User Guide
Page 4
...damage or deteriorated insulation, have the option of following the terms and conditions either of that the vents are dangerous. SECURITY DISCLAIMER The appliance provides your product. Each version is damaged, disconnect the power plug and inform the responsible service personnel. EXCEPT WHEN ...adapter rather than those approved by the Free Software Foundation. To reduce risk of power source indicated on an unstable surface or support. countries not thus excluded. In such case, this License incorporates the limitation as this License, you with your office network...
...damage or deteriorated insulation, have the option of following the terms and conditions either of that the vents are dangerous. SECURITY DISCLAIMER The appliance provides your product. Each version is damaged, disconnect the power plug and inform the responsible service personnel. EXCEPT WHEN ...adapter rather than those approved by the Free Software Foundation. To reduce risk of power source indicated on an unstable surface or support. countries not thus excluded. In such case, this License incorporates the limitation as this License, you with your office network...
User Guide
Page 5
... About This Guide ...xi Introduction ...1 About Your D-Link NetDefend firewall 1 NetDefend Secured by Check Point Product Family 2 NetDefend Features and Compatibility 2 Connectivity ...2 Firewall ...3 VPN ...4 Management...4 Optional Security Services...5 Power Pack Features ...5 Package Contents ...6 Network... Requirements ...7 Getting to Know Your NetDefend firewall 8 Rear Panel ...8 Front Panel ...10 Getting to Know Your NetDefend firewall 11 Rear Panel ...11 Front Panel ...13 Contacting Technical Support...
... About This Guide ...xi Introduction ...1 About Your D-Link NetDefend firewall 1 NetDefend Secured by Check Point Product Family 2 NetDefend Features and Compatibility 2 Connectivity ...2 Firewall ...3 VPN ...4 Management...4 Optional Security Services...5 Power Pack Features ...5 Package Contents ...6 Network... Requirements ...7 Getting to Know Your NetDefend firewall 8 Rear Panel ...8 Front Panel ...10 Getting to Know Your NetDefend firewall 11 Rear Panel ...11 Front Panel ...13 Contacting Technical Support...
User Guide
Page 17
... the NetDefend firewall, you can subscribe to Know Your NetDefend firewall 11 Contacting Technical Support 14 About Your D-Link NetDefend firewall The D-Link NetDefend firewall is a unified threat management (UTM) appliance that enables secure high-speed Internet access from select service providers, including firewall security and software updates, Antivirus, Web Filtering, reporting, and VPN management. By...
... the NetDefend firewall, you can subscribe to Know Your NetDefend firewall 11 Contacting Technical Support 14 About Your D-Link NetDefend firewall The D-Link NetDefend firewall is a unified threat management (UTM) appliance that enables secure high-speed Internet access from select service providers, including firewall security and software updates, Antivirus, Web Filtering, reporting, and VPN management. By...
User Guide
Page 18
... • DFL-CPG310 Wireless Security VPN Firewall You can increase the number of licensed users by installing node upgrades. Contact your NetDefend firewall to include additional features without replacing the hardware by installing the DFL-CP310 Power Pack, and you can upgrade your reseller for console access and dialup modem connection • Supported Internet connection...
... • DFL-CPG310 Wireless Security VPN Firewall You can increase the number of licensed users by installing node upgrades. Contact your NetDefend firewall to include additional features without replacing the hardware by installing the DFL-CP310 Power Pack, and you can upgrade your reseller for console access and dialup modem connection • Supported Internet connection...
