01 NetDefend UTM Firewall Series - D-Link

DFL-260E/860E/1660/2560/2560G
NetDefend UTM Firewall Series
Integrated Firewall/VPN
ƒPowerful
ƒ
Firewall Engine
ƒVirtual
ƒ
Private Network (VPN) Security
ƒGranular
ƒ
Bandwidth Management
ƒ802.1Q
ƒ
VLAN Tagging and Port-Based
VLAN
ƒD-Link
ƒ
End-to-End Security Solutions
(E2ES) Integration with ZoneDefense
Advanced Functions
ƒStateful
ƒ
Packet Inspection (SPI)
ƒDetect/Drop
ƒ
Intruding Packets
ƒServer
ƒ
Load Balancing
ƒPolicy-Based
ƒ
Routing
Unified Threat Management
ƒIntrusion
ƒ
Prevention System (IPS)
ƒAntivirus
ƒ
(AV) Protection
ƒWeb
ƒ
Content Filtering (WCF)
ƒOptional
ƒ
Service Subscriptions
Virtual Private Network
ƒIPSec
ƒ
NAT Traversal
ƒVPN
ƒ
Hub and Spoke
ƒIPSec,
ƒ
PPTP, L2TP, SSL
ƒDES,
ƒ
3DES, AES, Twofish, Blowfish,
CAST‑128 Encryption
ƒAutomated
ƒ
Key Management via IKE/
ISAKMP
ƒAggressive/Main/Quick
ƒ
Negotiation
Enhanced Network Services
ƒDHCP
ƒ
Server/Client/Relay
ƒIGMP
ƒ
V3
ƒH.323
ƒ
NAT Traversal
ƒRobust
ƒ
Application Security for ALGs
ƒOSPF
ƒ
Dynamic Routing Protocol
ƒRun-Time
ƒ
Web-Based Authentication
Performance Optimization
ƒUTM
ƒ
Acceleration Engine
ƒMultiple
ƒ
WAN Interfaces for Traffic Load
Sharing
VPNC
CERTIFIED
AES
Interop
VPNC
CERTIFIED
Basic
Interop
Today’s continuously shifting security environment
presents a challenge for small/home office networks
with limited IT capabilities. Fortunately, the D-Link
NetDefend Unified Threat Management (UTM)
firewalls provide a powerful security solution to
protect business networks from a wide variety
of threats. UTM Firewalls offer a comprehensive
defense against virus attacks, unauthorized
intrusions, and harmful content, successfully
enhancing fundamental capabilities for managing,
monitoring, and maintaining a healthy network.
Enterprise-Class Firewall Security
NetDefend UTM Firewalls provide a complete set
of advanced security features to manage, monitor,
and maintain a healthy and secure network. Network
management features include: Remote Management,
Bandwidth Control Policies, URL Blacklists and
Whitelists, Access Policies, and SNMP. For network
monitoring, these firewalls support e-mail alerts,
system logs, consistency checks, and real-time
statistics.
Unified Threat Management
NetDefend UTM Firewalls integrate an intrusion
detection and prevention system, gateway
antivirus, and content filtering for superior
Layer 7 content inspection protection. An acceleration
engine increases throughput, while the real-time
update service keeps the IPS information, antivirus
signatures, and URL databases current. Combined,
these enhancements help to protect office networks
from application exploits, network worms, malicious
code attacks, and provide everything a business
needs to safely manage employee Internet access.
Powerful VPN Performance
NetDefend UTM Firewalls offer an integrated VPN
Client and Server. This allows remote offices to
securely connect to a head office or a trusted partner
network. Mobile users working from home or remotely
can also safely connect to the office network to access
company data and e-mail. NetDefend UTM Firewalls
have hardware-based VPN engines to support and
manage a large number of VPN configurations.
They support IPSec, PPTP, L2TP, and SSL protocols
in Client/Server mode and can handle pass-through
traffic as well.1 Advanced VPN configuration options
include: DES/3DES/AES/Twofish/Blowfish/CAST-128
encryption, Manual or IKE/ISAKMP key management,
Quick/Main/Aggressive Negotiation modes, and
VPN authentication support using either an external
RADIUS server or a large user database.
updates for each aspect of defense: Intrusion
Prevention Systems (IPS), Antivirus and Web Content
Filtering (WCF). NetDefend UTM Subscriptions
ensure that each of the firewall’s service databases
are complete and effective.
