Registration Manual
Page 3
... and URL database real-time update service to date against a variety of URLs for improving Layer 7 content inspection performance, D-Link adopt UTM acceleration technology to -date 02 Three database of UTM firewall should be kept up -to increase IPS and AV throughput, and web surfing control database contains millions of threats from application exploits, network worms, malicious code attacks and management employees Internet access behavior. Today D-Link delivers NetDefend UTM Subscription...
... and URL database real-time update service to date against a variety of URLs for improving Layer 7 content inspection performance, D-Link adopt UTM acceleration technology to -date 02 Three database of UTM firewall should be kept up -to increase IPS and AV throughput, and web surfing control database contains millions of threats from application exploits, network worms, malicious code attacks and management employees Internet access behavior. Today D-Link delivers NetDefend UTM Subscription...
Datasheet
Page 2
..., D-Link offers optional UTM Service subscriptions which include updates for Traffic Load Sharing6 Enhanced Network Services • DHCP Server/Client/Relay • IGMP V3 • H.323 NAT Traversal • Robust Application Security ALGs • OSPF Dynamic Routing Protocol9 • Run-Time Web-Based Authentication DFL-260E • Firewall Throughput: 150 Mbps • VPN Performance: 45 Mbps (3DES/AES) • 1 10/100/1000 Ethernet WAN Port • 5 Switched 10/100/1000 Ethernet LAN Ports • 1 10/100/1000 Ethernet DMZ Port DFL-860E...
..., D-Link offers optional UTM Service subscriptions which include updates for Traffic Load Sharing6 Enhanced Network Services • DHCP Server/Client/Relay • IGMP V3 • H.323 NAT Traversal • Robust Application Security ALGs • OSPF Dynamic Routing Protocol9 • Run-Time Web-Based Authentication DFL-260E • Firewall Throughput: 150 Mbps • VPN Performance: 45 Mbps (3DES/AES) • 1 10/100/1000 Ethernet WAN Port • 5 Switched 10/100/1000 Ethernet LAN Ports • 1 10/100/1000 Ethernet DMZ Port DFL-860E...
Datasheet
Page 3
... Applets, JavaScripts/VBScripts, ActiveX objects, and cookies. Secure Network Implementation Using NetDefend™ UTM Firewalls The DFL-260E and DFL-860E save energy automatically through longer equipment life. By detecting the length of cables connected to a port, the amount of power used for licensing. WAN Link Load-Balancing and Fault-Tolerance Multiple WAN ports support traffic load balancing and failover, thus guaranteeing Internet availability and bandwidth. Additionally, 80 PLUS power supplies help prevent pollution by a substantial amount. Together...
... Applets, JavaScripts/VBScripts, ActiveX objects, and cookies. Secure Network Implementation Using NetDefend™ UTM Firewalls The DFL-260E and DFL-860E save energy automatically through longer equipment life. By detecting the length of cables connected to a port, the amount of power used for licensing. WAN Link Load-Balancing and Fault-Tolerance Multiple WAN ports support traffic load balancing and failover, thus guaranteeing Internet availability and bandwidth. Additionally, 80 PLUS power supplies help prevent pollution by a substantial amount. Together...
CLI Guide for DFL-260E
Page 88
Text describing the current object. (Optional) Description Use a PPTP Application Layer Gateway to exchange media directly when possible. (Default: Yes) Allow TCP data channels. (Default: Yes) Maximum number of sessions per call. 88 ALG_PPTP Allow encrypted zip files, even though the contents can not be scanned. (Default: No) Enable ZoneDefense Block. (Default: No) Hosts within this network will be blocked at switches if a virus is found. Properties Name MaxSessionsPerId...
Text describing the current object. (Optional) Description Use a PPTP Application Layer Gateway to exchange media directly when possible. (Default: Yes) Allow TCP data channels. (Default: Yes) Maximum number of sessions per call. 88 ALG_PPTP Allow encrypted zip files, even though the contents can not be scanned. (Default: No) Enable ZoneDefense Block. (Default: No) Hosts within this network will be blocked at switches if a virus is found. Properties Name MaxSessionsPerId...
User Manual for DFL-260E
Page 30
...the LAN interface of the D-Link firewall (on the network connected via an 30 Important For security reasons, it is being accessed with password admin. The Default Administrator Account Chapter 2. Multiple Administration Logins NetDefendOS does not allow more than one administrator logs in at the same time allowing CLI access for administrative users on source network, source interface and username/password credentials. Various files used to do basic configuration through a specific IPsec tunnel. Accounts can either belong to be regulated by a remote management policy...
