hit counter script
Download Print this page
D-Link DFL-M510 Faq
Hide thumbs Also See for DFL-M510:

Advertisement

DFL-M510 FAQ
D-Link Nordic Technical Support
1

Advertisement

loading

Summary of Contents for D-Link DFL-M510

  • Page 1 DFL-M510 FAQ D-Link Nordic Technical Support...
  • Page 2 Q: Why does D-Link strongly suggest not managing DFL-M510 from the Internet? Q: Do the”Standby Hosts” disappear from the host table after rebooting? Q: After rebooting the DFL-M510, what configuration files would disappear? (Host table? Policy? Report? …) Q: What would happen after the hosts exceed 150 users?
  • Page 3 Q: Is there any detail Application list spported by the DFL-M510? Q: How does DFL-M510 manage Streaming Media Applications? Q: Why can the DFL-M510 only block or allow Skype / QQ? Is there no granular action control? Q: How does DFL-M510 manage normal FTP and FTP applications like GETRight/FlashGet?
  • Page 4 Operating System. Although the memory usage looks high right after the booting, it tends to keep stable (from 80% to 89%) without too much peaks. Q: Why does D-Link strongly suggest not managing DFL-M510 from the Internet?
  • Page 5 Q: What LOG information is included in the DFL-M510? The DFL-M510 does not contain a disk to store large bulks of data for log and report, so therefore only the necessary information for network users is saved. Only “System Log”...
  • Page 6 Q: What would happen after the concurrent session exceeds 12K? Dropped or forwarded immediately. This is optional by setting the configuration “forward” or “block” flag in “Setup Host” page of UI. D-Link Nordic Technical Support...
  • Page 7 Q: How to implement the DFL-M510 in the environment with L3 device? We do not suggest a user to put any Layer 3 switch beneath the DFL-M510. Though it will not suffer the security and control management, the host information of traffic through the switch will be aggregated.
  • Page 8 In Login process, the Ul (by Java applet) reads several data and system configurations from the device and these suffer the login process. They include Network setting, DMZ list, Bypassed hosts, Host table, Schedule, Policy file, Operation Mode, Templates, Groups and Alert Message D-Link Nordic Technical Support...
  • Page 9 Q: Why is there Priority for each group in the DFL-M510? If the host belongs to multiple groups, the policy will be different. For example, John belongs to Group A and Group B. The two group’s policies are different. DFL-M510 differentiates based on group priority.
  • Page 10 Q: Can the DFL-M510 send Pop-up messages to clients in different subnets under L3 switch? WinPop-up messages are delivered by the DFL-M510 through UDP stream directly to the target (i.e., not through the gateway, even the target is in the different subnet). So that if the device and the target are not in the same subnet, the Win pop-up messages will not reach to the target host.
  • Page 11 User may need to close the Ul and re- login the system again. Q: How many bytes are transferred from DFL-M510 to the PC for RTM? The maximum is 120K bytes/5 sec. However, this only happens in extreme cases: 150 hosts fully learned, and 4096 rules hit in 5 seconds.
  • Page 12 Q: What are the main features of RTM in DFL-M510? Three main features of the real-time monitor: 1. The traffic monitor which allows administrator to monitor the traffic, in terms of bytes or bps, of selected types of applications. 2. The application monitor which allows the administrator to monitor the application usage of every managed host.
  • Page 13 We use a port range (TCP port 1023-5000) and specified patterns to identify the H.323 protocol, not only by single TCP port 1720. Q: How many P2P applications can the DFL-M510 manage? The applications for each P2P network are listed below:...
  • Page 14 For example, the action of Yahoo web mail is both in HTTP application and Web Control. However, the web mail utilization of Gmail is only classified into Web Control, because it follows HTTPS protocol. D-Link Nordic Technical Support...
  • Page 15 Packets with a matching byte sequence will be filtered out as they are received by the device. However, the same string encoded in a different way will pass through the device provided no other filter catches it. D-Link Nordic Technical Support...
  • Page 16 2: A user first logs in to Skype network with his/her computer at one place, does not log off, and then connects his/her computer to the network managed by DFL-M510. Note: by definition, the behaviour below is called quit Skype network, which is different from the behaviour of log off Skype.
  • Page 17 DF-M510 is able to know that a user is trying to download a file. Below is a list of common file types and their file extension names. File extension name supported by “Web download” is marked with YES in the last column. D-Link Nordic Technical Support...
  • Page 18 D-Link Nordic Technical Support...
  • Page 19 No. As for Yahoo web mail, DFL-M510 identifies the behaviour of opening web mail pages after a user has logged in to Yahoo web mail. As for Hotmail, DFL-M510 blocks URL plus parameters that are necessary for web mail services. For Gmail, DFL-M510 block URLs that are known to connect to Gmail.
  • Page 20 For signatures detecting IM’s behaviours such as File Transfer, Chat, Online Game, Audio Communication, and Video Communication, the directions are bidirectional. This means that DFL-M510 can detect such attempts either from LAN to WAN or from WAN to LAN. For signatures detecting HTTP download attempts, IM login attempts, Web Mail controls (Yahoo Mail, Gmail, and Hotmail), Web Upload, Web Download, and Java Applet download attempts, the directions are unidirectional.
  • Page 21 TROJAN active-PhaseZero serier TROJAN active-Infector 1.6 serier to client TROJAN active-deepthroat_ftpd TROJAN active-CAFEiniO.9 TROJAN netbus-getinfo-12346 TROJAN active-DonaidDick 1.53 TROJAN worm-QAZ infection TROJAN active-subseven22 TROJAN active-mosucker2l TROJAN active-BackConstruction 2.1 TROJAN ative-SatansBackdoor.2.0.Beta TROJAN active-BackOrifice 1 -d jr TROJAN active-dagger_1 .4.0 D-Link Nordic Technical Support...
  • Page 22 Q: What happens after DFL-M510 blocks/detects malicious traffic? By Layer 7 detection engine, DFL-M510 will drop the corresponding packet which is classified as a malicious packet. Furthermore, the device logs the event for the report and sends the data to the real-time monitor of UI if it exists. If this malicious behaviour is through TCP connection, then the connection will be blocked and put into a black list for denying further communication.