2/0x10/0x33/0x330/0xc935f) 2003-04-24 0[...]
-
Страница 113
Database Version: 2 2006-10-04 10:13:18 HW Support: lc2350a Hardware DB Version: Latest Full:2006-10-04 10:13:18 Patch:N/A Status: Update server available Next update scheduled for: 2008-01-25 05:11:00 Urlcache Displays information related to the URL cache used by the Web Content Filtering function. Syntax: urlcache [options] Options: -v - Verbose [...]
-
Страница 114
LocalUsers 2 DFL-160:/> userdb LocalUsers Contents of user database LocalUsers: Username Groups Static IP Remote Networks --------- ------- --------- --------------- bob sales alice tech DFL-160:/> userdb LocalUsers bob Information for bob in database LocalUsers: Username : bob Groups : sales Networks : Userdb Appendix A. CLI Reference 113[...]
-
Страница 115
Appendix B. Windows IP Setup A Microsoft Windows PC can be used as the management workstation for initial setup of a DFL-160. Usually explicit configuration of the IP address of the PC's chosen Ethernet interface should not be needed since the DFL-160 automatically assigns the workstation's address using DHCP. If DHCP cannot be used, the [...]
-
Страница 116
The assigned IP address 192.168.10.30 could, infact, be another address from the 192.168.10.0/24 network. However, 192.168.10.30 is normally used by D-Link as a convention. Appendix B. Windows IP Setup 115[...]
-
Страница 117
Appendix C. Apple Mac IP Setup An Apple Mac can be used as the management workstation for setup of a DFL-160. Usually configuration of the IP address of the MAC's chosen Ethernet interface should not be needed since the DFL-160 automatically assigns the address using DHCP. If DHCP cannot be used, the workstation IP address should be configured[...]
-
Страница 118
5. Now set the following values: • IP Address: 192.168.10.30 • Subnet Mask: 255.255.255.0 • Router: 192.168.10.1 6. Click Apply to complete the static IP setup. Note Your revision of MacOS may differ slightly from the screenshots shown above but the setup method should be principal. Appendix C. Apple Mac IP Setup 117[...]
-
Страница 119
Appendix D. D-Link Worldwide Offices Below is a complete list of D-Link worldwide sales offices. Please check your own country area's local website for further details regarding support of D-Link products as well as contact details for local support. Australia 1 Giffnock Avenue, North Ryde, NSW 2113, Australia. TEL: 61-2-8899-1800, FAX: 61-2-8[...]
-
Страница 120
Italy Via Nino Bonnet n. 6/b, 20154 – Milano, Italy. TEL: 39-02-2900-0676, FAX: 39-02-2900-1723. Website: www.dlink.it LatinAmerica Isidora Goyeechea 2934, Ofcina 702, Las Condes, Santiago – Chile. TEL: 56-2-232-3185, FAX: 56-2-232-0923. Website: www.dlink.cl Luxemburg Rue des Colonies 11, B-1000 Brussels, Belgium TEL: +32 (0)2 517 7111, FAX: +[...]
-
Страница 121
Alphabetical Index A about CLI command, 100 administration, 22 username, 23 anti-virus, 61 status, 76 apple MAC IP setup, 116 arp CLI command, 100 arpsnoop CLI command, 100 audit username, 23 automatic logout, 15 B backups, 91 boot menu, 19, 96 browser connection, 13 buffers CLI command, 101 C certificate based IPsec, 48 cfglog CLI command, 102 CLI[...]
-
Страница 122
P phishing (see content filtering) ping, 70 ping CLI command, 70, 107 power LED, 9 PPTP client, 49 server, 50 pre-shared key with IPsec, 48 product support, 118 R reconfigure CLI command, 108 reset to factory defaults, 92 restoring a backup, 91 routes, 84 metrics, 84 routes CLI command, 108 rules CLI command, 109 S schedules, 67 with inbound traffi[...]
-
Страница 123
FCC EMI for Class B Statements Battery Caution: VCCI WARNING Statement Appendix: Product Statement FCC Interference Information This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful inter- ference, and (2) This device must accept any interference received, inc[...]