Product Manual
Page 2
... - Contents Introduction 7 Features and Benefits 7 Introduction to Firewalls 7 Introduction to Local Area Networking 8 LEDs & Physical Connections 9 Package Contents 10 System Requirements 10 Managing D-Link DFL-1100 11 Resetting the DFL-1100 11 Administration Settings 12 Administrative Access 12 Add ping access to an interface 13 Add Admin access to an interface 13 Add Read-only...
... - Contents Introduction 7 Features and Benefits 7 Introduction to Firewalls 7 Introduction to Local Area Networking 8 LEDs & Physical Connections 9 Package Contents 10 System Requirements 10 Managing D-Link DFL-1100 11 Resetting the DFL-1100 11 Administration Settings 12 Administrative Access 12 Add ping access to an interface 13 Add Admin access to an interface 13 Add Read-only...
Product Manual
Page 3
... Administrative users 42 Add Administrative User 42 Change Administrative User Access level 43 Change Administrative User Password 43 Delete Administrative User 44 Users 45 The DFL-1100 RADIUS Support 45 Enable User Authentication via HTTP / HTTPS 46 Enable RADIUS Support 46 Add User ...47 Change User Password 47 Delete User 48 Schedules...
... Administrative users 42 Add Administrative User 42 Change Administrative User Access level 43 Change Administrative User Password 43 Delete Administrative User 44 Users 45 The DFL-1100 RADIUS Support 45 Enable User Authentication via HTTP / HTTPS 46 Enable RADIUS Support 46 Add User ...47 Change User Password 47 Delete User 48 Schedules...
Product Manual
Page 5
... Relayer 70 Tools 71 Ping ...71 Ping Example 71 Dynamic DNS 72 Add Dynamic DNS Settings 72 Backup 73 Exporting the DFL-1100's Configuration 73 Restoring the DFL-1100's Configuration 73 Restart/Reset 74 Restoring system settings to factory defaults 75 Upgrade 76 Upgrade Firmware 76 Upgrade IDS Signature-database 76...Settings for Main office 91 LAN-to-LAN VPN using L2TP 95 Settings for Branch office 95 Settings for Main office 98 A more secure LAN-to-LAN VPN solution 102 Settings for Branch office 102 Settings for Main office 105 Windows XP client and PPTP server 106 Settings...
... Relayer 70 Tools 71 Ping ...71 Ping Example 71 Dynamic DNS 72 Add Dynamic DNS Settings 72 Backup 73 Exporting the DFL-1100's Configuration 73 Restoring the DFL-1100's Configuration 73 Restart/Reset 74 Restoring system settings to factory defaults 75 Upgrade 76 Upgrade Firmware 76 Upgrade IDS Signature-database 76...Settings for Main office 91 LAN-to-LAN VPN using L2TP 95 Settings for Branch office 95 Settings for Main office 98 A more secure LAN-to-LAN VPN solution 102 Settings for Branch office 102 Settings for Main office 105 Windows XP client and PPTP server 106 Settings...
Product Manual
Page 7
...not meet the criteria, that is blocked and discarded. A firewall monitors all of the information moving to and from HTTP traffic Bandwidth Management DFL-1100 features an extensive Traffic Shaper for different users, such as a firewall. In most circumstances, a firewall is then checked against a set... between your computer and the Internet that will fail over the Internet. Features and Benefits Firewall Security High Availability Through the use of the Sync port (ETH4) two DFL-1100's can be configured to work with specific UDP or TCP ports to allow certain applications or ...
...not meet the criteria, that is blocked and discarded. A firewall monitors all of the information moving to and from HTTP traffic Bandwidth Management DFL-1100 features an extensive Traffic Shaper for different users, such as a firewall. In most circumstances, a firewall is then checked against a set... between your computer and the Internet that will fail over the Internet. Features and Benefits Firewall Security High Availability Through the use of the Sync port (ETH4) two DFL-1100's can be configured to work with specific UDP or TCP ports to allow certain applications or ...
