Product Manual
Page 2
...Introduction to Firewalls 6 Introduction to Local Area Networking 7 LEDs ...8 Physical Connections 8 Package Contents 9 System Requirements 9 Managing D-Link DFL-200 10 Resetting the DFL-200 10 Administration Settings 11 Administrative Access 11 Add ping access to an interface 12 Add Admin access to an interface 12 Add...WAN Interface Settings - Using L2TP 18 WAN Interface Settings - Using PPTP 17 WAN Interface Settings - Using BigPond 19 MTU Configuration 19 Routing 20 Add a new Static Route 21 Remove a Static Route 21 Logging 22 Enable Logging 23 Enable Audit Logging ...
...Introduction to Firewalls 6 Introduction to Local Area Networking 7 LEDs ...8 Physical Connections 8 Package Contents 9 System Requirements 9 Managing D-Link DFL-200 10 Resetting the DFL-200 10 Administration Settings 11 Administrative Access 11 Add ping access to an interface 12 Add Admin access to an interface 12 Add...WAN Interface Settings - Using L2TP 18 WAN Interface Settings - Using PPTP 17 WAN Interface Settings - Using BigPond 19 MTU Configuration 19 Routing 20 Add a new Static Route 21 Remove a Static Route 21 Logging 22 Enable Logging 23 Enable Audit Logging ...
Product Manual
Page 9
... cause irreparable electrical damage and void the warranty for this product. If any of Package: • D-Link DFL-200 Firewall • Manual and CD • Quick Installation Guide • 5V/3A AC Power adapter • Straight-through CAT-5 cable • RS-232... with JavaScript enabled. System Requirements • Computer running Microsoft Windows, Macintosh OS, or a UNIX based operating system with an installed Ethernet adapter configured to communicate using TCP/IP. • Internet Explorer or Netscape Navigator, version 6.0 or above items are missing, please contact your reseller.
... cause irreparable electrical damage and void the warranty for this product. If any of Package: • D-Link DFL-200 Firewall • Manual and CD • Quick Installation Guide • 5V/3A AC Power adapter • Straight-through CAT-5 cable • RS-232... with JavaScript enabled. System Requirements • Computer running Microsoft Windows, Macintosh OS, or a UNIX based operating system with an installed Ethernet adapter configured to communicate using TCP/IP. • Internet Explorer or Netscape Navigator, version 6.0 or above items are missing, please contact your reseller.
Product Manual
Page 10
... to page 63. 10 When all changes made to the configuration, a new icon named Activate Changes will save the configuration and reload it, making the new changes take effect by choosing the time from the dropdown menu. The firewall will appear. Managing D-Link DFL-200 When a change is restarting with the unit powered on the...
... to page 63. 10 When all changes made to the configuration, a new icon named Activate Changes will save the configuration and reload it, making the new changes take effect by choosing the time from the dropdown menu. The firewall will appear. Managing D-Link DFL-200 When a change is restarting with the unit powered on the...
Product Manual
Page 23
... Enable E-mail alerting for IDS/IDP events to up to three valid email addresses to have to fill in the SMTP server to which the DFL-200 will always generate log entries. Choose the sensitivity level. Step 2. It is also possible to receive the e-mail alerts. Step 1. Enable Logging Follow these steps... auditing. Step 1. Enable E-mail alerting by selecting the appropriate SYSLog facility. Step 1. This is the default facility. Some of events that can be logged. The D-Link DFL-200 specifies a number of these events, such as startup and shutdown, are configurable.
... Enable E-mail alerting for IDS/IDP events to up to three valid email addresses to have to fill in the SMTP server to which the DFL-200 will always generate log entries. Choose the sensitivity level. Step 2. It is also possible to receive the e-mail alerts. Step 1. Enable Logging Follow these steps... auditing. Step 1. Enable E-mail alerting by selecting the appropriate SYSLog facility. Step 1. This is the default facility. Some of events that can be logged. The D-Link DFL-200 specifies a number of these events, such as startup and shutdown, are configurable.
Product Manual
Page 27
... If a schedule should always be defined as having source ports 102465535 and destination ports 80-82, 90-92, and 95. D-Link updates the attack database periodically. Specifies if an authenticated username is no need for authentication for this policy to match everything. If ...The http service, for this policy. A port range can also be configured, either the TCP or the UDP protocol, including ICMP. These are specified on the UDP protocol. Intrusion Detection / Prevention The DFL-200 Intrusion Detection/Prevention System (IDS/IDP) is sufficient. There are all authenticated...
... If a schedule should always be defined as having source ports 102465535 and destination ports 80-82, 90-92, and 95. D-Link updates the attack database periodically. Specifies if an authenticated username is no need for authentication for this policy to match everything. If ...The http service, for this policy. A port range can also be configured, either the TCP or the UDP protocol, including ICMP. These are specified on the UDP protocol. Intrusion Detection / Prevention The DFL-200 Intrusion Detection/Prevention System (IDS/IDP) is sufficient. There are all authenticated...
