Dptech Fw1000 series User manual

DPtech FW1000 Series Firewall Products

User Configuration Guide v1.0

Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support.

If you need anyhelp, please contact Hangzhou DPtech Technologies Co., Ltd. and its sale agent, according to where

you purchase their products.

Hangzhou DPtech Technologies Co., Ltd.

Address: 6th floor, zhongcai mansion, 68 tonghelu, Binjiangqu, Hangzhoushi

Address code: 310051

iii

Declaration

Hangzhou DPtech Technologies Co., Ltd.

No Part of the manual can be extracted or copied by any company or individuals without written permission, and can

not be transmitted by any means.

Owing to product upgrading or other reasons, information in this manual is subject to change. Hangzhou DPtech

Technologies Co., Ltd. has the right to modify the content in this manual, as it is a user guides, Hangzhou DPtech

Technologies Co., Ltd. made every effort in the preparation of this document to ensure accuracy of the contents, but

all statements, information, and recommendations in this document do not constitute the warranty of any kind

express or implied.

Table of Contents

CHAPTER 1 PRODUCT OVERVIEW 1-5

1.1 PRODUCT INTRODUCTION 1-5

1.2 WEB MANAGEMENT 1-5

1.2.1 LOGGING IN TO THE WEB MANAGEMENT INTERFACE 1-5

1.2.2 WEB INTERFACE LAYOUT 1-6

CHAPTER 2 SYSTEM MANAGEMENT 2-8

2.1 INTRODUCTION TO SYSTEM MANAGEMENT 2-8

2.2 DEVICE MANAGEMENT 2-9

2.2.1 DEVICE INFORMATION 2-9

2.2.2 DEVICE STATUS 2-10

2.2.3 DEVICE CONFIGURATION 2-12

2.3 SNMP CONFIGURATION 2-15

2.3.1 SNMP VERSION CONFIGURATION 2-16

2.4 RMON CONFIGURATION 2-19

2.4.1 ALARM 2-19

2.4.2 HISTORY 2-20

2.5 ADMINISTRATOR 2-21

2.5.1 INTRODUCTION TO ADMINISTRATOR 2-21

2.5.2 AUTHORITY MANAGEMENT 2-27

2.5.3 WEB ACCESS PROTOCOL 2-28

2.5.4 LIMITED INTERFACE SERVICE 2-28

2.5.5 REMOTE USER 2-29

2.6 CONFIGURATION FILE 2-30

2.7 HOT PATCHING 2-32

2.8 SIGNATURE DATABASE 2-33

2.8.1 APP SIGNATURE 2-33

2.8.2 URL CLASSIFICATION FILTERING SIGNATURE 2-36

2.8.3 AV SIGNATURE 2-39

2.8.4 IPS SIGNATURE 2-39

2.8.5 LICENSE MANAGEMENT 2-40

2.9 SOFTWARE VERSION 2-41

2.10 NTP 2-42

2.11 VIRTUAL MANAGEMENT SYSTEM 2-44

2.11.1 VIRTUAL MANAGEMENT SYSTEM CONFIGURATION 2-44

2.11.2 VIRTUAL MANAGEMENT SYSTEM PARAMETER SETTINGS 2-44

2.12 OVC 2-45

2.13 VRF 2-45

2.14 DIGITAL CERTIFICATE 2-46

2.14.1 INTRODUCTION TO DIGITAL CERTIFICATE 2-46

2.14.2 CERTIFICATE MANAGEMENT 2-49

2.15 INSTALLATION PACKAGE 2-52

2.16 MANAGEMENT CENTER 2-53

CHAPTER 3 NETWORK MANAGEMENT 3-54

3.1 INTRODUCTION TO NETWORK MANAGEMENT 3-54

3.2 INTERFACE MANAGEMENT 3-55

3.2.1 NETWORKING CONFIGURATION 3-55

3.2.2 VLAN CONFIGURATION 3-56

3.2.3 INTERFACE CONFIGURATION 3-57

3.2.4 PORT AGGREGATION 3-58

3.2.5 PORT MIRRORING 3-59

3.2.6 LOGIC INTERFACE 3-59

3.2.7 GRE 3-61

3.3 3G DIAL-UP 3-61

3.4 NETWORK OBJECT 3-62

3.4.1 SECURITY ZONE 3-62

