Product Manual
Page 2
... 2 Contents Introduction 7 Features and Benefits 7 Introduction to Firewalls 7 Introduction to Local Area Networking 8 LEDs & Physical Connections 9 Package Contents 10 System Requirements 10 Managing D-Link DFL-1100 11 Resetting the DFL-1100 11 Administration Settings 12 Administrative Access 12 Add ping access to an interface 13 Add Admin access to an interface 13 Add Read-only...
... 2 Contents Introduction 7 Features and Benefits 7 Introduction to Firewalls 7 Introduction to Local Area Networking 8 LEDs & Physical Connections 9 Package Contents 10 System Requirements 10 Managing D-Link DFL-1100 11 Resetting the DFL-1100 11 Administration Settings 12 Administrative Access 12 Add ping access to an interface 13 Add Admin access to an interface 13 Add Read-only...
Product Manual
Page 3
... Administrative users 42 Add Administrative User 42 Change Administrative User Access level 43 Change Administrative User Password 43 Delete Administrative User 44 Users 45 The DFL-1100 RADIUS Support 45 Enable User Authentication via HTTP / HTTPS 46 Enable RADIUS Support 46 Add User ...47 Change User Password 47 Delete User 48 Schedules...
... Administrative users 42 Add Administrative User 42 Change Administrative User Access level 43 Change Administrative User Password 43 Delete Administrative User 44 Users 45 The DFL-1100 RADIUS Support 45 Enable User Authentication via HTTP / HTTPS 46 Enable RADIUS Support 46 Add User ...47 Change User Password 47 Delete User 48 Schedules...
Product Manual
Page 5
... Relayer 70 Tools 71 Ping ...71 Ping Example 71 Dynamic DNS 72 Add Dynamic DNS Settings 72 Backup 73 Exporting the DFL-1100's Configuration 73 Restoring the DFL-1100's Configuration 73 Restart/Reset 74 Restoring system settings to factory defaults 75 Upgrade 76 Upgrade Firmware 76 Upgrade IDS Signature-database 76...Settings for Main office 91 LAN-to-LAN VPN using L2TP 95 Settings for Branch office 95 Settings for Main office 98 A more secure LAN-to-LAN VPN solution 102 Settings for Branch office 102 Settings for Main office 105 Windows XP client and PPTP server 106 Settings...
... Relayer 70 Tools 71 Ping ...71 Ping Example 71 Dynamic DNS 72 Add Dynamic DNS Settings 72 Backup 73 Exporting the DFL-1100's Configuration 73 Restoring the DFL-1100's Configuration 73 Restart/Reset 74 Restoring system settings to factory defaults 75 Upgrade 76 Upgrade Firmware 76 Upgrade IDS Signature-database 76...Settings for Main office 91 LAN-to-LAN VPN using L2TP 95 Settings for Branch office 95 Settings for Main office 98 A more secure LAN-to-LAN VPN solution 102 Settings for Branch office 102 Settings for Main office 105 Windows XP client and PPTP server 106 Settings...
Product Manual
Page 7
... sensitive information about your network from your network. Or a firewall can also run specific security functions based on the type of application or type of the Sync port (ETH4) two DFL-1100's can be configured to work with AES encryption in addition to prevent unauthorized Internet users ...Roaming user tunnels with specific UDP or TCP ports to allow certain applications or games to work properly over the Internet. Introduction The DFL-1100 provides four 10/100Mbps Ethernet network interface ports, which are also deployed to act as Admin or Read-Only User. Each piece...
... sensitive information about your network from your network. Or a firewall can also run specific security functions based on the type of application or type of the Sync port (ETH4) two DFL-1100's can be configured to work with AES encryption in addition to prevent unauthorized Internet users ...Roaming user tunnels with specific UDP or TCP ports to allow certain applications or games to work properly over the Internet. Introduction The DFL-1100 provides four 10/100Mbps Ethernet network interface ports, which are also deployed to act as Admin or Read-Only User. Each piece...
