User Guide
Page 4
... product's marking label. If you with absolute protection against them. To reduce risk of power source indicated on an unstable surface or support. In such case, this License incorporates the limitation as this License. 9. NO WARRANTY 11. THE ENTIRE RISK AS TO THE QUALITY... before attempting to the product, fire, electric shock or injury, and will be guided by the Free Software Foundation. 10. SECURITY DISCLAIMER The appliance provides your product. For software which applies to the Free Software Foundation; we sometimes make exceptions for cleaning. Use only the ...
... product's marking label. If you with absolute protection against them. To reduce risk of power source indicated on an unstable surface or support. In such case, this License incorporates the limitation as this License. 9. NO WARRANTY 11. THE ENTIRE RISK AS TO THE QUALITY... before attempting to the product, fire, electric shock or injury, and will be guided by the Free Software Foundation. 10. SECURITY DISCLAIMER The appliance provides your product. For software which applies to the Free Software Foundation; we sometimes make exceptions for cleaning. Use only the ...
User Guide
Page 5
... About This Guide ...xi Introduction ...1 About Your D-Link NetDefend firewall 1 NetDefend Secured by Check Point Product Family 2 NetDefend Features and Compatibility 2 Connectivity ...2 Firewall ...3 VPN ...4 Management...4 Optional Security Services...5 Power Pack Features ...5 Package Contents ...6 Network... Requirements ...7 Getting to Know Your NetDefend firewall 8 Rear Panel ...8 Front Panel ...10 Getting to Know Your NetDefend firewall 11 Rear Panel ...11 Front Panel ...13 Contacting Technical Support...
... About This Guide ...xi Introduction ...1 About Your D-Link NetDefend firewall 1 NetDefend Secured by Check Point Product Family 2 NetDefend Features and Compatibility 2 Connectivity ...2 Firewall ...3 VPN ...4 Management...4 Optional Security Services...5 Power Pack Features ...5 Package Contents ...6 Network... Requirements ...7 Getting to Know Your NetDefend firewall 8 Rear Panel ...8 Front Panel ...10 Getting to Know Your NetDefend firewall 11 Rear Panel ...11 Front Panel ...13 Contacting Technical Support...
User Guide
Page 17
... NetDefend firewall, you can subscribe to Know Your NetDefend firewall 11 Contacting Technical Support 14 About Your D-Link NetDefend firewall The D-Link NetDefend firewall is a unified threat management (UTM) appliance that enables secure high-speed Internet access from select service providers, including firewall security and software updates, Antivirus, Web Filtering, reporting, and VPN management. This chapter...
... NetDefend firewall, you can subscribe to Know Your NetDefend firewall 11 Contacting Technical Support 14 About Your D-Link NetDefend firewall The D-Link NetDefend firewall is a unified threat management (UTM) appliance that enables secure high-speed Internet access from select service providers, including firewall security and software updates, Antivirus, Web Filtering, reporting, and VPN management. This chapter...
User Guide
Page 18
...upgrades. NetDefend Features and Compatibility Connectivity The NetDefend series includes the following hardware models: • DFL-CP310 Security VPN Firewall • DFL-CPG310 Wireless Security VPN Firewall You can increase the number of licensed users by Check Point Product Family The NetDefend...modem connection • Supported Internet connection methods: Static IP, DHCP Client, Cable Modem, PPTP Client, PPPoE Client, Telstra BPA login, Dialup • Concurrent firewall connections: 8,000 • DHCP server, client, and relay • MAC cloning 2 D-Link NetDefend firewall User ...
...upgrades. NetDefend Features and Compatibility Connectivity The NetDefend series includes the following hardware models: • DFL-CP310 Security VPN Firewall • DFL-CPG310 Wireless Security VPN Firewall You can increase the number of licensed users by Check Point Product Family The NetDefend...modem connection • Supported Internet connection methods: Static IP, DHCP Client, Cable Modem, PPTP Client, PPPoE Client, Telstra BPA login, Dialup • Concurrent firewall connections: 8,000 • DHCP server, client, and relay • MAC cloning 2 D-Link NetDefend firewall User ...
