Dptech Fw1000 series User manual

DPtech FW1000 Series Firewall Products

User Configuration Guide v1.0

Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support.

If you need anyhelp, please contact Hangzhou DPtech Technologies Co., Ltd. and its sale agent, according to where

you purchase their products.

Hangzhou DPtech Technologies Co., Ltd.

Address: 6th floor, zhongcai mansion, 68 tonghelu, Binjiangqu, Hangzhoushi

Address code: 310051

iii

Declaration

Hangzhou DPtech Technologies Co., Ltd.

No Part of the manual can be extracted or copied by any company or individuals without written permission, and can

not be transmitted by any means.

Owing to product upgrading or other reasons, information in this manual is subject to change. Hangzhou DPtech

Technologies Co., Ltd. has the right to modify the content in this manual, as it is a user guides, Hangzhou DPtech

Technologies Co., Ltd. made every effort in the preparation of this document to ensure accuracy of the contents, but

all statements, information, and recommendations in this document do not constitute the warranty of any kind

express or implied.

Table of Contents

CHAPTER 1 PRODUCT OVERVIEW 1-5

1.1 PRODUCT INTRODUCTION 1-5

1.2 WEB MANAGEMENT 1-5

1.2.1 LOGGING IN TO THE WEB MANAGEMENT INTERFACE 1-5

1.2.2 WEB INTERFACE LAYOUT 1-6

CHAPTER 2 SYSTEM MANAGEMENT 2-8

2.1 INTRODUCTION TO SYSTEM MANAGEMENT 2-8

2.2 DEVICE MANAGEMENT 2-9

2.2.1 DEVICE INFORMATION 2-9

2.2.2 DEVICE STATUS 2-10

2.2.3 DEVICE CONFIGURATION 2-12

2.3 SNMP CONFIGURATION 2-15

2.3.1 SNMP VERSION CONFIGURATION 2-16

2.4 RMON CONFIGURATION 2-19

2.4.1 ALARM 2-19

2.4.2 HISTORY 2-20

2.5 ADMINISTRATOR 2-21

2.5.1 INTRODUCTION TO ADMINISTRATOR 2-21

2.5.2 AUTHORITY MANAGEMENT 2-27

2.5.3 WEB ACCESS PROTOCOL 2-28

2.5.4 LIMITED INTERFACE SERVICE 2-28

2.5.5 REMOTE USER 2-29

2.6 CONFIGURATION FILE 2-30

2.7 HOT PATCHING 2-32

2.8 SIGNATURE DATABASE 2-33

2.8.1 APP SIGNATURE 2-33

2.8.2 URL CLASSIFICATION FILTERING SIGNATURE 2-36

2.8.3 AV SIGNATURE 2-39

2.8.4 IPS SIGNATURE 2-39

2.8.5 LICENSE MANAGEMENT 2-40

2.9 SOFTWARE VERSION 2-41

2.10 NTP 2-42

2.11 VIRTUAL MANAGEMENT SYSTEM 2-44

2.11.1 VIRTUAL MANAGEMENT SYSTEM CONFIGURATION 2-44

2.11.2 VIRTUAL MANAGEMENT SYSTEM PARAMETER SETTINGS 2-44

2.12 OVC 2-45

2.13 VRF 2-45

2.14 DIGITAL CERTIFICATE 2-46

2.14.1 INTRODUCTION TO DIGITAL CERTIFICATE 2-46

2.14.2 CERTIFICATE MANAGEMENT 2-49

2.15 INSTALLATION PACKAGE 2-52

2.16 MANAGEMENT CENTER 2-53

CHAPTER 3 NETWORK MANAGEMENT 3-54

3.1 INTRODUCTION TO NETWORK MANAGEMENT 3-54

3.2 INTERFACE MANAGEMENT 3-55

3.2.1 NETWORKING CONFIGURATION 3-55

3.2.2 VLAN CONFIGURATION 3-56

3.2.3 INTERFACE CONFIGURATION 3-57

3.2.4 PORT AGGREGATION 3-58

3.2.5 PORT MIRRORING 3-59

3.2.6 LOGIC INTERFACE 3-59

3.2.7 GRE 3-61

3.3 3G DIAL-UP 3-61

3.4 NETWORK OBJECT 3-62

3.4.1 SECURITY ZONE 3-62

3.4.2 IP ADDRESS 3-64

3.4.3 IPV6ADDRESS 3-66

3.4.4 MAC ADDRESS 3-66

3.4.5 MAC ADDRESS MANAGE 3-67

3.4.6 ACCOUNT 3-68

3.4.7 DOMAIN NAME 3-69

3.4.8 SERVICE 3-69

3.5 FORWARDING 3-70

3.5.1 FORWARDING 3-70

3.5.2 FORWARDING MODE 3-71

3.5.3 NEIGHBOR DISCOVER 3-71

3.6 TRANS_TECH 3-72

3.6.1 DS_LITE 3-72

3.7 6TO4TUNNEL 3-72

3.8 AUTOCONFIG 3-73

3.8.1 STATELESS CONFIGURATION 3-73

3.9 IPV4UNICAST ROUTING 3-73

3.9.1 IPV4UNICAST ROUTING 3-73

3.9.2 CONFIGURE STATIC ROUTE 3-73

3.10 ROUTING TABLE 3-75

3.10.1 BASIC ROUTING TABLE 3-75

3.10.2 DETAILED ROUTING TABLE 3-76

3.10.3 EQUAL-COST ROUTE 3-77

3.10.4 BGP 3-78

3.10.5 RIP 3-82

3.10.6 OSPF 3-84

