D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: nivoro on April 16, 2009, 02:26:00 AM

Title: DFL-800: "core routes" and "transparent mode"
Post by: nivoro on April 16, 2009, 02:26:00 AM

Hello, I have a problem to understand what is "core interface" and what is/when use "Core Routes", the manual said "NetDefendOS automatically populates the active routing table with Core Routes. These routes are present for the system to understand where to route traffic that is destined for the system itself." but they are not present, why? Are they necessary?

The second doubt is on "transparent mode", I'm migrating from DFL-700 to DFL-800, I should set it?

Title: Re: DFL-800: "core routes" and "transparent mode"
Post by: Fatman on April 16, 2009, 08:49:41 AM

You can see them if you go to status->routes and check the "Show All Routes" check box.  The Routing table for my home DFL-800 looks like this.

  Routing table contents (max 100 entries)
    Flags       Network       Interface    Gateway       Local IP       Metric   
           192.168.x.x   core       (Iface IP)          0
           x.x.x.x   core       (Iface IP)          0
           192.168.x.x   core       (Iface IP)          0
           192.168.x.x   core       (Iface IP)          0
           127.0.0.1   core       (Iface IP)          0
           x.x.x.x/x   WAN                     100
           x.x.x.x/x   Servers                  100
           x.x.x.x/x   LAN                     100
           x.x.x.x/x   WLAN                     100
           224.0.0.0/4   core       (Iface IP)          0
           0.0.0.0/0   WAN       x.x.x.x           100


As you can see I use a rather simple config, I have changed the default interfaces like so.  The purpose of each interface should be clear by it's name.

wan1<->WAN
wan2<->Servers
dmz<->WLAN
lan<->LAN

Core routes are used so that the routing table can differentiate which traffic should be routed into the DFL itself for further processing.  Examples of this traffic would be if you want the firewall to respond to ICMP traffic, or in-band management requests.

If you want to use transparent mode you will know it, it has nothing to do with your previous firewall.  Transparent mode allows you to have the DFL appear as a switched path between 2 interfaces that you can apply IP Rules and other security measures to.  The usual use is to directly apply a public IP to a server in the DMZ port and have it sit out on the interwebs with it's own public without being insecure.

Anything else I can help you with or explain better?

Title: Re: DFL-800: "core routes" and "transparent mode"
Post by: nivoro on April 20, 2009, 05:02:16 AM

Thankyou for reply!