D-Link DFL-800 - Security Appliance User manual

D-Link DFL-800 - Security Appliance User manual
DFL-210
Multi-Function Security
+ Network Firewall
+ VPN Server
+ Content Manager
+ Bandwidth Manager
+ Transparent Firewall Mode
Ports
Network Security Firewall
The NetDefend family of Firewall/VPN Security Appliances
is D-Link’s answer for hardware-based network security.
The new D-Link Network Security Firewall (DFL-210) is
an easy-to-deploy VPN and firewall solution designed
specifically for the Small Office / Home Office (SOHO)
market that demands superior performance and security.
+ 1 Ethernet WAN
+ 4 Ethernet LAN
+ 1 Ethernet DMZ/WAN2
Advanced Hardware Features
Advanced Firewall Features
The DFL-210 is a powerful security solution that provides
integrated Network Address Translation (NAT), SPI
Firewall, advanced content filtering features, IDS
protection, bandwidth management, as well as Virtual
Private Network (VPN) support. The DFL-210 hardware
includes four trusted LAN ports, a WAN port, and a
user-configurable DMZ port to support local servers
such as e-mail, Web, and FTP. The DMZ port can also
be reconfigured as a WAN fail-over port. All of these
features conveniently fit into a desktop chassis that can
be easily integrated into your network.
+ Stateful Packet Inspection
+ Detect/Drop Intruding Packets
+ User-Configurable DMZ Port
+ User Authentication (RADIUS, LDAP, IAS)
+ Intrusion Detection System (IDS)
+ 80Mbps Firewall Throughout
+ X.509v3 PKI
Embedded VPN Accelerator
+ Up to 100 VPN Tunnels¹
+ IPsec, PPTP, L2TP, L2TP with IPsec
+ DES, 3DES, AES, Twofish, Blowfish, and
CAST-128 Encryption
+ Automated Key Management via
IKE/ISAKMP
+ Aggressive/Main/Quick Negotiation
+ xAuthentication
Performance Optimization
+ 802.1q VLAN Tagging
+ Traffic Shaping/Priority
Enterprise-class Security
To provide enterprise-class network security, the DFL-210
has several flexible firewall features to manage, monitor,
and maintain a healthy and secure network. Network
management features include: Remote Management,
Bandwidth Control Policies, URL/Keyword Blocking,
Access Policies, and SNMP. For network monitoring, the
DFL-210 supports e-mail alerts, system log, consistency
checks, and real-time statistics. These features, along
with a firmware backup function, provide and maintain
maximum network performance and security.
VPN Performance
For optimal VPN configuration, the DFL-210 has an
integrated VPN Client and Server to support almost
any required VPN policy. This high-end appliance has a
hardware VPN engine to support and manage up to 100
VPN configurations. The DFL-210 can support IPSec,
PPTP, and L2TP protocols in Client/Server mode and
can handle pass-through traffic as well. Advanced VPN
configuration options include: DES/3DES/AES/Twofish/
Blowfish/CAST-128 encryption, Manual or IKE/ISAKMP
key management, Quick/Main/Aggressive Negotiation
modes, and VPN authentication support using either
an external RADIUS server or the internal 500-user
database.
Configurable User Interface
The DFL-210 features an intuitive user interface that can
easily be configured via D-Link’s Web-based interface and
monitored using the Command Line Interface (CLI). These
configuration options can be managed through Admin,
Read/Write, or Read-only administrator rights. With these
access management levels, any authorized user can
easily configure or access the administrative functions of
the DFL-210.
With businesses becoming increasingly network-dependent,
the need to invest in a reliable security solution is crucial.
The D-Link DFL-210 Network Security Firewall offers high
return on investment through robust security features,
flexible configuration, and maximum network protection
for SOHO networks.
