coming from a blacklisted source with be automatically dropped by NetDefendOS. For more
details of how blacklisting functions see
Section 6.8, “Blacklisting Hosts and Networks”
Tip
Any IP address that exists in the NetDefendOS whitelist cannot be blacklisted. For this
reason it is recommended that the IP address of the management workstation and the
NetDefend Firewall itself is added to the whitelist when using IDP.
IDP Can Trigger ZoneDefense
The Protect action includes the option that the particular switch that triggers the IDP Rule can
be de-activated through the D-Link
ZoneDefense
feature. For more details on how ZoneDefense
functions see
. Note that this feature is only available for switches
manufactured by D-Link.
Example 6.31. Setting up IDP for a Mail Server
The following example details the steps needed to set up IDP for a simple scenario where a mail
server is exposed to the Internet on the DMZ network with a public IPv4 address. The public
Internet can be reached through the firewall on the WAN interface as illustrated below.
An IDP rule called
IDPMailSrvRule
will be created, and the
Service
object to use is the SMTP
service. The
Source Interface
and
Source Network
defines where traffic is coming from, in this
example the external network. The
Destination Interface
and
Destination Network
define where
traffic is directed to, in this case the mail server. The
Destination Network
should therefore be set
to the object defining the mail server.
Command-Line Interface
Create an IDP Rule:
gw-world:/> add IDPRule
SourceInterface=wan
SourceNetwork=wannet
DestinationInterface=dmz
DestinationNetwork=ip_mailserver
Service=smtp
Chapter 6: Security Mechanisms
560
Summary of Contents for NetDefendOS
Page 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Page 32: ...Chapter 1 NetDefendOS Overview 32 ...
Page 144: ...Chapter 2 Management and Maintenance 144 ...
Page 284: ...Chapter 3 Fundamentals 284 ...
Page 392: ...Chapter 4 Routing 392 ...
Page 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Page 420: ...Chapter 5 DHCP Services 420 ...
Page 573: ...Chapter 6 Security Mechanisms 573 ...
Page 607: ...Chapter 7 Address Translation 607 ...
Page 666: ...Chapter 8 User Authentication 666 ...
Page 775: ...Chapter 9 VPN 775 ...
Page 819: ...Chapter 10 Traffic Management 819 ...
Page 842: ...Chapter 11 High Availability 842 ...
Page 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Page 879: ...Chapter 13 Advanced Settings 879 ...