D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: WilliFixit on January 11, 2010, 10:22:15 AM
-
Our DFL-210 has a active subscription for Intrusion Detection and Update updates. However, with the Update Interval set to update regularly (I have tried daily, and hourly) the firewall DOES NOT update. I tried D-Link support and got little help. I did receive a cryptic voicemail (from a D-Link tech) about the problem that stated that I needed to add a rule to allow the updates to happen. I cannot, find any documentation to help show how to set this up. According to http://security.dlink.com.tw/support_faq_view.asp?sno=ABNALB&ProductType=1 (http://security.dlink.com.tw/support_faq_view.asp?sno=ABNALB&ProductType=1) the update process seems to use port 80, which is not blocked, and manual updates do work.
I did spend almost two hours on the phone with a technician, but he could not solve the problem. Finally he said he had to do some research, and would call me back. He had me create an account to allow him access from the Internet, but looking at the logs, I found out that he only logged on once, and he never called back. (I disabled the account after several days for security reasons.)
Other data points:
- The firewall can be successfully updated manually using the GUI interface, choosing Maintenance > Update Center and then clicking Update under Manual Update
- The router is directly connected to the Internet, so there is no other device to consider
- The router is set to update hourly
- The router has never successfully updated automatically.
Thanks for any help you can provide,
Will
-
Automatic updates do not take place unless you have an IDS rule in place. It does not matter what type of IDS rule is in place, any one will trigger automatic updates.
-
Automatic updates do not take place unless you have an IDS rule in place.
Thanks for the reply, but I am afraid that it is limited in assisting me. Pardon my ignorance, but...
Where do I find these "IDS rules" in the GUI interface?
Are these the same as the IDP Factory signatures?
If I am primarily desirous of using the factory signatures to provide internal network protection using this firewall, is there more that I need to do to make the "subscription" update. I have looked in the FAQ at D-Link, the manual and through the interface and find no instructions on how to make this work.
If I want to create "any IDS rule" what would you suggest so that this triggering will start?
Thanks,
Will
-
If you check under IDS/IDP->IDP Rules you will find the section you need.
-
Thanks, Fatman. Rule created, updates happening.
This brings up one other question...
I am assuming (maybe incorrectly) that our IDP subscription takes care of itself, like our Symantec antivirus subscription. That is, as long as I am regularly updating my definitions I am OK. Is that the same with the IDP updates? Or, do I have to implement rules to use the downloaded definitions.
(Sorry, a bit of a neophyte with this new router/firewall.)
Thanks,
Will
-
You have to implement rules in order to see a benefit. This is no different than updating your Symantec definitions, but never running a virus scan.
-
Ahh....but the antivirus program monitors the "flow" of what is coming in automatically (which is what I was assuming the the router did too.) The virus scan only checks what is already "made it" to the disk...
So as not to bother you, where should I look to learn/understand the next steps of properly setting up the router, for best utilizing the subscription? It is kind of overwhelming with the 260+ signature groups and 19,000+ signatures.
Thanks,
Will
-
I suggest you to search in
http://security.dlink.com.tw/netdefend_ids_a.asp
(open it with mozilla firefox)
then ingress the signature of interest and will show you a brief description ofthe signature, that will help to know where and when use this signature.
I suggest you use google to search about security vulnerabilities, thats the way to understand what are you preventing whit the use of IDP
Actually i am testing my 3 month trial of idp and trying to understand the signatures, its a hard work