DFL-210
Network Security Firewall
Technical Specifications
Firewall Mode of Operation
VPN Security
Firewall Security
Network Service
+ Layer 3 Mode: Route Mode, NAT Mode
+ Policy-based NAT
+ Layer 2 Mode: Transparent Mode
+ Port Forwarding
+ Network Address Translation (NAT)
+ Static Address Translation (SAT)
+ Port Address Translation (PAT)
+ Time Scheduled Policies
+ VPN Tunnels: 100 (IPsec, PPTP, L2TP)
+ IPSec NAT-Traversal
+ IPSec LAN-to-LAN / Roaming User
+ DHCP over IPSec
+ PPTP/L2TP Server/Client
+ Encryption Transform: DES, 3DES, AES, Twofish,
Blowfish, CAST-128
+ IPsec Hub and Spoke
+ XAUTH (Extended Authentication) for IPSec
Authentication
+ Stateful Packet Inspection (SPI)
+ RADIUS, LDAP, IAS
+ Policy-based User Authentication
+ HTTP Traffic Filter: Keyword, URL, Exempt List
+ DoS/DDoS Attack Protection
+ Script Filter: Java Applet, Java Scripts, VB Scripts,
Cookies, ActiveX
+ Static IP Address
+ Static Routes
+ PPPoE for xDSL
+ Policy-based Routing
+ PPTP/L2TP Client for xDSL
+ DNS Resolving of Remote Gateway
+ DHCP Client for WAN Interface
+ Dynamic DNS Poster
+ BigPond Cable, Telia Compliance
+ Custom Application Layer Gateway
+ Internal DHCP Server
+ Support for IEEE 802.1q VLAN Tag (8)
+ DHCP Relay
+ Firewall Policies per VLAN Tag
+ WAN Failover/Load Sharing4
+ DHCP Server per VLAN Tag
+ IP Alias
Bandwidth Management
System
+ Guaranteed Bandwidth
+ Policy-based Traffic Shaping
+ Maximum Bandwidth
+ Time-scheduled Traffic Shaping
+ Priority-bandwidth Utilization
+ Bandwidth Management in VPN Tunnel
+ SYSLog Support
+ Simple Network Time Protocol (SNTP)
+ Firewall Configuration Backup
+ Simple Network Management Protocol (SNMP)
+ E-mail Alerts
+ Configuration Consistency Checks
+ Management – HTTP/HTTPS/SSH
Intrusion Detection System
+ NIDS Pattern Auto Update
+ Attack Alarm via E-mail Notification
Device Ports:
+ WAN: 1 10/100BASE-TX Port
+ DMZ/WAN2: 1 10/100BASE-TX Port
+ LAN: 4 10/100BASE-TX Ports
+ Console Port: Serial COM Port
+ Power
+ WAN (Link/Activity per Port)
+ System
+ DMZ (Link/Activity per Port)
Diagnostic LED
+ LAN (Link/Activity per Port)
Power Input
5VDC, 3.0A Switching External Power Supply
DFL-210
Network Security Firewall
Power Consumption
15 Watts Max.
Dimensions
+ Item: 9.25” x 6.38” x 1.42”
+ Packaging: 10.79” x 8.19” x 4.64”
Weight
+ Item: 1.1 lbs
+ Packaging: 2.66 lbs
Temperature
+ Operating: 32°F to 140°F
+ Storage: -4°F to 158°F
Humidity
5% to 95% (Non-Condensing)
Emission (EMI)
+ FCC Class A
+ C-Tick
+ CE
Safety
+ UL
+ LVD (EN60950)
+ TUV
Warranty
1-Year Limited²
Actual performance may vary depending on network conditions and activated services.
1-Year Limited Warranty available only in the USA and Canada.
The latest software and documentation are available on http://support.dlink.com.
4
DMZ configured as WAN2 required.
1
2
3
D-Link Systems, Inc. 17595 Mt. Herrmann Street, Fountain Valley, CA 92708
©2006-2008 D-Link Corporation/D-Link Systems, Inc. All rights reserved. D-Link and
the D-Link logo are registered trademarks of D-Link Corporation or its subsidiaries in
the United States and/or other countries. Other trademarks or registered trademarks
are the property of their respective owners. Visit www.dlink.com for more details.
