VPN Firewall for Departmental
Rack-mount firewall with complete virus scanning,
access control, intruder protection, remote VPN
connection and DMZ functions for company
Network Secure VPN Firewall for Departmental
The DFL-1000 is a cost-effective departmental firewall that provides comprehensive network protection,
high performance and easy installation. A hardware device that is much easier to install and more effective
than software-based firewalls, the DFL-1000 offers ideal protection for Small to medium Buisnesses or
corporate departments with plug-and-play connection, complete security against outside intruders, Virtual
Private Network (VPN) support through data encryption and authentication, and easy administration.
Complete Security
Your office is connected to the outside world through the
Internet. It is easy for hackers to analyse your databases
to steal or destroy data. The DFL-1000 provides a wide
range of protection against outside attacks, plus
comprehensive security that includes user authentication,
scheduled policies and Virtual Server Mapping. The
DFL-1000 provides NAT translation of IP addresses from
the internal private network to the public IP network.
Content Filtering & Virus Scanning
The DFL-1000 provides filtering of potentially malicious
codes embedded in web pages to remove Active objects,
Java, JavaScript and other potential threats. It provides
virus scanning for all incoming and outgoing email and
attachments, plus virus checking for Web plug-ins and
downloaded Web contents.
Easy Installation
All you need to do is connect the network cables. To the
outside world, you connect an RJ-45 plug to your
DSL/cable modem, Internet gateway or router. To your
office, you plug in another RJ-45 jack to your network
switch or hub. The DMZ port connects to an independent
hub or switch for the DMZ network. The DFL-1000
provides CPU, system memory and embedded software,
all ready to run.
Access Control
Administration access can be controlled so that the DFL-1000
can be administered from the protected internal network or the
external public Internet. The DFL-1000 supports an
internal/External (RADIUS) database for authenticating
user access to various services. It maps public IP addresses
to information servers on the internal network to allow
public access. It also prevents access to particular web sites,
using powerful pattern matching to block access to URLs or
Scheduled Policies
Firewall policies may be scheduled for different times
of the day/week/month and for one time use or
LAN-to-LAN VPN Connection
The DFL-1000 supports VPN functions including
PPTP, L2TP, IPSec, ESP security in tunnel mode, LAN
to-LAN and mobile remote access.
Hardware Acceleration
The DFL-1000 uses a special design ASIC to perform
VPN encryption and decryption. It off-loads CPU
loading through hardware-based acceleration.
The DFL-1000 supports web-based management using
a secure SSL connection from a remote terminal either
on the internal corporate network or even from an
external remote site. The DFL-1000 can also be
administered on-site using its RS-232 serial
Key Features
Easy to install, easy to manage
Web-based management and software updated via
Intruders prevention through MAC Address binding
with IP Addresses
Secure system management via VPN Tunnel on any
Triple-DES data encryption
Anti-virus scanning
Technical Specifications
VPN Firewall for Departmental
Dedicated VPN Tunnels
Hardware Specifications
Concurrent Sessions
System Memory
On board 256MB
User Authentication Support
RADIUS external database
Flash Memory
64MB CompactFlash Card
Physical & Environmental
Network Interface
3 10/100Mbps ports (1 Internal, 1 External, 1 DMZ)
Power Input
100 - 240V internal switching power supply
LED Indicators
- Power
- Status
- Interface link and activity
Power Consumption
11 Watts max
441 x 250 x 44 mm (standard rack-mount width, 1 U height)
Software Specifications
Security Feature:
- Firewall: Stateful Packet Inspection (SPI) to Prevent Denial of
Service (DoS) attacks (Syn flood, ICMP flood, UDP flood, "ping of
death", IP spoofing, land attack, tear drop attack, IP address sweep
attack, Win Nuke attack), Intrusion Detection System (IDS) including
logging, reporting and e-mail alerts, address, service and protocol,
Web URL content filtering.
- VPN Functionality: One hundred dedicated VPN tunnels, Manual
key and IKE Security Association (SA) assignment, 56-bit (DES)
or 168-bit (3DES) IPsec encryption algorithm, MD5 or SHA-1
authentication algorithm, pre-shared key, perfect forward secrecy
(Diffie-Helman and Oakley client support), key life and IKE lifetime
time settings, prevent replay attack, remote access VPN (client-toSite), site-to-site VPN.
- Mode of Operation: Network Address Translation (NAT), static
routing, unrestricted users per port.
Protocol Support:
- Network: IP routing, TCP/IP, UDP, ICMP, PPPoE
- IP addressing: DHCP (client and server)
- Routing: RIP v1, RIP v2 (Static Routing, Dynmic Routing)
- VPN/ Security: IPSec (ESP), MD5, SHA-1, DES, 3DES, IKE,
RFC Support:
- PPTP client and server
- IPSec tunnel mode
- HMAC-MD5-96
- HMAC-SHA1-96
- Encapsulation Security Payload Protocol
- DHCP server
- DHCP client
- TFTP client
- IP routing (RIP1, RIP2)
- NAT (many-to-one)
(RFC 2637)
(RFC 2401)
(RFC 2403)
(RFC 2404)
(RFC 2406)
(RFC 2131)
(RFC 2131)
(RFC 1350)
(RFC 2453)
(RFC 1631)
(RFC 2516)
- ftp
- http
- HMAC MD5 or HMAC SHA-1 Authentication/data integrity
Key Exchange
- Automatic IKE based on Pre-Shared Key
Attack Protection Provided
- IP Source Routing
- IP Spoofing
- SYN flood attack
- ICMP flood
- UDP flood
- Land attack
- Address sweep attack
- Tear drop attack
- Win nuke attack
- Port Scan attack
- Ping of Death
Operating Temperature
0 C ~ 45 C
Storage Temperature
0 C ~ 60 C
5% ~ 95%, non-condensing
EMI Certification
- FCC Class A
- CE Class A
- BSMI Class A
- C-Tick
Technical Specifications
VPN Firewall for Departmental