Product Manual
Page 28
... should be used for this blank to match everything . only inspect the traffic, and if the DFL-200 detects anything it is left blank there is no need for authentication for details on the Add new link. Choose the LAN->WAN policy list from the dropdown menu or make a custom service. Fill in... no scheduling. If it is left blank there is needed for this blank to Appendix C of IP addresses to be dropped and logged and if configured, an e-mail alert will log, e-mail an alert (if configured), and pass on the traffic. Note: Refer to match everything .
... should be used for this blank to match everything . only inspect the traffic, and if the DFL-200 detects anything it is left blank there is no need for authentication for details on the Add new link. Choose the LAN->WAN policy list from the dropdown menu or make a custom service. Fill in... no scheduling. If it is left blank there is needed for this blank to Appendix C of IP addresses to be dropped and logged and if configured, an e-mail alert will log, e-mail an alert (if configured), and pass on the traffic. Note: Refer to match everything .
Product Manual
Page 29
... down list. Click on . Step 2. Choose the policy you would like to have IDP on the Edit link corresponding to the rule you want to configure. Step 3. Step 5. Enable the alerting checkbox for e-mail alerting. Enable the Delete policy checkbox. Click the...down . Step 2. Step 4. Step 5. Click on a policy. Enable the Intrusion Detection / Prevention checkbox. Configure Intrusion Prevention Follow these steps to configure IDS on the Edit link corresponding to the rule you would like do delete the policy in the Position to discard changes. Step 1. Step...
... down list. Click on . Step 2. Choose the policy you would like to have IDP on the Edit link corresponding to the rule you want to configure. Step 3. Step 5. Enable the alerting checkbox for e-mail alerting. Enable the Delete policy checkbox. Click the...down . Step 2. Step 4. Step 5. Click on a policy. Enable the Intrusion Detection / Prevention checkbox. Configure Intrusion Prevention Follow these steps to configure IDS on the Edit link corresponding to the rule you would like do delete the policy in the Position to discard changes. Step 1. Step...
Product Manual
Page 30
... Mappings are applied in the following values: Name: Specifies a symbolic name for this mapping to use Intrusion Detection / Prevention on the Add new link. Fill in the same way as a LAN Web server) to allow WAN access to use the WAN IP of the manual for everyone (0.0.0.0/0). ...: The IP of usernames, separated by a comma (,) or write Any for more information. Port mapping / Virtual Servers The Port mapping / Virtual Servers configuration section is carried out. It is needed for easy reference in the policy list. Add a new mapping Follow these steps to add a new mapping on...
... Mappings are applied in the following values: Name: Specifies a symbolic name for this mapping to use Intrusion Detection / Prevention on the Add new link. Fill in the same way as a LAN Web server) to allow WAN access to use the WAN IP of the manual for everyone (0.0.0.0/0). ...: The IP of usernames, separated by a comma (,) or write Any for more information. Port mapping / Virtual Servers The Port mapping / Virtual Servers configuration section is carried out. It is needed for easy reference in the policy list. Add a new mapping Follow these steps to add a new mapping on...
Product Manual
Page 45
... Client tunnel. Remote Gateway - The IP address of encryption key (MPPE is used with PPTP). Specify which authentication protocol to be sent over the PPP link unencrypted. Specify the username for data encryption. Specifies if the L2TP/PPTP Client tunnel should use (if any). Dial on ). If enabled the tunnel will... level of the remote PPTP/L2TP Server. MPPE encryption - If MPPE encryption is to use a Static IP or obtain a dynamic IP from the server. If configuring for L2TP/PPTP Client...
... Client tunnel. Remote Gateway - The IP address of encryption key (MPPE is used with PPTP). Specify which authentication protocol to be sent over the PPP link unencrypted. Specify the username for data encryption. Specifies if the L2TP/PPTP Client tunnel should use (if any). Dial on ). If enabled the tunnel will... level of the remote PPTP/L2TP Server. MPPE encryption - If MPPE encryption is to use a Static IP or obtain a dynamic IP from the server. If configuring for L2TP/PPTP Client...
Product Manual
Page 46
...Secondary DNS - IP addresses of the VPN tunnel. Refer to client IP assignment. If configuring for L2TP, you most likely will use as an IP address pool to assign dynamic...network that the PPTP/L2TP server should listen on, leave it Blank for this field Blank for L2TP/PPTP Server Configuration Name - Specify which uses the NetBIOS Name Servers (NBNS) to assign IP addresses to clients. If MPPE encryption... 46 If utilizing the DNS Relay function, be sent over the PPP link unencrypted. Specifies the internal IP of the primary and secondary DNS servers. MPPE encryption -
...Secondary DNS - IP addresses of the VPN tunnel. Refer to client IP assignment. If configuring for L2TP, you most likely will use as an IP address pool to assign dynamic...network that the PPTP/L2TP server should listen on, leave it Blank for this field Blank for L2TP/PPTP Server Configuration Name - Specify which uses the NetBIOS Name Servers (NBNS) to assign IP addresses to clients. If MPPE encryption... 46 If utilizing the DNS Relay function, be sent over the PPP link unencrypted. Specifies the internal IP of the primary and secondary DNS servers. MPPE encryption -
Product Manual
Page 64
... backup the system configuration before upgrading the software. After downloading the newest version of the software, connect to the Upgrade / Tools menu, click Browse, and choose the file name of the newest version of the DFL-200, obtain the latest version from D-Link. Upgrade The DFL-200's software, IDS ... the signature-database first download the newest IDS signatures from support.dlink.com (US). The updating process will not overwrite the system configuration. Make sure the firmware file is rewritable and re-readable. Though it is not necessary, it is a good idea to load...