3.4.2 IP ADDRESS 3-64

3.4.3 IPV6ADDRESS 3-66

3.4.4 MAC ADDRESS 3-66

3.4.5 MAC ADDRESS MANAGE 3-67

3.4.6 ACCOUNT 3-68

3.4.7 DOMAIN NAME 3-69

3.4.8 SERVICE 3-69

3.5 FORWARDING 3-70

3.5.1 FORWARDING 3-70

3.5.2 FORWARDING MODE 3-71

3.5.3 NEIGHBOR DISCOVER 3-71

3.6 TRANS_TECH 3-72

3.6.1 DS_LITE 3-72

3.7 6TO4TUNNEL 3-72

3.8 AUTOCONFIG 3-73

3.8.1 STATELESS CONFIGURATION 3-73

3.9 IPV4UNICAST ROUTING 3-73

3.9.1 IPV4UNICAST ROUTING 3-73

3.9.2 CONFIGURE STATIC ROUTE 3-73

3.10 ROUTING TABLE 3-75

3.10.1 BASIC ROUTING TABLE 3-75

3.10.2 DETAILED ROUTING TABLE 3-76

3.10.3 EQUAL-COST ROUTE 3-77

3.10.4 BGP 3-78

3.10.5 RIP 3-82

3.10.6 OSPF 3-84

3.10.7 IS-IS 3-88

3.10.8 GUARD ROUTE 3-91

3.11 IPV6UNICAST ROUTING 3-92

3.11.1 STATIC ROUTE 3-92

3.11.2 RIPNG 3-94

3.11.3 OSPFV3 3-96

3.11.4 GUARD ROUTE 3-101

3.12 IPV4MULTICAST ROUTING 3-101

3.12.1 BASIC CONFIG 3-101

3.12.2 IGMP SNOOPING 3-102

3.12.3 IGMP/IGMP PROXY 3-104

3.12.4 PIM 3-106

3.12.5 MSDP 3-111

3.12.6 MULTICAST VPN 3-113

3.12.7 MULTICAST SOURCE PROXY 3-113

3.12.8 MULTICAST SOURCE NAT 3-113

3.12.9 MULTICAST DESTINATION NAT 3-113

3.12.10 MULTICAST STATIC ROUTING 3-114

3.12.11 MULTICAST ROUTING TABLE 3-114

3.13 IPV6MULTICAST ROUTING 3-116

3.13.1 BASIC CONFIG 3-116

3.13.2 MLD 3-116

3.13.3 PIM 3-117

3.13.4 PIM MULTICAST ROUTING TABLE 3-120

3.14 POLICY-BASED ROUTING 3-121

3.14.1 INTRODUCTION TO POLICY-BASED ROUTING 3-121

3.14.2 IPV6POLICY-BASED ROUTING 3-121

3.14.3 IPV4POLICY-BASED ROUTING 3-122

3.15 MPLS 3-124

3.15.1 MPLS CONFIGURATION 3-124

3.15.2 STATIC FTN/ILM 3-124

3.15.3 LDP 3-125

3.15.4 L2VPN CONFIGURATION 3-126

3.16 ARP CONFIGURATION 3-128

3.16.1 DISPLAY ARP 3-128

3.16.2 ANTI-ARP-SNOOPING 3-129

3.17 MAC ADDRESS MANAGE 3-130

3.18 DNS CONFIGURATION 3-131

3.18.1 INTRODUCTION TO DNS 3-131

3.18.2 DNS 3-131

3.19 DHCP CONFIGURATION 3-131

3.19.1 INTRODUCTION TO DHCP 3-131

3.19.2 DHCP SERVER 3-132

3.19.3 DHCPV6SERVER 3-134

3.19.4 DHCP RELAY AGENT 3-134

3.19.5 DHCP IP ADDRESS TABLE 3-135

3.20 BFD 3-135

3.20.1 BFD CONFIGURATION 3-135

3.20.2 BFD SESSION 3-136

3.20.3 BFD MANUAL 3-137

3.21 BASIC WIRELESS 3-137

vii

3.22 DIAGNOSTIC TOOLS 3-138

3.22.1 PING 3-138

3.22.2 TRACEROUTE 3-138

3.22.3 CAPTURE 3-139

3.23 LAN SWITCH 3-139

3.23.1 SPANNING TREE 3-139

CHAPTER 4 FIREWALL 4-143

4.1 INTRODUCTION TO THE FIREWALL 4-143

4.2 PACKET FILTERING POLICY 4-144

4.2.1 PACKET FILTERING POLICY 4-144

4.2.2 PACKET FILTERING POLICY LOG 4-147

4.3 IPV6PACKET FILTERING POLICY 4-147

4.3.1 IPV6PACKET FILTERING POLICY 4-147

4.3.2 IPV6PACKET FILTERING LOG 4-148

4.4 NAT 4-148

4.4.1 INTRODUCTION TO NAT 4-148

4.4.2 SOURCE NAT 4-148

4.4.3 DESTINATION NAT 4-149

4.4.4 ONE TO ONE NAT 4-150

4.4.5 NTO NNAT 4-151

4.5 NAT64 4-152

4.5.1 NAT64 PREFIX 4-153

4.5.2 NAT64 ADDRESSS 4-153

4.5.3 ADDRESS POOL 4-153

4.6 NAT66 4-154

4.6.1 SOURCE NAT 4-154