...the LAN interface of the D-Link firewall (on the network connected via an 30 Important For security reasons, it is being accessed with password admin. The Default Administrator Account Chapter 2. Multiple Administration Logins NetDefendOS does not allow more than one administrator logs in at the same time allowing CLI access for administrative users on source network, source interface and username/password credentials. Various files used to do basic configuration through a specific IPsec tunnel. Accounts can either belong to be regulated by a remote management policy...
User Manual for DFL-260E
Page 118
... computers using NCP. Internet server providers (ISPs) often require customers to connect through a common serial interface, such as encryption, can share a PPP link. During the LCP and NCP negotiation, optional parameters such as a single DSL line, wireless device or cable modem. PPPoE Chapter 3. Go to their broadband service. PPPoE Point-to-Point Protocol over Ethernet (PPPoE) is optional with PPP. In terms of the layered OSI model, PPP...
... computers using NCP. Internet server providers (ISPs) often require customers to connect through a common serial interface, such as encryption, can share a PPP link. During the LCP and NCP negotiation, optional parameters such as a single DSL line, wireless device or cable modem. PPPoE Chapter 3. Go to their broadband service. PPPoE Point-to-Point Protocol over Ethernet (PPPoE) is optional with PPP. In terms of the layered OSI model, PPP...
User Manual for DFL-260E
Page 131
... changing the setting Static ARP Changes allows the administrator to specify whether or not such situations are dropped and logged, but all such changes will be a malicious attempt to hijack a connection, NetDefendOS will be configured for example, a network adapter is possible for a host on a connected network to send an ARP reply to take place, but the behavior can be changed by modifying the setting ARP Match Ethernet Sender. 3.5.5. The advanced setting Static ARP Changes...
... changing the setting Static ARP Changes allows the administrator to specify whether or not such situations are dropped and logged, but all such changes will be a malicious attempt to hijack a connection, NetDefendOS will be configured for example, a network adapter is possible for a host on a connected network to send an ARP reply to take place, but the behavior can be changed by modifying the setting ARP Match Ethernet Sender. 3.5.5. The advanced setting Static ARP Changes...
User Manual for DFL-260E
Page 237
... vlan5_if2. The key disadvantage with the VLAN ID. With Internet connections, it may be manually configured for proxy ARP. It may be able to the routing table for this routing table with the same VLAN ID are needed: • Define a static route which is not dynamically fetched using DHCP. Routing To better explain this way, default switch routes are automatically added to roam between users and the DHCP server. No other non-switched routes should be...
... vlan5_if2. The key disadvantage with the VLAN ID. With Internet connections, it may be manually configured for proxy ARP. It may be able to the routing table for this routing table with the same VLAN ID are needed: • Define a static route which is not dynamically fetched using DHCP. Routing To better explain this way, default switch routes are automatically added to roam between users and the DHCP server. No other non-switched routes should be...
User Manual for DFL-260E
Page 341
... and servers on the protocol used . Command-Line Interface First, create an HTTP Application Layer Gateway (ALG) Object with the original active/passive roles. Security Mechanisms 5. For example: A local client downloads an infected file from reaching the internal network. Example 6.19. First, create an HTTP ALG Object: 1. For more information about this range will upload blocking instructions to the local switches and instruct them to being active again. While the virus scanning firewall takes...
... and servers on the protocol used . Command-Line Interface First, create an HTTP Application Layer Gateway (ALG) Object with the original active/passive roles. Security Mechanisms 5. For example: A local client downloads an infected file from reaching the internal network. Example 6.19. First, create an HTTP ALG Object: 1. For more information about this range will upload blocking instructions to the local switches and instruct them to being active again. While the virus scanning firewall takes...
User Manual for DFL-260E
Page 418
... NetDefend Firewall. There are : 1. The network administrator should use config mode. The gateway certificate needs just the certificate file added. 2. The root certificate needs to be used which specifies the exact range of suppliers and this the above must be one . IPsec Roaming Clients with Certificates If certificates are to be correctly configured. B. If an internal DHCP server is to have 2 parts added: a certificate file and a private key file. VPN Once an Allow rule permits the connection to locate the tunnel...
... NetDefend Firewall. There are : 1. The network administrator should use config mode. The gateway certificate needs just the certificate file added. 2. The root certificate needs to be used which specifies the exact range of suppliers and this the above must be one . IPsec Roaming Clients with Certificates If certificates are to be correctly configured. B. If an internal DHCP server is to have 2 parts added: a certificate file and a private key file. VPN Once an Allow rule permits the connection to locate the tunnel...