DFL-800
Multi-Function Security
+ Network Firewall
+ VPN Server
+ Content Manager
+ Bandwidth Manager
+ Transparent Firewall Mode
Advanced Firewall Features
+ Stateful Packet Inspection
+ Detect/Drop Intruding Packets
NetDefend Network Security Desktop VPN Firewall
Overview
VPN Performance
The NetDefend family of Firewall/VPN Security
Appliances is D-Link’s answer for hardware-based
network security. The new D-Link DFL-800 Network
Security Desktop VPN Firewall network security
appliance is an easy-to-deploy VPN and firewall solution
designed for small-to-medium sized businesses that
demand superior performance and security.
For optimal VPN configuration, the DFL-800 has both
an integrated VPN Client and Server to support almost
any required VPN policy. This high-end appliance has
a hardware VPN engine to support and manage up to
300 VPN connections. The DFL-800 can support IPSec,
PPTP, and L2TP protocols in Client/Server mode and
can handle pass-through traffic as well. Advanced VPN
configuration options include: DES/3DES/AES/Twofish/
Blowfish/CAST-128 encryption, Manual or IKE/ISAKMP
key management, Quick/Main/Aggressive Negotiation
modes, and VPN authentication support using either
an external RADIUS server or the internal 500-user
database.
+ User-Configurable DMZ Port
+ User Authentication (RADIUS, LDAP,
IAS)
+ Intrusion Detection System (IDS)
+ X.509v3 PKI
Embedded VPN Accelerator
+ Up to 300 VPN Tunnels
+ IPsec, PPTP, L2TP, L2TP with IPsec
+ DES, 3DES, AES, Twofish, Blowfish,
and CAST-128 Encryption
Advanced Hardware Features
The DFL-800 is a powerful security solution that provides
integrated Network Address Translation (NAT), SPI
Firewall, advanced content filtering features, IDS
protection, bandwidth management, as well as Virtual
Private Network (VPN) support. The DFL-800 hardware
includes seven trusted LAN ports, dual-WAN ports for
load balancing, and a user-configurable DMZ port to
support local servers such as e-mail, Web, and FTP. All
of these features conveniently fit into a desktop chassis
that can be easily integrated into your network.
+ Automated Key Management via
IKE/ISAKMP
+ Aggressive/Main/Quick Negotiation
+ xAuthentication
Performance Optimization
+ 802.1q VLAN Tagging
+ Dual-WAN Ports for Active Clustering/
Load Balancing
+ Traffic Shaping/Priority
Enhanced Network Services
+ DHCP Relay
+ SYSLog Support
+ E-mail Alert
+ SNMP Management
+ Consistency Checks
Enterprise-class Security
To provide enterprise-class network security, the
DFL-800 has several flexible firewall features to
manage, monitor, and maintain a healthy and secure
network. Network management features include:
Remote Management, Bandwidth Control Policies,
URL/Keyword Blocking, Access Policies, and SNMP.
For network monitoring, the DFL-800 supports e-mail
alerts, system log, consistency checks, and real-time
statistics. These features along with a firmware backup
function provide and maintain maximum network
performance and security.
Configurable User Interface
The DFL-800 can be configured via the D-Link Web-based
interface and monitored using the Command Line
Interface (CLI). These configuration options can be
managed through Admin, Read/Write, or Read-Only
administrator rights. With these access management
levels, any authorized user can easily configure or
access the administrative functions of the DFL-800.
With businesses becoming increasingly network-dependent,
the need to invest in a reliable security solution is
crucial. The D-Link DFL-800 NetDefend Network
Security Desktop VPN Firewall offers high return on
investment through robust security features, flexible
configuration, and maximum network protection.