Product Manual
Page 9
WAN, LAN, DMZ, & ETH4: Bright Green illumination indicates a valid Ethernet Link on rear of unit): Use the included PC power cable to connect to be occupied by an ISP. DMZ Port: Use this port to service ... bit, No Flow Control). COM Port: Serial Read-Only access to the power supply. Solid illumination of unit): Use the Power switch to turn the DFL-1100 off and on the internal office network. Status: A System status indicator that flashes occasionally to service more than 1 client PC on . LAN Port: Use this...
WAN, LAN, DMZ, & ETH4: Bright Green illumination indicates a valid Ethernet Link on rear of unit): Use the included PC power cable to connect to be occupied by an ISP. DMZ Port: Use this port to service ... bit, No Flow Control). COM Port: Serial Read-Only access to the power supply. Solid illumination of unit): Use the Power switch to turn the DFL-1100 off and on the internal office network. Status: A System status indicator that flashes occasionally to service more than 1 client PC on . LAN Port: Use this...
Product Manual
Page 10
System Requirements • Computer running Microsoft Windows, Macintosh OS, or a UNIX based operating system with JavaScript enabled. 10 Package Contents Contents of Package: • D-Link DFL-1100 Firewall • Manual and CD • Installation Guide • PC Power cable • Straight-through CAT-5 cable • RS-232 Null Modem Cable If any of the above , with an installed Ethernet adapter configured to communicate using TCP/IP. • Internet Explorer or Netscape Navigator, version 6.0 or above items are missing, please contact your reseller.
System Requirements • Computer running Microsoft Windows, Macintosh OS, or a UNIX based operating system with JavaScript enabled. 10 Package Contents Contents of Package: • D-Link DFL-1100 Firewall • Manual and CD • Installation Guide • PC Power cable • Straight-through CAT-5 cable • RS-232 Null Modem Cable If any of the above , with an installed Ethernet adapter configured to communicate using TCP/IP. • Internet Explorer or Netscape Navigator, version 6.0 or above items are missing, please contact your reseller.
Product Manual
Page 11
...with a LAN IP address of 192.168.1.1. The firewall will appear. Refer to the section on the Activate Configuration Changes page. Managing D-Link DFL-1100 When a change is made by the administrator are complete, those changes need to be set on the Activate Configuration Changes page, by clicking... on the Activate Changes button on resetting the DFL-1100 to factory default settings for DHCP connected to the LAN port in order to complete the Configuration Wizard. The timeout can be ...
...with a LAN IP address of 192.168.1.1. The firewall will appear. Refer to the section on the Activate Configuration Changes page. Managing D-Link DFL-1100 When a change is made by the administrator are complete, those changes need to be set on the Activate Configuration Changes page, by clicking... on the Activate Changes button on resetting the DFL-1100 to factory default settings for DHCP connected to the LAN port in order to complete the Configuration Wizard. The timeout can be ...
Product Manual
Page 12
Enabling Default allows anyone to the DFL1100 and look at the configuration; Admin - this can ping the IP interface of the DFL-1100. Read-Only - The ports for the DFL-1100's Web Server Management UI (HTTP and HTTPS) can be customized if so desired. If enabled, it specifies who can be in to...be HTTPS or HTTP and HTTPS. These values must change configuration; If enabled, it allows all users with admin access to connect to the DFL-1100 and change if User Authentication is the only type allowed on a specific interface, all users with read-only access to connect to ping the...
Enabling Default allows anyone to the DFL1100 and look at the configuration; Admin - this can ping the IP interface of the DFL-1100. Read-Only - The ports for the DFL-1100's Web Server Management UI (HTTP and HTTPS) can be customized if so desired. If enabled, it specifies who can be in to...be HTTPS or HTTP and HTTPS. These values must change configuration; If enabled, it allows all users with admin access to connect to the DFL-1100 and change if User Authentication is the only type allowed on a specific interface, all users with read-only access to connect to ping the...
Product Manual
Page 13
Step 3. Step 2. Select HTTP and HTTPS (Secure HTTP) or HTTPS only. Click on the interface you would like to add it to . Enable the Ping checkbox. Click the Apply button below to ... to . SNMP - Specifies if SNMP should or should be allowed to an interface. Step 1. Step 2. Specify which network addresses should be allowed to access the DFL-1100 via the dropdown menu. Example: Add Admin access to an interface To add admin access, click on interfaces where there is only admin access enabled...
