determine whether the MAC address that the packet originated from matches the MAC address in the
table. The DFL-1000 checks all packets arriving at the DFL-1000 whether they are directed at the DFL-
1000 or are meant to be passed through.
MAC addresses are only carried on the local network where they originate, and are not passed from one
network to another.
This section describes:
•
Adding IP/MAC binding addresses
•
Adding IP/MAC binding addresses
•
Go to
Firewall > IP/MAC Binding > IP MAC
.
•
Click New to add an IP address/MAC address pair.
•
Click Enable to activate the IP/MAC binding pair.
Enabling IP/MAC binding
•
Go to
Firewall > IP/MAC Binding > Setting
.
•
Click Enable IP/MAC.
•
Select one of the following:
Allow traffic when
not defined in the
table
The DFL-1000 lets traffic with a source address not found in the IP/MAC binding table
pass through the firewall. Any traffic with a source address that is defined in the IP/MAC
binding table must have the correct MAC address or it is blocked.
Deny traffic when
not defined in the
table
The DFL-1000 blocks all traffic with a source address that is not found in the IP/MAC
binding table. Any traffic with a source address that is defined in the IP/MAC binding
table must have the correct MAC address or it is also blocked.
•
Click Apply to save your changes.
Traffic shaping
Traffic Shaping makes it possible to control which policies have the highest priority when large amounts
of data are moving through the DFL-1000. For example, the policy for the corporate web server might be
given higher priority than the policies for most employees' computers. An employee who needs unusually
high speed Internet access could have a special outgoing policy set up with higher bandwidth.
You can use traffic shaping to guarantee the amount of bandwidth available through the firewall for a
policy. Guarantee bandwidth to make sure that there is enough bandwidth available for a hi-priority
service.
You can also use traffic shaping to limit the amount of bandwidth available through the firewall for a policy.
Limit bandwidth to keep less important services from using bandwidth needed for more important services.
Adding traffic shaping to a policy
You can add traffic shaping to any type of policy. The following procedure describes adding traffic
shaping to an Int to Ext policy.
•
Go to
Firewall > Policy > Int to Ext
.
•
Choose a policy to add traffic shaping to and click Edit
.
•
Turn on traffic shaping.
•
Configure traffic shaping for the policy:
DFL-1000 User’s Manual
45