DFL-800
NetDefend Network Security Desktop VPN Firewall
Technical Specifications
Software
Firewall Mode of Operation
+ Layer 3 Mode: Route Mode, NAT Mode
+ Layer 2 Mode: Transparent Mode
+ Network Address Translation (NAT))
+ Port Address Translation (PAT)
+ Static Address Translation (SAT)
+ Policy-Based NAT
+ Port Forwarding
+ Time Scheduled Policies
+ Time Scheduled Policies
VPN Security
Firewall Security
Network Service
Bandwidth Management
System
+ VPN Tunnels: 300 (IPsec, PPTP, L2TP, L2TP with IPsec)
+ IPsec LAN-to-LAN / Roaming User
+ PPTP/L2TP Server/Client
+ IPsec Hub and Spoke
+ IPsec NAT-Traversal
+ DHCP over IPsec
+ Encryption Transform: DES, 3DES, AES, Twofish, Blowfish,
CAST-128
+ XAUTH (Extended Authentication) for IPsec
Authentication
+ Stateful Packet Inspection (SPI)
+ Policy-Based User Authentication
+ DoS/DDoS Attack Protection
+ RADIUS, LDAP, IAS
+ HTTP Traffic Filter: Keyword, URL, Exempt List
+ Script Filter: Java Applet, Java Scripts, VB Scripts,
Cookies, ActiveX
+ Static IP Address
+ PPPoE for xDSL
+ PPTP/L2TP Client for xDSL
+ DHCP Client for WAN Interface
+ BigPond Cable, Telia Compliance
+ Internal DHCP Server
+ DHCP Relay
+ WAN Failover/Load Sharing
+ IP Alias
+ Static Routes
+ OSPF Dynamic Routing
+ Policy-Based Routing
+ DNS Resolving of Remote Gateway
+ Dynamic DNS Poster
+ Custom Application Layer Gateway
+ Support for IEEE 802.1q VLAN Tag (16)
+ Firewall Policies per VLAN Tag
+ DHCP Server per VLAN Tag
+ Guaranteed Bandwidth
+ Maximum Bandwidth
+ Priority-Bandwidth Utilization
+ Policy-Based Traffic Shaping
+ Time-Scheduled Traffic Shaping
+ Bandwidth Management in VPN Tunnel
+ SYSLog Support
+ Firmware Configuration Backup
+ E-mail Alerts
+ Management – HTTP/HTTPS, SSH
+ Simple Network Time Protocol (SNTP)
+ Simple Network Management Protocol (SNMP)
+ Configuration Consistency Checks
Intrusion and Detection System
+ NIDS Pattern Auto Update
+ Attack Alarm via E-mail Notification
DFL-800
NetDefend Network Security Desktop VPN Firewall
Physical & Environmental
Diagnostic LEDs
+ Power
+ System
+ WAN (Link/Activity per Port) (2)
+ LAN (Link/Activity per Port) (7)
+ DMZ (Link/Activity per Port) (1)
Device Ports
+ WAN: 2 10/100BASE-TX ports
+ LAN: 7 10/100BASE-TX ports
+ DMZ: 10/100BASE-TX port
+ Console Port: Serial COM port
Power Input
5VDC, 4.0A switching external power supply
Power Consumption
20 Watts Maximum
Dimensions (W x D x H)
11.0in x 8.43in x 1.73in
Weight
2.8 lbs (Device Only)
Temperature
+ Operating: 32˚ to 140˚F (0˚ to 60˚C)
Humidity
5% ~ 95% (Non-condensing)
Emission (EMI)
+ FCC Class A
+ Storage: -4˚ to 158˚F (-20˚ to 70˚C)
+ C-Tick
+ CE
Safety
+ UL
Warranty
1-Year Limited
+ LVD (EN60950)
1
1-Year Limited Warranty available only in the USA and Canada.
1
D-Link Systems, Inc. 17595 Mt. Herrmann Street, Fountain Valley, CA 92708
©2006-2008 D-Link Corporation/D-Link Systems, Inc. All rights reserved. D-Link and
the D-Link logo are registered trademarks of D-Link Corporation or its subsidiaries in
the United States and other countries. Other trademarks or registered trademarks
are the property of their respective owners. Visit www.dlink.com for more details.
DFL-1600
Multi-Function Security
+ Network Firewall
NetDefend Network Security Rackmount VPN Firewall
+ VPN Server
Overview
VPN Performance
The NetDefend family of Firewall/VPN Security Appliances
is D-Link’s answer for hardware-based network security.
The new DFL-1600 NetDefend Network Security Rackmount
VPN Firewall is an easy-to-deploy VPN and firewall
solution designed for enterprise and small-to-medium
sized businesses that demand superior performance and
security.