4.6.2 DESTINATION NAT 4-154

4.6.3 ADDRESS POOL 4-154

4.7 DS_LITE_NAT 4-155

4.7.1 DS_LITE_NAT 4-155

4.7.2 ADDRESS POOL 4-155

4.8 ALG CONFIGURATION 4-155

4.8.1 ALG CONFIGURATION 4-156

4.8.2 USER-DEFINED LOG 4-156

4.9 BASIC ATTACK PROTECTION 4-156

4.9.1 BASIC ATTACK PROTECTION 4-156

4.9.2 BASIC ATTACK LOG QUERY 4-158

4.10 NETWORK ACTION MANAGE 4-159

4.11 SESSION LIMIT 4-159

4.12 SERVICE LIMIT 4-160

4.13 BLACKLIST 4-160

4.13.1 IPV4BLACK LIST CONFIGURATION 4-160

4.13.2 IPV6BLACK LIST CONFIGURATION 4-161

4.13.3 BLACK LIST QUERY 4-161

viii

4.13.4 BLACKNAME LOG QUERY 4-162

4.14 MAC/IP BINDING 4-162

4.14.1 MAC/IP BINDING 4-162

4.14.2 AUTO LEARNING 4-162

4.14.3 USER MAC BINDING 4-166

4.14.4 USER/IP BINDING 4-165

4.14.5 BINDING LOG QUERY 4-167

4.15 SESSION MANAGEMENT 4-169

4.15.1 SESSION LIST 4-169

4.15.2 SESSION PARAMETER 4-170

4.15.3 SESSION MONITORING 4-171

4.15.4 SESSION LOG CONFIGURATION 4-171

4.16 QOS 4-173

4.16.1 VIP BANDWIDTH GUARANTEE 错误!未定义书签。

4.16.2 TRAFFIC CLASSIFICATION 4-174

4.16.3 CONGESTION AVOIDANCE 4-176

4.16.4 CONGESTION MANAGEMENT 4-178

4.16.5 TRAFFIC SHAPING 4-179

4.17 ANTI-ARP-SPOOFING 4-179

4.17.1 ANTI-ARP-SPOOFING 4-179

4.17.2 ARP CONFIGURATION 4-180

CHAPTER 5 LOG MANAGEMENT 5-181

5.1 INTRODUCTION TO THE LOG MANAGEMENT 5-181

5.2 SYSTEM LOG 5-182

5.2.1 LATEST LOG 5-182

5.2.2 SYSTEM LOG QUERY 5-183

5.2.3 SYSTEM LOG FILE OPERATION 5-184

5.2.4 SYSTEM LOG CONFIGURATION 5-185

5.3 OPERATION LOG 5-186

5.3.1 LATEST LOG 5-186

5.3.2 OPERATION LOG QUERY 5-187

5.3.3 LOG FILE OPERATION 5-188

5.3.4 OPERATION LOG CONFIGURATION 5-189

5.4 SERVICE LOG 5-190

5.4.1 SERVICE LOG CONFIGURATION 5-190

CHAPTER 6 LOAD BALANCING 6-192

6.1 LINK LOAD BALANCING 6-192

6.1.1 INTRODUCTION TO LINK LOAD BALANCING 6-192

6.1.2 LINK LOAD BALANCING 6-192

6.1.3 LINK HEALTH CHECK 6-193

6.1.4 ISP 6-194

CHAPTER 7 ACCESS CONTROL 7-195

7.1 RATE LIMITATION 7-195

7.1.1 INTRODUCTION TO THE RATE LIMITATION 7-195

7.1.2 RATE LIMIT 7-196

7.1.3 SINGLE USER LIMIT 7-197

7.1.4 GROUP MANAGEMENT 7-199

7.1.5 NETWORK APPLICATION BROWSING 7-200

7.1.6 TYPICAL CONFIGURATION FOR THE RATE LIMITATION 7-200

7.2 ACCESS CONTROL 7-202

7.2.1 INTRODUCTION TO THE ACCESS CONTROL 7-202

7.2.2 ACCESS CONTROL 7-203

7.2.3 GROUP MANAGEMENT 7-203

7.2.4 TYPICAL CONFIGURATION FOR THE ACCESS CONTROL 7-205

7.3 URL FILTERING 7-207

7.3.1 URL CLASSIFICATION FILTERING 7-207

7.3.2 CUSTOMIZE URL CLASSIFICATION 7-208

7.3.3 ADVANCED URL FILTERING 7-209

7.3.4 URL FILTER PAGE PUSH 7-210

7.3.5 TYPICAL CONFIGURATION FOR THE RATE LIMITATION 7-211

7.4 SQL INJECTION PROTECTION 7-214

CHAPTER 8 VPN 8-214

8.1.1 INTRODUCTION TO IPSEC 8-215

8.1.2 IPSEC SYSCONFIG 8-215

8.1.3 IPSEC POLICY MODE 8-218

8.1.4 IPSEC ROUTE MODE 8-218

8.1.5 NET PROTECT 8-219

8.1.6 SA 8-219

8.1.7 IPSEC INTERFACE 8-219

8.2 L2TP 8-219

