NetDefend™ UTM Firewall Series - D-Link

Product Highlights
Increased Security
Integrated Firewall/VPN and UTM provides protection
from viruses, intrusions and harmful content.
Reduced Cost of Ownership
Subscription service per firewall rather than per user
reduces licensing cost and simplifies management.
Easily Manage and Control Internet Usage
Fast, efficient web content filtering helps administrators
monitor and control employee Internet usage.
DFL-260E/860E/1660/2560/2560G
NetDefend™ UTM Firewall Series
Features
Integrated Firewall/VPN
The D-Link® NetDefend™ Unified Threat Management (UTM) firewalls provide a powerful
• Powerful Firewall Engine
security solution to protect business networks from a wide variety of threats. UTM
• Virtual Private Network (VPN) Security
Firewalls offer a comprehensive defense against virus attacks, unauthorized intrusions,
• Granular Bandwidth Management
and harmful content, successfully enhancing fundamental capabilities for managing,
• 802.1Q VLAN Tagging and Port-based VLAN
monitoring, and maintaining a healthy network.
• D-Link End-to-End Security Solution (E2ES)
Integration with ZoneDefense9
Unified Threat Management
• High Availability11
Advanced Functions
• Stateful Packet Inspection (SPI)
• Detect/Drop Intruding Packets
• Server Load Balancing
• Policy-based Routing
Unified Threat Management
• Optional Service Subscriptions
• Intrusion Prevention System (IPS)
NetDefend UTM Firewalls integrate intrusion detection and prevention, gateway
antivirus, and content filtering for superior Layer 7 content inspection protection.
The real-time update service keeps the IPS information, antivirus signatures, and URL
databases current. Combined, these enhancements help to protect office networks from
application exploits, network worms, malicious code attacks, and provide everything a
business needs to safely manage employee Internet access.
Powerful VPN Performance
• Antivirus (AV) Protection
NetDefend UTM Firewalls offer an integrated VPN Client and Server allowing remote
• Web Content Filtering (WCF)
offices or trusted partner to securely connect to a head office. Mobile users working
Virtual Private Network (VPN)
remotely from home or on the road can also safely connect to the office network to access
• IPSec NAT Traversal
company data and e-mail. NetDefend UTM Firewalls incorporate hardware-based VPN
• VPN Hub and Spoke
engines to support and manage a large number of VPN configurations.
• IPSec, PPTP, L2TP
• DES, 3DES, AES, Twofish, Blowfish,CAST-128
Encryption
DFL-260E/860E/1660/2560/2560G NetDefend UTM Firewall Series
• Automated Key Management via IKE/ISAKMP
• Aggressive/Main/Quick Negotiation
• Multiple WAN Interfaces for Traffic Load
Sharing6
Enhanced Network Services
• DHCP Server/Client/Relay
• IGMP V3
• H.323 NAT Traversal
• Robust Application Security ALGs
• OSPF Dynamic Routing Protocol9
• Run-Time Web-Based Authentication
DFL-260E
• Firewall Throughput: 150 Mbps
• VPN Performance: 45 Mbps (3DES/AES)
• 1 10/100/1000 Ethernet WAN Port
• 5 Switched 10/100/1000 Ethernet LAN Ports
• 1 10/100/1000 Ethernet DMZ Port
DFL-860E
Advanced VPN configuration options include:
• DES/3DES/AES/Twofish/Blowfish/CAST-128 encryption
• Manual or IKE/ISAKMP key management
• Quick/Main/Aggressive Negotiation modes
• VPN Authentication support using Radius server or user database
Enterprise-Class Firewall Security
NetDefend UTM Firewalls provide a complete set of advanced security features to
manage, monitor, and maintain a healthy and secure network. Network management
features include:
• Remote Management and Access Policies
• Bandwidth Control Policies
• URL Blacklists and Whitelists
• Firewall Throughput: 200 Mbps
UTM Services
• VPN Performance: 60 Mbps (3DES/AES)
Maintaining an effective defense against the various threats originating from the Internet
• 2 10/100/1000 Ethernet WAN Ports
requires that all three databases used by the NetDefend UTM Firewalls are kept up-to-date.
• 8 Switched 10/100/1000 Ethernet LAN Ports
In order to provide a continuous defense, D-Link offers optional UTM Service subscriptions
• 1 10/100/1000 Ethernet DMZ Port
which include updates for each defense:
DFL-1660
• Firewall Throughput: 1.2 Gbps
• VPN Performance: 350 Mbps (3DES/AES)
• 6 Configurable Gigabit Ethernet Ports
DFL-2560(G)
• Intrusion Prevention Systems (IPS)
• Antivirus Protection (AV)
• Web Content Filtering (WCF).