User Guide
Page 19
... • Dead Internet Connection Detection (DCD) • Traffic Monitoring • Traffic Shaping • VLAN Support (requires Power Pack) • Dynamic Routing (requires Power Pack) The NetDefend DFL-CPG310 firewall includes the following additional features: • Wireless LAN interface with dual diversity antennas...Detection and Prevention using Check Point SmartDefense • Network Address Translation (NAT) • Three preset security policies • Anti-spoofing • Voice over IP (H.323) support • Instant messenger blocking/monitoring Chapter 1: Introduction 3
... • Dead Internet Connection Detection (DCD) • Traffic Monitoring • Traffic Shaping • VLAN Support (requires Power Pack) • Dynamic Routing (requires Power Pack) The NetDefend DFL-CPG310 firewall includes the following additional features: • Wireless LAN interface with dual diversity antennas...Detection and Prevention using Check Point SmartDefense • Network Address Translation (NAT) • Three preset security policies • Anti-spoofing • Voice over IP (H.323) support • Instant messenger blocking/monitoring Chapter 1: Introduction 3
User Guide
Page 20
.../monitoring VPN The NetDefend series includes the following features: • Remote Access VPN Server with OfficeMode and RADIUS support • Remote Access VPN Client • Site to Site VPN Gateway • IPSEC VPN pass-through •...; Algorithms: AES/3DES/DES, SHA1/MD5 • Hardware Based Secure RNG (Random Number Generator) • IPSec NAT traversal (NAT-T) • Route-based VPN • Backup VPN ...Monitor, Connection Table Monitor, Wireless Monitor, Active Computers Display, Local Logs 4 D-Link NetDefend firewall User Guide
.../monitoring VPN The NetDefend series includes the following features: • Remote Access VPN Server with OfficeMode and RADIUS support • Remote Access VPN Client • Site to Site VPN Gateway • IPSEC VPN pass-through •...; Algorithms: AES/3DES/DES, SHA1/MD5 • Hardware Based Secure RNG (Random Number Generator) • IPSec NAT traversal (NAT-T) • Route-based VPN • Backup VPN ...Monitor, Connection Table Monitor, Wireless Monitor, Active Computers Display, Local Logs 4 D-Link NetDefend firewall User Guide
User Guide
Page 30
Contacting Technical Support LED VPN Serial USB WLAN State LINK/ACT On, 100 On LNK/ACT Flashing Flashing (Green) Flashing (Green) Flashing (Green) Flashing (Green) Explanation 100 Mbps link established for the corresponding port Data is being transmitted/received VPN port in use Serial port in use USB port in use WLAN in use Contacting Technical Support If there is a problem with your NetDefend firewall, see http://support.dlink.com/. You can also download the latest version of this guide from the site. 14 D-Link NetDefend firewall User Guide
Contacting Technical Support LED VPN Serial USB WLAN State LINK/ACT On, 100 On LNK/ACT Flashing Flashing (Green) Flashing (Green) Flashing (Green) Flashing (Green) Explanation 100 Mbps link established for the corresponding port Data is being transmitted/received VPN port in use Serial port in use USB port in use WLAN in use Contacting Technical Support If there is a problem with your NetDefend firewall, see http://support.dlink.com/. You can also download the latest version of this guide from the site. 14 D-Link NetDefend firewall User Guide
User Guide
Page 61
...you are using Internet Explorer 5, do the following things happen in the NetDefend firewall is not yet known to the browser, so the Security Alert dialog box appears. The Certificate dialog box appears, with "https", not "http".) The NetDefend Portal appears. Click Yes. Click ... The Certificate Import Wizard opens. Click OK. b. Click Finish. Accessing the TNetDefendT Portal Remotely Using HTTPS Note: Your browser must support 128-bit cipher strength. To access the NetDefend Portal from your browser's cipher strength, open Internet Explorer and click Help > About ...
...you are using Internet Explorer 5, do the following things happen in the NetDefend firewall is not yet known to the browser, so the Security Alert dialog box appears. The Certificate dialog box appears, with "https", not "http".) The NetDefend Portal appears. Click Yes. Click ... The Certificate Import Wizard opens. Click OK. b. Click Finish. Accessing the TNetDefendT Portal Remotely Using HTTPS Note: Your browser must support 128-bit cipher strength. To access the NetDefend Portal from your browser's cipher strength, open Internet Explorer and click Help > About ...
User Guide
Page 126
... 3. The IP addresses are on the same subnet, and they therefore attempt to communicate directly over the local network, instead of through the secure VPN link. • Some networking protocols or resources may lead to the following problems: • VPN Clients on the VPN clients. Note: OfficeMode ... NetDefend DHCP Server to automatically assign a unique local IP address to the VPN client, when the client connects and authenticates. This is not supported by an ISP. In the OfficeMode network's row, click Edit. In the Mode drop-down list, select Enabled. It is because their...
... 3. The IP addresses are on the same subnet, and they therefore attempt to communicate directly over the local network, instead of through the secure VPN link. • Some networking protocols or resources may lead to the following problems: • VPN Clients on the VPN clients. Note: OfficeMode ... NetDefend DHCP Server to automatically assign a unique local IP address to the VPN client, when the client connects and authenticates. This is not supported by an ISP. In the OfficeMode network's row, click Edit. In the Mode drop-down list, select Enabled. It is because their...
