D-Link - DFL 260e перегрузка CPU сбои в локальной сети

D-Link - DFL 260e перегрузка CPU сбои в локальной сети

infero3

Новый участник

Сообщения: 2
Благодарности: 0

Добрый день.
Имеется межсетевой экран dfl 260 e
К dfl 260 е подключены несколько роутеров, к которым подключаются пользователи, для работы с локалкой и интернетом. На нём же поднят DHCP.
Локальная сеть периодически падает, на какое-то время, потом снова начинает работать. В локальной сети одновременно подключено около 30 пользователей. С эти ми же настройками по началу работало всё отлично, проблемы начались спустя пол года. Из google chrome в панель управления не войти, либо панель грузится частично, либо пишет сброс соединения и ничего не выдает. Во время наступления проблемной ситуации в WEB панели загрузка CPU показывает 95-99%.

Нужна помощь в анализе проблемы.

Файл настроек

<?xml version="1.0" encoding="utf-8"?>
<SecurityGateway SchemaVersion="dfl.2.27.05.34-16777" Name="DFL-260E" LocalCfgVersion="48" ConfigUser="system" ConfigSession="Local" ConfigIP="0.0.0.0" ConfigDate="2010-06-01 15:46:30" HWModel="DFL260E">


<AddressFolder Name="InterfaceAddresses">
<IP4Address Name="wan_ip" Address="46.19.190.26" Comments="IPAddress of interface wan" />
<IP4Address Name="wannet" Address="46.19.191.156/30" Comments="The network on interface wan" />
<IP4Address Name="lan_ip" Address="192.168.1.1" Comments="IPAddress of interface lan" />
<IP4Address Name="lannet" Address="192.168.1.0/24" Comments="The network on interface lan" />
<IP4Address Name="dmz_ip" Address="172.17.100.254" Comments="IPAddress of interface dmz" />
<IP4Address Name="dmznet" Address="172.17.100.0/24" Comments="The network on interface dmz" />
<IP4Address Name="wan_gw" Address="46.19.191.157" Comments="Основной шлюз для интерфейса wan" />
<IP4Address Name="wan_dns1" Address="92.62.49.2" Comments="Первичный DNS-сервер для интерфейса wan" />
<IP4Address Name="wan_dns2" Address="92.62.49.6" Comments="Вторичный DNS-сервер для интерфейса wan" />
<IP4Address Name="tunel1_ip" Address="0.0.0.0" Comments="IP address received from PPPoE client tunel1." />
<IP4Address Name="tunel1_dns1" Address="0.0.0.0" Comments="Primary DNS server received from PPPoE client tunel1." />
<IP4Address Name="tunel1_dns2" Address="0.0.0.0" Comments="Secondary DNS server received from PPPoE client tunel1." />
<IP4Address Name="DHCP_server" Address="192.168.1.250" />
</AddressFolder>
<IP4Address Name="all-nets" Address="0.0.0.0/0" Comments="All possible networks" readOnly="1" />
<IP4Address Name="EnabledIP" Address="192.168.1.0-192.168.1.139" Comments="IP разрешенные для использования в сети" />
<AddressFolder Name="pptp_ippool">
<IP4Address Name="pptp-ippool" Address="192.168.1.200-192.168.1.240" />
</AddressFolder>
<AddressFolder Name="DHCP">
<IP4Address Name="DHCP_range" Address="192.168.1.129-192.168.1.199" />
<IP4Address Name="DHCP_netmask" Address="255.255.255.0" />
</AddressFolder>
<AddressFolder Name="VLAN">
<IP4Address Name="VLAN_2_ip" Address="192.168.1.14" />
<IP4Address Name="VLAN_2_net" Address="192.168.1.0/24" />
<IP4Address Name="DHCP_VLAN" Address="192.168.1.120-192.168.1.210" />
<IP4Address Name="DHCP_VLAN_netmask" Address="255.255.255.0" />
</AddressFolder>