3.10.7 IS-IS 3-88

3.10.8 GUARD ROUTE 3-91

3.11 IPV6UNICAST ROUTING 3-92

3.11.1 STATIC ROUTE 3-92

3.11.2 RIPNG 3-94

3.11.3 OSPFV3 3-96

3.11.4 GUARD ROUTE 3-101

3.12 IPV4MULTICAST ROUTING 3-101

3.12.1 BASIC CONFIG 3-101

3.12.2 IGMP SNOOPING 3-102

3.12.3 IGMP/IGMP PROXY 3-104

3.12.4 PIM 3-106

3.12.5 MSDP 3-111

3.12.6 MULTICAST VPN 3-113

3.12.7 MULTICAST SOURCE PROXY 3-113

3.12.8 MULTICAST SOURCE NAT 3-113

3.12.9 MULTICAST DESTINATION NAT 3-113

3.12.10 MULTICAST STATIC ROUTING 3-114

3.12.11 MULTICAST ROUTING TABLE 3-114

3.13 IPV6MULTICAST ROUTING 3-116

3.13.1 BASIC CONFIG 3-116

3.13.2 MLD 3-116

3.13.3 PIM 3-117

3.13.4 PIM MULTICAST ROUTING TABLE 3-120

3.14 POLICY-BASED ROUTING 3-121

3.14.1 INTRODUCTION TO POLICY-BASED ROUTING 3-121

3.14.2 IPV6POLICY-BASED ROUTING 3-121

3.14.3 IPV4POLICY-BASED ROUTING 3-122

3.15 MPLS 3-124

3.15.1 MPLS CONFIGURATION 3-124

3.15.2 STATIC FTN/ILM 3-124

3.15.3 LDP 3-125

3.15.4 L2VPN CONFIGURATION 3-126

3.16 ARP CONFIGURATION 3-128

3.16.1 DISPLAY ARP 3-128

3.16.2 ANTI-ARP-SNOOPING 3-129

3.17 MAC ADDRESS MANAGE 3-130

3.18 DNS CONFIGURATION 3-131

3.18.1 INTRODUCTION TO DNS 3-131

3.18.2 DNS 3-131

3.19 DHCP CONFIGURATION 3-131

3.19.1 INTRODUCTION TO DHCP 3-131

3.19.2 DHCP SERVER 3-132

3.19.3 DHCPV6SERVER 3-134

3.19.4 DHCP RELAY AGENT 3-134

3.19.5 DHCP IP ADDRESS TABLE 3-135

3.20 BFD 3-135

3.20.1 BFD CONFIGURATION 3-135

3.20.2 BFD SESSION 3-136

3.20.3 BFD MANUAL 3-137

3.21 BASIC WIRELESS 3-137

vii

3.22 DIAGNOSTIC TOOLS 3-138

3.22.1 PING 3-138

3.22.2 TRACEROUTE 3-138

3.22.3 CAPTURE 3-139

3.23 LAN SWITCH 3-139

3.23.1 SPANNING TREE 3-139

CHAPTER 4 FIREWALL 4-143

4.1 INTRODUCTION TO THE FIREWALL 4-143

4.2 PACKET FILTERING POLICY 4-144

4.2.1 PACKET FILTERING POLICY 4-144

4.2.2 PACKET FILTERING POLICY LOG 4-147

4.3 IPV6PACKET FILTERING POLICY 4-147

4.3.1 IPV6PACKET FILTERING POLICY 4-147

4.3.2 IPV6PACKET FILTERING LOG 4-148

4.4 NAT 4-148

4.4.1 INTRODUCTION TO NAT 4-148

4.4.2 SOURCE NAT 4-148

4.4.3 DESTINATION NAT 4-149

4.4.4 ONE TO ONE NAT 4-150

4.4.5 NTO NNAT 4-151

4.5 NAT64 4-152

4.5.1 NAT64 PREFIX 4-153

4.5.2 NAT64 ADDRESSS 4-153

4.5.3 ADDRESS POOL 4-153

4.6 NAT66 4-154

4.6.1 SOURCE NAT 4-154

4.6.2 DESTINATION NAT 4-154

4.6.3 ADDRESS POOL 4-154

4.7 DS_LITE_NAT 4-155

4.7.1 DS_LITE_NAT 4-155

4.7.2 ADDRESS POOL 4-155

4.8 ALG CONFIGURATION 4-155

4.8.1 ALG CONFIGURATION 4-156

4.8.2 USER-DEFINED LOG 4-156

4.9 BASIC ATTACK PROTECTION 4-156

4.9.1 BASIC ATTACK PROTECTION 4-156

4.9.2 BASIC ATTACK LOG QUERY 4-158

4.10 NETWORK ACTION MANAGE 4-159

4.11 SESSION LIMIT 4-159

4.12 SERVICE LIMIT 4-160

4.13 BLACKLIST 4-160

4.13.1 IPV4BLACK LIST CONFIGURATION 4-160

4.13.2 IPV6BLACK LIST CONFIGURATION 4-161

4.13.3 BLACK LIST QUERY 4-161

viii

4.13.4 BLACKNAME LOG QUERY 4-162

4.14 MAC/IP BINDING 4-162

4.14.1 MAC/IP BINDING 4-162

4.14.2 AUTO LEARNING 4-162

4.14.3 USER MAC BINDING 4-166

4.14.4 USER/IP BINDING 4-165

4.14.5 BINDING LOG QUERY 4-167

4.15 SESSION MANAGEMENT 4-169

4.15.1 SESSION LIST 4-169

4.15.2 SESSION PARAMETER 4-170

4.15.3 SESSION MONITORING 4-171

4.15.4 SESSION LOG CONFIGURATION 4-171

4.16 QOS 4-173

4.16.1 VIP BANDWIDTH GUARANTEE 错误!未定义书签。

4.16.2 TRAFFIC CLASSIFICATION 4-174

4.16.3 CONGESTION AVOIDANCE 4-176

4.16.4 CONGESTION MANAGEMENT 4-178

4.16.5 TRAFFIC SHAPING 4-179

4.17 ANTI-ARP-SPOOFING 4-179

4.17.1 ANTI-ARP-SPOOFING 4-179

4.17.2 ARP CONFIGURATION 4-180

CHAPTER 5 LOG MANAGEMENT 5-181

5.1 INTRODUCTION TO THE LOG MANAGEMENT 5-181

