beautypg.com

Schedules, Setting up a time-scheduled policy, Important – D-Link DFL-2500 User Manual

Page 77

background image

3.6. Schedules

In some scenarios, it might be useful to control not only what functionality is enabled, but also when
that functionality is being used.

For instance, the IT policy of an enterprise might stipulate that web traffic from a certain department
is only allowed access outside that department during normal office hours. Another example might
be that authentication using a specific VPN connection is only permitted on weekdays before noon.

NetDefendOS addresses this requirement by providing Schedule objects, or simply schedules, that
can be selected and used with various types of security policies to accomplish time-based control.
This functionality is in no way limited to IP Rules, but is valid for most types of policies, including
Traffic Shaping rules and Intrusion Detection and Prevention (IDP) rules. A Schedule object is, in
other words, a very powerful component that can allow detailed regulation of when functions in
NetDefendOS are enabled or disabled.

A Schedule object gives the possibility to enter multiple time ranges for each day of the week.
Furthermore, a start and a stop date can be specified that will impose additional constraints on the
schedule. For instance, a schedule can be defined as Mondays and Tuesdays, 08:30 - 10:40 and
11:30 - 14:00, Fridays 14:30 - 17:00.

Important

As schedules depend on an accurate date and time, it is very important that the system
date and time are set correctly. Preferably, time synchronization has also been
enabled to ensure that scheduled policies will be enabled and disabled at the right
time. For more information, please see Section 3.8, “Setting Date and Time”.

Example 3.17. Setting up a Time-Scheduled Policy

This example creates a schedule object for office hours on weekdays, and attaches the object to an IP Rule that
allows HTTP traffic.

CLI

gw-world:/> add ScheduleProfile OfficeHours Mon=8-17 Tue=8-17 Wed=8-17 Thu=8-17

Fri=8-17

gw-world:/> add IPRule Action=NAT Service=http SourceInterface=lan

SourceNetwork=lannet DestinationInterface=any
DestinationNetwork=all-nets Schedule=OfficeHours
name=AllowHTTP

Web Interface

1.

Go to Objects > Schedules > Add > Schedule

2.

Enter the following:

Name: OfficeHours

3.

Select 08-17, Monday to Friday in the grid.

4.

Click OK

1.

Go to Rules > IP Rules > Add > IPRule

2.

Enter the following:

Name: AllowHTTP

3.

Select the following from the dropdown lists:

3.6. Schedules

Chapter 3. Fundamentals

77