• Firewall Throughput: 2 Gbps
NetDefend UTM Subscriptions ensure that each of the firewall’s service databases are
• VPN Performance: 1 Gbps (3DES/AES)
complete and effective.
• 10 Configurable Gigabit Ethernet Ports
• 4 SFP Ports (DFL-2560G)
Robust Intrusion Prevention10
The NetDefend UTM Firewalls employ component-based signatures, a unique IPS
technology which recognizes and protects against all varieties of known and unknown
attacks. This system can address all critical aspects of an attack or potential attack including
payload, NOP sled, infection, and exploits. The IPS database includes attack information
and data from a global attack sensor-grid and exploits collected from public sites such as
the National Vulnerability Database and Bugtrax. The NetDefend UTM Firewalls constantly
create and optimize NetDefend signatures via the D-Link Auto-Signature Sensor System
without overloading existing security appliances. These signatures ensure a high ratio of
detection accuracy and a low ratio of false positives.
Stream-based Virus Scanning10
The NetDefend UTM Firewalls examine files of any size, using a stream-based virus scanning
technology which eliminates the need to cache incoming files. This zero-cache scanning
method not only increases inspection performance but also reduces network bottlenecks.
NetDefend UTM firewalls use virus signatures from Kaspersky Labs to provide systems with
reliable and accurate antivirus protection, as well as prompt signature updates. Consequently,
viruses and malware can be effectively blocked before they reach desktops or mobile devices.
DFL-260E/860E/1660/2560/2560G NetDefend UTM Firewall Series
Fast, Efficient Web Content Filtering10
Licensed for Unlimited Users
Web Content Filtering helps administrators monitor, manage, and control
Optional subscription services for IPS, Antivirus Scanning, and Web Content
employee Internet usage. The NetDefend UTM Firewalls implement multiple
Filtering are priced per firewall rather than per user, thus reducing the total cost
global index servers with millions of URLs and real-time website data to enhance
of ownership for licensing.
performance capacity and maximize service availability. These firewalls use
granular policies and explicit blacklists and whitelists to control access to certain
types of websites for any combination of users, interfaces, and IP networks. The
firewall can actively handle Internet content by stripping potential malicious
objects, such as Java Applets, JavaScripts/VBScripts, ActiveX objects, and cookies.
WAN Link Load-Balancing and Fault-Tolerance
Multiple WAN ports support traffic load balancing and failover, thus
guaranteeing Internet availability and bandwidth.
D-Link End-to-End Security (E2ES) Solutions9
NetDefend UTM Subscription
The standard NetDefend UTM Subscription provides your firewall with UTM
service updates for 12 months starting from the day you activate or extend
your service.2 The NetDefend UTM Subscription can be renewed regularly to
provide your firewalls with the most up-to-date security service available from
D-Link.
The ZoneDefense mechanism, operating in conjunction with D-Link xStack
switches, automatically quarantines infected workstations and prevents them
from flooding the internal network with malicious traffic.
D-Link Green Certified
The D-Link Green certified DFL-1660 and DFL-2560(G) are built with an 80
NetDefend Center: http://security.dlink.com.tw
PLUS internal power supply. 80 PLUS certified power supplies offer increased
reliability due to greater efficiency, and provide a reduced cost of ownership
Powerful VPN Engine
through longer equipment life. Additionally, 80 PLUS power supplies help
Hardware-based data encryption and authentication for IPSec, PPTP, L2TP, and
prevent pollution by limiting energy consumption, and run at a lower
SSL in Client/Server mode enable fast and safe handling of VPN traffic.
temperature reducing cooling costs.
Professional Intrusion Prevention System (IPS)
The DFL-260E and DFL-860E save energy automatically through cable length
Automatic updates from a comprehensive IPS signature database focus on
port, the amount of power used for the port can be adjusted, only using as
attack payloads to protect the network against zero-day attacks.
much as is needed. The DFL-260E/860E also detect if a port is not in use, and
1
Real-Time Antivirus Inspection (AV)
and link status detection. By detecting the length of cables connected to a
can automatically reduce the power used for that port, cutting energy used for
it by a substantial amount.
The antivirus engine scans using the most complete, most up-to-date antivirus
D-Link Green certified devices comply with RoHS (Restriction of Hazardous
signature database. Streaming-based pattern matching provides effective
Substances) and WEEE (Waste Electrical and Electronic Equipment) directives.
protection against viruses.