For optimal VPN configuration, the DFL-1600 has both
an integrated VPN Client and Server to support almost
any required VPN policy. This high-end appliance has a
hardware VPN engine to support and manage up to 1200
VPN connections. The DFL-1600 can support IPSec, PPTP,
and L2TP protocols in Client/Server mode and can handle
pass-through traffic as well. Advanced VPN configuration
options include: DES/3DES/AES/Twofish/Blowfish/CAST-128
encryption, Manual or IKE/ISAKMP key management,
Quick/Main/Aggressive Negotiation modes, and VPN
authentication support using either an external RADIUS
server or the internal 500-user database.
+ Content Manager
+ Bandwidth Manager
+ Transparent Firewall Mode
Advanced Firewall Features
+ Stateful Packet Inspection
+ Detect/Drop Intruding Packets
+ Embedded VPN
+ User Authentication (RAIDUS, LDAP,
IAS)
+ Intrusion Detection System (IDS)
+ x.509v3 PKI
Embedded VPN Accelerator
+ Up to 1,200 VPN Tunnels
+ IPsec, PPTP, L2TP, L2TP with IPsec
+ DES, 3DES, AES, Twofish, Blowfish,
and CAST-128 Encryption
+ Automated Key Management via
IKE/ISAKMP
+ Aggressive/Main/Quick Negotiation
+ xAuthentication
Performance Optimization
+ 802.1q VLAN Tagging
+ Dual-WAN Ports for Active Clustering/
Load Balancing
+ Traffic Shaping/Priority
Enhanced Network Services
+ DHCP Relay
+ SYSLog Support
+ E-mail Alert
+ SNMP Management
+ Consistency Checks
Advanced Hardware Features
The DFL-1600 is a powerful security solution that provides
integrated Network Address Translation (NAT), SPI Firewall,
advanced content filtering features, IDS protection,
bandwidth management, as well as Virtual Private Network
(VPN) support. The DFL-1600 includes six configurable
gigabit Ethernet ports that can be used for LAN, WAN, and
DMZ. All of these features conveniently fit into a 1U rackmountable chassis that can be easily integrated into your
switch/server rack.
Enterprise-class Security
To provide enterprise-class network security, the DFL-1600
has several flexible firewall features to manage, monitor,
and maintain a healthy and secure network. Network
management features include: Remote Management,
Bandwidth Control Policies, URL/Keyword Blocking, Access
Policies, and SNMP. For network monitoring, the DFL-1600
supports e-mail alerts, system log, consistency checks,
and real-time statistics. For at a glance monitoring, the 20x2
line LCM display provides hardware status info as well as
alert events to enable visual verifications. These features
along with a firmware backup function provide and maintain
maximum network performance and security.
Multiple Network Central Features
Additional network control features supported by the
DFL-1600 include 802.1q VLAN tagging and extensive High
Availability (HA) features. VLAN tagging supports integration
of the DFL-1600 into your rack system with L2/L3 managed
switches to segment your network and prioritize traffic.
HA options include WAN Fail-Over, Active/Passive Modes,
Device Failure Detection, Link Failure Detection, and
Session Synchronization. Additionally, support for Active
Clustering or Load Balancing optimizes network uptime and
performance.
Configurable User Interface
The DFL-1600 can be configured via D-Link’s Web-based
interface and monitored using the Command Line Interface
(CLI). These configuration options can be managed through
Admin, Read/Write, or Read-Only administrator rights. With
these access management levels, any authorized user can
easily configure or access the administrative functions of
the DFL-1600.
With businesses becoming increasingly networkdependent, the need to invest in a reliable security
solution is crucial. The D-Link DFL-1600 NetDefend Network
Security Rackmount VPN Firewall offers high return on
investment through robust security features, flexible
configuration, and maximum network protection.