<ServiceGroup Name="l2tp-raw" Members="l2tp-ctl, l2tp-encap" Comments="L2TP control and transport, unencrypted" />
<ServiceIPProto Name="ipsec-esp" IPProto="50" Comments="IPsec ESP (encrypted and authenticated)" />
<ServiceIPProto Name="ipsec-ah" IPProto="51" Comments="IPsec AH (authenticated only)" />
<ServiceTCPUDP Name="ipsec-natt" Type="UDP" DestinationPorts="4500" Comments="IPsec NAT-traversal (through udp/4500)" />
<ServiceGroup Name="ipsec-suite" Members="ipsec-natt, ipsec-ah, ipsec-esp, ike" Comments="The IPsec+IKE suite" />
<ServiceTCPUDP Name="ftp-passthrough-av" DestinationPorts="21" ALG="ftp-passthrough-av" Comments="FTP - unrestricted - allows all transfer modes for client and server. Anti-virus protection enabled." />
<ServiceTCPUDP Name="ftp-outbound-av" DestinationPorts="21" ALG="ftp-outbound-av" Comments="FTP - protects client against data channel attacks. Anti-virus protection enabled." />
<ServiceTCPUDP Name="http-outbound" DestinationPorts="80" ALG="http-outbound" MaxSessions="1000" Comments="HTTP via HTTP ALG" />
<ServiceTCPUDP Name="http-outbound-av" DestinationPorts="80" ALG="http-outbound-av" MaxSessions="1000" Comments="HTTP via HTTP ALG. Anti-virus protection enabled." />
<ServiceTCPUDP Name="http-outbound-wcf" DestinationPorts="80" ALG="http-outbound-wcf" MaxSessions="1000" Comments="HTTP via HTTP ALG. Web Content Filtering enabled." />
<ServiceTCPUDP Name="http-outbound-av-wcf" DestinationPorts="80" ALG="http-outbound-av-wcf" MaxSessions="1000" Comments="HTTP via HTTP ALG. Anti-virus and Web Content Filtering enabled." />
<ServiceTCPUDP Name="pop3" DestinationPorts="110" Comments="Post Office Protocol - Version 3." />
<ServiceTCPUDP Name="pop3-inbound" DestinationPorts="110" ALG="pop3" Comments="Post Office Protocol - Version 3 via POP3 ALG." />
<ServiceTCPUDP Name="pop3-inbound-av" DestinationPorts="110" ALG="pop3-av" Comments="Post Office Protocol - Version 3 via POP3 ALG. Anti-virus protection enabled." />
<ServiceTCPUDP Name="smtp-inbound" DestinationPorts="25" ALG="smtp-inbound" Comments="Simple Mail Transfer Protocol via SMTP ALG." />
<ServiceTCPUDP Name="smtp-inbound-av" DestinationPorts="25" ALG="smtp-inbound-av" Comments="Simple Mail Transfer Protocol via SMTP ALG. Anti-virus protection enabled." />
<ServiceIPProto Name="all_services" Comments="All possible IP protocols" />
<ServiceGroup Name="all_tcpudpicmp" Members="all_icmp, all_udp, all_tcp" Comments="All ICMP, TCP and UDP services" />
<ServiceTCPUDP Name="all_tcpudp" Type="TCPUDP" DestinationPorts="0-65535" Comments="All TCP and UDP services" />
<ServiceICMP Name="all_icmp" Comments="All ICMP services" />
<ServiceTCPUDP Name="all_tcp" DestinationPorts="0-65535" Comments="All TCP services" />
<ServiceTCPUDP Name="all_udp" Type="UDP" DestinationPorts="0-65535" Comments="All UDP services" />
<ServiceTCPUDP Name="echo" Type="TCPUDP" DestinationPorts="7" Comments="Echo service" />
<ServiceTCPUDP Name="chargen" DestinationPorts="19" Comments="Character generator" />
<ServiceTCPUDP Name="ssh" DestinationPorts="22" Comments="Secure shell" />
<ServiceTCPUDP Name="ssh-in" DestinationPorts="22" SYNRelay="True" Comments="Secure shell with SYN flood protection" />
<ServiceTCPUDP Name="telnet" DestinationPorts="23" Comments="Telnet" />
<ServiceTCPUDP Name="smtp" DestinationPorts="25" Comments="Simple Mail Transfer Protocol" />
<ServiceTCPUDP Name="smtp-in" DestinationPorts="25" SYNRelay="True" Comments="Simple Mail Transfer Protocol with SYN flood protection" />
<ServiceTCPUDP Name="time" Type="TCPUDP" DestinationPorts="37" Comments="Legacy time service" />
