User manual SONICWALL SONICOS ENHANCED MAC-IP ANTI-SPOOF

Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!

If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Lastmanuals provides you a fast and easy access to the user manual SONICWALL SONICOS ENHANCED MAC-IP ANTI-SPOOF. We hope that this SONICWALL SONICOS ENHANCED MAC-IP ANTI-SPOOF user guide will be useful to you.

Lastmanuals help download the user guide SONICWALL SONICOS ENHANCED MAC-IP ANTI-SPOOF.


Mode d'emploi SONICWALL SONICOS ENHANCED MAC-IP ANTI-SPOOF
Download
Manual abstract: user guide SONICWALL SONICOS ENHANCED MAC-IP ANTI-SPOOF

Detailed instructions for use are in the User's Guide.

[. . . ] In fact, anywhere internal LANs are somewhat exposed, as in conference rooms, schools, or libraries, could provide an opening for these types of attacks. These attacks also go by various names: man-in-the-middle attacks, ARP poisoning, and SPIT ONLY. MAC-IP Anti-Spoof prevents against ARP-based attacks such as poisoning or spoofing and also provides MAC-IP address-based ingress admission control. [. . . ] This prevents a firewall from routing a packet to the unintended device, based on mapping. This also prevents man-in-the-middle attacks by refreshing a client's own MAC address inside its ARP cache. Platforms The MAC-IP Anti-Spoof feature is available in SonicOS Enhanced 5. 6. 2 SonicOS 5. 6 - MAC-IP Anti-Spoof Using MAC-IP Anti-Spoof Using MAC-IP Anti-Spoof This section contains the following subsections: · · · · "Interface Settings" section on page 3 "Anti-Spoof Cache" section on page 5 "Spoof Detect List" section on page 7 "Extension to IP Helper" section on page 9 Interface Settings To edit MAC-IP Anti-Spoof settings within the Network Security Appliance management interface, go to Network > MAC-IP Anti-spoof. SonicOS 5. 6 - MAC-IP Anti-Spoof 3 Using MAC-IP Anti-Spoof To configure settings for a particular interface, click the pencil icon, in the "Configure" column, for the desired interface. The "Settings" window is now displayed for the selected interface. In this window, the following settings can be enabled or disabled by clicking on the corresponding checkbox. Once your setting selections for this interface are complete, click "OK. " Enable: To enable the MAC-IP Anti-Spoof subsystem on traffic through this interface Static ARP: Allows the Anti-Spoof cache to be built from static ARP entries DHCP Server: Allows the Anti-Spoof cache to be built from active DHCP leases from the SonicWALL DHCP server DHCP Relay: Allows the Anti-Spoof cache to be built from active DHCP leases, from the DHCP relay, based on IP Helper. To learn about changes to IP Helper, see "Extension to IP Helper" section on page 9 ARP Lock: Locks ARP entries for devices listed in the MAC-IP Anti-Spoof cache. This applies egress control for an interface through the MAC-IP Anti-Spoof configuration, and adds MAC-IP cache entries as permanent entries in the ARP cache. This controls ARP poisoning attacks, as the ARP cache is not altered by illegitimate ARP packets. ARP Watch: Enables generation of unsolicited unicast ARP responses towards the client's machine for every MAC-IP cache entry on the interface. This process helps prevent man-in-the-middle attacks. Enforce Anti-Spoof: Enables ingress control on the interface, blocking traffic from devices not listed in the MAC-IP Anti-Spoof cache. 4 SonicOS 5. 6 - MAC-IP Anti-Spoof Using MAC-IP Anti-Spoof Spoof Detection List: Logs all devices that fail to pass Anti-spoof cache and lists them in the Spoof Detected List. Allow Management: Allows through all packets destined for the appliance's IP address, even if coming from devices currently not listed in the Anti-Spoof cache. Once the settings have been adjusted, the interface's listing will be updated on the MAC-IP Anti-Spoof panel. The green circle with white check mark icons denote which settings have been enabled. Note The following interfaces are excluded from the MAC-IP Anti-Spoof list: Non-ethernet interfaces, port-shield member interfaces, Layer 2 bridge pair interfaces, high availability interfaces, and high availability data interfaces. Anti-Spoof Cache The MAC-IP Anti-Spoof Cache lists all the devices presently listed as "authorized" to access the network, and all devices marked as "blacklisted" (denied access) from the network. To add a device to the list, click the "Add" button. SonicOS 5. 6 - MAC-IP Anti-Spoof 5 Using MAC-IP Anti-Spoof A window is now displayed that allows for manual entry of the IP and MAC addresses for the device. Enter the information in the provided fields. You may also select to approve or blacklist the routing device. [. . . ] Click "OK" to proceed, on "Cancel" to return to the Spoof Detected List. Entries can be flushed from the list by clicking the "Flush" button. The name of each device can also be resolved using NetBios, by clicking the "Resolve" button. SonicOS 5. 6 - MAC-IP Anti-Spoof 7 Using MAC-IP Anti-Spoof Users can identify a specific device(s) by using the table "Filter" function. To identify a device, users must fill in the available field, specifying either the device's IP address, iface, MAC address, or name. The field must be filled using the appropriate syntax for operators: Operator Value with a type Syntax Options · · · Ip=1. 1. 1. 1 or ip=1. 1. 1. 0/24 Mac=00:01:02:03:04:05 Iface=x1 X1 00:01 Tst-mc 1. 1. [. . . ]

DISCLAIMER TO DOWNLOAD THE USER GUIDE SONICWALL SONICOS ENHANCED MAC-IP ANTI-SPOOF

Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets...
In any way can't Lastmanuals be held responsible if the document you are looking for is not available, incomplete, in a different language than yours, or if the model or language do not match the description. Lastmanuals, for instance, does not offer a translation service.

Click on "Download the user manual" at the end of this Contract if you accept its terms, the downloading of the manual SONICWALL SONICOS ENHANCED MAC-IP ANTI-SPOOF will begin.

Search for a user manual

 

Copyright © 2015 - LastManuals - All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.

flag