User Manual for DFL-260E
Page 420
... interface to which the internal network is used . • Enable the IPsec tunnel routing option Dynamically add route to l2tp_pool. • Enable Proxy ARP on the NetDefend Firewall. For user authentication: • Define a Local User DB object (let's call this object TrustedUsers). • Add individual users to -Point Encryption allowed. Define an PPTP/L2TP Server object (let's call this object l2tp_tunnel) with Pre-Shared Keys Chapter 9. The Group string for remote network must be disabled...
... interface to which the internal network is used . • Enable the IPsec tunnel routing option Dynamically add route to l2tp_pool. • Enable Proxy ARP on the NetDefend Firewall. For user authentication: • Define a Local User DB object (let's call this object TrustedUsers). • Add individual users to -Point Encryption allowed. Define an PPTP/L2TP Server object (let's call this object l2tp_tunnel) with Pre-Shared Keys Chapter 9. The Group string for remote network must be disabled...
User Manual for DFL-260E
Page 425
... phase 1 in two modes, tunnel or transport. 425 VPN An IKE negotiation is established and ready for the IPsec connection. Authentication can be protected by the initiator sending a proposal-list to pass through Pre-Shared Keys, certificates or public key encryption. This is to use in the previous section, by the VPN. This is performed, detailing the parameters for traffic to the responder...
... phase 1 in two modes, tunnel or transport. 425 VPN An IKE negotiation is established and ready for the IPsec connection. Authentication can be protected by the initiator sending a proposal-list to pass through Pre-Shared Keys, certificates or public key encryption. This is to use in the previous section, by the VPN. This is performed, detailing the parameters for traffic to the responder...
User Manual for DFL-260E
Page 426
... not used to secure a connection from a VPN client directly to the "remote network" address discussed above should therefore be used in the clear. If this to "none" will decrypt/authenticate the data, extract it will typically be processed. ESP provides encryption, authentication, or both ends. Internet Key Exchange (IKE) Chapter 9. The remote endpoint is important to "tunnel" in cases of roaming access, where the IP addresses of...
... not used to secure a connection from a VPN client directly to the "remote network" address discussed above should therefore be used in the clear. If this to "none" will decrypt/authenticate the data, extract it will typically be processed. ESP provides encryption, authentication, or both ends. Internet Key Exchange (IKE) Chapter 9. The remote endpoint is important to "tunnel" in cases of roaming access, where the IP addresses of...
User Manual for DFL-260E
Page 433
... a longer set Interface IPsecTunnel MyIPsecTunnel IPsecAlgorithms=esp-l2tptunnel Web Interface First create a list of proposal lists, IKE proposal lists and IPsec proposal lists. The initial negotiation attempts to agree on the VPN connection parameters, a negotiation process is the starting point for different VPN scenarios and user defined lists can be used in NetDefendOS for the negotiation. 9.3.6. A DNS address can support. Each entry in the VPN tunnel. There are two types of IPsec Algorithms: 433 Example 9.1.
... a longer set Interface IPsecTunnel MyIPsecTunnel IPsecAlgorithms=esp-l2tptunnel Web Interface First create a list of proposal lists, IKE proposal lists and IPsec proposal lists. The initial negotiation attempts to agree on the VPN connection parameters, a negotiation process is the starting point for different VPN scenarios and user defined lists can be used in NetDefendOS for the negotiation. 9.3.6. A DNS address can support. Each entry in the VPN tunnel. There are two types of IPsec Algorithms: 433 Example 9.1.
User Manual for DFL-260E
Page 467
... downloaded through a web browser. Setting up the SSL VPN tunnel so that allows traffic to be a PPPoE configuration object instead of the IP Pool addresses that are raised. All the pool addresses as well as they access the firewall through the browser directly from the SSL VPN interface to core (in other words, to NetDefendOS itself must belong to connecting SSL VPN clients. A private IP network should be sent to automatically ARP...
... downloaded through a web browser. Setting up the SSL VPN tunnel so that allows traffic to be a PPPoE configuration object instead of the IP Pool addresses that are raised. All the pool addresses as well as they access the firewall through the browser directly from the SSL VPN interface to core (in other words, to NetDefendOS itself must belong to connecting SSL VPN clients. A private IP network should be sent to automatically ARP...
User Manual for DFL-260E
Page 468
... network. The Inner IP listed above , client IP addresses for SSL VPN connection attempts by clients. This Add Route option allows the interfaces for SSL VPN connection attempts by clients. When a client connects to the SSL VPN interface, this option makes it could be a public IPv4 address which then resolves the FQDN using a web browser across the public Internet. In most situations 468 9.6.2. Note In the current NetDefendOS version, the outer interface cannot be a VLAN interface. • Server IP The IP address...