Robust Intrusion Prevention
The NetDefend UTM Firewalls employ componentbased signatures, a unique IPS technology which
recognizes and protects against all varieties of
known and unknown attacks. This system can
address all critical aspects of an attack or potential
attack including payload, NOP sled, infection, and
exploits. In terms of signature coverage, the IPS
database includes attack information and data from
a global attack sensor-grid and exploits collected
from public sites such as the National Vulnerability
Database and Bugtrax. The NetDefend UTM Firewalls
constantly create and optimize NetDefend signatures
via the D-Link Auto-Signature Sensor System without
overloading existing security appliances. These
signatures ensure a high ratio of detection accuracy
and a low ratio of false positives.
Stream-Based Virus Scanning
The NetDefend UTM Firewalls examine files of any
size, using a stream-based virus scanning technology
which eliminates the need to cache incoming files.
This zero-cache scanning method not only increases
inspection performance but also reduces network
bottlenecks. NetDefend UTM firewalls use virus
signatures from Kaspersky Labs to provide systems
with reliable and accurate antivirus protection, as
well as prompt signature updates. Consequently,
viruses and malware can be effectively blocked
before they reach desktops or mobile devices.
Web Content Filtering
Web Content Filtering helps administrators monitor,
manage, and control employee Internet usage. The
NetDefend UTM Firewalls implement multiple global
index servers with millions of URLs and real-time
website data to enhance performance capacity and
maximize service availability. These firewalls use
granular policies and explicit blacklists and whitelists
to control access to certain types of websites for any
combination of users, interfaces, and IP networks.
The firewall can actively handle Internet content by
stripping potential malicious objects, such as Java
Applets, JavaScripts/VBScripts, ActiveX objects, and
cookies.
UTM Services
Maintaining an effective defense against the various
threats originating from the Internet requires that
all three databases used by the NetDefend UTM
Firewalls are kept up-to-date. In order to provide a
robust defense, D-Link offers optional NetDefend
Firewall UTM Service subscriptions which include
01
DFL-260E/860E/1660/2560/2560G
NetDefend UTM Firewall Series
DFL-260E
ƒFirewall
ƒ
Throughput: 150 Mbps
ƒVPN
ƒ
Performance: 45 Mbps (3DES/AES)
ƒ1
ƒ 10/100/1000 Ethernet WAN Port
ƒ5
ƒ 10/100/1000 Ethernet LAN Ports
ƒ1
ƒ 10/100/1000 Ethernet DMZ Port
DFL-860E
ƒFirewall
ƒ
Throughput: 200 Mbps
ƒVPN
ƒ
Performance: 60 Mbps (3DES/AES)
ƒ2
ƒ 10/100/1000 Ethernet WAN Ports
ƒ8
ƒ 10/100/1000 Ethernet LAN Ports
ƒ1
ƒ 10/100/1000 Ethernet DMZ Port
NetDefend UTM Subscription
The standard NetDefend UTM Subscription provides
your firewall with UTM service updates for 12 months
starting from the day you activate or extend your
service.2 The NetDefend UTM Subscription can be
renewed regularly to provide your firewalls with
the most up-to-date security service available from
D-Link.
NetDefend Center: http://security.dlink.com.tw
DFL-1660
Licensed for Unlimited Users
Optional subscription services for IPS, Antivirus
Scanning, and Web Content Filtering are priced per
firewall rather than per user, thus reducing the total
cost of ownership for licensing.
WAN Link Load-Balancing and Fault-Tolerance
Multiple WAN ports support traffic load balancing
and failover, thus guaranteeing Internet availability
and bandwidth.
D-Link End-to-End Security (E2ES) Solutions 3
The ZoneDefense mechanism, operating in
conjunction with D-Link xStack switches,
automatically quarantines infected workstations and
prevents them from flooding the internal network with
malicious traffic.
ƒFirewall
ƒ
Throughput: 1.2 Gbps
ƒVPN
ƒ
Performance: 350 Mbps (3DES/AES)
ƒ6
ƒ Configurable Gigabit Ethernet Ports
DFL-2560(G)
ƒFirewall
ƒ
Throughput: 2 Gbps
ƒVPN
ƒ
Performance: 1 Gbps (3DES/AES)
ƒ10
ƒ Configurable Gigabit Ethernet Ports
ƒ4
ƒ SFP Ports (DFL-2560G)
Only Server mode available for SSL VPN.
2
Actual service package may vary depending on region.