<ServiceTCPUDP Name="dns-tcp" DestinationPorts="53" Comments="Domain Name Server via TCP - mainly zone transfers" />
<ServiceTCPUDP Name="dns-udp" Type="UDP" DestinationPorts="53" Comments="Domain Name Server via UDP - standard queries" />
<ServiceTCPUDP Name="dns-all" Type="TCPUDP" DestinationPorts="53" Comments="DNS via TCP and UDP" />
<ServiceTCPUDP Name="bootps" Type="UDP" DestinationPorts="67" Comments="Bootstrap protocol (also DHCP) server" />
<ServiceTCPUDP Name="bootpc" Type="UDP" DestinationPorts="68" Comments="Bootstrap protocol (also DHCP) client" />
<ServiceTCPUDP Name="tftp" Type="UDP" DestinationPorts="69" Comments="Trivial File Transfer Protocol" />
<ServiceTCPUDP Name="gopher" DestinationPorts="70" Comments="Gopher" />
<ServiceTCPUDP Name="finger" DestinationPorts="79" Comments="Finger" />
<ServiceTCPUDP Name="http" DestinationPorts="80" Comments="World Wide Web HTTP" />
<ServiceTCPUDP Name="https" DestinationPorts="443" Comments="Secure HTTP over SSL/TLS" />
<ServiceTCPUDP Name="http-in" DestinationPorts="80" SYNRelay="True" Comments="World Wide Web HTTP with SYN flood protection" />
<ServiceTCPUDP Name="https-in" DestinationPorts="443" SYNRelay="True" Comments="Secure HTTP over SSL/TLS with SYN flood protection" />
<ServiceTCPUDP Name="http-in-all" DestinationPorts="80, 443" SYNRelay="True" Comments="HTTP and HTTPS with SYN flood protection" />
<ServiceTCPUDP Name="http-all" DestinationPorts="80, 443" Comments="HTTP and HTTPS" />
<ServiceTCPUDP Name="imap" DestinationPorts="143" Comments="Interactive Mail Access Protocol v2 and v4" />
<ServiceICMP Name="ping-outbound" MessageTypes="Specific" EchoRequest="True" PassICMPReturn="True" Comments="Outbound ping (also allows traceroute via ICMP)" />
<ServiceICMP Name="ping-inbound" MessageTypes="Specific" EchoRequest="True" Comments="Inbound ping (does not allow tracerouting)" />
<ServiceTCPUDP Name="syslog" Type="UDP" DestinationPorts="514" Comments="Syslog" />
<ServiceTCPUDP Name="rdp" DestinationPorts="3389" Comments="Remote Desktop Protocol" />
<ServiceTCPUDP Name="sun-rpc" DestinationPorts="111" Comments="Sun/Unix Remote Procedure Call" />
<ServiceTCPUDP Name="ident" DestinationPorts="113" Comments="Legacy authentication/identification service" />
<ServiceTCPUDP Name="nntp" DestinationPorts="119" Comments="Network News Transfer Protocol" />
<ServiceTCPUDP Name="ntp" Type="TCPUDP" DestinationPorts="123" Comments="Network Time Protocol" />
<ServiceTCPUDP Name="epmap" Type="TCPUDP" DestinationPorts="135" Comments="RPC port mapper, used by MS Windows networking" />
<ServiceTCPUDP Name="netbios-name" Type="UDP" DestinationPorts="137" Comments="NetBIOS Name Service" />
<ServiceTCPUDP Name="netbios-dgm" Type="TCPUDP" DestinationPorts="138" Comments="NetBIOS Datagram Service" />
<ServiceTCPUDP Name="netbios-ssn" DestinationPorts="139" Comments="NetBIOS Session Service - SMB" />
<ServiceTCPUDP Name="microsoft-ds" DestinationPorts="445" Comments="Microsoft-DS - SMB without NetBIOS" />
<ServiceTCPUDP Name="snmp" Type="UDP" DestinationPorts="161" Comments="Simple Network Management Protocol" />
<ServiceTCPUDP Name="snmp-trap" Type="UDP" DestinationPorts="162" Comments="Simple Network Management Protocol traps (alerts)" />
<ServiceTCPUDP Name="ldap" Type="TCPUDP" DestinationPorts="389" Comments="Lightweight Directory Access Protocol" />
<ServiceTCPUDP Name="ldaps" DestinationPorts="636" Comments="Secure LDAP over SSL/TLS" />
<ServiceTCPUDP Name="ike" Type="UDP" DestinationPorts="500" Comments="Internet Key Exchange - key management for IPsec" />
<ServiceTCPUDP Name="rexec" DestinationPorts="512" Comments="Remote Process Execution" />