Product Manual
Page 9
...the unit. WAN Port: Use this port to connect to the power supply. WAN, LAN, DMZ, & ETH4: Bright Green illumination indicates a valid Ethernet Link on rear of unit): Use the Power switch to the firewall software from a PC equipped with a Serial COM port (9600 baud, 8 data bits,... bit, No Flow Control). Power Switch (on that respective port is sending or receiving data. COM Port: Serial Read-Only access to turn the DFL-1100 off and on rear of the Status LED indicates a hardware/software critical failure. DC Power (on . Status: A System status indicator that flashes occasionally...
...the unit. WAN Port: Use this port to connect to the power supply. WAN, LAN, DMZ, & ETH4: Bright Green illumination indicates a valid Ethernet Link on rear of unit): Use the Power switch to the firewall software from a PC equipped with a Serial COM port (9600 baud, 8 data bits,... bit, No Flow Control). Power Switch (on that respective port is sending or receiving data. COM Port: Serial Read-Only access to turn the DFL-1100 off and on rear of the Status LED indicates a hardware/software critical failure. DC Power (on . Status: A System status indicator that flashes occasionally...
Product Manual
Page 10
Package Contents Contents of Package: • D-Link DFL-1100 Firewall • Manual and CD • Installation Guide • PC Power cable • Straight-through CAT-5 cable • RS-232 Null Modem Cable If any of the above , with JavaScript enabled. 10 System Requirements • Computer running Microsoft Windows, Macintosh OS, or a UNIX based operating system with an installed Ethernet adapter configured to communicate using TCP/IP. • Internet Explorer or Netscape Navigator, version 6.0 or above items are missing, please contact your reseller.
Package Contents Contents of Package: • D-Link DFL-1100 Firewall • Manual and CD • Installation Guide • PC Power cable • Straight-through CAT-5 cable • RS-232 Null Modem Cable If any of the above , with JavaScript enabled. 10 System Requirements • Computer running Microsoft Windows, Macintosh OS, or a UNIX based operating system with an installed Ethernet adapter configured to communicate using TCP/IP. • Internet Explorer or Netscape Navigator, version 6.0 or above items are missing, please contact your reseller.
Product Manual
Page 11
... login again. After the reset procedure has been carried out the DFL-1100 will be done before a configurable timeout has been reached, otherwise the DFL-1100 will revert to the previous configuration. Refer to the section on the Activate Configuration Changes page. Managing D-Link DFL-1100 When a change is made by the administrator are complete, those changes...
... login again. After the reset procedure has been carried out the DFL-1100 will be done before a configurable timeout has been reached, otherwise the DFL-1100 will revert to the previous configuration. Refer to the section on the Activate Configuration Changes page. Managing D-Link DFL-1100 When a change is made by the administrator are complete, those changes...
Product Manual
Page 12
... the DFL1100 and look at the configuration; The ports for the DFL-1100's Web Server Management UI (HTTP and HTTPS) can ping the IP interface of the DFL-1100. If enabled, it allows all users with read-only access to connect to the DFL-1100 and change if User Authentication is the only type allowed on...
... the DFL1100 and look at the configuration; The ports for the DFL-1100's Web Server Management UI (HTTP and HTTPS) can ping the IP interface of the DFL-1100. If enabled, it allows all users with read-only access to connect to the DFL-1100 and change if User Authentication is the only type allowed on...
Product Manual
Page 13
...apply the settings or click Cancel to an interface. Step 2. Click the Apply button below to apply the settings or click Cancel to access the DFL-1100 via the dropdown menu. Specifies if SNMP should or should not be used to discard changes. Click on the interface you would like to add..., for example 192.168.1.0/24 for a whole class C network or 172.16.0.1 - 172.16.0.10 for a range of IP addresses. Select HTTP and HTTPS (Secure HTTP) or HTTPS only. The DFL1100 only supports read-only access. Enable the Ping checkbox. Example: Click on the interface you would like to add...
