User`s manual

Adding a Virtual IP:

IP/MAC binding

IP/MAC binding provides added security against IP Spoofing attacks. IP Spoofing attempts to use the IP

address of a trusted computer to access the DFL-500 from a different computer. The IP address of a

computer can easily be changed to a trusted address, but MAC addresses are added to ethernet cards at the

factory and cannot easily be changed.

You can enter the IP addresses and corresponding MAC addresses of trusted computers into the DFL-500

firewall configuration. When a data packet arrives from a trusted IP address, it is checked to determine

whether the MAC address that the packet originated from matches the MAC address in the table. The DFL-

500 checks all packets arriving at the DFL-500 whether they are directed at the DFL-500 or are meant to be

passed through.

MAC addresses are only carried on the local network where they originate, and are not passed from one

network to another.

This section describes:

• Adding IP/MAC binding addresses

• Enabling IP/MAC binding

Adding IP/MAC binding addresses

• Go to Firewall > IP/MAC Binding > IP MAC .

• Click New to add an IP address/MAC address pair.

• Click Enable to activate the IP/MAC binding pair.

Enabling IP/MAC binding

• Go to Firewall > IP/MAC Binding > Setting .

• Click Enable IP/MAC.

• Select one of the following:

Allow traffic when

not defined in the

table

The DFL-500 lets traffic with a source address not found in the IP/MAC binding table pass

through the firewall. Any traffic with a source address that is defined in the IP/MAC binding

table must have the correct MAC address or it is blocked.

Deny traffic when

not defined in the

table

The DFL-500 blocks all traffic with a source address that is not found in the IP/MAC binding

table. Any traffic with a source address that is defined in the IP/MAC binding table must

have the correct MAC address or it is also blocked.

DFL-500 User’s Manual