<ServiceTCPUDP Name="rlogin" DestinationPorts="513" Comments="Remote login" />
<ServiceTCPUDP Name="rcmd" DestinationPorts="514" Comments="Like rexec, but automatic" />
<ServiceTCPUDP Name="lpr" DestinationPorts="515" Comments="Line Printer (spooler)" />
<ServiceTCPUDP Name="ms-sql-s" DestinationPorts="1433" Comments="Microsoft-SQL-Server" />
<ServiceTCPUDP Name="ms-sql-m" Type="TCPUDP" DestinationPorts="1434" Comments="Microsoft-SQL-Monitor" />
<ServiceTCPUDP Name="wins" Type="TCPUDP" DestinationPorts="1512" Comments="Windows Internet Naming Service" />
<ServiceTCPUDP Name="l2tp-ctl" Type="UDP" DestinationPorts="1701" Comments="Layer Two Tunneling Protocol - control channel" />
<ServiceIPProto Name="l2tp-encap" IPProto="115" Comments="Layer Two Tunneling Protocol - encapsulation" />
<ServiceGroup Name="l2tp-ipsec" Members="l2tp-ctl, ipsec-natt, ipsec-ah, ipsec-esp, ike" Comments="L2TP using IPsec for encryption and authentication" />
<ServiceTCPUDP Name="radius" Type="UDP" DestinationPorts="1812" Comments="Remote Authentication Dial In User Service" />
<ServiceTCPUDP Name="radius-acct" Type="UDP" DestinationPorts="1813" Comments="RADIUS Accounting" />
<ServiceTCPUDP Name="nfs-udp" Type="UDP" DestinationPorts="2049" Comments="NFS (Network File System) server via UDP" />
<ServiceTCPUDP Name="nfs-tcp" DestinationPorts="2049" Comments="NFS (Network File System) server via TCP" />
<ServiceTCPUDP Name="nfs-all" Type="TCPUDP" DestinationPorts="2049" Comments="NFS (Network File System) server via TCP/UDP" />
<ServiceTCPUDP Name="traceroute-udp" Type="UDP" DestinationPorts="33434-33499" PassICMPReturn="True" Comments="Outbound traceroute via UDP" />
<ServiceTCPUDP Name="smb-all" Type="TCPUDP" DestinationPorts="135-139, 445" Comments="All MS Windows networking ports" />
<ServiceIPProto Name="igmp" IPProto="2" Comments="Internet Group Management (multicast control)" />
<ServiceIPProto Name="rsvp" IPProto="46" Comments="Reservation Protocol" />
<ServiceIPProto Name="gre-encap" IPProto="47" Comments="Generic Routing Encapsulation" />
<ServiceIPProto Name="ipip-encap" IPProto="94" Comments="IP-in-IP encapsulation" />
<ServiceIPProto Name="ipcomp" IPProto="108" Comments="IP Payload Compression Protocol" />
<ServiceGroup Name="pptp-suite" Members="gre-encap, pptp-ctl" Comments="PPTP control and transport" />
<ServiceTCPUDP Name="pptp-ctl" DestinationPorts="1723" Comments="Point-to-Point Tunneling Protocol - control channel" />
<ServiceTCPUDP Name="wcf" DestinationPorts="9998" Comments="Web Content Filtering" />
<ServiceTCPUDP Name="ftp-inbound" DestinationPorts="21" ALG="ftp-inbound" Comments="FTP - protects server against data channel attacks" />
<ServiceTCPUDP Name="ftp-outbound" DestinationPorts="21" ALG="ftp-outbound" Comments="FTP - protects client against data channel attacks" />
<ServiceTCPUDP Name="ftp-passthrough" DestinationPorts="21" ALG="ftp-passthrough" Comments="FTP - unrestricted - allows all transfer modes for client and server" />
<ServiceTCPUDP Name="h323" DestinationPorts="1720" ALG="H323" MaxSessions="100" Comments="H.323 via H323 ALG - Enables H.323 communication" />
<ServiceTCPUDP Name="h323-gatekeeper" Type="UDP" DestinationPorts="1719" ALG="H323" MaxSessions="100" Comments="H.323 RAS via H323 ALG - Enables communication with H.323 Gatekeepers" />
<ServiceTCPUDP Name="ftp-internal" DestinationPorts="21" ALG="ftp-internal" Comments="FTP - protects client and server against data channel attacks" />
<ServiceTCPUDP Name="sip-udp" Type="UDP" DestinationPorts="5060" ALG="SIP" Comments="Enables UDP based Session Initiation Protocol communication" />