3
For DFL-860E, DFL-1660, and DFL-2560(G) only
1
Powerful VPN Engine
Hardware-based data encryption and authentication
for IPSec, PPTP, L2TP, and SSL in Client/Server mode
enable fast and safe handling of VPN traffic.1
Professional Intrusion Prevention System (IPS)
Automatic updates from a comprehensive IPS
signature database focus on attack payloads to
protect the network against zero-day attacks.
Real-Time Antivirus Inspection (AV)
The antivirus engine scans using the most complete,
most up-to-date antivirus signature database.
Streaming-based pattern matching provides effective
protection against viruses.
Fast, Efficient Web Content Filtering
Multiple index server implementation, granular
policies, blacklists and active content handling
enhance performance and effectiveness of web
surfing control.
Acceleration Engine for Unified Threat Management
A powerful processor allows the firewall to carry out
IPS and Antivirus scanning simultaneously without
performance degradation.
D-Link Green Certified
The D-Link Green certified DFL-1660 and DFL-2560(G)
are built with an 80 PLUS internal power supply.
80 PLUS certified power supplies offer increased
reliability due to greater efficiency, and provide a
reduced cost of ownership through longer equipment
life. Additionally, 80 PLUS power supplies help
prevent pollution by limiting energy consumption, and
run at a lower temperature to reduce cooling costs.
The DFL-260E and DFL-860E save energy automatically
through cable length and link status detection. By
detecting the length of cables connected to a port, the
amount of power used for the port can be adjusted,
only using as much as is needed. The DFL-260E/860E
can also detect if a port is not in use, such as when
a connected computer is shut down or if nothing is
connected to the port, and can automatically reduce
the power used for that port, cutting energy used for
it by a substantial amount.
D-Link Green certified devices comply with RoHS
(Restriction of Hazardous Substances) and WEEE
(Waste Electrical and Electronic Equipment)
directives. RoHS directives restrict the use of specific
hazardous materials during manufacturing, while
WEEE implements standards for proper recycling
and disposal. Together, these considerations make
D-Link Green firewall products the environmentally
responsible choice.
02
DFL-260E/860E/1660/2560/2560G
DFL-260E
DFL-860E
1 10/100/1000 WAN port
2 10/100/1000 WAN ports
1 10/100/1000 DMZ port
(configurable)
1 10/100/1000 DMZ port
(configurable)
5 10/100/1000 LAN ports
8 10/100/1000 LAN ports
SFP
–
USB
Technical Specifications
Interfaces
Ethernet
Console
System
Performance 5
Firewall Throughput 6
VPN Throughput
IPS Throughput
7
8
Antivirus Throughput
8
Concurrent Sessions
New Sessions
(per second)
Firewall System
Networking
DFL-1660
DFL-2560(G)
6 configurable
10/100/1000 ports
10 configurable
10/100/1000 ports
–
–
4 SFP ports (DFL-2560G only) 4
2 USB ports (reserved)
2 USB ports (reserved)
2 USB ports (reserved)
2 USB ports (reserved)
RJ-45
RJ-45
1 DB-9 RS-232
1 DB-9 RS-232
150 Mbps
200 Mbps
1.2 Gbps
2 Gbps
45 Mbps
60 Mbps
350 Mbps
1 Gbps
60 Mbps
80 Mbps
400 Mbps
600 Mbps
35 Mbps
50 Mbps
225 Mbps
450 Mbps
600,000
1,500,000
25,000
9
40,000
2,000
4,000
15,000
20,000
Policies
500
1,000
4,000
6,000
Transparent Mode
ü
ü
ü
ü
NAT, PAT
ü
ü
ü
ü
Dynamic Routing Protocol
–
H.323 NAT Traversal
ü
ü
ü
ü
Time-Scheduled Policies
ü
ü
ü
ü
Application Layer
Gateway
ü
ü
ü
ü
Proactive End-Point
Security
–