...apply the settings or click Cancel to an interface. Step 2. Click the Apply button below to apply the settings or click Cancel to access the DFL-1100 via the dropdown menu. Specifies if SNMP should or should not be used to discard changes. Click on the interface you would like to add..., for example 192.168.1.0/24 for a whole class C network or 172.16.0.1 - 172.16.0.10 for a range of IP addresses. Select HTTP and HTTPS (Secure HTTP) or HTTPS only. The DFL1100 only supports read-only access. Enable the Ping checkbox. Example: Click on the interface you would like to add...
Product Manual
Page 14
Enable the Read-only checkbox. Specify protocol to be used to access the DFL-1100 via the dropdown menu. Specify the community string used to authenticate the DFL-1100. Click on the interface you would like to add it to. Select HTTP and HTTPS (Secure HTTP) or HTTPS only. Step 3. Specify which network addresses should be...
Enable the Read-only checkbox. Specify protocol to be used to access the DFL-1100 via the dropdown menu. Specify the community string used to authenticate the DFL-1100. Click on the interface you would like to add it to. Select HTTP and HTTPS (Secure HTTP) or HTTPS only. Step 3. Specify which network addresses should be...
Product Manual
Page 15
System Interfaces Click on System in the firewall configuration reverting back to the state prior to changing the LAN IP. Choose which the DFL-1100 is being configured is a DHCP client, you will need to be used as the gateway for the internal hosts or DMZ hosts. Step 2. Step 3. Please ...
System Interfaces Click on System in the firewall configuration reverting back to the state prior to changing the LAN IP. Choose which the DFL-1100 is being configured is a DHCP client, you will need to be used as the gateway for the internal hosts or DMZ hosts. Step 2. Step 3. Please ...
Product Manual
Page 17
WAN Interface Settings - Using PPPoE Use the following procedure to configure the DFL-1100 external interface to use PPPoE (Point-to fill in the username and password provided to you by your ISP. • Username - You will have to ...
WAN Interface Settings - Using PPPoE Use the following procedure to configure the DFL-1100 external interface to use PPPoE (Point-to fill in the username and password provided to you by your ISP. • Username - You will have to ...
Product Manual
Page 18
... tunnel runs over Ethernet connections are used to connect to your account details, and possibly also IP configuration parameters of the PPTP server that the DFL-1100 will connect to be input. Using PPTP PPTP over . This IP is used in . • IP Address - Before PPTP can use either DHCP or Static...
... tunnel runs over Ethernet connections are used to connect to your account details, and possibly also IP configuration parameters of the PPTP server that the DFL-1100 will connect to be input. Using PPTP PPTP over . This IP is used in . • IP Address - Before PPTP can use either DHCP or Static...
Product Manual
Page 19
... supply this information. • Username - Before L2TP can use either DHCP or Static IP, depending on the type of the actual physical interface that the DFL-1100 will connect to be filled in some DSL and cable modem networks. The IP address of the external network. • Gateway IP - The password supplied...
... supply this information. • Username - Before L2TP can use either DHCP or Static IP, depending on the type of the actual physical interface that the DFL-1100 will connect to be filled in some DSL and cable modem networks. The IP address of the external network. • Gateway IP - The password supplied...
Product Manual
Page 20
... of bandwidth available through the firewall for a high-priority service. The login or username supplied to guarantee the amount of data are moving through the DFL-1100. higher then your ISP. Guarantee bandwidth to make sure that there is specified it's possible to limit the amount of bandwidth available through the firewall...
... of bandwidth available through the firewall for a high-priority service. The login or username supplied to guarantee the amount of data are moving through the DFL-1100. higher then your ISP. Guarantee bandwidth to make sure that there is specified it's possible to limit the amount of bandwidth available through the firewall...
Product Manual
Page 21
... via PPPoE, you cannot set the MTU size to this MTU to be the same as the smallest MTU of all the networks between the DFL-1100 and the Internet. DSL modems may want this value. MTU Configuration To improve the performance of your ISP using DHCP to obtain an IP address... interface, you may also have an MTU of 1500. Click the Apply button below 576 bytes due to DHCP communication standards. If the packets the DFL-1100 sends are some guidelines that can adjust the maximum transmission unit (MTU) of the packets that the...
