•
DXS-3326GSR (Version R4.30-B11 or later)
•
DXS-3350SR (Version R4.30-B11 or later)
•
DHS-3618 (Version R1.00-B03 or later)
•
DHS-3626 (Version R1.00-B03 or later)
Tip: Switch firmware versions should be the latest
It is advisable when using ZoneDefense to make sure that all switches have the latest
firmware version installed.
Using Threshold Rules
A threshold rule will trigger ZoneDefense to block out a specific host or a network if the
connection limit specified in the threshold rule is exceeded. The triggering limit can be one of
two types:
•
Connection Rate Limit
This can be triggered if the rate of new connections per second to the firewall exceeds a
specified threshold.
•
Total Connections Limit
This can be triggered if the total number of connections to the firewall exceeds a specified
threshold.
Threshold rules have parameters which are similar to those for IP Rules. These parameters specify
what type of traffic a threshold rule applies to.
A single threshold rule object has the following properties:
•
Source interface and source network
•
Destination interface and destination network
•
Service
•
Type of threshold: Host and/or network based
Traffic that matches the above criteria and causes the host/network threshold to be exceeded
will trigger the ZoneDefense feature. This will prevent the host/networks from accessing the
switch(es). All blocking in response to threshold violations will be based on the IP address of the
host or network on the switch(es). When a network-based threshold has been exceeded, the
source network will be blocked out instead of just the offending host.
For a detailed discussion of how to specify threshold rules, see
Section 10.3, “Threshold Rules”
.
Manual Blocking and Exclude Lists
As a complement to threshold rules, it is also possible to manually define hosts and networks
that are to be statically blocked or excluded. Manually blocked hosts and networks can be
blocked by default or based on a schedule. It is also possible to specify which protocols and
Chapter 12: ZoneDefense
845
Summary of Contents for NetDefendOS
Page 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Page 32: ...Chapter 1 NetDefendOS Overview 32 ...
Page 144: ...Chapter 2 Management and Maintenance 144 ...
Page 284: ...Chapter 3 Fundamentals 284 ...
Page 392: ...Chapter 4 Routing 392 ...
Page 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Page 420: ...Chapter 5 DHCP Services 420 ...
Page 573: ...Chapter 6 Security Mechanisms 573 ...
Page 607: ...Chapter 7 Address Translation 607 ...
Page 666: ...Chapter 8 User Authentication 666 ...
Page 775: ...Chapter 9 VPN 775 ...
Page 819: ...Chapter 10 Traffic Management 819 ...
Page 842: ...Chapter 11 High Availability 842 ...
Page 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Page 879: ...Chapter 13 Advanced Settings 879 ...