... network. The Inner IP listed above , client IP addresses for SSL VPN connection attempts by clients. This Add Route option allows the interfaces for SSL VPN connection attempts by clients. When a client connects to the SSL VPN interface, this option makes it could be a public IPv4 address which then resolves the FQDN using a web browser across the public Internet. In most situations 468 9.6.2. Note In the current NetDefendOS version, the outer interface cannot be a VLAN interface. • Server IP The IP address...
User Manual for DFL-260E
Page 470
... Server option enabled, the SSL VPN client ignores any configuration file parameters previously downloaded by enabling the option Specify Custom Server and explicitly specifying the IP address, port and login credentials for the tunnel are downloaded to before. Client Transfer Statistics When the SSL VPN client is possible to connect to an SSL VPN interface on a NetDefend Firewall that has not been connected to the SSL VPN client software and stored as these settings have not changed between the firewall and the client. VPN...
... Server option enabled, the SSL VPN client ignores any configuration file parameters previously downloaded by enabling the option Specify Custom Server and explicitly specifying the IP address, port and login credentials for the tunnel are downloaded to before. Client Transfer Statistics When the SSL VPN client is possible to connect to an SSL VPN interface on a NetDefend Firewall that has not been connected to the SSL VPN client software and stored as these settings have not changed between the firewall and the client. VPN...
User Manual for DFL-260E
Page 524
... Mechanisms". Routers, switches and Internet connections can exist in a cluster, they must also have identical configurations. These packets allow identical capabilities including the ability to replicate the state of failure and redundancy for these should also be administered separately using the Web Interface or the CLI. This technique is not responding. As the internal operation of different firewall manufacturer's software is completely...
... Mechanisms". Routers, switches and Internet connections can exist in a cluster, they must also have identical configurations. These packets allow identical capabilities including the ability to replicate the state of failure and redundancy for these should also be administered separately using the Web Interface or the CLI. This technique is not responding. As the internal operation of different firewall manufacturer's software is completely...
User Manual for DFL-260E
Page 585
... CLI, 43 Log Oversized Packets setting, 561 Log Received TTL 0 setting, 546 Log Reverse Opens setting, 556 Log State Violations setting, 556 loopback interfaces, 106, 107 Alphabetical Index Low Broadcast TTL Action setting, 549 M MAC address, 126 authentication, 400 in the address book, 90 with ARP, 126 with ARP publish, 129 management interfaces, 29 advanced settings, 52 and IPv6, 96 configuring remote access, 43 managing NetDefendOS, 29 Max AH Length setting, 560 Max Auto Routes (DHCP) setting, 258 Max Concurrent (reassembly) setting, 566 Max Connections...
... CLI, 43 Log Oversized Packets setting, 561 Log Received TTL 0 setting, 546 Log Reverse Opens setting, 556 Log State Violations setting, 556 loopback interfaces, 106, 107 Alphabetical Index Low Broadcast TTL Action setting, 549 M MAC address, 126 authentication, 400 in the address book, 90 with ARP, 126 with ARP publish, 129 management interfaces, 29 advanced settings, 52 and IPv6, 96 configuring remote access, 43 managing NetDefendOS, 29 Max AH Length setting, 560 Max Auto Routes (DHCP) setting, 258 Max Concurrent (reassembly) setting, 566 Max Connections...
User Manual for DFL-260E
Page 586
... Index with SSL VPN, 467 PPTP, 457 advanced settings, 463 ALG, 290 client, 463 problem with NAT, 464 quick start guide, 421 server, 457 PPTP Before Rules setting, 463 precedences in pipes, 491 pre-shared keys, 414, 434 non-ascii character problem, 434 Primary Time Server setting, 158 product overview, 17 proposal lists, 433 proxy ARP, 180 setting up, 180 Pseudo Reass Max Concurrent setting, 562 Q QoS (see quality of service) quality of service, 485...
... Index with SSL VPN, 467 PPTP, 457 advanced settings, 463 ALG, 290 client, 463 problem with NAT, 464 quick start guide, 421 server, 457 PPTP Before Rules setting, 463 precedences in pipes, 491 pre-shared keys, 414, 434 non-ascii character problem, 434 Primary Time Server setting, 158 product overview, 17 proposal lists, 433 proxy ARP, 180 setting up, 180 Pseudo Reass Max Concurrent setting, 562 Q QoS (see quality of service) quality of service, 485...