5.2 SYSTEM LOG 5-182

5.2.1 LATEST LOG 5-182

5.2.2 SYSTEM LOG QUERY 5-183

5.2.3 SYSTEM LOG FILE OPERATION 5-184

5.2.4 SYSTEM LOG CONFIGURATION 5-185

5.3 OPERATION LOG 5-186

5.3.1 LATEST LOG 5-186

5.3.2 OPERATION LOG QUERY 5-187

5.3.3 LOG FILE OPERATION 5-188

5.3.4 OPERATION LOG CONFIGURATION 5-189

5.4 SERVICE LOG 5-190

5.4.1 SERVICE LOG CONFIGURATION 5-190

CHAPTER 6 LOAD BALANCING 6-192

6.1 LINK LOAD BALANCING 6-192

6.1.1 INTRODUCTION TO LINK LOAD BALANCING 6-192

6.1.2 LINK LOAD BALANCING 6-192

6.1.3 LINK HEALTH CHECK 6-193

6.1.4 ISP 6-194

CHAPTER 7 ACCESS CONTROL 7-195

7.1 RATE LIMITATION 7-195

7.1.1 INTRODUCTION TO THE RATE LIMITATION 7-195

7.1.2 RATE LIMIT 7-196

7.1.3 SINGLE USER LIMIT 7-197

7.1.4 GROUP MANAGEMENT 7-199

7.1.5 NETWORK APPLICATION BROWSING 7-200

7.1.6 TYPICAL CONFIGURATION FOR THE RATE LIMITATION 7-200

7.2 ACCESS CONTROL 7-202

7.2.1 INTRODUCTION TO THE ACCESS CONTROL 7-202

7.2.2 ACCESS CONTROL 7-203

7.2.3 GROUP MANAGEMENT 7-203

7.2.4 TYPICAL CONFIGURATION FOR THE ACCESS CONTROL 7-205

7.3 URL FILTERING 7-207

7.3.1 URL CLASSIFICATION FILTERING 7-207

7.3.2 CUSTOMIZE URL CLASSIFICATION 7-208

7.3.3 ADVANCED URL FILTERING 7-209

7.3.4 URL FILTER PAGE PUSH 7-210

7.3.5 TYPICAL CONFIGURATION FOR THE RATE LIMITATION 7-211

7.4 SQL INJECTION PROTECTION 7-214

CHAPTER 8 VPN 8-214

8.1.1 INTRODUCTION TO IPSEC 8-215

8.1.2 IPSEC SYSCONFIG 8-215

8.1.3 IPSEC POLICY MODE 8-218

8.1.4 IPSEC ROUTE MODE 8-218

8.1.5 NET PROTECT 8-219

8.1.6 SA 8-219

8.1.7 IPSEC INTERFACE 8-219

8.2 L2TP 8-219

8.2.1 INTRODUCTION TO L2TP 8-219

8.2.2 L2TP 8-220

8.2.3 L2TP USER AUTHENTICATION 8-221

8.2.4 L2TP IP POOL 8-221

8.2.5 L2TP ONLINE STATUS 8-222

8.3 PPTP 8-222

8.4 GRE 8-223

8.4.1 INTRODUCTION TO THE GRE 8-223

8.4.2 GRE CONFIGURATION 8-223

8.5 SMAD 8-225

8.5.1 SMAD 8-225

8.5.2 SMAD BLACKLIST 8-225

8.5.3 SMAD LOG 8-225

8.6 SSL VPN 8-226

8.6.1 INTRODUCTION TO THE SSL VPN 8-226

8.6.2 SSL VPN 8-226

8.6.3 RESOURCES 8-228

8.6.4 USER MANAGEMENT 8-229

8.6.5 AUTHENTICATION KEY 8-229

8.6.6 SECURITY POLICY 8-230

8.6.7 LOG MANAGEMENT 8-231

8.6.8 REPORT FORMS 8-232

CHAPTER 9 ONLINE BEHAVIOR MANAGEMENT 9-234

9.1 INTRODUCTION TO ONLINE BEHAVIOR MANAGEMENT 9-234

9.2 TRAFFIC ANALYSIS 9-234

9.2.1 TRAFFIC ANALYSIS 9-234

9.3 BEHAVIOR ANALYSIS 9-235

9.3.1 POLICY CONFIGURATION 9-235

9.3.2 ADVANCED CONFIGURATION 9-236

9.3.3 KEYWORD FILTERING 9-236

CHAPTER 10 PORTAL AUTHENTICATION 10-239

10.1 INTRODUCTION TO THE PORTAL AUTHENTICATION 10-239

10.1.1 AUTHENTICATION CONFIG 10-239

10.1.2 WEB AUTHENTICATION NOTICE 10-243

10.1.3 WEB LISTEN 10-244

10.1.4 PROSCENIUM MANAGEMENT 10-244

10.1.5 TERMINAL MANAGEMENT 10-246

10.1.6 ONLINE USER 10-248

10.1.7 LOCAL ACCOUNT USER 10-249

10.1.8 BLACKNAME LIST 10-250

10.1.9 REMOTE SYNCHRONIZATION 10-250

CHAPTER 11 IDS INTEGRATION 11-252

11.1 INTRODUCTION 11-252

11.2 IDSINTEGRATION 11-252

11.2.1 DISPLAY IDS COOPERATION LOG 11-252

CHAPTER 12 HIGH AVAILABILITY 12-253

12.1 VRRP 12-253

12.1.1 INTRODUCTION TO VRRP GROUP 12-253

12.1.2 MONITOR IP ADDRESS OBJECT 12-255

12.1.3 MONITORING 12-256

12.1.4 BFD OPTION 12-256

12.2 OVERFLOW 12-257

12.2.1 OVERFLOW PROTECT 12-257

12.3 HOT STANDBY 12-257

12.3.1 HOT STANDBY 12-257

12.3.2 HANDWORK SYNCHRONIZATION 12-258

12.3.3 BACKUP REBOOT 12-258

12.3.4 INTERFACE SYNCHRONIZATION GROUP 12-259

List of Figures

Figure1-1 WEB Management Interface..................................................................................................................1-6

