Network
The Network tab provides access to Interfaces (Standalone), Interfaces (Cluster), Firewall, Route Tables, DOS/DDOS Mitigation and Device DNS.
Interfaces (Standalone)
The configurations under the Interfaces tab are explained for non-Cluster single TR7 ASP devices.
- For more details about Interfaces (Standalone) click here.
Interfaces (Cluster)
The configurations under the Interfaces tab are explained for Clustered TR7 ASP devices.
- For more details about Interfaces (Cluster) click here.
Firewall
The TR7 ASP device comes with an embedded Firewall. It is a L4 stateful Firewall developed for high performance, designed to block L1-L5 attacks without the packets reaching the L7 layer. The TR7 ASP Firewall fundamentally operates in the following ways:
- Packet Filtering (Based on Packets)
- Rule Based
- Stateful
IP, Network, MAC level TCP, UDP, ICMP, UDP-Lite, AH, OSPF protocols can be allowed, blocked, routed, SNAT, and DNAT. By default, all protocols and ports are closed, and as new Frontend services are defined, firewall rules are automatically created to allow the operation of the relevant service.
- For more details about Firewall click here.
Route Tables
The TR7 ASP Route Table allows for the isolation of network elements (Interfaces, IP Addresses, Redirects, Firewall Rules) in scenarios with multiple predefined network gateways (default gateways). This enables each Route Table to have its unique network gateway definition. Interfaces can be moved to the desired Route Table, transferring their IP addresses and routing definitions to the selected Route Table.
- For more details about Route Tables click here.
DOS/DDOS Mitigation
DOS and DDOS attacks often lead to partial or complete disruption of services or service interruptions for institutions and organizations. DOS and DDOS protection systems are multi-layered and dynamic mechanisms that continuously learn and assess network traffic, block malicious traffic, and actively protect by allowing harmless traffic through behavioural modelling.
Main Types of DDOS Attacks
- Network Level
- YReflective/Amplified
- Fragmentation
- Application Specific
- Crafted
The TR7 ASP DOS/DDOS Mitigation can provide protection against commonly known attacks such as ICMP Smurf Attack, SYN Flood, Tear Drop, UDP Flood, NTP Flood, DNS Flood, Zero Byte UDP, Protocol Validation, PUSH Floods and ACK Floods, Possible WAREZ Attack, Camfrog, TCP Ack, Ping of Death ICMP, Null Flood, Christmas Tree, Port Scan, SMBnuke, Pepsi, Fraggle Attack, Zombie TCP and Smurf Attack.
IP addresses detected in attacks are quarantined for cca defined period and can be monitored on the DOS/DDOS Mitigation Dashboard.
- For more details about DOS/DDOS Mitigation click here.
Device DNS
The DNS screen is used to input the IP address of the DNS server that the TR7 ASP device will connect to. Multiple DNS servers can be added. Additionally, virtual host groups can also be defined on this screen.
- For more details about Device DNS click here.