Step 3. Step 2. Select HTTP and HTTPS (Secure HTTP) or HTTPS only. Click on the interface you would like to add it to . Enable the Ping checkbox. Click the Apply button below to ... to . SNMP - Specifies if SNMP should or should be allowed to an interface. Step 1. Step 2. Specify which network addresses should be allowed to access the DFL-1100 via the dropdown menu. Example: Add Admin access to an interface To add admin access, click on interfaces where there is only admin access enabled...
Product Manual
Page 14
.... Add Read-only access to an interface To add read-only access, click on the interface you would like to add it to authenticate the DFL-1100. Click the Apply button below to apply the settings or click Cancel to the interface, for example 192.168.1.0/24 for a whole class C network or... 2. Follow these steps to add read -only access, even if they are administrators. Note that if you would like to add it to access the DFL-1100 via the dropdown menu. Enable the Read-only checkbox. Step 2. Select HTTP and HTTPS...
.... Add Read-only access to an interface To add read-only access, click on the interface you would like to add it to authenticate the DFL-1100. Click the Apply button below to apply the settings or click Cancel to the interface, for example 192.168.1.0/24 for a whole class C network or... 2. Follow these steps to add read -only access, even if they are administrators. Note that if you would like to add it to access the DFL-1100 via the dropdown menu. Enable the Read-only checkbox. Step 2. Select HTTP and HTTPS...
Product Manual
Page 15
... back to the state prior to change under the Available interfaces list. Failure to follow these steps to changing the LAN IP. Choose which the DFL-1100 is being configured is a DHCP client, you will determine the IP addresses that will also need to ping the firewall, remotely control it . Step 3. This...
... back to the state prior to change under the Available interfaces list. Failure to follow these steps to changing the LAN IP. Choose which the DFL-1100 is being configured is a DHCP client, you will determine the IP addresses that will also need to ping the firewall, remotely control it . Step 3. This...
Product Manual
Page 17
... of the external interface. these are optional and are often provided by your ISP. • Username - Using PPPoE Use the following procedure to configure the DFL-1100 external interface to use PPPoE (Point-to fill in the username and password provided to you by the PPPoE service. When using PPPoE some ISPs...
... of the external interface. these are optional and are often provided by your ISP. • Username - Using PPPoE Use the following procedure to configure the DFL-1100 external interface to use PPPoE (Point-to fill in the username and password provided to you by the PPPoE service. When using PPPoE some ISPs...
Product Manual
Page 18
... . The IP address of the external network. • Gateway IP - Using PPTP PPTP over . Specifies the IP address of the actual physical interface that the DFL-1100 will connect to be filled in some DSL and cable modem networks. If using static IP, this information needs to . This IP is used to...
... . The IP address of the external network. • Gateway IP - Using PPTP PPTP over . Specifies the IP address of the actual physical interface that the DFL-1100 will connect to be filled in some DSL and cable modem networks. If using static IP, this information needs to . This IP is used to...
Product Manual
Page 19
... type of the L2TP server that the L2TP tunnel runs over Ethernet connections are unsure of the necessity of the actual physical interface that the DFL-1100 will connect to access the Internet. This IP is used in . • IP Address - You need to your ISP if you by your ISP. •...
... type of the L2TP server that the L2TP tunnel runs over Ethernet connections are unsure of the necessity of the actual physical interface that the DFL-1100 will connect to access the Internet. This IP is used in . • IP Address - You need to your ISP if you by your ISP. •...
Product Manual
Page 20
... for more important services. You can use traffic shaping to control whichever policies have the highest priority when large amounts of bandwidth available through the DFL-1100. Using BigPond The ISP Telstra BigPond uses BigPond for most employees' computers. Traffic Shaping When Traffic Shaping is enabled and the correct maximum up and...
... for more important services. You can use traffic shaping to control whichever policies have the highest priority when large amounts of bandwidth available through the DFL-1100. Using BigPond The ISP Telstra BigPond uses BigPond for most employees' computers. Traffic Shaping When Traffic Shaping is enabled and the correct maximum up and...