Figure1-2 Deploying of WEB Interface .................................................................................................................1-7

Figure2-1 System menu..........................................................................................................................................2-9

Figure2-2 Device information ..............................................................................................................................2-10

Figure2-3 Device status........................................................................................................................................2-11

Figure2-4 Device information settings.................................................................................................................2-12

Figure2-5 System name........................................................................................................................................2-12

Figure2-6 System time settings ............................................................................................................................2-13

Figure2-7 System threshold..................................................................................................................................2-13

Figure2-8 Enable remote diagnostics ...................................................................................................................2-14

Figure2-9 Set frame gap.......................................................................................................................................2-14

Figure2-10 System parameter...............................................................................................................................2-15

Figure2-11 Clear database....................................................................................................................................2-15

Figure2-12 SNMP.................................................................................................................................................2-16

Figure2-13 Device information ............................................................................................................................2-17

Figure2-14 SNMP version configuration .............................................................................................................2-18

Figure2-15 IP address list.....................................................................................................................................2-18

Figure2-16 Alarm .................................................................................................................................................2-19

Figure2-17 Alarm_stat..........................................................................................................................................2-19

Figure2-18 History ...............................................................................................................................................2-20

Figure2-19 History_stat........................................................................................................................................2-20

Figure2-20 RMON log .........................................................................................................................................2-21

Figure2-21 Current administrator.........................................................................................................................2-21

Figure2-22 Administrator settings........................................................................................................................2-22

Figure2-23 Administrator authentication settings ................................................................................................2-24

Figure2-24 Login parameter settings....................................................................................................................2-26

Figure2-25 Authority management.......................................................................................................................2-27

Figure2-26 WEB access protocol.........................................................................................................................2-28

Figure2-27 Interface service.................................................................................................................................2-29

Figure2-28 Remote user .......................................................................................................................................2-29

Figure2-29 Configuration file...............................................................................................................................2-31

Figure2-30 Hot patching.......................................................................................................................................2-33

Figure2-31 APP signature.....................................................................................................................................2-33

Figure2-32 Signature version information............................................................................................................2-33

Figure2-33 Auto-upgrade settings........................................................................................................................2-34

Figure2-34 Manual upgrade .................................................................................................................................2-35

xii

Figure2-35 Upgrade progress interface ................................................................................................................2-36

Figure2-36 URL classification filtering signature................................................................................................2-36

Figure2-37 Signature version information............................................................................................................2-37

Figure2-38 Auto-upgrade settings........................................................................................................................2-37

Figure2-39 Manual upgrade .................................................................................................................................2-38

Figure2-40 Upgrade progress interface ................................................................................................................2-39

Figure2-41 AV signature......................................................................................................................................2-39

Figure2-42 IPS signature......................................................................................................................................2-40

Figure2-43 License management..........................................................................................................................2-40

Figure2-44 Software version ................................................................................................................................2-41

Figure2-45 NTP configuration .............................................................................................................................2-42

Figure2-46 NTP client configuration....................................................................................................................2-43

Figure2-47 Virtual management system...............................................................................................................2-44

Figure2-48 Virtual management system parameter settings.................................................................................2-44

Figure2-49 OVC configuration.............................................................................................................................2-45

Figure2-50 Virtual system....................................................................................................................................2-45

Figure2-51 Certification configuration.................................................................................................................2-46

Figure2-52 Device information configuration......................................................................................................2-47

Figure2-53 CA server configuration.....................................................................................................................2-48

Figure2-54 CRL server configuration...................................................................................................................2-49

Figure2-55 Certificate management .....................................................................................................................2-50

Figure2-56 Key management ...............................................................................................................................2-50

Figure2-57 Certificate application........................................................................................................................2-51

Figure2-58 Certificate management .....................................................................................................................2-51

Figure2-59 CRL management ..............................................................................................................................2-52

Figure2-60 Install option ......................................................................................................................................2-52

Figure2-61 Management center............................................................................................................................2-53

Figure3-1 Manage center......................................................................................................................................3-55

Figure3-2 Networking configuration....................................................................................................................3-56

Figure3-3 VLAN Interface configuration.............................................................................................................3-56

Figure3-4 VLAN frame manage...........................................................................................................................3-57

Figure3-5 Interface configuration.........................................................................................................................3-57

Figure3-6 Interface rate beyond warning..............................................................................................................3-58

Figure3-7 Port aggregation configuration.............................................................................................................3-58

Figure3-8 Aggregation group status.....................................................................................................................3-58

Figure3-9 Local mirroring....................................................................................................................................3-59

Figure3-10 Remote source mirroring ...................................................................................................................3-59

Figure3-11 Remote destination mirroring ............................................................................................................3-59

Figure3-12 Sub interface configuration................................................................................................................3-60

Figure3-13 Loopback interface configuration......................................................................................................3-60

Figure3-14 PPP interface configuration ...............................................................................................................3-60

Figure3-15 Template interface .............................................................................................................................3-60

Figure3-16 IPsec interface....................................................................................................................................3-61

Figure3-17 GRE ...................................................................................................................................................3-61

Figure3-18 3G dial-up ..........................................................................................................................................3-61

Figure3-19 Security zone......................................................................................................................................3-62

Figure3-20 Network diagram for configuring security zones...............................................................................3-63

xiii

Figure3-21 IP address object................................................................................................................................3-65

Figure3-22 IP address object group......................................................................................................................3-65

