用户手册目录Introduction10Web content filtering10Firewall10NAT/Route mode11Transparent mode11VPN11Secure installation, configuration, and management12Web-based manager12Command line interface12Logging and reporting13What's new in Version 2.3613About this document15For more information15Customer service and technical support15Getting started17Package contents17Mounting18Powering on18Initial configuration19Connecting to the web-based manager19Connecting to the command line interface (CLI)20Next steps21NAT/Route mode installation22Preparing to configure NAT/Route mode22Advanced NAT/Route mode settings22DMZ interface23Using the setup wizard23Starting the setup wizard23Reconnecting to the web-based manager23Using the command line interface24Configuring the DFL-1000 NPG to run in NAT/Route mode24Connecting to your networks25Configuring your networks25Completing the configuration26Configuring the DMZ interface26Setting the date and time26Transparent mode installation27Preparing to configure Transparent mode27Using the setup wizard27Changing to Transparent mode27Starting the setup wizard28Reconnecting to the web-based manager28Using the command line interface28Changing to Transparent mode28Configuring the Transparent mode management IP address28Configure the Transparent mode default gateway29Setting the date and time29Connecting to your networks29Firewall configuration31NAT/Route mode and Transparent mode32NAT/Route mode32Transparent mode32Changing to Transparent mode32Changing to NAT/Route mode32Adding NAT/Route mode policies32Adding Transparent mode policies35Configuring policy lists37Policy matching in detail37Changing the order of policies in a policy list38Enabling and disabling policies38Disabling a policy38Enabling a policy38Addresses38Adding addresses39Editing addresses40Deleting addresses40Organizing addresses into address groups40Services41Predefined services41Providing access to custom services43Grouping services43Schedules44Creating one-time schedules44Creating recurring schedules45Adding a schedule to a policy46Virtual IPs47Adding static NAT virtual IPs47Adding port forwarding virtual IPs49Adding policies with virtual IPs50IP pools51IP/MAC binding52Configuring IP/MAC binding for packets going through the firewall52Configuring IP/MAC binding for packets going to the firewall53Adding IP/MAC addresses53Viewing the dynamic IP/MAC list53Enabling IP/MAC binding54Example policies55NAT policy for public access to a server55Routing policy for access to a server from the internal network55Transparent mode policy for public access to a server56Denying connections from the Internet57Using a schedule to deny access57Denying connections to the Internet57Adding policies that accept connections58Requiring authentication to connect to the Internet59Users and authentication61Setting authentication timeout61Adding user names and configuring authentication61Adding user names and configuring authentication62Deleting user names from the internal database62Configuring RADIUS support63Adding RADIUS servers63Deleting RADIUS servers63Configuring user groups64Adding user groups64Deleting user groups65IPSec VPNs66Interoperability with IPSec VPN products67Configuring AutoIKE key IPSec VPN67Configuring manual key IPSec VPN68Configuring dialup VPN68Configuring a VPN Concentrator for hub and spoke VPN69Configuring the VPN Concentrator69Configuring the member VPNs70Configuring IPSec redundancy71Adding a remote gateway71About dialup VPN authentication73About DH groups75About the P1 proposal75About NAT traversal75Adding an AutoIKE key VPN tunnel76About the P2 proposal77About replay detection77About perfect forward secrecy (PFS)77Adding a manual key VPN tunnel78Adding a VPN concentrator79Adding an encrypt policy80Viewing VPN tunnel status82Viewing dialup VPN connection status83Testing a VPN83IPSec VPN configuration examples84AutoIKE key VPN between two networks84Configuring the remote gateway for a remote network85Configuring the AutoIKE key tunnel for a remote network86Adding source and destination addresses for a network-to-network VPN87Adding an encrypt policy for a network-to-network VPN87AutoIKE key VPN for remote clients88Configuring the remote gateway for remote clients89Configuring the AutoIKE key tunnel for a remote client89Adding source and destination addresses for a remote client VPN90Adding a source address for the internal