<ScheduleProfile Name="Weekdays" Mon="0-24" Tue="0-24" Wed="0-24" Thu="0-24" Fri="0-24" Comments="Monday to Friday, 00:00-23:59" />
<ScheduleProfile Name="WorkingHours" Mon="8-17" Tue="8-17" Wed="8-17" Thu="8-17" Fri="8-17" Comments="Monday to Friday, 08:00-17:00" />
<ScheduleProfile Name="NonWorkingHours" Mon="0-8, 17-24" Tue="0-8, 17-24" Wed="0-8, 17-24" Thu="0-8, 17-24" Fri="0-8, 17-24" Sat="0-24" Sun="0-24" Comments="All hours, except Monday to Friday 08:00-17:00" />
<ScheduleProfile Name="Weekends" Sat="0-24" Sun="0-24" Comments="Saturday and Sunday, 00:00-23:59" />


<Certificate Name="HTTPSAdminCert" Type="Local" CertificateData="MIIBrTCCARagAwIBAgIIfaYMLnliZGYwDQYJKoZIhvcNAQEFBQAwGjEYMBYGA1UEAxMPRC1MaW5rIEZpcmV 3YWxsMB4XDTExMTAxOTAwMDAwMFoXDTMxMTAxOTAwMDAwMFowGjEYMBYGA1UEAxMPRC1MaW5rIEZpcmV3YWxsMIGdMA0GCSqGSIb 3DQEBAQUAA4GLADCBhwKBgQCAMB3dQcXaxlxUjcCXZIjOuxgesPX4kgmF9/YS52at1katO4zgyduQ0O1aVey2IqoUjzUQECqS8XwhgFJXxGEFGcCu6nbXGEnCT3UimDX5crHXFQrcIAxddLLrN7EvhvYV2TV8y8 y4tp/UXsPVKpHZignXZ4ENDpUO5rZstPQ65wIBOzANBgkqhkiG9w0BAQUFAAOBgQBDWIf1q0Bfd0GYWeXxP6tSHAfig/yO4O7voWnhOKQS85FUGZjy1NCZVvYSOXo1btoelQHOdIL7lFX8vIM6KXyxyJEDKw13orOmkkb8EEVwzHYMl0kLK9MGBqs6kXaGTX/MkkDVCak+bw0e14CuAqrEjpgbTgHdxjyzZdx3jQFOBA==" PrivateKey="MIICXQIBAAKBgQCAMB3dQcXaxlxUjcCXZIjOuxgesPX4kgmF9/YS52at1katO4zgyduQ0O1aVey2IqoUjzUQECqS8XwhgFJXxGEFGcCu6nbXGEnCT3UimDX5crHXFQrcIAxddLLrN7EvhvYV2TV8y8 y4tp/UXsPVKpHZignXZ4ENDpUO5rZstPQ65wIBOwKBgCCXFJwMYgfkVDg1ZQgd5gkrOjMxVDrbXYoyBieEl+9zOQT9yLKkIiB6inIV2GJ fl7cgEdRa48XmnWOiywT70dx9YeRZEBsEwW9BnER359Pmu13BSfe9CGjhEeSE05j2vFsLNdxgECke7xDwxmcGWXxT4ckY7TX7JVG hqFlol+CbAkUAmX985huD6Ho/keIXE2Kq9pwYcfmIU+/J6QFS+QfDH2+WRZ5wYDt/+TuwXif37Wp9mDqifGaXQdpwN6Onzt92HKqXIgsCPQDVyd851y79Hq0FI9yMzhvqz1lUDCrcnkYv9qaPxvol7Y26p7+mPevkhZKx hS7YXG9Jq8JJZVgyrBmhUBUCRBoEQI8jCVchvKxAWrDYUQts5cU3T4NhDIbzNR0xC2ByXuS/vERg3UidpGa9AviC3OFlDoXl/5pZF1ve/hG1D64UPFPfAjxldX+h9U603tRH3POD6FKsLlXIbejzjDKqSaoqMwo9Y7hp8Cbia3z3TGhUPzSav2SLGRsefjKI3IWnrIMCRG4mc/pfdaEtTovEgWiqN5xBCwHelEEi522lnXh/PnRx2US2zR0zerlH0mNZKQlCK0B5GUFw6AEpaNetJlGTgjR7TwY6" PKAType="RSA" />