Figure3-23 IPv6 address.......................................................................................................................................3-66

Figure3-24 MAC address .....................................................................................................................................3-67

Figure3-25 MAC address group...........................................................................................................................3-67

Figure3-26 MAC address manage........................................................................................................................3-68

Figure3-27 Account user ......................................................................................................................................3-68

Figure3-28 Domain name.....................................................................................................................................3-69

Figure3-29 Predefined service object...................................................................................................................3-70

Figure3-30 User-defined service object................................................................................................................3-70

Figure3-31 Service object group ..........................................................................................................................3-70

Figure3-32 Forwarding.........................................................................................................................................3-71

Figure3-33 Forwarding mode...............................................................................................................................3-71

Figure3-34 Neighbor discover..............................................................................................................................3-71

Figure3-35 DS_Lite..............................................................................................................................................3-72

Figure3-36 6to4 tunnel .........................................................................................................................................3-72

Figure3-37 Stateless configuration.......................................................................................................................3-73

Figure3-38 Configure static route.........................................................................................................................3-74

Figure3-39 Health check.......................................................................................................................................3-75

Figure3-40 Basic routing table .............................................................................................................................3-76

Figure3-41 Detailed routing table.........................................................................................................................3-77

Figure3-42 Equal-cost route .................................................................................................................................3-78

Figure3-43 Configure BGP...................................................................................................................................3-78

Figure3-44 Configure BGP-VPN.........................................................................................................................3-80

Figure3-45 BGP neighbor information.................................................................................................................3-81

Figure3-46 Configure RIP....................................................................................................................................3-82

Figure3-47 Display RIP state................................................................................................................................3-83

Figure3-48 Configure OSPF.................................................................................................................................3-84

Figure3-49 OSPF interface information...............................................................................................................3-87

Figure3-50 OSPF neighbor information...............................................................................................................3-87

Figure3-51 Configure IS-IS..................................................................................................................................3-89

Figure3-52 IS-IS neighbor....................................................................................................................................3-90

Figure3-53 ISIS LSP ............................................................................................................................................3-91

Figure3-54 Guard route........................................................................................................................................3-91

Figure3-55 Static route.........................................................................................................................................3-92

Figure3-56 Basic routing table .............................................................................................................................3-93

Figure3-57 Detailed routing table.........................................................................................................................3-94

Figure3-58 RIPng configuration...........................................................................................................................3-95

Figure3-59 OSPFv3 configuration .......................................................................................................................3-97

Figure3-60 OSPFv3 area configuration................................................................................................................3-97

Figure3-61 OSPFv3 advanced configuration .......................................................................................................3-98

Figure3-62 OSPFv3 neighbor information...........................................................................................................3-99

Figure3-63 OSPFv3 neighbor information.........................................................................................................3-100

Figure3-64 Guard route......................................................................................................................................3-101

Figure3-65 Basic config .....................................................................................................................................3-101

Figure3-66 IGMP_Snooping..............................................................................................................................3-102

Figure3-67 IGMP snooping proxy......................................................................................................................3-103

xiv

Figure3-68 IGMP snooping routing ...................................................................................................................3-104

Figure3-69 IGMP proxy.....................................................................................................................................3-104

Figure3-70 IGMP SSM mapping........................................................................................................................3-104

Figure3-71 IGMP Proxy.....................................................................................................................................3-105

Figure3-72 IGMP status .....................................................................................................................................3-106

Figure3-73 PIM ..................................................................................................................................................3-107

Figure3-74 Static RP configuration....................................................................................................................3-107

Figure3-75 Candidate RP configuration.............................................................................................................3-108

Figure3-76 PIM interface configuration.............................................................................................................3-108

Figure3-77 Admin scope zone............................................................................................................................3-109

Figure3-78 PIM status........................................................................................................................................3-110

Figure3-79 BSR status........................................................................................................................................3-111

Figure3-80 RP-Mapping.....................................................................................................................................3-111

Figure3-81 MSDP...............................................................................................................................................3-112

Figure3-82 Peer status ........................................................................................................................................3-112

Figure3-83 Cache status .....................................................................................................................................3-112

Figure3-84 Multicast VPN .................................................................................................................................3-113

Figure3-85 Multicast source proxy.....................................................................................................................3-113

Figure3-86 Multicast source NAT......................................................................................................................3-113

Figure3-87 Multicast destination NAT...............................................................................................................3-114

Figure3-88 Multicast static routing ....................................................................................................................3-114

Figure3-89 Multicast routing table.....................................................................................................................3-114

Figure3-90 PIM multicast routing table..............................................................................................................3-115

Figure3-91 IGMP multicast routing table..........................................................................................................3-115

Figure3-92 IGMP proxy routing table................................................................................................................3-115

Figure3-93 Basic config .....................................................................................................................................3-116

Figure3-94 MLD snooping.................................................................................................................................3-117

Figure3-95 MLD.................................................................................................................................................3-117

Figure3-96 MLD status.......................................................................................................................................3-117

Figure3-97 PIM ..................................................................................................................................................3-118

Figure3-98 Admin scope zone............................................................................................................................3-118

Figure3-99 PIM status........................................................................................................................................3-119

Figure3-100 BSR status......................................................................................................................................3-120

Figure3-101 RP-Mapping...................................................................................................................................3-120

Figure3-102 PIM multicast routing table............................................................................................................3-120

Figure3-103 Policy-based routing ......................................................................................................................3-121

Figure3-104 Monitoring .....................................................................................................................................3-122

Figure3-105 Policy-based routing ......................................................................................................................3-123

Figure3-106 Monitoring .....................................................................................................................................3-124

Figure3-107 Global configuration......................................................................................................................3-124

Figure3-108 Static FTN......................................................................................................................................3-124

Figure3-109 Static ILM......................................................................................................................................3-125

Figure3-110 LDP configuration .........................................................................................................................3-125