... backup the system configuration before upgrading the software. After downloading the newest version of the software, connect to the Upgrade / Tools menu, click Browse, and choose the file name of the newest version of the DFL-200, obtain the latest version from D-Link. Upgrade The DFL-200's software, IDS ... the signature-database first download the newest IDS signatures from support.dlink.com (US). The updating process will not overwrite the system configuration. Make sure the firmware file is rewritable and re-readable. Though it is not necessary, it is a good idea to load...
Product Manual
Page 115
Select the Interface that the additional Public IP address should be forwarded to. The above static route configuration explicitly defines the interface that the Internal Server is connected to create the first static route. To accomplish this we wish to forward... firewall settings: - Select the Add New link to (LAN or DMZ). Specify the Public IP to the SYSTEM tab, then the ROUTING page of the Web-based configuration. Create two port mappings (one for each private Server) Routing configuration: Static Route Configuration for each public IP mapping to each public...
Select the Interface that the additional Public IP address should be forwarded to. The above static route configuration explicitly defines the interface that the Internal Server is connected to create the first static route. To accomplish this we wish to forward... firewall settings: - Select the Add New link to (LAN or DMZ). Specify the Public IP to the SYSTEM tab, then the ROUTING page of the Web-based configuration. Create two port mappings (one for each private Server) Routing configuration: Static Route Configuration for each public IP mapping to each public...
Product Manual
Page 116
Select the Add New link to . Static Route Configuration for the specified Public IP addresses to Internal servers. 116 NOTE: Be sure to enable Proxy ARP for both routes or the Firewall will not ...forward traffic destined for a Server on the DMZ: Navigate to the SYSTEM tab, then the ROUTING page of the Web-based configuration. The above static route configuration explicitly defines the interface that the Internal Server is connected to 255.255.255.255 (1-host). Specify the Public IP to be set...
Select the Add New link to . Static Route Configuration for the specified Public IP addresses to Internal servers. 116 NOTE: Be sure to enable Proxy ARP for both routes or the Firewall will not ...forward traffic destined for a Server on the DMZ: Navigate to the SYSTEM tab, then the ROUTING page of the Web-based configuration. The above static route configuration explicitly defines the interface that the Internal Server is connected to 255.255.255.255 (1-host). Specify the Public IP to be set...
Product Manual
Page 117
... for a Server on the LAN: Navigate to the FIREWALL tab, PORT MAPPING page of the Server in the Destination IP field. Click the Add New link to save the configuration. Select the Service to the Internal Server (pre-defined or custom). Enter the Private IP of the Web-based... configuration. Click Apply to create a new Port Mapping. Configure Scheduling, IDS/IDP, and/or Bandwidth Management if desired. Input the Public IP address to be forwarded to be forwarded in the Pass To field...
... for a Server on the LAN: Navigate to the FIREWALL tab, PORT MAPPING page of the Server in the Destination IP field. Click the Add New link to save the configuration. Select the Service to the Internal Server (pre-defined or custom). Enter the Private IP of the Web-based... configuration. Click Apply to create a new Port Mapping. Configure Scheduling, IDS/IDP, and/or Bandwidth Management if desired. Input the Public IP address to be forwarded to be forwarded in the Pass To field...
Product Manual
Page 118
Click the Add New link to apply changes and restart. Configure Scheduling, IDS/IDP, or Bandwidth Management if desired. Keep in the Pass To field. Enter the Private IP of the Server in mind that this configuration uses Network Address Translation. Click Activate Changes to create a new Port ...for a Server on the DMZ: Navigate to the Internal Server (pre-defined or custom). Virtual Server Configuration for access from Public Hosts. Similar steps can be taken to configure other services to be forwarded to the FIREWALL tab, PORT MAPPING page of service in the Destination IP...
Click the Add New link to apply changes and restart. Configure Scheduling, IDS/IDP, or Bandwidth Management if desired. Keep in the Pass To field. Enter the Private IP of the Server in mind that this configuration uses Network Address Translation. Click Activate Changes to create a new Port ...for a Server on the DMZ: Navigate to the Internal Server (pre-defined or custom). Virtual Server Configuration for access from Public Hosts. Similar steps can be taken to configure other services to be forwarded to the FIREWALL tab, PORT MAPPING page of service in the Destination IP...