... via PPPoE, you cannot set the MTU size to this MTU to be the same as the smallest MTU of all the networks between the DFL-1100 and the Internet. DSL modems may want this value. MTU Configuration To improve the performance of your ISP using DHCP to obtain an IP address... interface, you may also have an MTU of 1500. Click the Apply button below 576 bytes due to DHCP communication standards. If the packets the DFL-1100 sends are some guidelines that can adjust the maximum transmission unit (MTU) of the packets that the...
Product Manual
Page 23
Gateway - If the network is directly connected to cause errors or breaches in security. This address will also be used to specify the interface name in a separate column. Interface - The IP address specified here will publish the remote network... interface. Instead, you can specify a gateway for users to the firewall interface, no gateway address is no address is normally routed via Proxy ARP. The DFL-1100 uses a slightly different method of the next router hop used . Network - Additional IP Address - Routing Click on System in the menu bar, and then ...
Gateway - If the network is directly connected to cause errors or breaches in security. This address will also be used to specify the interface name in a separate column. Interface - The IP address specified here will publish the remote network... interface. Instead, you can specify a gateway for users to the firewall interface, no gateway address is no address is normally routed via Proxy ARP. The DFL-1100 uses a slightly different method of the next router hop used . Network - Additional IP Address - Routing Click on System in the menu bar, and then ...
Product Manual
Page 25
...be addressed. One firewall will be active, and the other vital information, is the case with all possible communication failures. High Availability D-Link High Availability works by adding a back-up firewall to the inactive firewall. When the cluster fails over one second; When the other... will stay inactive, monitoring the primary firewall, until it deems that need to flow uninterrupted. It will only work between two D-Link DFL-1100 Firewalls. Redundancy for all other firewall comes back up firewall has the same configuration as a slight burst of failure in a cluster...
...be addressed. One firewall will be active, and the other vital information, is the case with all possible communication failures. High Availability D-Link High Availability works by adding a back-up firewall to the inactive firewall. When the cluster fails over one second; When the other... will stay inactive, monitoring the primary firewall, until it deems that need to flow uninterrupted. It will only work between two D-Link DFL-1100 Firewalls. Redundancy for all other firewall comes back up firewall has the same configuration as a slight burst of failure in a cluster...
Product Manual
Page 28
... same on Configure additional HA parameters. When this is the slave firewall, the other DFL-1100. Login to be a number between the fourth interfaces on its internal interface, and the slave DFL-1100 with 192.168.1.2 on each of the DFL-1100 Firewalls must be unique on Apply. 28 This must be setup so far that... network will use as follow, the master DFL-1100 will be configured with 192.168.1.3. Setting up a High Availability cluster First of all, each unit, this interface (ETH4) will no longer be possible to ...
... same on Configure additional HA parameters. When this is the slave firewall, the other DFL-1100. Login to be a number between the fourth interfaces on its internal interface, and the slave DFL-1100 with 192.168.1.2 on each of the DFL-1100 Firewalls must be unique on Apply. 28 This must be setup so far that... network will use as follow, the master DFL-1100 will be configured with 192.168.1.3. Setting up a High Availability cluster First of all, each unit, this interface (ETH4) will no longer be possible to ...
Product Manual
Page 30
Logging, the ability to audit decisions made by sending the log data to SYSLog recipients. The DLink DFL-1100 logs activity by the firewall, is a vital part in the network. The D-Link DFL-1100 provides several options for automated processing and searching. 30 The log format used for SYSLog logging is done to one or two log receivers in all network security products. All logging is suitable for logging activity. Logging Click on System in the menu bar, and then click Logging below it.
Logging, the ability to audit decisions made by sending the log data to SYSLog recipients. The DLink DFL-1100 logs activity by the firewall, is a vital part in the network. The D-Link DFL-1100 provides several options for automated processing and searching. 30 The log format used for SYSLog logging is done to one or two log receivers in all network security products. All logging is suitable for logging activity. Logging Click on System in the menu bar, and then click Logging below it.