8.2.1 INTRODUCTION TO L2TP 8-219

8.2.2 L2TP 8-220

8.2.3 L2TP USER AUTHENTICATION 8-221

8.2.4 L2TP IP POOL 8-221

8.2.5 L2TP ONLINE STATUS 8-222

8.3 PPTP 8-222

8.4 GRE 8-223

8.4.1 INTRODUCTION TO THE GRE 8-223

8.4.2 GRE CONFIGURATION 8-223

8.5 SMAD 8-225

8.5.1 SMAD 8-225

8.5.2 SMAD BLACKLIST 8-225

8.5.3 SMAD LOG 8-225

8.6 SSL VPN 8-226

8.6.1 INTRODUCTION TO THE SSL VPN 8-226

8.6.2 SSL VPN 8-226

8.6.3 RESOURCES 8-228

8.6.4 USER MANAGEMENT 8-229

8.6.5 AUTHENTICATION KEY 8-229

8.6.6 SECURITY POLICY 8-230

8.6.7 LOG MANAGEMENT 8-231

8.6.8 REPORT FORMS 8-232

CHAPTER 9 ONLINE BEHAVIOR MANAGEMENT 9-234

9.1 INTRODUCTION TO ONLINE BEHAVIOR MANAGEMENT 9-234

9.2 TRAFFIC ANALYSIS 9-234

9.2.1 TRAFFIC ANALYSIS 9-234

9.3 BEHAVIOR ANALYSIS 9-235

9.3.1 POLICY CONFIGURATION 9-235

9.3.2 ADVANCED CONFIGURATION 9-236

9.3.3 KEYWORD FILTERING 9-236

CHAPTER 10 PORTAL AUTHENTICATION 10-239

10.1 INTRODUCTION TO THE PORTAL AUTHENTICATION 10-239

10.1.1 AUTHENTICATION CONFIG 10-239

10.1.2 WEB AUTHENTICATION NOTICE 10-243

10.1.3 WEB LISTEN 10-244

10.1.4 PROSCENIUM MANAGEMENT 10-244

10.1.5 TERMINAL MANAGEMENT 10-246

10.1.6 ONLINE USER 10-248

10.1.7 LOCAL ACCOUNT USER 10-249

10.1.8 BLACKNAME LIST 10-250

10.1.9 REMOTE SYNCHRONIZATION 10-250

CHAPTER 11 IDS INTEGRATION 11-252

11.1 INTRODUCTION 11-252

11.2 IDSINTEGRATION 11-252

11.2.1 DISPLAY IDS COOPERATION LOG 11-252

CHAPTER 12 HIGH AVAILABILITY 12-253

12.1 VRRP 12-253

12.1.1 INTRODUCTION TO VRRP GROUP 12-253

12.1.2 MONITOR IP ADDRESS OBJECT 12-255

12.1.3 MONITORING 12-256

12.1.4 BFD OPTION 12-256

Other manuals for FW1000 SERIES

Table of contents

Other DPtech Network Router manuals

DPtech

DPtech LSW6602-24GT4XGS User manual

DPtech

DPtech LSW3003 Series User manual

Popular Network Router manuals by other brands

TRENDnet

TRENDnet TEW-435BRM - 54MBPS 802.11G Adsl Firewall M Quick installation guide

Siemens

Siemens SIMOTICS CONNECT 400 manual

Alfa Network

Alfa Network ADS-R02 Specifications

Barracuda Networks

Barracuda Networks Link Balancer quick start guide

ZyXEL Communications

ZyXEL Communications ES-2024PWR Support notes

HPE

HPE FlexNetwork 5510 HI Series Openflow configuration guide

Allied Telesis

Allied Telesis AT-AR236E quick start guide

ADTRAN

ADTRAN NetVanta 3458-PoE quick start

C&H Technologies

C&H Technologies EM405-8 manual

Huawei

Huawei WiFi Mesh 3 Product description

Addonics Technologies

Addonics Technologies ISC8P2G-S Quick install guide

Atel

Atel W02 Arch+ Faqs

Allnet

Allnet ALL0333AU user guide

Sercomm

Sercomm Genesis OC3505D Quick installation guide

Billion

Billion BIPAC 5102 Series user manual

TP-Link

TP-Link TD-8817 QIG

Motorola

Motorola MR1900 user guide

Cisco

Cisco SOHO Series Regulatory compliance and safety information

DPtech FW1000 SERIES User manual

Popular Network Router manuals by other brands