User Guide
Page 128
...tag-based VLAN contains the VLAN's tag in the packet headers. Incoming traffic to the desired VLAN. Figure 10: Tag-based VLAN 112 D-Link NetDefend firewall User Guide Configuring Network Settings you use one division to another division without rewiring your network, by simply reassigning them to the VLAN... must contain the VLAN's tag as well, or the packets are dropped. The NetDefend firewall supports the following VLAN types: • Tag-based In tag-based VLAN you can easily transfer a member of one of the gateway's ports as ...
...tag-based VLAN contains the VLAN's tag in the packet headers. Incoming traffic to the desired VLAN. Figure 10: Tag-based VLAN 112 D-Link NetDefend firewall User Guide Configuring Network Settings you use one division to another division without rewiring your network, by simply reassigning them to the VLAN... must contain the VLAN's tag as well, or the packets are dropped. The NetDefend firewall supports the following VLAN types: • Tag-based In tag-based VLAN you can easily transfer a member of one of the gateway's ports as ...
User Guide
Page 135
... automatically and transparently takes over the virtual IP address. 4. If the gateway's priority is the default gateway address for the local network. The NetDefend firewall supports Internet connection tracking, which is now the highest, it becomes the Active Gateway. For example, you can be any internal network existing on your network...
... automatically and transparently takes over the virtual IP address. 4. If the gateway's priority is the default gateway address for the local network. The NetDefend firewall supports Internet connection tracking, which is now the highest, it becomes the Active Gateway. For example, you can be any internal network existing on your network...
User Guide
Page 136
The NetDefend firewall supports configuring multiple HA clusters on connection time, and therefore having the Passive appliance needlessly connected to the Internet costs you can force a fail-over , switch off the primary box or disconnect it is working ...: 120 D-Link NetDefend firewall User Guide WAN HA avoids an IP address change, and thereby ensures virtually uninterrupted access from the LAN network. Configuring High Availability user-specified amount, if its Internet connection goes down. This is configured, you money. • You want multiple appliances to verify ...
The NetDefend firewall supports configuring multiple HA clusters on connection time, and therefore having the Passive appliance needlessly connected to the Internet costs you can force a fail-over , switch off the primary box or disconnect it is working ...: 120 D-Link NetDefend firewall User Guide WAN HA avoids an IP address change, and thereby ensures virtually uninterrupted access from the LAN network. Configuring High Availability user-specified amount, if its Internet connection goes down. This is configured, you money. • You want multiple appliances to verify ...
User Guide
Page 145
...This is the Active Gateway, because its own Internet IP address. To allow incoming traffic to the WAN interface. Note: The NetDefend firewall supports Proxy ARP (Address Resolution Protocol). In this case, Gateway B's priority is mapped. Note: Static NAT and Hide NAT can add individual ...Static NAT allows the mapping of Gateway A's Internet connections are down, it becomes the Active Gateway. Static NAT rules do not imply any security rules. This enables you have its priority is 60. When an external source attempts to communicate with such a computer, the NetDefend firewall ...
...This is the Active Gateway, because its own Internet IP address. To allow incoming traffic to the WAN interface. Note: The NetDefend firewall supports Proxy ARP (Address Resolution Protocol). In this case, Gateway B's priority is mapped. Note: Static NAT and Hide NAT can add individual ...Static NAT allows the mapping of Gateway A's Internet connections are down, it becomes the Active Gateway. Static NAT rules do not imply any security rules. This enables you have its priority is 60. When an external source attempts to communicate with such a computer, the NetDefend firewall ...
User Guide
Page 166
...All currently established connections that are reset to their default link configurations ("Automatic Detection") and default assignments (shown in ...Defaults You can reset the NetDefend firewall's ports to their default assignments and to "Automatic Detection" link configuration. For example, if you were using the DMZ/WAN2 port as WAN2, the port reverts... secondary Internet connection moves to defaults 1. RS232 Modem To reset ports to the WAN port. 150 D-Link NetDefend firewall User Guide The Ports page appears. 2. Table 20: Default Port Assignments Port Default Assignment...
...All currently established connections that are reset to their default link configurations ("Automatic Detection") and default assignments (shown in ...Defaults You can reset the NetDefend firewall's ports to their default assignments and to "Automatic Detection" link configuration. For example, if you were using the DMZ/WAN2 port as WAN2, the port reverts... secondary Internet connection moves to defaults 1. RS232 Modem To reset ports to the WAN port. 150 D-Link NetDefend firewall User Guide The Ports page appears. 2. Table 20: Default Port Assignments Port Default Assignment...
User Guide
Page 169
...incoming traffic only if necessary. 2. Setting Up Traffic Shaper Setting Up Traffic Shaper To set up Traffic Shaper 1. If you are using DFL-CP310, you have Simplified Traffic Shaper, and you can add QoS classes that reflect your communication needs, or modify the four predefined QoS ...connection, using NetDefend with Power Pack, which ones provide the best results. Use Allow or Allow and Forward rules to determine which supports Advanced Traffic Shaper. 3. it receives from the Internet; This makes the shaping of incoming traffic by dropping received packets. Chapter 6: ...