DFL-1600
NetDefend Network Security Rackmount VPN Firewall
Technical Specifications
Software
Firewall Mode of Operation
+ Layer 3 Mode: Route Mode, NAT Mode
+ Layer 2 Mode: Transparent Mode
+ Network Address Translation (NAT))
+ Port Address Translation (PAT)
+ Static Address Translation (SAT)
+ Policy-Based NAT
+ Port Forwarding
+ Server Load Balancing
+ Time Scheduled Policies
VPN Security
Firewall Security
Network Service
+ VPN Tunnels: 300 (IPsec, PPTP, L2TP, L2TP with IPsec)
+ IPsec LAN-to-LAN / Roaming User
+ PPTP/L2TP Server/Client
+ IPsec Hub and Spoke
+ IPsec NAT-Traversal
+ DHCP over IPsec
+ Encryption Transform: DES, 3DES, AES, Twofish, Blowfish,
CAST-128
+ XAUTH (Extended Authentication) for IPsec
Authentication
+ Stateful Packet Inspection (SPI)
+ Policy-Based User Authentication
+ DoS/DDoS Attack Protection
+ RADIUS, LDAP, IAS
+ HTTP Traffic Filter: Keyword, URL, Exempt List
+ Script Filter: Java Applet, Java Scripts, VB Scripts,
Cookies, ActiveX
+ Static IP Address
+ PPPoE for xDSL
+ PPTP/L2TP Client for xDSL
+ DHCP Client for WAN Interface
+ BigPond Cable, Telia Compliance
+ Internal DHCP Server
+ DHCP Relay
+ WAN Failover/Load Sharing
+ IP Alias
+ Static Routes
+ OSPF Dynamic Routing
+ Policy-Based Routing
+ DNS Resolving of Remote Gateway
+ Dynamic DNS Poster
+ Custom Application Layer Gateway
+ Support for IEEE 802.1q VLAN Tag (128)
+ Firewall Policies per VLAN Tag
+ DHCP Server per VLAN Tag
+ WAN Failover/Load Sharing
Bandwidth Management
System
+ Guaranteed Bandwidth
+ Maximum Bandwidth
+ Priority-Bandwidth Utilization
+ Policy-Based Traffic Shaping
+ Time-Scheduled Traffic Shaping
+ Bandwidth Management in VPN Tunnel
+ SYSLog Support
+ Firmware Configuration Backup
+ E-mail Alerts
+ Management – HTTP/HTTPS, SSH
+ Simple Network Time Protocol (SNTP)
+ Simple Network Management Protocol (SNMP)
+ Configuration Consistency Checks
DFL-1600
NetDefend Network Security Rackmount VPN Firewall
Intrusion and Detection System
+ NIDS Pattern Auto Update
+ Attack Alarm via E-mail Notification
High Availability
+ Active-Passive HA mode
+ Network Notification on Failover
+ Device Failure Detection
+ Configuration Synchronization
+ Firewall/VPN Session Synchronization
+ Average Failover Time: < 800ms
+ Power
+ System
Physical & Environmental
Diagnostic LEDs
+ Gigabit Ethernet (Link/Activity per Port)
Device Ports
+ Gigabit Ethernet: 6 10/100/1000BASE-T Ports
+ Console Port: Serial COM port
LCM Module
+ 20 x 2 Line Liquid Crystal Module
+ Display HW Status and Events
Power Input
AC Input 100 ~ 240VAC 50 ~ 60Hz
Power Consumption
200 Watts Maximum
Dimensions (W x D x H)
+ 17.3in x 10.0in x 1.73in
Weight
8.8 lbs (Device Only)
Temperature
+ Operating: 32˚ to 140˚F (0˚ to 60˚C)
Humidity
5% ~ 95% (Non-condensing)
Emission (EMI)
+ FCC Class A
+ 19in 1U Rack Mountable
+ Storage: -4˚ to 158˚F (-20˚ to 70˚C)
+ C-Tick
+ CE
Safety
+ UL
Warranty
1-Year Limited
+ LVD (EN60950)
1
1-Year Limited Warranty available only in the USA and Canada.
1
D-Link Systems, Inc. 17595 Mt. Herrmann Street, Fountain Valley, CA 92708
©2005-2008 D-Link Corporation/D-Link Systems, Inc. All rights reserved. D-Link and
the D-Link logo are registered trademarks of D-Link Corporation or its subsidiaries in
the United States and other countries. Other trademarks or registered trademarks
are the property of their respective owners. Visit www.dlink.com for more details.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement