User ManualTable of ContentsUser Manual3Table of Contents4Preface14Chapter 1. NetDefendOS Overview161.1. Features161.2. NetDefendOS Architecture191.2.1. State-based Architecture191.2.2. NetDefendOS Building Blocks191.2.3. Basic Packet Flow201.3. NetDefendOS State Engine Packet Flow23Chapter 2. Management and Maintenance282.1. Managing NetDefendOS282.1.1. Overview282.1.2. The Default Administrator Account292.1.3. The Web Interface292.1.4. The CLI332.1.5. CLI Scripts412.1.6. Secure Copy452.1.7. The Console Boot Menu472.1.8. Management Advanced Settings482.1.9. Working with Configurations492.2. Events and Logging552.2.1. Overview552.2.2. Log Messages552.2.3. Creating Log Receivers562.2.4. Logging to MemoryLogReceiver562.2.5. Logging to Syslog Hosts562.2.6. SNMP Traps582.2.7. Advanced Log Settings592.3. RADIUS Accounting602.3.1. Overview602.3.2. RADIUS Accounting Messages602.3.3. Interim Accounting Messages622.3.4. Activating RADIUS Accounting622.3.5. RADIUS Accounting Security622.3.6. RADIUS Accounting and High Availability622.3.7. Handling Unresponsive Servers632.3.8. Accounting and System Shutdowns632.3.9. Limitations with NAT632.3.10. RADIUS Advanced Settings632.4. Hardware Monitoring652.5. SNMP Monitoring672.5.1. SNMP Advanced Settings682.6. The pcapdump Command702.7. Maintenance732.7.1. Auto-Update Mechanism732.7.2. Backing Up Configurations732.7.3. Restore to Factory Defaults74Chapter 3. Fundamentals773.1. The Address Book773.1.1. Overview773.1.2. IP Addresses773.1.3. Ethernet Addresses793.1.4. Address Groups803.1.5. Auto-Generated Address Objects813.1.6. Address Book Folders813.2. Services823.2.1. Overview823.2.2. Creating Custom Services833.2.3. ICMP Services863.2.4. Custom IP Protocol Services883.2.5. Service Groups883.2.6. Custom Service Timeouts893.3. Interfaces903.3.1. Overview903.3.2. Ethernet Interfaces923.3.2.1. Useful CLI Commands for Ethernet Interfaces953.3.3. VLAN973.3.4. PPPoE1013.3.5. GRE Tunnels1033.3.6. Interface Groups1073.4. ARP1083.4.1. Overview1083.4.2. The NetDefendOS ARP Cache1083.4.3. Creating ARP Objects1103.4.4. Using ARP Advanced Settings1123.4.5. ARP Advanced Settings Summary1133.5. IP Rule Sets1163.5.1. Security Policies1163.5.2. IP Rule Evaluation1183.5.3. IP Rule Actions1193.5.4. Editing IP rule set Entries1203.5.5. IP Rule Set Folders1213.5.6. Configuration Object Groups1223.6. Schedules1263.7. Certificates1283.7.1. Overview1283.7.2. Certificates in NetDefendOS1293.7.3. CA Certificate Requests1303.8. Date and Time1323.8.1. Overview1323.8.2. Setting Date and Time1323.8.3. Time Servers1333.8.4. Settings Summary for Date and Time1363.9. DNS139Chapter 4. Routing1424.1. Overview1424.2. Static Routing1434.2.1. The Principles of Routing1434.2.2. Static Routing1474.2.3. Route Failover1514.2.4. Host Monitoring for Route Failover1544.2.5. Advanced Settings for Route Failover1564.2.6. Proxy ARP1574.3. Policy-based Routing1604.3.1. Overview1604.3.2. Policy-based Routing Tables1604.3.3. Policy-based Routing Rules1604.3.4. Routing Table Selection1614.3.5. The Ordering parameter1614.4. Route Load Balancing1654.5. OSPF1714.5.1. Dynamic Routing1714.5.2. OSPF Concepts1744.5.3. OSPF Components1794.5.3.1. OSPF Router Process1794.5.3.2. OSPF Area1814.5.3.3. OSPF Interface1824.5.3.4. OSPF Neighbors1844.5.3.5. OSPF Aggregates1844.5.3.6. OSPF VLinks1844.5.4. Dynamic Routing Rules1854.5.4.1. Overview1854.5.4.2. Dynamic Routing Rule1864.5.4.3. OSPF Action1874.5.4.4. Routing Action1874.5.5. Setting Up OSPF1884.5.6. An OSPF Example1914.6. Multicast Routing1944.6.1. Overview1944.6.2. Multicast Forwarding with SAT Multiplex Rules1954.6.2.1. Multicast Forwarding - No Address Translation1954.6.2.2. Multicast Forwarding - Address Translation Scenario1974.6.3. IGMP Configuration1994.6.3.1. IGMP Rules Configuration - No Address Translation2004.6.3.2. IGMP Rules Configuration - Address Translation2024.6.4. Advanced IGMP Settings2044.7. Transparent Mode2074.7.1. Overview2074.7.2. Enabling Internet Access2114.7.3. Transparent Mode Scenarios2134.7.4. Spanning Tree BPDU Support2174.7.5. Advanced Settings for Transparent Mode218Chapter 5. DHCP Services2235.1. Overview2235.2. DHCP Servers2245.2.1. Static DHCP Hosts2275.2.2. Custom Options2285.3. DHCP Relaying2305.3.1. DHCP Relay Advanced Settings2315.4. IP Pools233Chapter 6. Security Mechanisms2376.1. Access Rules2376.1.1. Overview2376.1.2. IP Spoofing2386.1.3. Access Rule Settings2386.2. ALGs2406.2.1. Overview2406.2.2. The HTTP ALG2416.2.3. The FTP ALG2446.2.4. The TFTP ALG2536.2.5. The SMTP ALG2546.2.5.1. Anti-Spam Filtering2576.2.6. The POP3 ALG2636.2.7. The PPTP ALG2646.2.8. The SIP ALG2656.2.9. The H.323 ALG2756.2.10. The TLS ALG2896.3. Web Content Filtering2926.3.1. Overview2926.3.2. Active Content Handling2926.3.3. Static Content Filtering2936.3.4. Dynamic Web Content Filtering2956.3.4.1. Overview2956.3.4.2. Setting Up WCF2966.3.4.3. Content Filtering Categories3006.3.4.4. Customizing HTML Pages3076.4. Anti-Virus Scanning3096.4.1. Overview3096.4.2. Implementation3096.4.3. Activating Anti-Virus Scanning3106.4.4. The Signature Database3116.4.5. Subscribing to the D-Link Anti-Virus Service3116.4.6. Anti-Virus Options3116.5. Intrusion Detection and Prevention3156.5.1. Overview3156.5.2. IDP Availability for D-Link Models3156.5.3. IDP Rules3176.5.4. Insertion/Evasion Attack Prevention3186.5.5. IDP Pattern Matching3196.5.6. IDP Signature Groups3206.5.7. IDP Actions3226.5.8. SMTP Log Receiver for IDP Events3226.6. Denial-of-Service Attack Prevention3266.6.1. Overview3266.6.2. DoS Attack Mechanisms3266.6.3. Ping of Death and Jolt Attacks3266.6.4. Fragmentation overlap attacks: Teardrop, Bonk, Boink and Nestea3276.6.5. The Land and LaTierra attacks3276.6.6. The WinNuke attack3276.6.7. Amplification attacks: Smurf, Papasmurf, Fraggle3286.6.8. TCP SYN Flood Attacks3296.6.9. The Jolt2 Attack3296.6.10. Distributed DoS Attacks3296.7. Blacklisting Hosts and Networks331Chapter 7. Address Translation3347.1. Overview3347.2. NAT3357.3. NAT Pools3407.4. SAT3437.4.1. Translation of a Single IP Address (1:1)3437.4.2. Translation of Multiple IP Addresses (M:N)3487.4.3. All-to-One Mappings (N:1)3507.4.4. Port Translation3507.4.5. Protocols Handled by SAT3517.4.6. Multiple SAT Rule Matches3517.4.7. SAT and FwdFast Rules352Chapter 8. User Authentication3558.1. Overview3558.2. Authentication Setup3578.2.1. Setup Summary3578.2.2. The Local Database3578.2.3. External RADIUS Servers3598.2.4. External LDAP Servers3598.2.5. Authentication Rules3668.2.6. Authentication Processing3688.2.7. A Group Usage Example3698.2.8. HTTP Authentication3698.3. Customizing HTML Pages373Chapter 9. VPN3779.1. Overview3779.1.1. VPN Usage3779.1.2. VPN Encryption3789.1.3. VPN Planning3789.1.4. Key Distribution3799.1.5. The TLS Alternative for VPN3799.2. VPN Quick Start3819.2.1. IPsec LAN to LAN with Pre-shared Keys3829.2.2. IPsec LAN to LAN with Certificates3839.2.3. IPsec Roaming Clients with Pre-shared Keys3849.2.4. IPsec Roaming Clients with Certificates3869.2.5. L2TP Roaming Clients with Pre-Shared Keys3879.2.6. L2TP Roaming Clients with Certificates3889.2.7. PPTP Roaming Clients3899.3. IPsec Components3919.3.1. Overview3919.3.2. Internet Key Exchange (IKE)3919.3.3. IKE Authentication3979.3.4. IPsec Protocols (ESP/AH)3989.3.5. NAT Traversal3999.3.6. Algorithm Proposal Lists4019.3.7. Pre-shared Keys4029.3.8. Identification Lists4039.4. IPsec Tunnels4069.4.1. Overview4069.4.2. LAN to LAN Tunnels with Pre-shared Keys4089.4.3. Roaming Clients4089.4.4. Fetching CRLs from an alternate LDAP server4139.4.5. Troubleshooting with ikesnoop4149.4.6. IPsec Advanced Settings4219.5. PPTP/L2TP4259.5.1. PPTP Servers4259.5.2. L2TP Servers4269.5.3. L2TP/PPTP Server advanced settings4309.5.4. PPTP/L2TP Clients4319.6. CA Server Access4349.7. VPN Troubleshooting4379.7.1. General Troubleshooting4379.7.2. Troubleshooting Certificates4379.7.3. IPsec Troubleshooting Commands4389.7.4. Management Interface Failure with VPN4399.7.5. Specific Error Messages4399.7.6. Specific Symptoms442Chapter 10. Traffic Management44410.1. Traffic Shaping44410.1.1. Overview44410.1.2. Traffic Shaping in NetDefendOS44510.1.3. Simple Bandwidth Limiting44710.1.4. Limiting Bandwidth in Both Directions44810.1.5. Creating Differentiated Limits Using Chains44910.1.6. Precedences45010.1.7. Pipe Groups45510.1.8. Traffic Shaping Recommendations45810.1.9. A Summary of Traffic Shaping45910.1.10. More Pipe Examples46010.2. IDP Traffic Shaping46510.2.1. Overview46510.2.2. Setting Up IDP Traffic Shaping46510.2.3. Processing Flow46610.2.4. The Importance of Specifying a Network46610.2.5. A P2P Scenario46710.2.6. Viewing Traffic Shaping Objects46810.2.7. Guaranteeing Instead of Limiting Bandwidth46910.2.8. Logging46910.3. Threshold Rules47010.3.1. Overview47010.3.2. Limiting the Connection Rate/Total Connections47010.3.3. Grouping47110.3.4. Rule Actions47110.3.5. Multiple Triggered Actions47110.3.6. Exempted Connections47110.3.7. Threshold Rules and ZoneDefense47110.3.8. Threshold Rule Blacklisting47110.4. Server Load Balancing47310.4.1. Overview47310.4.2. SLB Distribution Algorithms47410.4.3. Selecting Stickiness47510.4.4. SLB Algorithms and Stickiness47610.4.5. Server Health Monitoring47710.4.6. Setting Up SLB_SAT Rules478Chapter 11. High Availability48211.1. Overview48211.2. HA Mechanisms48411.3. Setting Up HA48711.3.1. HA Hardware Setup48711.3.2. NetDefendOS Manual HA Setup48811.3.3. Verifying the Cluster Functions48911.3.4. Unique Shared Mac Addresses49011.4. HA Issues49111.5. Upgrading an HA Cluster49311.6. HA Advanced Settings495Chapter 12. ZoneDefense49712.1. Overview49712.2. ZoneDefense Switches49812.3. ZoneDefense Operation49912.3.1. SNMP49912.3.2. Threshold Rules49912.3.3. Manual Blocking and Exclude Lists49912.3.4. ZoneDefense with Anti-Virus Scanning50112.3.5. Limitations501Chapter 13. Advanced Settings50413.1. IP Level Settings50413.2. TCP Level Settings50813.3. ICMP Level Settings51313.4. State Settings51413.5. Connection Timeout Settings51613.6. Length Limit Settings51813.7. Fragmentation Settings52013.8. Local Fragment Reassembly Settings52413.9. Miscellaneous Settings525Appendix A. Subscribing to Updates527Appendix B. IDP Signature Groups529Appendix C. Verified MIME filetypes533Appendix D. The OSI Framework537Alphabetical Index538Size: 10.2 MBPages: 545Language: EnglishOpen manual