<IKEAlgorithms Name="Standard" DESEnabled="True" MD5Enabled="True" SHA1Enabled="True" Comments="DES 56 bit encryption" />


<IPsecAlgorithms Name="Standard" DESEnabled="True" MD5Enabled="True" SHA1Enabled="True" Comments="DES 56 bit encryption" />


<LDAPServer Host="192.168.1.251" Username="user" Password="crypt1:i0TtjAZagdc=:a7bbTE1Xtbw=" />


<IDList Name="Untitled" />


<ALG_FTP Name="ftp-passthrough-av" AllowServerPassive="True" AllowClientActive="True" VerifyContentMimetype="True" Comments="Anti-virus protection enabled." />
<ALG_FTP Name="ftp-outbound-av" AllowServerPassive="True" VerifyContentMimetype="True" Comments="Anti-virus protection enabled." />
<ALG_HTTP Name="http-outbound" File="cmd, com, doc, exe, pif, ppt, scr, xls" VerifyContentMimetype="True" />
<ALG_HTTP Name="http-outbound-av" Comments="Anti-virus protection enabled." File="cmd, com, doc, exe, pif, ppt, scr, xls" VerifyContentMimetype="True" />
<ALG_HTTP Name="http-outbound-wcf" Comments="Web Content Filtering enabled." File="cmd, com, doc, exe, pif, ppt, scr, xls" VerifyContentMimetype="True" />
<ALG_HTTP Name="http-outbound-av-wcf" Comments="Anti-virus protection and Web Content Filtering enabled." File="cmd, com, doc, exe, pif, ppt, scr, xls" VerifyContentMimetype="True" />
<ALG_POP3 Name="pop3" File="cmd, com, doc, exe, pif, ppt, scr, xls" VerifyContentMimetype="True" />
<ALG_POP3 Name="pop3-av" Comments="Anti-virus protection enabled." File="cmd, com, doc, exe, pif, ppt, scr, xls" VerifyContentMimetype="True" />
<ALG_SMTP Name="smtp-inbound" VerifySenderEmail="True" File="cmd, com, doc, exe, pif, ppt, scr, xls" VerifyContentMimetype="True" />
<ALG_SMTP Name="smtp-inbound-av" VerifySenderEmail="True" Comments="Anti-virus protection enabled." File="cmd, com, doc, exe, pif, ppt, scr, xls" VerifyContentMimetype="True" />
<ALG_FTP Name="ftp-inbound" AllowClientActive="True" />
<ALG_FTP Name="ftp-outbound" AllowServerPassive="True" />
<ALG_FTP Name="ftp-passthrough" AllowServerPassive="True" AllowClientActive="True" />
<ALG_FTP Name="ftp-internal" />
<ALG_H323 Name="H323" />
<ALG_SIP Name="SIP" />


<HTTPALGBanners Name="Default" Comments="Standard HTTP ALG HTML banner files." readOnly="1" />
<HTTPAuthBanners Name="Default" Comments="Standard User Authentication HTML banner files." readOnly="1" />


<LogReceiverMemory Name="MemLog" Comments="The internal logger in the firewall" />

<ConfigModePool IPPoolType="Static" IPPoolAddress="pptp_ippool/pptp-ippool" IPPoolNetmask="255.255.255.0" DHCP="InterfaceAddresses/DHCP_server" Subnets="InterfaceAddresses/lannet" />

<DNS DNSServer1="InterfaceAddresses/wan_dns1" DNSServer2="InterfaceAddresses/wan_dns2" />

<RemoteMgmtSettings HTTPSCertificate="HTTPSAdminCert" />


<RemoteMgmtHTTP Name="RemoteMgmtHTTP" Interface="lan" LocalUserDatabase="AdminUsers" HTTPS="True" Network="all-nets" />
<RemoteMgmtSSH Name="SSH" Interface="any" LocalUserDatabase="AdminUsers" Network="all-nets" />


<LocalUserDatabase Name="AdminUsers">
<User Name="apelburg" Password="*********" Groups="administrators" />
</LocalUserDatabase>
<LocalUserDatabase Name="remoteusers">
<User Name="test" Password="1234" disabled="1" />
<User Name="Sergey" Password="********" />
<User Name="Svyatoslav" Password="*********" />
<User Name="Alexey" Password="********" />
</LocalUserDatabase>


<DHCPServer Name="DHCP_server" Interface="lan" IPAddressPool="DHCP/DHCP_range" Netmask="DHCP/DHCP_netmask" DefaultGateway="InterfaceAddresses/lan_ip" Domain="WORKGROUP" DNS1="InterfaceAddresses/wan_dns1" DNS2="InterfaceAddresses/wan_dns2" />
<DHCPServer Name="DHCP_VLAN2" Interface="VLAN2" IPAddressPool="VLAN/DHCP_VLAN" Netmask="VLAN/DHCP_VLAN_netmask" DefaultGateway="VLAN/VLAN_2_ip" DNS1="InterfaceAddresses/wan_dns1" DNS2="InterfaceAddresses/wan_dns2" disabled="1" />


<DHCPRelay Name="DHCP" Action="Relay" SourceInterface="lan" TargetDHCPServer="InterfaceAddresses/DHCP_server" disabled="1" />

<IPSettings TTLMin="1" TTLOnLow="Log" />


<VLAN Name="VLAN2" Ethernet="lan" VLANID="2" IP="VLAN/VLAN_2_ip" Network="VLAN/VLAN_2_net" DefaultGateway="VLAN/VLAN_2_ip" Broadcast="192.168.1.255" disabled="1" />


<L2TPServer Name="pptp_server" IP="InterfaceAddresses/lan_ip" Interface="wan" ServerIP="InterfaceAddresses/wan_ip" IPPool="pptp_ippool/pptp-ippool" ProxyARPAllInterfaces="True" />


<RoutingTable Name="main" Ordering="Default" RemoveInterfaceIPRoutes="True" Comments="The main routing table of the system." />


