DPtech DPX8000 Series, User Configuration Manual

Page 1: ...i DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1 0...

Page 2: ...upport If you need any help please contact Hangzhou DPtech Technologies Co Ltd and its sale agent according to where you purchase their products Hangzhou DPtech Technologies Co Ltd Address 6th floor z...

Page 3: ...duct upgrading or other reasons information in this manual is subject to change Hangzhou DPtech Technologies Co Ltd has the right to modify the content in this manual as it is a user guides Hangzhou D...

Page 4: ...TECTION 13 1 6 2 BASIC ATTACK LOG QUERY 14 1 7 SESSIONS LIMIT 15 1 8 SERVICE LIMITATION 15 1 9 IPV4 BASIC DDOS PROTECTION 16 1 9 1 DEFEND OBJECT MANAGEMENT 16 1 9 2 CONFIGURATION AND TENDENCY 17 1 9 3...

Page 5: ...3 2 L2TP 33 3 2 1 INTRODUCTION TO L2TP 33 3 2 2 L2TP 33 3 3 GRE VPN 34 3 3 1 INTRODUCTION TO THE GRE 34 3 3 2 CONFIGURING GRE CONFIGURATION 34 3 4 SSL VPN 35 3 4 1 INTRODUCTION TO THE SSL VPN 35 3 4 2...

Page 6: ...status and monitoring 17 Figure1 19 DDOS defend settings 18 Figure1 20 Protection history 19 Figure1 21 Blacklist configuration 19 Figure1 22 Blacklist query 20 Figure1 23 Blacklist log query 20 Figur...

Page 7: ...vii Figure4 1 IDS integration log 39...

Page 8: ...Table1 10 Basic attack protection 13 Table1 11 Basic attack log query 14 Table1 12 Exceeding control 15 Table1 13 Defend object management 16 Table1 14 Traffic and status monitoring 17 Table1 15 DDOS...

Page 9: ...and outgoing data packet and block intrusion from outside network the followings are provided by firewall including Packet filtering IPv6 packet filtering NAT NAT_PT Basic protection Sessions limitat...

Page 10: ...is to inspect the source domain destination domain originator source IP originator destination IP originator source MAC originator destination MAC service IP fragment flow re mark action for every dat...

Page 11: ...policy Status Specify whether the current policy is effective Action Specify whether permit the packet pass the device and further limit packet filtering policy Operation Click the copy icon and then...

Page 12: ...service and valid for the packet filtering policy The action you can select is the pass discard or rate limitations Click Ok button in the upper right Caution It will perform by default if there is n...

Page 13: ...IP of the packet filtering policy Source port type Displays the source port type of the packet filtering policy Destination port code Displays the destination port code of the packet filtering policy...

Page 14: ...G configuration Table1 4 ALG configuration Item Description Protocol Displays the protocol name State Displays the enabling status of alg configuration 1 3 IPv6 packet filtering policy To enter the IP...

Page 15: ...s shown in Figure1 7 Figure1 7 Source NAT Table1 5 describes the details of source NAT configuration Table1 5 Source NAT configuration Item Description ID Displays the serial number of source NAT poli...

Page 16: ...AT ID In interface Displays the inbound interface of destination NAT policy Common address Displays the destination NAT policy Service Displays the service type of destination NAT policy Expert config...

Page 17: ...al number Displays the serial number of one to one NAT policy Public interface Displays the outbound interface of one to one NAT policy One to one NAT Displays the inner address of one to one NAT poli...

Page 18: ...gure the end IP address of address pool Operation Click the copy icon and the delete icon to do the operations To configure address pool configuration Click the button of the address pool except the f...

Page 19: ...l of Alg configuration Table1 9 Alg configuration Item Description Protocol Displays the protocol name State Select whether to enable or disable the protocol 1 5 NAT_PT Enabling the NAT_PT function yo...

Page 20: ...Firewall module Basic attack protection as shown in Figure1 13 Figure1 13 Basic attack protection Table1 10 describes the details of basic attack protection Table1 10 Basic attack protection Item Desc...

Page 21: ...uery allow you to query the specific log from the database To enter the basic attack lo query page you choose Firewall module Basic attack protection Basic attack log query as shown in Figure1 14 Figu...

Page 22: ...sion limitation Table1 12 describes the details of exceeding control Table1 12 Exceeding control Item Description Security zone user group Select the user group which will apply to the exceeding contr...

Page 23: ...tion Defend object management as shown in Figure1 17 Figure1 17 Defend object management Table1 13 describes the details of defend object management Table1 13 Defend object management Item Description...