RoHS directives restrict the use of specific hazardous materials during
Secure Network Implementation Using NetDefend™
UTM Firewalls
manufacturing, while WEEE implements standards for proper recycling and
disposal. Together, these considerations make D-Link Green firewall products
the environmentally responsible choice.
DFL-260E/860E/1660/2560/2560G NetDefend UTM Firewall Series
Technical Specifications
DFL-260E
Ethernet Ports
•1 10/100/1000 DMZ port (configurable)
•1 10/100/1000 WAN port
•5 Switched 10/100/1000 LAN ports
DFL-860E
•1 10/100/1000 DMZ port (configurable)
•2 10/100/1000 WAN port
•8 Switched 10/100/1000 LAN ports
DFL-1660
•6 configurable 10/100/1000 ports
SFP
DFL-2560(G)
•10 configurable 10/100/1000 ports
•4 SFP ports
(DFL-2560G ONLY)7
USB
•2 USB ports (reserved)
Console
•RS-232
•DB-9 RS-232
System Performance1
Firewall Throughput2
•150Mbps
•200Mbps
•1.2Gbps
•2Gbps
VPN Throughput3
•45Mbps
•60Mbps
•350Mbps
•1Gbps
IPS Throughput4
•60Mbps
•80Mbps
•400Mbps
•600Mbps
Antivirus Throughput4
•35Mbps
•50Mbps
•225Mbps
•450Mbps
Concurrent Sessions
•25,000
•40,000
•600,000
•1,500,000
New Sessions (per second)
•2,000
•4,000
•15,000
•20,000
Policies
•500
•1,000
•
•6,000
Firewall System
•Transparent Mode
•NAT, PAT
•H.323 NAT Traversal
•Time-Scheduled Policies
•Application Lyer Gateway
Dynamic Routing Protocol
•OSPF
Proactive End-Point Security
•ZoneDefense
4,000
Networking
•DHCP Server/Client
•DHCP Relay
•Policy-Based Routing
•Port-based VLAN
IEEE 802.1q VLAN
•8
•16
•1024
•2048
IP Multicast
•IGMP v3
Virtual Private Network (VPN)
•Encryption Methods
•PPTP/L2TP Server
•SSL VPN
•Hub and Spoke
•IPSec NAT Traversal
•2,500
•5,000
(DES/3DES/AES/Twofish/Blowfish/
CAST-128)
Dedicated VPN Tunnels
•100
•3005
Traffic Load Balancing
•Outbound Load Balancing
•Traffic Redirect at Fail-over
•Outbound Load Balancing
•Traffic Redirect at Fail-over
•Server Load Balancing
Outbound Load Balance Algorithems
•Round-robin, Weight-based Round-robin, Destination-based, Spill-over
DFL-260E/860E/1660/2560/2560G NetDefend UTM Firewall Series
Bandwidth Management
•Policy-Based Traffic Shaping
•Guaranteed Bandwidth
•Dynamic Bandwidth Balancing
•Maximum Bandwidth
•Priority Bandwidth
High Availability
•WAN Fail-Over
•WAN Fail-Over
•Active-Passive Mode
•Device Failure Detection
•Link Failure Detection
•FW/VPN Session SYN
Intrusion Detection & Prevention System
(IDP/IPS)
•Automatic Pattern Update
•DoS, DDoS Protection
•Attack Alarm via E-mail
•Advanced IDP/IPS Subscription
Content Filtering
•HTTP Type: URL Blacklist/Whitelist
•Script Type: Java, Cookie, ActiveX, VB
•Email Type: E-mail Blacklist/Whitelist
•External Database Content Filtering
Antivirus
•Real Time AV Scanning
•Unlimited File Size
•Scans VPN Tunnels
•Supports Compressed Files
•Automatic Pattern Update
•Signature Licensor: Kaspersky
Power Supply
•Internal Power Supply
•80 PLUS Internal Power Supply
Dimensions
•11.02” x 7.08” x 1.73”
(280 x 180 x 44mm)
•11” Racket Mount
Operating Temperature
•32°F to 104°F (0° to 40°C)
Storage Temperature
•-40°F to 158°F(-20° to 70°C)
Operating Humidity
•5% to 95% non-condensing
EMI
•FCC Class A
•CE Class A
•C-Tick
Safety
•UL LVD (EN60950-1)
•LVD (EN60950-1)
•cUL, CB
MTBF
•186,614 Hours
•140,532 Hours
•400,000 Hours
•Automatic Pattern Update
•DoS, DDoS Protection
•Attack Alarm via E-mail
•Advanced IDP/IPS Subscription
•IP Blacklist by Threshold or IDP/IPS
