• October 31, 2024, 04:45:54 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Is a rule required for IDP automatic updates?  (Read 7913 times)

WilliFixit

  • Level 1 Member
  • *
  • Posts: 7
Is a rule required for IDP automatic updates?
« on: January 11, 2010, 10:22:15 AM »

Our DFL-210 has a active subscription for Intrusion Detection and Update updates.  However, with the Update Interval set to update regularly (I have tried daily, and hourly) the firewall DOES NOT update.  I tried D-Link support and got little help.  I did receive a cryptic voicemail (from a D-Link tech) about the problem that stated that I needed to add a rule to allow the updates to happen.  I cannot, find any documentation to help show how to set this up.  According to http://security.dlink.com.tw/support_faq_view.asp?sno=ABNALB&ProductType=1 the update process seems to use port 80, which is not blocked, and manual updates do work.

I did spend almost two hours on the phone with a technician, but he could not solve the problem.   Finally he said he had to do some research, and would call me back.  He had me create an account to allow him access from the Internet, but looking at the logs, I found out that he only logged on once, and he never called back.  (I disabled the account after several days for security reasons.)

Other data points:
  • The firewall can be successfully updated manually using the GUI interface, choosing Maintenance > Update Center and then clicking Update under Manual Update
  • The router is directly connected to the Internet, so there is no other device to consider
  • The router is set to update hourly
  • The router has never successfully updated automatically.

Thanks for any help you can provide,

Will
« Last Edit: January 11, 2010, 10:33:35 AM by WilliFixit »
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Is a rule required for IDP automatic updates?
« Reply #1 on: January 11, 2010, 02:37:48 PM »

Automatic updates do not take place unless you have an IDS rule in place.  It does not matter what type of IDS rule is in place, any one will trigger automatic updates.
Logged
non progredi est regredi

WilliFixit

  • Level 1 Member
  • *
  • Posts: 7
Re: Is a rule required for IDP automatic updates?
« Reply #2 on: January 11, 2010, 02:54:37 PM »

Automatic updates do not take place unless you have an IDS rule in place.

Thanks for the reply, but I am afraid that it is limited in assisting me.  Pardon my ignorance, but...

Where do I find these "IDS rules" in the GUI interface?

Are these the same as the IDP Factory signatures?

If I am primarily desirous of using the factory signatures to provide internal network protection using this firewall, is there more that I need to do to make the "subscription" update.  I have looked in the FAQ at D-Link, the manual and through the interface and find no instructions on how to make this work.

If I want to create "any IDS rule" what would you suggest so that this triggering will start?

Thanks,

Will
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Is a rule required for IDP automatic updates?
« Reply #3 on: January 11, 2010, 04:57:50 PM »

If you check under IDS/IDP->IDP Rules you will find the section you need.
Logged
non progredi est regredi

WilliFixit

  • Level 1 Member
  • *
  • Posts: 7
Re: Is a rule required for IDP automatic updates?
« Reply #4 on: January 12, 2010, 09:04:39 AM »

Thanks, Fatman.  Rule created, updates happening.

This brings up one other question...

I am assuming (maybe incorrectly) that our IDP subscription takes care of itself, like our Symantec antivirus subscription.  That is, as long as I am regularly updating my definitions I am OK.  Is that the same with the IDP updates?  Or, do I have to implement rules to use the downloaded definitions.

(Sorry, a bit of a neophyte with this new router/firewall.)

Thanks,

Will
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Is a rule required for IDP automatic updates?
« Reply #5 on: January 12, 2010, 09:34:31 AM »

You have to implement rules in order to see a benefit.  This is no different than updating your Symantec definitions, but never running a virus scan.
Logged
non progredi est regredi

WilliFixit

  • Level 1 Member
  • *
  • Posts: 7
Re: Is a rule required for IDP automatic updates?
« Reply #6 on: January 12, 2010, 09:51:44 AM »

Ahh....but the antivirus program monitors the "flow" of what is coming in automatically (which is what I was assuming the the router did too.)  The virus scan only checks what is already "made it" to the disk...

So as not to bother you, where should I look to learn/understand the next steps of properly setting up the router, for best utilizing the subscription?  It is kind of overwhelming with the 260+ signature groups and 19,000+ signatures.

Thanks,

Will
Logged

chechito

  • Level 3 Member
  • ***
  • Posts: 193
Re: Is a rule required for IDP automatic updates?
« Reply #7 on: January 19, 2010, 04:22:31 PM »

I suggest you to search in

http://security.dlink.com.tw/netdefend_ids_a.asp

(open it with mozilla firefox)

then ingress the signature of interest and will show you a brief description ofthe signature, that will help to know where and when use this signature.

I suggest you use google to search about security vulnerabilities, thats the way to understand what are you preventing whit the use of IDP

Actually i am testing my 3 month trial of idp and trying to understand the signatures, its a hard work
Logged