This function is extremely useful when NAT pools are required due to the large number of
connections generated by P2P users.
10.3.3. Grouping
The two groupings are as follows:
•
Host Based - The threshold is applied separately to connections from different IP addresses.
•
Network Based - The threshold is applied to all connections matching the rules as a group.
10.3.4. Rule Actions
When a Threshold Rule is triggered one of two responses are possible:
•
Audit - Leave the connection intact but log the event.
•
Protect - Drop the triggering connection.
Logging would be the preferred option if the appropriate triggering value cannot be determined
beforehand. Multiple Actions for a given rule might consist of Audit for a given threshold while the
action might become Protect for a higher threshold.
10.3.5. Multiple Triggered Actions
When a rule is triggered then NetDefendOS will perform the associated rule Actions that match the
condition that has occurred. If more than one Action matches the condition then those matching
Actions are applied in the order they appear in the user interface.
If several Actions that have the same combination of Type and Grouping (see above for the
definition of these terms) are triggered at the same time, only the Action with the highest threshold
value will be logged.
10.3.6. Exempted Connections
It should be noted that some advanced settings, known as Before Rules settings, can exempt certain
types of connections for remote management from examination by the NetDefendOS IP rule set if
they are enabled. These Before Rules settings will also exempt the connections from Threshold
Rules if they are enabled.
10.3.7. Threshold Rules and ZoneDefense
Threshold Rules are used in the D-Link ZoneDefense feature to block the source of excessive
connection attmepts from internal hosts. For more information on this refer to Chapter 12,
ZoneDefense.
10.3.8. Threshold Rule Blacklisting
If the Protect option is used, Threshold Rules can be configured so that the source that triggered the
rule, is added automatically to a Blacklist of IP addresses or networks. If several Protect Actions
with blacklisting enabled are triggered at the same time, only the first triggered blacklisting Action
will be executed by NetDefendOS.
A host based Action with blacklisting enabled will blacklist a single host when triggered. A network
based action with blacklisting enabled will blacklist the source network associated with the rule. If
the Threshold Rule is linked to a service then it is possible to block only that service.
When Blacklisting is selected, the administrator can choose to leave pre-existing connections from
the triggering source unaffected, or can alternatively choose to have the connections dropped by
10.3.3. Grouping
Chapter 10. Traffic Management
478
Summary of Contents for DFL-1600 - Security Appliance
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Page 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...