...incoming traffic only if necessary. 2. Setting Up Traffic Shaper Setting Up Traffic Shaper To set up Traffic Shaper 1. If you are using DFL-CP310, you have Simplified Traffic Shaper, and you can add QoS classes that reflect your communication needs, or modify the four predefined QoS ...connection, using NetDefend with Power Pack, which ones provide the best results. Use Allow or Allow and Forward rules to determine which supports Advanced Traffic Shaper. 3. it receives from the Internet; This makes the shaping of incoming traffic by dropping received packets. Chapter 6: ...
User Guide
Page 175
... 0 and 63. A confirmation message appears. 3. To use or not, by a rule. You can obtain the correct DSCP value from your ISP or private WAN must support DiffServ. Click the Erase icon of the class you wish to this option to limit the rate of Service Classes page appears. 2. Deleting Classes In...
... 0 and 63. A confirmation message appears. 3. To use or not, by a rule. You can obtain the correct DSCP value from your ISP or private WAN must support DiffServ. Click the Erase icon of the class you wish to this option to limit the rate of Service Classes page appears. 2. Deleting Classes In...
User Guide
Page 178
...to 105dBm, over 20 dB more information on environment). 162 D-Link NetDefend firewall User Guide For more than the 802.11 specification. XR dramatically stretches the performance of a regular 802.11g access point. The DFL-CPG310 supports the latest 802.11g standard (up to 54Mbps) and is tightly... NetDefend firewall Your NetDefend firewall features a built-in 2.4GHz range, using dual diversity antennas to : http://www.super-ag.com. The DFL-CPG310 also supports a special Super G mode that allows reaching a throughput of up to three times the range of a wireless LAN, by enabling long-range...
...to 105dBm, over 20 dB more information on environment). 162 D-Link NetDefend firewall User Guide For more than the 802.11 specification. XR dramatically stretches the performance of a regular 802.11g access point. The DFL-CPG310 supports the latest 802.11g standard (up to 54Mbps) and is tightly... NetDefend firewall Your NetDefend firewall features a built-in 2.4GHz range, using dual diversity antennas to : http://www.super-ag.com. The DFL-CPG310 also supports a special Super G mode that allows reaching a throughput of up to three times the range of a wireless LAN, by enabling long-range...
User Guide
Page 179
.... 802.1X: RADIUS authentication, no encryption In the 802.1x security method, wireless stations (supplicants) attempting to connect to access your network. Wireless Security Protocols Wireless Security Protocols The NetDefend wireless security appliance supports the following security protocols: Table 23: Wireless Security Protocols Security Protocol None Description No security method is recommended for situations in EAP (Extensible Authentication Protocol). This...
.... 802.1X: RADIUS authentication, no encryption In the 802.1x security method, wireless stations (supplicants) attempting to connect to access your network. Wireless Security Protocols Wireless Security Protocols The NetDefend wireless security appliance supports the following security protocols: Table 23: Wireless Security Protocols Security Protocol None Description No security method is recommended for situations in EAP (Extensible Authentication Protocol). This...
User Guide
Page 180
... appliance and the wireless stations must first configure a RADIUS server which want to authenticate and encrypt wireless data, but do not want to authenticate wireless stations using both WPA and WPA2. 164 D-Link NetDefend firewall User Guide This is a variation of WPA that support the WPA2 security method. The WPA2 security method uses the more secure...
... appliance and the wireless stations must first configure a RADIUS server which want to authenticate and encrypt wireless data, but do not want to authenticate wireless stations using both WPA and WPA2. 164 D-Link NetDefend firewall User Guide This is a variation of WPA that support the WPA2 security method. The WPA2 security method uses the more secure...
User Guide
Page 185
... significantly lower than the maximum theoretical bandwidth and degrades with distance. Operates in the 2.4 GHz range and offers a maximum theoretical rate of cards supporting 802.11g Super, refer to newer wireless stations. When using this mode, only 802.11g Super stations will be able to connect. •...stations, and 802.11g Super stations will all be able to connect. When using this field... Important: The station wireless cards must support the selected operation mode. Operates in the 2.4 GHz range, and offers a maximum theoretical rate of 54 Mbps. For a list of 11 Mbps....
... significantly lower than the maximum theoretical bandwidth and degrades with distance. Operates in the 2.4 GHz range and offers a maximum theoretical rate of cards supporting 802.11g Super, refer to newer wireless stations. When using this mode, only 802.11g Super stations will be able to connect. •...stations, and 802.11g Super stations will all be able to connect. When using this field... Important: The station wireless cards must support the selected operation mode. Operates in the 2.4 GHz range, and offers a maximum theoretical rate of 54 Mbps. For a list of 11 Mbps....