Figure3-111 Display LDP neighbor ...................................................................................................................3-125

Figure3-112 Display LDP adjacency..................................................................................................................3-126

Figure3-113 Display LDP interface....................................................................................................................3-126

Figure3-114 L2VPN configuration.....................................................................................................................3-126

Figure3-115 SVC mode......................................................................................................................................3-127

Figure3-116 CCC mode......................................................................................................................................3-127

Figure3-117 MARTINI mode.............................................................................................................................3-127

Figure3-118 VPLS mode....................................................................................................................................3-127

Figure3-119 Display ARP ..................................................................................................................................3-128

Figure3-120 Static ARP......................................................................................................................................3-128

Figure3-121 Gratuitous ARP..............................................................................................................................3-129

Figure3-122 Configure ARP probe period.........................................................................................................3-129

Figure3-123 Anti-ARP snooping........................................................................................................................3-130

Figure3-124 ARP configuration ........................................................................................................................3-130

Figure3-125 ARP log..........................................................................................................................................3-130

Figure3-126 MAC address manage....................................................................................................................3-131

Figure3-127 DNS ...............................................................................................................................................3-131

Figure3-128 DHCP server..................................................................................................................................3-132

Figure3-129 DHCPv6 server..............................................................................................................................3-134

Figure3-130 DHCP relay agent ..........................................................................................................................3-134

Figure3-131 DHCP IP address table...................................................................................................................3-135

Figure3-132 Basic wireless.................................................................................................................................3-136

Figure3-133 Basic session..................................................................................................................................3-137

Figure3-134 Basic session..................................................................................................................................3-137

Figure3-135 Basic wireless.................................................................................................................................3-137

Figure3-136 Ping................................................................................................................................................3-138

Figure3-137 Traceroute......................................................................................................................................3-139

Figure3-138 Capture...........................................................................................................................................3-139

Figure3-139 Spanning tree .................................................................................................................................3-139

Figure3-140 STP.................................................................................................................................................3-140

Figure3-141 RSTP..............................................................................................................................................3-141

Figure3-142 MSTP.............................................................................................................................................3-141

Figure3-143 STP status.......................................................................................................................................3-142

Figure4-1 Firewall..............................................................................................................................................4-144

Figure4-2 Packet filtering policy........................................................................................................................4-144

Figure4-3 Configuring action.............................................................................................................................4-146

Figure4-4 Packet filtering policy log..................................................................................................................4-147

Figure4-5 IPv6 packet filtering policy................................................................................................................4-148

Figure4-6 IPv6 packet filtering log.....................................................................................................................4-148

Figure4-7 Source NAT.......................................................................................................................................4-149

Figure4-8 Address pool......................................................................................................................................4-149

Figure4-9 Destination NAT................................................................................................................................4-149

Figure4-10 One to one NAT...............................................................................................................................4-151

Figure4-11 N to N NAT .....................................................................................................................................4-152

Figure4-12 NAT64 prefix...................................................................................................................................4-153

Figure4-13 NAT64 address................................................................................................................................4-153

Figure4-14 Address pool....................................................................................................................................4-153

Figure4-15 Source NAT.....................................................................................................................................4-154

Figure4-16 Destination NAT..............................................................................................................................4-154

Figure4-17 Address pool....................................................................................................................................4-154

Figure4-18 DS_LITE_NAT................................................................................................................................4-155

xvi

Figure4-19 Address pool....................................................................................................................................4-155

Figure4-20 ALG configuration...........................................................................................................................4-156

Figure4-21 User-defined log...............................................................................................................................4-156

Figure4-22 Basic attack protection.....................................................................................................................4-156

Figure4-23 Basic attack log query......................................................................................................................4-158

Figure4-24 Network action manage ...................................................................................................................4-159

Figure4-25 Sessions Limit..................................................................................................................................4-159

Figure4-26 Service Limit....................................................................................................................................4-160

Figure4-27 IPv4 blacklist configuration.............................................................................................................4-160

Figure4-28 Blacklist query.................................................................................................................................4-161

Figure4-29 Black list query................................................................................................................................4-161

Figure4-30 Blacklist log query...........................................................................................................................4-162

Figure4-31 MAC/IP Binding..............................................................................................................................4-164

Figure4-32 Auto learning ...........................................................................................................错误!未定义书签。

Figure4-33 User MAC binding...........................................................................................................................4-166

Figure4-34 User/IP binding................................................................................................................................4-165

Figure4-35 binding log query.............................................................................................................................4-168

Figure4-36 Session Management .......................................................................................................................4-169

Figure4-37 Session Parameter............................................................................................................................4-171

Figure4-38 Session Monitoring..........................................................................................................................4-171

Figure4-39 Session Monitoring..........................................................................................................................4-172

Figure4-40 VIP bandwidth guarantee.........................................................................................错误!未定义书签。

Figure4-41 Traffic classification ........................................................................................................................4-174

Figure4-42 Congestion avoidance..............................................................................................错误!未定义书签。

Figure4-43 Congestion management..................................................................................................................4-178

Figure4-44 Traffic shaping.................................................................................................................................4-179

Figure4-45 Anti-ARP-Spoofing .........................................................................................................................4-179

Figure4-46 ARP configuration...........................................................................................................................4-180

Figure5-1 Log management menu......................................................................................................................5-182

Figure5-2 Latest log............................................................................................................................................5-182

Figure5-3 System log query................................................................................................................................5-183

Figure5-4 System log file operation...................................................................................................................5-184

Figure5-5 System log configuration...................................................................................................................5-185

Figure5-6 Latest log............................................................................................................................................5-186

Figure5-7 Operation log query ...........................................................................................................................5-187

Figure5-8 Log file operation...............................................................................................................................5-188

Figure5-9 Operation log configuration...............................................................................................................5-189

Figure5-10 Service log configuration.................................................................................................................5-190

