Manualshelf

User`s manual

ManualsBrandsD-Link ManualsComputer equipmentD DFL-500 DFL-500
21222324252627282930
Editing policies
To edit a policy:
Go to Firewall > Policy .
Click the tab corresponding to the type of policy to edit.
Choose a policy to edit and click Edit
.
Edit the policy settings as required.
You can change any of the policy settings.
Click OK to save your changes.
Policy matching
For every connection attempt, the DFL-500 must choose the policy to apply to the connection. To match a
policy with a connection attempt, the DFL-500 extracts the source address, destination address, and service
(or port number) from the connection attempt. Then the DFL-500 begins at the top of the policy list and
searches for the first policy with matching addresses and service, and with a schedule that matches the time
at which the connection attempt was received. The first policy that matches is applied to the connection
attempt. If no policy matches, the connection is denied.
The default policy accepts all connection attempts from the internal network to the Internet. From the internal
network, users can browse the web, use POP3 to get email, use FTP to download files through the DFL-500
and so on. If the default policy is at the top of the internal policy list, the DFL-500 allows all connections from
the internal network to the Internet because all connections match with the default policy. Any policies in the
list below the default policy are never matched.
For the policy to block FTP connections shown in Sample Int to Ext policy to deny FTP connections
to be
effective, it must be moved above the default policy in the policy list. Then, all FTP connection attempts from
the internal network would match the FTP policy and be blocked. Connection attempts for all other kinds of
services would not match with the FTP policy but they would match with the default policy. So the firewall
would accept all other connections.
Arranging policies in the policy list
Once you have added policies to a policy list, you can use the following steps to arrange them as required.
Go to Firewall > Policy .
Click the tab corresponding to the policy list to arrange.
Choose a policy to move and click Move To
to change its order in the policy list.
Type a number in the Move to field to specify where in the policy list to move the policy to and click OK.
Click Delete
to remove a policy from the list.
Controlling connections from the Internet
Use Incoming policies to give users on the Internet access to an Internet server (for example, a web server)
that is protected by your firewall.
This section describes:
Accepting incoming connections in NAT mode
Accepting incoming connections in Transparent mode
Denying incoming connections
DFL-500 User’s Manual
26