DHCP Server/Client
ü
ü
ü
ü
DHCP Relay
ü
ü
ü
ü
Policy-Based Routing
ü
ü
ü
ü
IEEE 802.1q VLAN
8
16
1024
2048
OSPF
ZoneDefense
Port-based VLAN
ü
IP Multicast
Virtual Private
Network (VPN)
9
IGMP v3
Encryption Methods
ü
ü
ü
ü
Dedicated VPN Tunnels
100
300 9
2,500
5,000
PPTP/L2TP Server
ü
ü
ü
ü
Hub and Spoke
ü
ü
ü
ü
IPSec NAT Traversal
ü
ü
ü
ü
SSL VPN
ü
ü
ü
ü
(DES/ 3DES/ AES/ Twofish/
Blowfish/ CAST-128)
03
DFL-260E/860E/1660/2560/2560G
DFL-260E
DFL-860E
DFL-1660
DFL-2560(G)
Outbound Load Balancing
ü
ü
ü
ü
Server Load Balancing
–
ü
ü
ü
Technical Specifications
Traffic Load
Balancing
Outbound Load Balance
Algorithms
Bandwidth
Management
Traffic Redirect at
Failover
ü
ü
ü
ü
Policy-Based Traffic
Shaping
ü
ü
ü
ü
Guaranteed Bandwidth
ü
ü
ü
ü
Maximum Bandwidth
ü
ü
ü
ü
Priority Bandwidth
ü
ü
ü
ü
Dynamic Bandwidth
Balancing
ü
ü
ü
ü
ü
ü
ü
–
–
ü
ü
Device Failure Detection
–
–
ü
ü
Link Failure Detection
–
–
ü
ü
FW/VPN Session SYN
–
–
ü
ü
Automatic Pattern Update
ü
ü
ü
ü
DoS, DDoS Protection
ü
ü
ü
ü
Attack Alarm via E-mail
ü
ü
ü
ü
Advanced IDP/IPS
Subscription
ü
ü
ü
ü
IP Blacklist by Threshold
or IDP/IPS
–
ü
ü
ü
High Availability WAN Fail-Over
(HA)
Active-Passive Mode
Intrusion
Detection &
Prevention
System
(IDP/IPS)
Content
Filtering
Antivirus
Round-robin, Weight-based Round-robin, Destination-based, Spill-over
ü
10
HTTP Type
URL Blacklist/Whitelist
Script Type
Java, Cookie, ActiveX, VB
E-mail Type
E-mail Blacklist/Whitelist
External Database Content
Filtering
ü
ü
ü
ü
Real-Time AV Scanning
ü
ü
ü
ü
Unlimited File Size
ü
ü
ü
ü
Scans VPN Tunnels
ü
ü
ü
ü
Supports Compressed
Files
ü
ü
ü
ü
ü
ü
Signature Licensor
Automatic Pattern Update
Kaspersky
ü
ü
04
DFL-260E/860E/1660/2560/2560G
Technical Specifications
Physical &
Environmental
DFL-260E
Power Supply
Max. Power Consumption
Dimensions
DFL-860E
DFL-1660
Internal Power Supply
DFL-2560(G)
80 PLUS Internal Power Supply
18.6 watts
22.8 watts
280 x 180 x 44 mm
330 x 180 x 44 mm
440 x 400 x 44 mm
11” Rack-Mount
13” Rack-Mount
19” Standard Rack-Mount
Operating Temperature
66.8 watts
103 watts
0 to 40 °C
Storage Temperature
-20 to 70 °C
Operating Humidity
5% to 95% non-condensing
EMI
FCC Class A
CE Class A
C-Tick
VCCI
Safety
UL LVD (EN60950-1)
LVD (EN60950-1)
MTBF
186,614 hours
140,532 hours
cUL, CB
400,000 hours
310,000 hours
Compatible with D-Link SFP module transceivers: DEM-310GT, DEM-311GT, DEM-312GT2, DEM-314GT, DEM-315GT, DEM-330T, DEM-330R, DEM-331T, DEM-331R, DGS-712
Actual performance may vary depending on network conditions and activated services.
The maximum firewall plaintext throughput is based on RFC2544 testing methodologies.
7
VPN throughput is measured using UDP traffic at 1420 byte packet size adhering to RFC 2544.
8
IPS and Anti-Virus performance test is based on HTTP protocol with a 1Mb file attachment run on the IXIA IxLoad. Testing is done with multiple flows through multiple port pairs.
9
Performance based on firmware 2.27.00 and above
10
Available when DMZ port is configured as WAN port
4
5
6
05
DFL-260E/860E/1660/2560/2560G
Secure Network Implementation Using NetDefend™ UTM Firewalls
ACN 052 202 838
D-Link Corporation
No. 289 Xinhu 3rd Road, Neihu, Taipei 114, Taiwan
Specifications are subject to change without notice.
D-Link is a registered trademark of D-Link Corporation and its overseas subsidiaries.
All other trademarks belong to their respective owners.
©2011 D-Link Corporation. All rights reserved.
Release 03 (June 2011)
06
Download PDF
Similar pages