network90Adding an encrypt policy for a remote client91Configuring the IPSec VPN client91Dialup VPN92Adding a dialup remote gateway93Adding AutoIKE key tunnels for dialup VPN93Adding source and destination addresses for dialup VPN93Adding encrypt policies for dialup VPN94Configuring remote IPSec VPN gateways for dialup VPN94Configuring remote IPSec VPN clients for dialup VPN94Manual key VPN between two networks94Configuring the manual key VPN tunnel95Adding source and destination addresses95Adding an encrypt policy95Manual key VPN for remote clients96Configuring the manual key tunnel96Adding internal and external addresses97Adding an encrypt policy97Configuring the IPSec VPN client97Hub and spoke VPN (VPN concentrator)97Configuring the hub98Configuring the spokes98Configuring the remote gateways99Configuring the AutoIKE key tunnels99Configuring the VPN concentrator100Adding source and destination addresses100Adding encrypt policies101PPTP and L2TP VPNs103PPTP VPN configuration103Configuring the DFL-1000 NPG as a PPTP gateway104Configuring a Windows 98 client for PPTP105Configuring a Windows 2000 client for PPTP106Configuring a Windows XP client for PPTP107L2TP VPN configuration108Configuring the DFL-1000 NPG as an L2TP gateway109Configuring a Windows 2000 client for L2TP110Configuring a Windows XP client for L2TP111Web content filtering113Enabling web content filtering113Blocking web pages that contain unwanted content113Enabling the banned word list114Changing the content block message114Adding words and phrases to the banned word list114Temporarily disabling the banned word list115Temporarily disabling individual words in the banned word list115Clearing the banned word list115Backing up the banned word list115Restoring the banned word list116Blocking access to URLs116Enabling the URL block list116Changing the URL block message116Adding URLs to the URL block list117Temporarily disabling the URL block list118Temporarily disabling individual URL blocking118Clearing the URL block list118Downloading the URL block list118Uploading a URL block list118Removing scripts from web pages119Exempting URLs from content or URL blocking119Adding URLs to the Exempt URL list120Temporarily disabling entries in the Exempt URL list121Clearing the Exempt URL list121Downloading the Exempt URL list121Uploading an Exempt URL list121Logging and reporting123Configuring logging123Recording logs on a remote computer123Recording logs on a NetIQ WebTrends server123Recording logs on the DFL-1000 hard disk124Logging event log to memory125Selecting what to log125Viewing event log saved to memory126Viewing event log126Searching event log126Clearing event log messages127Viewing and maintaining logs saved to the hard disk127Viewing logs127Searching logs128Downloading a log file to the management computer128Deleting all messages in an active log129Deleting a saved log file129Configuring alert email129Configuring alert email129Testing alert emails130Enabling alert emails130Log message formats130Traffic log message format130Event log message format131Administration132System status132Upgrading the DFL-1000 firmware133Displaying the DFL-1000 NPG serial number135Backing up system settings135Restoring system settings135Restoring system settings to factory defaults135Changing to Transparent mode136Changing to NAT/Route mode136Restarting the DFL-1000 NPG136Shutting down the DFL-1000 NPG136System status monitor137Network configuration138Configuring the internal interface138Configuring the external interface139Configuring the dmz interface142Configuring the management interface (Transparent mode)142Setting DNS server addresses143Configuring routing143Adding routing gateways143Adding a default route144Adding routes to the routing table145Configuring the routing table145Enabling RIP server support146Adding routes (Transparent mode)146Configuring the DFL-1000 NPG for multiple Internet connections146Providing DHCP services to your internal network148System configuration150Setting system date and time150Changing web-based manager options151Adding and editing administrator accounts152Configuring SNMP153Glossary156Troubleshooting FAQs159General administration159Network configuration159Firewall policies159Schedules160VPN160Web content filtering160Logging161Technical Support162Limited Warranty165Registration168文件大小: 1.4 MB页数: 168Language: English打开用户手册