Figure6-1 Interface config..................................................................................................................................6-193

Figure6-2 Interface config..................................................................................................................................6-193

Figure6-3 ISP configuration...............................................................................................................................6-195

Figure7-1 Access control menu..........................................................................................................................7-196

Figure7-2 Rate limit............................................................................................................................................7-196

Figure7-3 User group parameter.........................................................................................................................7-197

Figure7-4 Single user limit.................................................................................................................................7-198

Figure7-5 Rate limitation....................................................................................................................................7-198

Figure7-6 Group management............................................................................................................................7-199

xvii

Figure7-7 Network application browsing...........................................................................................................7-200

Figure7-8 Access control....................................................................................................................................7-203

Figure7-9 Group management............................................................................................................................7-204

Figure7-10 Network application browsing.........................................................................................................7-205

Figure7-11 URL classification filtering..............................................................................................................7-207

Figure7-12 Customize URL classification .........................................................................................................7-208

Figure7-13 Advanced URL filtering...................................................................................................................7-209

Figure7-14 Advanced URL filtering configuration............................................................................................7-210

Figure7-15 URL filter page push........................................................................................................................7-211

Figure7-16 URL page push ................................................................................................................................7-211

Figure7-17 Advanced URL filtering...................................................................................................................7-212

Figure7-18 SQL injection prevention.................................................................................................................7-214

Figure8-1 IPSec sysConfig.................................................................................................................................8-215

Figure8-2 IPsec policy mode..............................................................................................................................8-218

Figure8-3 IPsec route mode................................................................................................................................8-218

Figure8-4 Net protect..........................................................................................................................................8-219

Figure8-5 SA ......................................................................................................................................................8-219

Figure8-6 IPsec interface....................................................................................................................................8-219

Figure8-7 L2TP configuration............................................................................................................................8-220

Figure8-8 L2TP user authentication...................................................................................................................8-221

Figure8-9 L2TP IP pool......................................................................................................................................8-222

Figure8-10 L2TP online status ...........................................................................................................................8-222

Figure8-11 PPTP ................................................................................................................................................8-222

Figure8-12 GRE configuration...........................................................................................................................8-224

Figure8-13 SMAD..............................................................................................................................................8-225

Figure8-14 SMAD blacklist ...............................................................................................................................8-225

Figure8-15 SMAD log........................................................................................................................................8-225

Figure8-16 SSL VPN..........................................................................................................................................8-226

Figure8-17 IP pool configuration .......................................................................................................................8-227

Figure8-18 Domain configuration......................................................................................................................8-227

Figure8-19 License management........................................................................................................................8-227

Figure8-20 Portals management.........................................................................................................................8-228

Figure8-21 Resource configuration....................................................................................................................8-228

Figure8-22 Share space.......................................................................................................................................8-228

Figure8-23 User configuration ...........................................................................................................................8-229

Figure8-24 User status........................................................................................................................................8-229

Figure8-25 Authentication key...........................................................................................................................8-229

Figure8-26 Security set.......................................................................................................................................8-230

Figure8-27 Security rule.....................................................................................................................................8-230

Figure8-28 Security rule group...........................................................................................................................8-230

Figure8-29 Policy configuration.........................................................................................................................8-231

Figure8-30 Log query.........................................................................................................................................8-231

Figure8-31 Log configuration.............................................................................................................................8-231

Figure8-32 Log manage......................................................................................................................................8-231

Figure8-33 User stat form...................................................................................................................................8-232

Figure8-34 Flux stat form...................................................................................................................................8-232

Figure8-35 Statistical offline users.....................................................................................................................8-232

xviii

Figure8-36 Online time ranking form.................................................................................................................8-233

Figure8-37 Resource access form.......................................................................................................................8-233

Figure9-1 Traffic analysis...................................................................................................................................9-234

Figure9-2 Traffic analysis...................................................................................................................................9-234

Figure9-3 Policy configuration...........................................................................................................................9-235

Figure9-4 Advanced configuration.....................................................................................................................9-236

Figure9-5 Keyword filtering...............................................................................................................................9-237

Figure9-6 Keyword filtering...............................................................................................................................9-238

Figure10-1 Security center ...............................................................................................................................10-239

Figure10-2 Basic authentication configuration items.......................................................................................10-239

Figure10-3 Webauth configuration...................................................................................................................10-241

Figure10-4 TAC configuration.........................................................................................................................10-242

Figure10-5 Customer configuration .................................................................................................................10-243

Figure10-6 Web authentication notice..............................................................................................................10-243

Figure10-7 Web listen......................................................................................................................................10-244

Figure10-8 Proscenium management ...............................................................................................................10-244

Figure10-9 Online management for the hotel user...........................................................................................10-245

Figure10-10 Terminal management .................................................................................................................10-246

Figure10-11 USB data leakage monitor ...........................................................................................................10-247

Figure10-12 Terminal configuration ................................................................................................................10-247

Figure10-13 Online user...................................................................................................................................10-248

Figure10-14 Local Account Authentication.....................................................................................................10-249

Figure10-15 Blackname list..............................................................................................................................10-250

Figure10-16 Remote synchronization...............................................................................................................10-251

Figure11-1 Display IDS cooperation log..........................................................................................................11-252

Figure12-1 High availability.............................................................................................................................12-253

Figure12-2 VRRP configuration.......................................................................................................................12-254

Figure12-3 Monitoring .....................................................................................................................................12-255

Figure12-4 Monitoring .....................................................................................................................................12-256

Figure12-5 BFD option.....................................................................................................................................12-256

Figure12-6 Overflow protect............................................................................................................................12-257

Figure12-7 Hot standby....................................................................................................................................12-257

Figure12-8 Handwork synchronization............................................................................................................12-258

Figure12-9 Backup reboot................................................................................................................................12-258

Figure12-10 Interface synchronization group...................................................................................................12-259