<IPRuleFolder Name="remote_site">
<IPRule Name="FromPPTPClients" Action="Allow" SourceInterface="pptp_server" SourceNetwork="pptp_ippool/pptp-ippool" DestinationInterface="lan" DestinationNetwork="InterfaceAddresses/lannet" Service="all_services" />
<IPRule Name="toPPtPclients" Action="Allow" SourceInterface="lan" SourceNetwork="InterfaceAddresses/lannet" DestinationInterface="pptp_server" DestinationNetwork="pptp_ippool/pptp-ippool" Service="all_services" />
</IPRuleFolder>
<IPRule Name="ping_fw" Action="Allow" SourceInterface="lan" SourceNetwork="InterfaceAddresses/lannet" DestinationInterface="core" DestinationNetwork="InterfaceAddresses/lan_ip" Service="ping-inbound" LogEnabled="False" />
<IPRuleFolder Name="lan_to_wan">
<IPRule Name="drop_smb-all" Action="Drop" SourceInterface="lan" SourceNetwork="InterfaceAddresses/lannet" DestinationInterface="wan" DestinationNetwork="all-nets" Service="smb-all" LogEnabled="False" />
<IPRule Name="allow_ping-outbound" Action="NAT" SourceInterface="lan" SourceNetwork="InterfaceAddresses/lannet" DestinationInterface="wan" DestinationNetwork="all-nets" Service="ping-outbound" LogEnabled="False" />
<IPRule Name="allow_ftp-passthrough_av" Action="NAT" SourceInterface="lan" SourceNetwork="InterfaceAddresses/lannet" DestinationInterface="wan" DestinationNetwork="all-nets" Service="ftp-passthrough-av" LogEnabled="False" />
<IPRule Name="allow_standard" Action="NAT" SourceInterface="lan" SourceNetwork="InterfaceAddresses/lannet" DestinationInterface="wan" DestinationNetwork="all-nets" Service="all_tcpudp" LogEnabled="False" />
</IPRuleFolder>


<Access Name="Allowed_IPs" Action="Accept" Interface="lan" Network="InterfaceAddresses/wan_ip" />


<UserAuthRule Name="pptp_rule" Agent="PPP" AuthSource="Local" Interface="pptp_server" OriginatorIP="all-nets" TerminatorIP="InterfaceAddresses/wan_ip" LocalUserDB="remoteusers" />


<EthernetDevice Name="lan" EthernetDriver="IXP4NPEEthernetDriver" PCIBus="0" PCISlot="0" PCIPort="2" />
<EthernetDevice Name="wan" EthernetDriver="R8169EthernetPCIDriver" PCIBus="0" PCISlot="3" PCIPort="0" />
<EthernetDevice Name="dmz" EthernetDriver="R8169EthernetPCIDriver" PCIBus="0" PCISlot="4" PCIPort="0" />


<Ethernet Name="wan" IP="InterfaceAddresses/wan_ip" Network="InterfaceAddresses/wannet" DefaultGateway="InterfaceAddresses/wan_gw" Broadcast="46.19.191.159" EthernetDevice="wan" Comments="наш интернет" />
<Ethernet Name="dmz" IP="InterfaceAddresses/dmz_ip" Network="InterfaceAddresses/dmznet" Broadcast="172.17.100.255" EthernetDevice="dmz" />
<Ethernet Name="lan" IP="InterfaceAddresses/lan_ip" Network="InterfaceAddresses/lannet" Broadcast="192.168.1.255" EthernetDevice="lan" Comments="Локальная сеть" />


<DefaultInterface Name="any" readOnly="1" />
<DefaultInterface Name="core" readOnly="1" />
</SecurityGateway>

