A simple zonedefense scenario – D-Link DFL-2500 User Manual
Page 301
As a complement to threshold rules, it is also possible to manually define hosts and networks that
are to be statically blocked or excluded. Manually blocked hosts and networks can be blocked by
default or based on a schedule. It is also possible to specify which protocols and protocol port
numbers are to be blocked.
Exclude Lists can be created and used to exclude hosts from being blocked when a threshold rule
limit is reached. Good practice includes adding to the list the firewall's interface IP or MAC address
connecting towards the ZoneDefense switch. This prevents the firewall from being accidentally
blocked out.
Example 12.1. A simple ZoneDefense scenario
The following simple example illustrates the steps needed to set up ZoneDefense. It is assumed that all interfaces
on the firewall have already been configured.
An HTTP threshold of 10 connections/second is applied. If the connection rate exceeds this limitation, the firewall
will block the specific host (in network range 192.168.2.0/24 for example) from accessing the switch completely.
A D-Link switch model DES-3226S is used in this case, with a management interface address 192.168.1.250
connecting to the firewall's interface address 192.168.1.1. This firewall interface is added into the exclude list to
prevent the firewall from being accidentally locked out from accessing the switch.
Web Interface
Add a new switch into ZoneDefense section:
1.
Go to Zone Defense > Switches > Add > ZoneDefense switch
2.
Now enter:
•
Name: switch1
•
Switch model: DES-3226S
•
IP Address: 192.168.1.250
3.
For SNMP Community enter the Write Community String configured for the switch
4.
Press Check Switch to verify the firewall can communicate with the switch and the community string is
correct.
5.
Click OK
Add the firewall's management interface into the exclude list:
1.
Go to Zone Defense > Exclude list
12.3.3. Manual Blocking and Exclude
Lists
Chapter 12. ZoneDefense
301