Question about D-Link NetDefend DFL-700 Firewall

1 Answer

Traceroute does not work

I have a machine in my DMZ on which I want to be able to use traceroute command. However, all connections time out. How can I allow traceroute operations to work?

Thank you!

Zbigniew Szalbot

Posted by on

  • zszalbot Mar 15, 2008

    Hello,
    Thank you for yoru reply. I do not see ICMP services on a list of available ones. How do I create them? Would you mind sharing? Thank you very much!

    Zbigniew Szalbot

×

1 Answer

  • Level 1:

    An expert who has achieved level 1.

    MVP:

    An expert that gotĀ 5 achievements.

    Governor:

    An expert whose answer gotĀ voted for 20 times.

    Scholar:

    An expert who has written 20 answers of more than 400 characters.

  • Contributor
  • 60 Answers

You have to allow the following:
ICMP type 8 (Echo) from your DMZ to the Internet (a.k.a outbound)
ICMP type 0 (Echo reply) from the Internet to your DMZ (a.k.a inbound)

This will be done by adding the rules in the firewall section of your DFL-700.

Posted on Mar 14, 2008

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

I have configured Cisco ASA Firewall and I have given ICMP Inspect also But I cant able to ping the PC Kept in the DMZ from the Outside interface


HI,


· Please check the whether the security level for DMZ and outside interface, If DMZ is high security level. Please do the NAT configuration
· If it's having the same security level. Please issue the command "same-security-traffic permit inter-interface "in the global config mode.

Mar 01, 2011 | Cisco ASA 5505 Firewall

1 Answer

Need some basic show command to troubleshoot


mode exec user Router)
ping ip
show ip route
show version
traceroute ip

mode exec priveligiado
show arp
show interface
show protcols
show ip protocols
show startup-config
erase startup-config
reload

Jul 27, 2010 | Cisco ASA 5520 Firewall

1 Answer

I wanna open port for my DVR dvr is :- ip 192.168.1.88 cmd port 9201 video port 9202 and my router is fortigate60 i hope any one can give me full solution best regards


You will need the router login info, then using a browser go to:

https://192.168.1.99

That will bring you into the settings area of the router. Then do one of two things, find Port Forwarding, and forward the public 9201 & 9202 to the DVR at 192.168.1.88 port 9201 and 9202. Make sure to do this for both UDP and TCP.

Another and easier option, is to go to your DMZ setting. Just turn DMZ on and set it to 192.168.1.88.

Doing it with the DMZ will take care of any ports that need forwarding, they will point to the 88 machine (your DVR).

Good luck!
EJ
From the management computer browse to https://192.168.1.99. The FortiGate web-based manager appears.
From the management computer browse to https://192.168.1.99. The FortiGate web-based manager appears. From the management computer browse to https://192.168.1.99. The FortiGate web-based manager appears.

Jan 26, 2010 | Fortinet, Inc. FortiGate 60: FortiGate Pro...

2 Answers

Pix 515 E allow few websites only.


Do the nslookup for the three websites and write an access list to permit the traffic only to the said website ip addresses

Eg.

1. go to dos prompt

2. type "nslookup"

3. type "www.rediff.com

Note : You will get the ip address of the websites

4. Create an object group for these websites

5. Add ip addresses of the websites

6. create an access-control list element to permit the traffic from your circle office to this object group for port tcp 80 and 443

You are done

Mar 09, 2009 | Cisco PIX 515E Firewall

1 Answer

Ploblems with dmz-outside (webpage). pix


Remove this line:

static (DMZ,INSIDE) 10.10.0.0 10.10.0.0 netmask 255.255.255.0

You don't need a translation going from a lower security level to a higher one. You will also need a nat line for the dmz so that pc's on the dmz will be translated outbound. The only connection that will work on the dmz is the webserver when he's sending traffic outbound with a source port of 80. Something like:

nat (DMZ) 101 10.10.0.0 255.255.255.0

Other than that, it looks like it should be working. You've got permission, a route, and a translation. Maybe "clear local-host 10.10.0.2" to get rid of any bad xlates and try again. Check debg level syslogs, run packet captures, "clear asp drop" then "show asp drop" after an attempt?

Feb 28, 2009 | Cisco PIX Firewall 506

1 Answer

Cannot Access Internet from the DMZ


If there is proper policy in place then there wont be any issue.

if at all you need to access your DMZ from internet you need to configure VIP or MIP on the firewall and also a policy needs to be written to permit the traffic.

If you need more help you shall contact me.

Oct 10, 2008 | Juniper Networks SECURE SERVICES GATEWAY...

1 Answer

Box to Box connections to nowhere


its hard when there is 3 network places miles apart. when you were first up and running did your admin make a disk to run in each computer? I would start over from scratch and uninstall and reload onall three places. alls it takes is some one in one of 3 places to change one of there setings to knock the whole network down. who set it up for you in the begining needs to help you again., sorry I dont have much help nfor you

Jan 03, 2008 | NetGear ProSafe FVS338 (FVS338NA) Firewall

1 Answer

Cyberguard SG300


From the main configuration screen select Network Setup, and then click on the Connections Tab. In the tabline below that click on Aliases.

At this point you input the Alias IP address and the netmask and add it, selecting port 25. The firewall now knows that it is to forward all traffic on port 25 to the computer that has the IP address you put in.

You should be aware that doing the above opens a direct access point into your network! Port 25 is the port used for SMTP (Sendmail) and it is the most vulnerable and most hacked service on the Internet! You should seriously consider not doing this.

A better option would be to goto the DMZ tab and configure a DMZ net on your firewall - you will need to obtain a second routable IP address from your ISP to do this though. By creating the DMZ and then routing port 25 to a machine inside the DMZ you isolate the machine running SMTP from all of the other machines inside your protected network and so make a compromise much less likely.

All of the systems inside your protected network will still have demand access to the machine in our DMZ, but the machine in your DMZ would be unable to initialize access to the protected network, which is a much safer setup.

Oct 19, 2007 | Cyberguard SG300 (00852503000366) Firewall

2 Answers

Sonicwall Pro 300 DMZ Problem


If you're within a network and try connecting to computers on it with the WAN public IP, it simply won't work - you must use the network IP. On an external Internet connection, it should connect fine to the public IP. If you have access to an external machine (remote desktop), or if you know of an FTP proxy, you can try it that way. I also believe http://www.webftp.co.uk/ a web based FTP client would act as somewhat of a proxy, you could try that with the public IP and see how you go.

Aug 09, 2007 | SonicWALL PRO 300 Firewall

1 Answer

DMZ setup


Is there a setting in the software to select the IP address for the DMZ? I'm not sure about the firewall, but most routers need you to configure the software to actually show which IP on your network is allowed DMZ.

Aug 24, 2006 | HotBrick SoHo 401 Firewall

Not finding what you are looking for?
D-Link NetDefend DFL-700 Firewall Logo

Related Topics:

792 people viewed this question

Ask a Question

Usually answered in minutes!

Top D-Link Network Security & Firewall Devices Experts

Rick Johnson
Rick Johnson

Level 2 Expert

84 Answers

john smith

Level 2 Expert

366 Answers

rjivaro

Level 2 Expert

152 Answers

Are you a D-Link Network Security and Firewall Device Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...