based on either the number of new connections made per second, or on the total number of
connections being made.
These connections may be made by either a single host or all hosts within a specified CIDR
network range (an IP address range specified by a combination of an IP address and its
associated network mask). These rules are discussed further in Section 10.3, “Threshold Rules”.
Blocking Uses ACL Uploads
When NetDefendOS detects that a host or a network has reached the specified threshold limit, it
uploads Access Control List (ACL) rules to the relevant switch and this blocks all traffic for the
host or network displaying the unusual behavior. Blocked hosts and networks remain blocked
until the system administrator manually unblocks them using the Web or Command Line
interface.
Supported D-Link Switches
Every switch that is to be controlled by NetDefend Firewall has to be manually specified in the
NetDefendOS configuration.
The information that must be specified in the configuration setup in order to control a switch
includes:
• The IP address of the management interface of the switch.
• The switch model type (or Universal MIB for newer switches).
• The SNMP community string for write access to the switch.
ZoneDefense supports all newer D-Link switches which use the Universal MIB. In addition, the
following older D-Link switches are also supported.
• DES-3226S (Version R4.02-B26 or later)
• DES-3250TG (Version R3.00-B09 or later)
• DES-3326S (Version R4.01-B39 or later)
• DES-3350SR (Version R3.02-B12 or later)
• DES-3526 R3.x (Version R3.06-B20 only)
• DES-3526 R4.x (Version R4.01-B19 or later)
• DES-3550 R3.x (Version R3.05-B38 only)
• DES-3550 R4.x (Version R4.01-B19 or later)
• DES-3800 Series (Version R2.00-B13 or later)
• DGS-3200 Series (Version R1.10-B06 or later)
• DGS-3324SR/SRi (Version R4.30-B11 or later)
• DGS-3400 Series R1.x (Version R1.00-B35 only)
• DGS-3400 Series R2.x (Version R2.00-B52 or later)
• DGS-3600 Series (Version R2.20-B35 or later)
Chapter 12: ZoneDefense
844
To Next Page
Loading...