User Guide
Page 19
... • Dead Internet Connection Detection (DCD) • Traffic Monitoring • Traffic Shaping • VLAN Support (requires Power Pack) • Dynamic Routing (requires Power Pack) The NetDefend DFL-CPG310 firewall includes the following additional features: • Wireless LAN interface with dual diversity antennas...Detection and Prevention using Check Point SmartDefense • Network Address Translation (NAT) • Three preset security policies • Anti-spoofing • Voice over IP (H.323) support • Instant messenger blocking/monitoring Chapter 1: Introduction 3
... • Dead Internet Connection Detection (DCD) • Traffic Monitoring • Traffic Shaping • VLAN Support (requires Power Pack) • Dynamic Routing (requires Power Pack) The NetDefend DFL-CPG310 firewall includes the following additional features: • Wireless LAN interface with dual diversity antennas...Detection and Prevention using Check Point SmartDefense • Network Address Translation (NAT) • Three preset security policies • Anti-spoofing • Voice over IP (H.323) support • Instant messenger blocking/monitoring Chapter 1: Introduction 3
User Guide
Page 20
.../monitoring VPN The NetDefend series includes the following features: • Remote Access VPN Server with OfficeMode and RADIUS support • Remote Access VPN Client • Site to Site VPN Gateway • IPSEC VPN pass-through •...; Algorithms: AES/3DES/DES, SHA1/MD5 • Hardware Based Secure RNG (Random Number Generator) • IPSec NAT traversal (NAT-T) • Route-based VPN • Backup VPN ...Monitor, Connection Table Monitor, Wireless Monitor, Active Computers Display, Local Logs 4 D-Link NetDefend firewall User Guide
.../monitoring VPN The NetDefend series includes the following features: • Remote Access VPN Server with OfficeMode and RADIUS support • Remote Access VPN Client • Site to Site VPN Gateway • IPSEC VPN pass-through •...; Algorithms: AES/3DES/DES, SHA1/MD5 • Hardware Based Secure RNG (Random Number Generator) • IPSec NAT traversal (NAT-T) • Route-based VPN • Backup VPN ...Monitor, Connection Table Monitor, Wireless Monitor, Active Computers Display, Local Logs 4 D-Link NetDefend firewall User Guide
User Guide
Page 30
You can also download the latest version of this guide from the site. 14 D-Link NetDefend firewall User Guide Contacting Technical Support LED VPN Serial USB WLAN State LINK/ACT On, 100 On LNK/ACT Flashing Flashing (Green) Flashing (Green) Flashing (Green) Flashing (Green) Explanation 100 Mbps link established for the corresponding port Data is being transmitted/received VPN port in use Serial port in use USB port in use WLAN in use Contacting Technical Support If there is a problem with your NetDefend firewall, see http://support.dlink.com/.
You can also download the latest version of this guide from the site. 14 D-Link NetDefend firewall User Guide Contacting Technical Support LED VPN Serial USB WLAN State LINK/ACT On, 100 On LNK/ACT Flashing Flashing (Green) Flashing (Green) Flashing (Green) Flashing (Green) Explanation 100 Mbps link established for the corresponding port Data is being transmitted/received VPN port in use Serial port in use USB port in use WLAN in use Contacting Technical Support If there is a problem with your NetDefend firewall, see http://support.dlink.com/.
User Guide
Page 61
...displayed. Click View Certificate. Click Finish. f. Click Yes. Accessing the TNetDefendT Portal Remotely Using HTTPS Note: Your browser must support 128-bit cipher strength. To avoid seeing this is your first attempt to access the NetDefend Portal through HTTPS, the certificate in... the NetDefend firewall is not yet known to the browser, so the Security Alert dialog box appears. c. Click Next. g. Click Install Certificate. Chapter 3: Getting Started 45 The Certificate dialog box appears, with ...
...displayed. Click View Certificate. Click Finish. f. Click Yes. Accessing the TNetDefendT Portal Remotely Using HTTPS Note: Your browser must support 128-bit cipher strength. To avoid seeing this is your first attempt to access the NetDefend Portal through HTTPS, the certificate in... the NetDefend firewall is not yet known to the browser, so the Security Alert dialog box appears. c. Click Next. g. Click Install Certificate. Chapter 3: Getting Started 45 The Certificate dialog box appears, with ...
User Guide
Page 126
... SecureClient to be installed on the same subnet, and they therefore attempt to communicate directly over the local network, instead of through the secure VPN link. • Some networking protocols or resources may lead to the following problems: • VPN Clients on the same network will be ... to the VPN client, when the client connects and authenticates. In the Mode drop-down list, select Enabled. When OfficeMode is not supported by enabling the NetDefend DHCP Server to automatically assign a unique local IP address to communicate with each other via the NetDefend Internal VPN ...
... SecureClient to be installed on the same subnet, and they therefore attempt to communicate directly over the local network, instead of through the secure VPN link. • Some networking protocols or resources may lead to the following problems: • VPN Clients on the same network will be ... to the VPN client, when the client connects and authenticates. In the Mode drop-down list, select Enabled. When OfficeMode is not supported by enabling the NetDefend DHCP Server to automatically assign a unique local IP address to communicate with each other via the NetDefend Internal VPN ...
User Guide
Page 128
... packet headers. The NetDefend firewall supports the following VLAN types: • Tag-based In tag-based VLAN you can easily transfer a member of one of the gateway's ports as a 802.1Q VLAN trunk, connecting the appliance to the correct VLAN. Figure 10: Tag-based VLAN 112 D-Link NetDefend firewall User Guide Tagging ensures...