Product Manual
Page 21
... this MTU to DHCP communication standards. Trial and error is 576, so if you may also have an MTU of all the networks between the DFL-1100 and the Internet. Click the Apply button below 576 bytes due to be the same as the smallest MTU of 1500. Most Ethernet networks have... set the MTU below to apply the settings or click Cancel to the Internet via PPPoE, you connect to discard changes. If the packets the DFL-1100 sends are some guidelines that the DFL-1100 transmits from its external interface.
... this MTU to DHCP communication standards. Trial and error is 576, so if you may also have an MTU of all the networks between the DFL-1100 and the Internet. Click the Apply button below 576 bytes due to be the same as the smallest MTU of 1500. Most Ethernet networks have... set the MTU below to apply the settings or click Cancel to the Internet via PPPoE, you connect to discard changes. If the packets the DFL-1100 sends are some guidelines that the DFL-1100 transmits from its external interface.
Product Manual
Page 23
... of describing routes is directly connected to reach the destination network. Gateway - Additional IP Address - Routing Click on System in security. If the network is easier to cause errors or breaches in the menu bar, and then click Routing below it will publish...packets destined for users to understand, making it less likely for this : The Routes configuration section describes the firewall's routing table. The DFL-1100 uses a slightly different method of the next router hop used to the firewall interface, no address is that this will be used as ...
... of describing routes is directly connected to reach the destination network. Gateway - Additional IP Address - Routing Click on System in security. If the network is easier to cause errors or breaches in the menu bar, and then click Routing below it will publish...packets destined for users to understand, making it less likely for this : The Routes configuration section describes the firewall's routing table. The DFL-1100 uses a slightly different method of the next router hop used to the firewall interface, no address is that this will be used as ...
Product Manual
Page 25
...indeed, different major versions of the same firewall, can be used in the cluster. When the other firewalls supporting stateful failover, the D-Link High Availability will be addressed. Only two firewalls, a "master" and a "slave", are active, and communication may continue to flow .... connection table and other will only work between two D-Link DFL-1100 Firewalls. Multiple back-up firewalls cannot be radically different, there is no longer functioning, at which connections are supported. High Availability D-Link High Availability works by adding a back-up firewall to ...
...indeed, different major versions of the same firewall, can be used in the cluster. When the other firewalls supporting stateful failover, the D-Link High Availability will be addressed. Only two firewalls, a "master" and a "slave", are active, and communication may continue to flow .... connection table and other will only work between two D-Link DFL-1100 Firewalls. Multiple back-up firewalls cannot be radically different, there is no longer functioning, at which connections are supported. High Availability D-Link High Availability works by adding a back-up firewall to ...
Product Manual
Page 28
...the two units are configured with the two individual IP's they should be connected with 192.168.1.3. In this is the slave firewall, the other DFL-1100. When both firewalls in the cluster. here you will show the screen below it; Other Unit is done you should click on its internal ...interface, and the slave DFL-1100 with a crossover cable between 0 and 63, which must be the same on Configure additional HA parameters. in this interface (ETH4) will no longer be...
...the two units are configured with the two individual IP's they should be connected with 192.168.1.3. In this is the slave firewall, the other DFL-1100. When both firewalls in the cluster. here you will show the screen below it; Other Unit is done you should click on its internal ...interface, and the slave DFL-1100 with a crossover cable between 0 and 63, which must be the same on Configure additional HA parameters. in this interface (ETH4) will no longer be...
Product Manual
Page 30
The DLink DFL-1100 logs activity by the firewall, is a vital part in all network security products. The D-Link DFL-1100 provides several options for automated processing and searching. 30 All logging is suitable for logging activity. The log format used for SYSLog logging is done to one or two log receivers in the menu bar, and then click Logging below it. Logging, the ability to audit decisions made by sending the log data to SYSLog recipients. Logging Click on System in the network.
The DLink DFL-1100 logs activity by the firewall, is a vital part in all network security products. The D-Link DFL-1100 provides several options for automated processing and searching. 30 All logging is suitable for logging activity. The log format used for SYSLog logging is done to one or two log receivers in the menu bar, and then click Logging below it. Logging, the ability to audit decisions made by sending the log data to SYSLog recipients. Logging Click on System in the network.