Лог

31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:03 6000051 239.255.255.250 1900 drop
ipdatalen=346 udptotlen=346
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:02 6000051 239.255.255.250 1900 drop
ipdatalen=336 udptotlen=336
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:02 6000051 239.255.255.250 1900 drop
ipdatalen=281 udptotlen=281
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:02 6000051 239.255.255.250 1900 drop
ipdatalen=334 udptotlen=334
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:02 6000051 239.255.255.250 1900 drop
ipdatalen=340 udptotlen=340
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:02 6000051 239.255.255.250 1900 drop
ipdatalen=281 udptotlen=281
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:02 6000051 239.255.255.250 1900 drop
ipdatalen=352 udptotlen=352
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:02 6000051 239.255.255.250 1900 drop
ipdatalen=320 udptotlen=320
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:02 6000051 239.255.255.250 1900 drop
ipdatalen=281 udptotlen=281
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:02 6000051 239.255.255.250 1900 drop
ipdatalen=336 udptotlen=336
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:02 6000051 239.255.255.250 1900 drop
ipdatalen=344 udptotlen=344
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:01 6000051 239.255.255.250 1900 drop
ipdatalen=281 udptotlen=281
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.5 51277 ruleset_drop_packet
17:53:01 6000051 239.255.255.250 1900 drop
ipdatalen=272 udptotlen=272
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.8 2049 ruleset_drop_packet
17:52:54 6000051 239.255.255.250 1900 drop
ipdatalen=348 udptotlen=348
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.8 2049 ruleset_drop_packet
17:52:54 6000051 239.255.255.250 1900 drop
ipdatalen=338 udptotlen=338
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.8 2049 ruleset_drop_packet
17:52:54 6000051 239.255.255.250 1900 drop
ipdatalen=283 udptotlen=283
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.8 2049 ruleset_drop_packet
17:52:54 6000051 239.255.255.250 1900 drop
ipdatalen=336 udptotlen=336
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.8 2049 ruleset_drop_packet
17:52:54 6000051 239.255.255.250 1900 drop
ipdatalen=342 udptotlen=342
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.8 2049 ruleset_drop_packet
17:52:54 6000051 239.255.255.250 1900 drop
ipdatalen=283 udptotlen=283
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.8 2049 ruleset_drop_packet
17:52:53 6000051 239.255.255.250 1900 drop
ipdatalen=354 udptotlen=354
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.8 2049 ruleset_drop_packet
17:52:53 6000051 239.255.255.250 1900 drop
ipdatalen=322 udptotlen=322
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.8 2049 ruleset_drop_packet
17:52:53 6000051 239.255.255.250 1900 drop
ipdatalen=338 udptotlen=338
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.8 2049 ruleset_drop_packet
17:52:53 6000051 239.255.255.250 1900 drop
ipdatalen=274 udptotlen=274
31.01.2015 Предупреждение RULE UnknownVLANTags lan unknown_vlanid
17:52:51 6000040 drop
vlanid=2 hwsender=28-28-5d-97-0f-67 hwdest=ff-ff-ff-ff-ff-ff enetproto=0x8100
31.01.2015 Предупреждение IP_PROTO TTLOnLowMulticast UDP lan 192.168.1.170 61940 ttl_low
17:52:47 7000014 239.255.255.250 1900 drop
ttl=1 ttlmin=3 ipdatalen=145 udptotlen=145
17:52:45 6000051 239.255.255.250 1900 drop
ipdatalen=336 udptotlen=336
31.01.2015 Предупреждение RULE Default_Rule UDP lan 192.168.1.7 2050 ruleset_drop_packet
17:52:45 6000051 239.255.255.250 1900 drop
ipdatalen=281 udptotlen=281
31.01.2015 Предупреждение RULE Default_Rule UDP wan 176.104.161.37 31058 ruleset_drop_packet
17:52:44 6000051 46.19.190.26 6881 drop
ipdatalen=281 udptotlen=281
31.01.2015 Предупреждение RULE Default_Rule IGMP lan 192.168.1.4 ruleset_drop_packet
17:52:44 6000051 239.255.255.100 drop
ipdatalen=72 type=V1_MEMBER_REPORT maxresp=0 groupaddr=239.255.255.100
ipdatalen=272 udptotlen=272
31.01.2015 Предупреждение RULE UnknownVLANTags lan unknown_vlanid
17:52:44 6000040 drop
vlanid=2 hwsender=28-28-5d-97-0f-67 hwdest=ff-ff-ff-ff-ff-ff enetproto=0x8100

Отправлено: 17:54, 31-01-2015

James Marsh

Ветеран

Сообщения: 1594
Благодарности: 235

Профиль | Отправить PM | Цитировать

Ок. Пробуем.
0е. Качам мануал.
1е. Сохраняем конфиг.
2е. Сбрасываем устройство на дефолт
3е. Идем к тайваньцам и качам крайнюю прошивку на 260ю - 2.60

Код:

Firmware: DFL-260E A1/A2 FW v2.60.02.02(for WW)

и свежий мануал на всяк пожарный -

Код:

Manual: DFL-Series NetDefend Firewall User Manual for FW 2.60.02

4е. Обновляемся.
5е. Заливаем конфиг.
6е. Тестируем.
Ежели все гут - хорошо. Ежели нет =>
7е. Снимаем ДФЛьку и едем в сервис. Так как она еще производится, то ремонт/замена должен быть бесплатным. Во всяком случае так у нас в Киеве.

-------
Благими намірами вистелений шлях у пекло

Это сообщение посчитали полезным следующие участники:

infero3

Отправлено: 23:14, 31-01-2015 | #2

Для отключения данного рекламного блока вам необходимо зарегистрироваться или войти с учетной записью социальной сети.

Если же вы забыли свой пароль на форуме, то воспользуйтесь данной ссылкой для восстановления пароля.

infero3

Новый участник

Сообщения: 2
Благодарности: 0

Профиль | Отправить PM | Цитировать

James Marsh, Большое Вам Спасибо.
Прошивка, скачанная по вашей ссылке, стабилизировала работу железа.

Вопрос исчерпан.

Отправлено: 14:26, 09-02-2015 | #3