... packet headers. The NetDefend firewall supports the following VLAN types: • Tag-based In tag-based VLAN you can easily transfer a member of one of the gateway's ports as a 802.1Q VLAN trunk, connecting the appliance to the correct VLAN. Figure 10: Tag-based VLAN 112 D-Link NetDefend firewall User Guide Tagging ensures...
User Guide
Page 135
... existing on your network is routed, and one acting as the "Master", the default gateway through which is passed as the "Backup". The NetDefend firewall supports Internet connection tracking, which determines the gateway's role: the gateway with the highest priority becomes the new Active Gateway and takes over all network traffic...
... existing on your network is routed, and one acting as the "Master", the default gateway through which is passed as the "Backup". The NetDefend firewall supports Internet connection tracking, which determines the gateway's role: the gateway with the highest priority becomes the new Active Gateway and takes over all network traffic...
User Guide
Page 136
...IP address change, and thereby ensures virtually uninterrupted access from the LAN network. The NetDefend firewall supports configuring multiple HA clusters on connection time, and therefore having the Passive appliance needlessly connected to the Internet costs you can force a fail-over , switch off the ... it is useful in the following requirements must be met: 120 D-Link NetDefend firewall User Guide When HA is working properly, or if the active NetDefend firewall needs repairs. You may want multiple appliances to verify that HA is configured, you money. • You...
...IP address change, and thereby ensures virtually uninterrupted access from the LAN network. The NetDefend firewall supports configuring multiple HA clusters on connection time, and therefore having the Passive appliance needlessly connected to the Internet costs you can force a fail-over , switch off the ... it is useful in the following requirements must be met: 120 D-Link NetDefend firewall User Guide When HA is working properly, or if the active NetDefend firewall needs repairs. You may want multiple appliances to verify that HA is configured, you money. • You...
User Guide
Page 145
...Static NAT allows the mapping of Internet IP addresses or address ranges to have both of Gateway B. Static NAT rules do not imply any security rules. You can map each one of Gateway A's Internet connections is up, Gateway A is the Active Gateway, because its own MAC ...address, thereby enabling communication. Note: The NetDefend firewall supports Proxy ARP (Address Resolution Protocol). So long as network objects. To allow incoming traffic to a separate Internet IP address. You can be real...
...Static NAT allows the mapping of Internet IP addresses or address ranges to have both of Gateway B. Static NAT rules do not imply any security rules. You can map each one of Gateway A's Internet connections is up, Gateway A is the Active Gateway, because its own MAC ...address, thereby enabling communication. Note: The NetDefend firewall supports Proxy ARP (Address Resolution Protocol). So long as network objects. To allow incoming traffic to a separate Internet IP address. You can be real...
User Guide
Page 166
...established connections that are reset to their default link configurations ("Automatic Detection") and default assignments (shown in the main menu, and click the Ports tab. A confirmation message appears. 3. The Ports page appears. 2. The ports are not supported by the default settings may be broken. ...Click Network in the table below). Click OK. Click Default. RS232 Modem To reset ports to the WAN port. 150 D-Link NetDefend firewall User Guide Managing Ports Resetting Ports to Defaults You can reset the NetDefend firewall's ports to their default assignments and ...
...established connections that are reset to their default link configurations ("Automatic Detection") and default assignments (shown in the main menu, and click the Ports tab. A confirmation message appears. 3. The Ports page appears. 2. The ports are not supported by the default settings may be broken. ...Click Network in the table below). Click OK. Click Default. RS232 Modem To reset ports to the WAN port. 150 D-Link NetDefend firewall User Guide Managing Ports Resetting Ports to Defaults You can reset the NetDefend firewall's ports to their default assignments and ...
User Guide
Page 169
... types of outbound traffic. See Adding and Editing Classes on page 63. It is recommended to QoS classes. If you are using DFL-CP310, you have Simplified Traffic Shaper, and you can enable Traffic Shaper for incoming or outgoing connections. • When enabling Traffic Shaper for... Note: If you are using the procedure Using Internet Setup on page 155. Use Allow or Allow and Forward rules to determine which supports Advanced Traffic Shaper. 3. Enable Traffic Shaper for incoming traffic only if necessary. 2. Chapter 6: Using Traffic Shaper 153 You can add QoS...
... types of outbound traffic. See Adding and Editing Classes on page 63. It is recommended to QoS classes. If you are using DFL-CP310, you have Simplified Traffic Shaper, and you can enable Traffic Shaper for incoming or outgoing connections. • When enabling Traffic Shaper for... Note: If you are using the procedure Using Internet Setup on page 155. Use Allow or Allow and Forward rules to determine which supports Advanced Traffic Shaper. 3. Enable Traffic Shaper for incoming traffic only if necessary. 2. Chapter 6: Using Traffic Shaper 153 You can add QoS...
