User manual

ManualsBrandsD-Link ManualsNetworkingDFL - 1660 Network Security UTM Firewall

201

202

203

204

205

206

207

208

209

210

Allow/Disallow Read

The TFTP GET function can be disabled so that files cannot

be retrieved by a TFTP client. The default value is Allow.

Allow/Disallow Write

The TFTP PUT function can be disabled so that files cannot

be written by a TFTP client. The default value is Allow.

Remove Request Option

Specifies if options should be removed from request. The

default is False which means "do not remove".

Block Unknown Options

This option allows the blocking of any option in a request

other than the blocksize, the timeout period and the file

transfer size. The default is False which means "do not

block".

TFTP Request Options

As long as the Remove Request Option described above is set to false (options are not removed)

then the following request option settings can be applied:

Maximum Blocksize

The maximum blocksize allowed can be specified. The

allowed range is 0 to 65464 bytes. The default value is 65464

bytes.

Maximum File Size

The maximum size of a file transfer can be restricted. By

default this is the absolute maximum allowed which 999,999

Kbytes.

Allow Directory Traversal

This option can disallow directory traversal through the use of

filenames containing consecutive periods ("..").

Allowing Request Timeouts

The NetDefendOS TFTP ALG blocks the repetition of an TFTP request coming from the same

source IP address and port within a fixed period of time. The reason for this is that some TFTP

clients might issue requests from the same source port without allowing an appropriate timeout

period.

6.2.5. The SMTP ALG

Simple Mail Transfer Protocol (SMTP) is a text based protocol used for transferring email between

mail servers over the Internet. Typically the local SMTP server will be located on a DMZ so that

mail sent by remote SMTP servers will traverse the D-Link Firewall to reach the local server (this

setup is illustrated later in Section 6.2.5.1, “DNSBL SPAM Filtering”). Local users will then use

email client software to retrieve their email from the local SMTP server.

SMTP is also used when clients are sending email and the SMTP ALG can be used to monitor

SMTP traffic originating from both clients and servers.

SMTP ALG Options

Key features of the SMTP ALG are:

Email Rate Limiting

A maximum allowable rate of email messages can be

specified. This rate is calculated on a per source IP address

basis, in other words it is not the total rate that is of interest

but the rate from a certain email source.

6.2.5. The SMTP ALG Chapter 6. Security Mechanisms

207