List of Tables

Table2-1 Device information................................................................................................................................2-10

Table2-2 Device status .........................................................................................................................................2-11

Table2-3 System threshold...................................................................................................................................2-13

Table2-4 SNMPv3 configuration .........................................................................................................................2-17

Table2-5 User management..................................................................................................................................2-21

Table2-6 Current administrator ............................................................................................................................2-22

Table2-7 Administrator settings configuration items...........................................................................................2-22

Table2-8 Administrator authentication setting.....................................................................................................2-24

Table2-9 Login parameter settings.......................................................................................................................2-26

Table2-10 Authority management configuration items........................................................................................2-27

Table2-11 WEB access protocol ..........................................................................................................................2-28

Table2-12 Interface service ..................................................................................................................................2-29

Table2-13 Remote user.........................................................................................................................................2-30

Table2-14 Configuration file configuration items................................................................................................2-31

Table2-15 Version information ............................................................................................................................2-34

Table2-16 The auto-upgrade settings ...................................................................................................................2-34

Table2-17 Manual upgrade configuration items...................................................................................................2-35

Table2-18 Version information ............................................................................................................................2-37

Table2-19 The auto-upgrade settings ...................................................................................................................2-38

Table2-20 Manual upgrade configuration items...................................................................................................2-38

Table2-21 Software version configuration items..................................................................................................2-41

Table2-22 NTP server mode configuration items.................................................................................................2-42

Table2-23 NTP client mode..................................................................................................................................2-43

Table2-24 Virtual server setting configuration items...........................................................................................2-44

Table2-25 VRF configuration items.....................................................................................................................2-45

Table2-26 Device information configuration items..............................................................................................2-47

Table2-27 CA Server configuration items............................................................................................................2-48

Table2-28 CRL server configuration....................................................................................................................2-49

Table2-29 Certification Management...................................................................................................................2-51

Table2-30 CRL management................................................................................................................................2-52

Table3-1 Security zone configuration items.........................................................................................................3-63

Table3-2 IP address object configuration items....................................................................................................3-65

Table3-3 IP address object group .........................................................................................................................3-66

Table3-4 IP address object group .........................................................................................................................3-67

Table3-5 Account user..........................................................................................................................................3-68

Table3-6 State.......................................................................................................................................................3-72

Table3-7 Configure static route............................................................................................................................3-74

Table3-8 Basic routing table.................................................................................................................................3-76

Table3-9 Detailed routing table configuration items............................................................................................3-77

Table3-10 BGP neighbor configuration ...............................................................................................................3-78

Table3-11 BGP advanced configuration...............................................................................................................3-79

Table3-12 BGP advanced configuration...............................................................................................................3-80

Table3-13 BGP-VPN configuration items............................................................................................................3-80

Table3-14 BGP-VPN configuration items............................................................................................................3-81

Table3-15 RIP interface configuration.................................................................................................................3-83

Table3-16 RIP advanced configuration................................................................................................................3-83

Table3-17 OSPF advanced configuration.............................................................................................................3-85

Table3-18 OSPF area configuration.....................................................................................................................3-85

Table3-19 OSPF interface configuration..............................................................................................................3-86

Table3-20 OSPF interface information.................................................................................................................3-87

Table3-21 OSPF neighbor information ................................................................................................................3-88

Table3-22 IS-IS advanced configuration..............................................................................................................3-89

Table3-23 IS-IS interface configuration...............................................................................................................3-89

Table3-24 IS-IS neighbor.....................................................................................................................................3-90

Table3-25 ISIS LSP..............................................................................................................................................3-91

Table3-26 Basic routing table...............................................................................................................................3-93

Table3-27 Detailed routing table..........................................................................................................................3-94

Table3-28 RIPNG interface configuration ...........................................................................................................3-95

Table3-29 RIPng advanced configuration............................................................................................................3-96

Table3-30 OSPFv3 area configuration.................................................................................................................3-97

Table3-31 OSPFv3 interface configuration..........................................................................................................3-98

Table3-32 OSPFv3 advanced configuration.........................................................................................................3-99

Table3-33 OSPFv3 interface information.............................................................................................................3-99

Table3-34 OSPFv3 neighbor information ..........................................................................................................3-100

Table3-35 Basic config.......................................................................................................................................3-102

Table3-36 IGMP snooping.................................................................................................................................3-102

Table3-37 IGMP configuration ..........................................................................................................................3-103

Table3-38 IGMP Proxy......................................................................................................................................3-105

Table3-39 IGMP status.......................................................................................................................................3-106

Table3-40 Candidate BSR configuration............................................................................................................3-107

Table3-41 Static RP configuration .....................................................................................................................3-107

Table3-42 Candidate RP configuration ..............................................................................................................3-108

Table3-43 Interface configuration......................................................................................................................3-108

Table3-44 Global zone configuration.................................................................................................................3-109

Table3-45 Global zone configuration.................................................................................................................3-110

Table3-46 Basic config.......................................................................................................................................3-116

Table3-47 Global zone configuration.................................................................................................................3-118

Table3-48 Global zone configuration.................................................................................................................3-119

Table3-49 Policy-based routing configuration items..........................................................................................3-122

Table3-50 Policy-based routing configuration items..........................................................................................3-123

Table3-51 Dynamic DHCP server configuration ...............................................................................................3-132

Table3-52 Static DHCP server configuration.....................................................................................................3-133

Table3-53 DHCP relay configuration.................................................................................................................3-134

Table3-54 DHCP IP address table......................................................................................................................3-135

Table3-55 BFD configuration.............................................................................................................................3-136

Table3-56 Select STP configuration items.........................................................................................................3-140

Table3-57 MSTP region configuration items.....................................................................................................3-141

Table4-1 Packet filtering policy configuration items .........................................................................................4-145

Table4-2 Configuring action...............................................................................................................................4-146

Table4-3 Destination NAT configuration...........................................................................................................4-149