User Guide
Page 175
... deleted. Chapter 6: Using Traffic Shaper 159 Deleting Classes In this class. You can obtain the correct DSCP value from your ISP or private WAN must support DiffServ.
... deleted. Chapter 6: Using Traffic Shaper 159 Deleting Classes In this class. You can obtain the correct DSCP value from your ISP or private WAN must support DiffServ.
User Guide
Page 178
The DFL-CPG310 transmits in 802.11b/g access point that allows up to 105dBm, over 20 dB more information on environment). 162 D-Link NetDefend firewall User Guide XR dramatically stretches the performance of up to : http://www.super-ag.com. In addition, the NetDefend firewall supports a special extended... 802.11 specification. The architecture delivers receive sensitivities of up to three times the range of these standards are interoperable. The DFL-CPG310 supports the latest 802.11g standard (up to 54Mbps) and is tightly integrated with the older 802.11b standard (up to 108Mbps...
The DFL-CPG310 transmits in 802.11b/g access point that allows up to 105dBm, over 20 dB more information on environment). 162 D-Link NetDefend firewall User Guide XR dramatically stretches the performance of up to : http://www.super-ag.com. In addition, the NetDefend firewall supports a special extended... 802.11 specification. The architecture delivers receive sensitivities of up to three times the range of these standards are interoperable. The DFL-CPG310 supports the latest 802.11g standard (up to 54Mbps) and is tightly integrated with the older 802.11b standard (up to 108Mbps...
User Guide
Page 179
... (supplicants) attempting to connect to known security flaws in EAP (Extensible Authentication Protocol). It is not recommended, because it allows unauthorized users to encrypt the data. Wireless Security Protocols Wireless Security Protocols The NetDefend wireless security appliance supports the following security protocols: Table 23: Wireless Security Protocols Security Protocol None Description No security method is suitable for creating public access...
... (supplicants) attempting to connect to known security flaws in EAP (Extensible Authentication Protocol). It is not recommended, because it allows unauthorized users to encrypt the data. Wireless Security Protocols Wireless Security Protocols The NetDefend wireless security appliance supports the following security protocols: Table 23: Wireless Security Protocols Security Protocol None Description No security method is suitable for creating public access...
User Guide
Page 180
...to connect using both WPA and WPA2. 164 D-Link NetDefend firewall User Guide The WPA2 security method uses the more secure Advanced Encryption Standard (AES) cipher, instead of the RC4 cipher used by WPA and WEP. Note: The appliance and the wireless stations must first configure a RADIUS...authentication server. Furthermore, WPA includes 802.1x and EAP authentication, based on page 368 The WPA-PSK security method is a variation of WPA that support the WPA2 security method. This method is recommended for situations where you want to authenticate wireless stations using WPA or WPA...
...to connect using both WPA and WPA2. 164 D-Link NetDefend firewall User Guide The WPA2 security method uses the more secure Advanced Encryption Standard (AES) cipher, instead of the RC4 cipher used by WPA and WEP. Note: The appliance and the wireless stations must first configure a RADIUS...authentication server. Furthermore, WPA includes 802.1x and EAP authentication, based on page 368 The WPA-PSK security method is a variation of WPA that support the WPA2 security method. This method is recommended for situations where you want to authenticate wireless stations using WPA or WPA...
User Guide
Page 185
... range, and offers a maximum theoretical rate of 108 Mbps. Operates in the 2.4 GHz range and offers a maximum theoretical rate of cards supporting 802.11g Super, refer to newer wireless stations. When using this mode, only 802.11g stations will be able to connect. • 802... 802.11b (11Mbps). Operates in the 2.4 GHz range, and offers a maximum theoretical rate of 54 Mbps. Important: The station wireless cards must support the selected operation mode. Operates in the 2.4 GHz range, and offers a maximum theoretical rate of 54 Mbps. Each operation mode indicates a wireless...
... range, and offers a maximum theoretical rate of 108 Mbps. Operates in the 2.4 GHz range and offers a maximum theoretical rate of cards supporting 802.11g Super, refer to newer wireless stations. When using this mode, only 802.11g stations will be able to connect. • 802... 802.11b (11Mbps). Operates in the 2.4 GHz range, and offers a maximum theoretical rate of 54 Mbps. Important: The station wireless cards must support the selected operation mode. Operates in the 2.4 GHz range, and offers a maximum theoretical rate of 54 Mbps. Each operation mode indicates a wireless...