Page 24: ...ion Configuration and tendency as shown in Figure1 18 Figure1 18 Traffic status and monitoring Table1 14 describes the details of traffic status and monitoring Table1 14 Traffic and status monitoring...

Page 25: ...Auto learning the threshold Set the number of the threshold To modify DDOS defend settings Select whether to enable the manual configure the threshold and auto learning the threshold Set the number o...

Page 26: ...n in Figure1 21 Figure1 21 Blacklist configuration Table1 16 describes the details of blacklist configuration Table1 16 Blacklist configuration Item Description Option Click the Enable blacklist optio...

Page 27: ...odule Firewall Blacklist query as shown in Figure1 22 Figure1 22 Blacklist query Table1 17 describes the details of blacklist query Table1 17 Blacklist query Item Description IP address mask Displays...

Page 28: ...o view the searching result Click the Export to CSV button and then you can export the log file Click the delete button and then you can delete the logs you have searched 1 11 QoS QoS can ensure bandw...

Page 29: ...and then you can copy a VIP bandwidth guarantee rule Click the delete icon and then you can delete a VIP bandwidth guarantee rule 1 11 2 Traffic shaping To enter traffic shaping page you choose Firewa...

Page 30: ...ARP spoofing VLAN ID Displays the VLAN ID scanned by anti ARP spoofing Interface Displays the interface scanned by anti ARP spoofing Type Displays the obtaining method of anti ARP spoofing 1 12 2 ARP...

Page 31: ...ll Service Board Module v1 0 24 Figure1 27 ARP configuration Table1 21 describes the details of ARP configuration Table1 21 ARP configuration Item Description Interface name Displays the all interface...

Page 32: ...stably working 2 1 2 Link config To enter the link config page you choose Firewall module Load balancing Link config as shown in Figure2 1 Figure2 1 Link load balancing Table2 1 describes the details...

Page 33: ...e you choose Firewall module Load balancing ISP as shown in Figure2 2 Figure2 2 ISP Table2 2 describes the details of ISP Table2 2 ISP Item Description ISP name Displays the name of ISP Segment import...

Page 34: ...onfiguration Guide Firewall Service Board Module v1 0 27 Figure2 3 Logic link group 2 3 Link health check To enter the link health check page you choose Firewall module Load balancing Link health chec...

Page 35: ...ng encryption and data origin authentication it delivers these security services at the IP layer Through the IKE Internet Key Exchange protocol IPsec provides the auto negotiate exchange password and...

Page 36: ...r types of ID obtaining method in which you can select one Auto hostname IP address Local certificate ID alias Displays auto Client ID In client ID item you can enable auto or remote certificate ID al...

Page 37: ...iguration click Ok button on the upper right 3 1 3 DPVPN To enter the DPVPN page you choose Firewall module Firewall VPN IPsec DPVPN as shown in Figure3 2 Figure3 2 DPVPN Table3 3 describes the detail...

Page 38: ...the IPsec page you choose Firewall module VPN IPsec IPsec interface as shown in Figure3 4 Figure3 4 IPsec interface 3 1 6 Display connections To enter the display connections page you choose Firewall...

Page 39: ...display IPsec connections interface Select a query item and make a choice form local IP address and remote IP address and connection name Enter the keyword of display IPsec connection Click query but...

Page 40: ...P provides the packet header compressing tunnel verification and vice versa the it cannot supported by PPTP 3 2 2 L2TP To enter the L2TP configuration page you choose Firewall module VPN L2TP as shown...

Page 41: ...Item Description Tunnel interface NO Configure the GRE tunnel interface NO the number is from 1 to 64 Tunnel interface IP address Configure the GRE tunnel interface IP address Tunnel source interface...

Page 42: ...L VPN page you choose Firewall module VPN SSL VPN as shown in Figure3 9 Figure3 9 SSL VPN Table3 7 describes the details of global configuration Table3 7 Global configuration Item Description Global c...

Page 43: ...o visit Resource configuration Resource group which can be configure when IP resource existing Configure the information and description of resource group 3 4 3 Resource configuration To access the re...

Page 44: ...configuration 3 4 5 Online user status To enter the online user status page you choose Firewall module VPN SSL VPN online user status as shown in Figure3 12 Figure3 12 Online user status 3 4 6 Operati...

Page 45: ...DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1 0 38 Figure3 13 Operation log query...

Page 46: ...er Configuration Guide Firewall Service Board Module v1 0 39 Chapter 4 IDS integration 4 1 IDS integration log To enter the IDS integration log page you choose Firewall module IDS Integration log as s...