Physical & Environmental
•12.99” x 7.08” x 1.73”
(330 x 180 x 44mm)
•13” Rack-Mount
•17.32” x 15.75” x 1.73”
(440 x 400 x 44mm)
•19” Standard Rack-Mount
•VCCI
•310,000 Hours
Warranty
Warranty
•Limited Lifetime
Ordering Information
Part Number
Description
DFL-260E-NB
NetDefend Network Security UTM Firewall, 1 Gigabit WAN, 1 Gigabit DMZ, 5T LAN (90-Day IPS Subscription)
DFL-260-IPS-12
NetDefend IPS 1-Year Subscription for DFL-260/DFL-260E
DFL-260-AV-12
NetDefend AV 1-Year Subscription for DFL-260/DFL-260E
DFL-260-WCF-12
NetDefend WCF 1-Year Subscription for DFL-260/DFL-260E
DFL-860E-NB
NetDefend Network Security UTM Firewall, 2 Gigabit WAN, 1 Gigabit DMZ, 8 Gigabit LAN (90-Day IPS Subscription)
DFL-860-WCF-12
NetDefend WCF 1-Year Subscription for DFL-860/DFL-860E
DFL-860-IPS-12
NetDefend IPS 1-Year Subscription for DFL-860/DFL-860E
DFL-860-AV-12
NetDefend AV 1-Year Subscription for DFL-860/DFL-860E
DFL-260E/860E/1660/2560/2560G NetDefend UTM Firewall Series
Ordering Information
Part Number
Description
DFL-1600
NetDefend Network Security Firewall, 6 User-Configurable Gigabit Ports (90-Day IPS Subscription)
DFL-1660-AV-12
NetDefend AV 1-Year Subscription for DFL-1660
DFL-1660-IPS-12
NetDefend IPS 1-Year Subscription for DFL-1660
DFL-1660-WCF-12
NetDefend WCF 1-Year Subscription for DFL-1660
DFL-1660-NB
NetDefend Network UTM Firewall, IU, 6GbE, 90 day IPS/AV/WCF
DFL-1600-AV-12
NetDefend AV 1-Year Subscription for DFL-1600
DFL-1600-IPS-12
NetDefend IPS 1-Year Subscription for DFL-1600
DFL-1600-WCF-12
NetDefend WCF 1-Year Subscription for DFL-1600
DFL-2560-NB
NetDefend Network UTM Firewall, IU, 10GbE, 90 day IPS/AV/WCF
DFL-2560G-NB
NetDefend Network UTM Firewall, IU, 6GbE, 4SFP, 90 day IPS/AV/WCF
DFL-2560-AV-12
NetDefend AV 1-Year Subscription for DFL-2560/2560G
DFL-2560-IPS-12
NetDefend IPS 1-Year Subscription for DFL-2560/2560G
DFL-2560-WCF-12
NetDefend WCF 1-Year Subscription for DFL-2560/2560G
Actual performance may vary depending on network conditions and activated services.
The maximum Firewall plaintext throughput is based on RFC2544 testing methodologies.
VPN throughput is measured using UDP traffic at 1420 byte packet size adhering to RFC 2544.
4
IPS and Anti-Virus performance test is based on HTTP protocol with a 1Mb file attachment run on the IXIA IxLoad. Testing is done with multiple flows through multiple port pairs.
5
Performance based on firmware 2.27.00 and above
6
Available when DMZ port is configured as WAN port
7
Compatible with D-Link SFP module transceivers: DEM-310GT, DEM-311GT, DEM-312GT2, DEM-314GT, DEM-315GT, DGS-712
8
Sold seperatley
9
For DFL-860E, DFL-1660, and DFL-2560(G) only
10
With optional subscription services
11
For DFL-1660 and DFL-2560(G) only
1
2
3
Updated 12/7/11
DFL-260E
DFL-860E
DFL-1660
DFL-2560
DFL-2560G
For more information
U.S.A. | 17595 Mt. Herrmann Street | Fountain Valley, CA 92708 | 800.326.1688 | dlink.com Canada | 2525 Meadowvale Blvd | Mississauga, ON L5N 5S2 | 800.361.5265 | dlink.ca
©2011 D-Link Corporation/D-Link Systems, Inc. All rights reserved. D-Link, the D-Link logo, and D-ViewCam are trademarks or registered trademarks of D-Link Corporation or its subsidiaries in the United States and/or other countries. Other
trademarks or registered trademarks are the property of their respective owners. Visit www.dlink.com for more details.
Building Networks for People