Product Manual
Page 2
Contents Introduction 7 Features and Benefits 7 Introduction to Firewalls 7 Introduction to Local Area Networking 8 LEDs ...9 Physical Connections 9 Package Contents 10 System Requirements 10 Managing D-Link DFL-700 11 Resetting the DFL-700 11 Administration Settings 12 Administrative Access 12 Add ping access to an interface 13 Add Admin access to an interface 13 Add Read-only access ...
Contents Introduction 7 Features and Benefits 7 Introduction to Firewalls 7 Introduction to Local Area Networking 8 LEDs ...9 Physical Connections 9 Package Contents 10 System Requirements 10 Managing D-Link DFL-700 11 Resetting the DFL-700 11 Administration Settings 12 Administrative Access 12 Add ping access to an interface 13 Add Admin access to an interface 13 Add Read-only access ...
Product Manual
Page 3
Firewall 28 Policy 28 Policy modes 28 Action Types 28 Source and Destination Filter 28 Service Filter 29 Schedule ...29 Intrusion Detection / Prevention 30 Traffic Shaping ... Administrative users 36 Add Administrative User 36 Change Administrative User Access level 37 Change Administrative User Password 37 Delete Administrative User 38 Users 39 The DFL-700 RADIUS Support 39 Enable User Authentication via HTTP / HTTPS 40 Enable RADIUS Support 40 Add User ...41 Change User Password 41 Delete User 42 Schedules...
Firewall 28 Policy 28 Policy modes 28 Action Types 28 Source and Destination Filter 28 Service Filter 29 Schedule ...29 Intrusion Detection / Prevention 30 Traffic Shaping ... Administrative users 36 Add Administrative User 36 Change Administrative User Access level 37 Change Administrative User Password 37 Delete Administrative User 38 Users 39 The DFL-700 RADIUS Support 39 Enable User Authentication via HTTP / HTTPS 40 Enable RADIUS Support 40 Add User ...41 Change User Password 41 Delete User 42 Schedules...
Product Manual
Page 7
... about your network from your network. In addition the DFL-700 also provides a user-friendly Web UI that is being used to prevent unauthorized Internet users from your computer and the Internet that data is called packet filtering. A firewall can also run specific security functions based on the type of application or type of...
... about your network from your network. In addition the DFL-700 also provides a user-friendly Web UI that is being used to prevent unauthorized Internet users from your computer and the Internet that data is called packet filtering. A firewall can also run specific security functions based on the type of application or type of...
Product Manual
Page 9
.... DMZ Port: Use this port to connect to factory default settings. LAN Port: Use this switch to reset the DFL-700 to an external network, such as a WAN or a modem provided by WAN accessible servers (FTP, HTTP, DNS).... Port: Serial Read-Only access to indicate a functional, active system. Status: A System status indicator that flashes occasionally to the firewall software from a PC equipped with a Serial COM port (9600 baud, 8 data bits, No Parity, 1 Stop bit, No... data. WAN, LAN, & DMZ: Bright Green illumination indicates a valid Ethernet Link on the internal office network.
.... DMZ Port: Use this port to connect to factory default settings. LAN Port: Use this switch to reset the DFL-700 to an external network, such as a WAN or a modem provided by WAN accessible servers (FTP, HTTP, DNS).... Port: Serial Read-Only access to indicate a functional, active system. Status: A System status indicator that flashes occasionally to the firewall software from a PC equipped with a Serial COM port (9600 baud, 8 data bits, No Parity, 1 Stop bit, No... data. WAN, LAN, & DMZ: Bright Green illumination indicates a valid Ethernet Link on the internal office network.
Product Manual
Page 10
... using TCP/IP. • Internet Explorer or Netscape Navigator, version 6.0 or above items are missing, please contact your reseller. If any of Package: • D-Link DFL-700 Firewall • Manual and CD • Quick Installation Guide • 5V/3A AC Power adapter • Straight-through CAT-5 cable • RS-232 Null Modem Cable... Note: Using a power supply with a different voltage rating than the one included with JavaScript enabled. 10 Package Contents Contents of the above , with the DFL-700 will cause irreparable electrical damage and void the warranty for this product.
... using TCP/IP. • Internet Explorer or Netscape Navigator, version 6.0 or above items are missing, please contact your reseller. If any of Package: • D-Link DFL-700 Firewall • Manual and CD • Quick Installation Guide • 5V/3A AC Power adapter • Straight-through CAT-5 cable • RS-232 Null Modem Cable... Note: Using a power supply with a different voltage rating than the one included with JavaScript enabled. 10 Package Contents Contents of the above , with the DFL-700 will cause irreparable electrical damage and void the warranty for this product.
Product Manual
Page 11
...first hear one beep, which indicates that the default configuration restoration has started. The firewall will revert to the previous configuration. The timeout can release the reset button and the DFL-700 will continue to make the changes permanent, the administrator must first press and hold ...the reset procedure, refer to page 69. Power on the unit, and continue to factory default settings you must login again. Managing D-Link DFL-700 When a change is made by the administrator are complete, those changes need to be saved and activated to take effect. After this ...
...first hear one beep, which indicates that the default configuration restoration has started. The firewall will revert to the previous configuration. The timeout can release the reset button and the DFL-700 will continue to make the changes permanent, the administrator must first press and hold ...the reset procedure, refer to page 69. Power on the unit, and continue to factory default settings you must login again. Managing D-Link DFL-700 When a change is made by the administrator are complete, those changes need to be saved and activated to take effect. After this ...
Product Manual
Page 15
...and restarting. Choose the correct Subnet mask of the LAN or DMZ interface. Click the Apply button below it , and used to ping the firewall, remotely control it . If the computer through which interface to view or change the IP of this interface. Step 3. Failure to follow ... IP. This configuration will determine the IP addresses that the DHCP scope will result in the firewall configuration reverting back to the state prior to changing the LAN IP. Choose which the DFL-700 is being configured is a DHCP client, you will be changed to correspond with this interface ...
...and restarting. Choose the correct Subnet mask of the LAN or DMZ interface. Click the Apply button below it , and used to ping the firewall, remotely control it . If the computer through which interface to view or change the IP of this interface. Step 3. Failure to follow ... IP. This configuration will determine the IP addresses that the DHCP scope will result in the firewall configuration reverting back to the state prior to changing the LAN IP. Choose which the DFL-700 is being configured is a DHCP client, you will be changed to correspond with this interface ...
Product Manual
Page 16
... of the WAN interface. The IP address of the external network. • Gateway IP - The IP addresses of the default gateway used to ping the firewall, remotely control it, and be used as the source address for dynamically translated connections. • Subnet Mask - WAN Interface Settings - only the Primary DNS is...
... of the WAN interface. The IP address of the external network. • Gateway IP - The IP addresses of the default gateway used to ping the firewall, remotely control it, and be used as the source address for dynamically translated connections. • Subnet Mask - WAN Interface Settings - only the Primary DNS is...
Product Manual
Page 20
... IP is specified it's possible to control whichever policies have the highest priority when large amounts of data are moving through the DFL-700. Traffic Shaping When Traffic Shaping is enabled and the correct maximum up and downstream bandwidth is assigned with DHCP. • Username...policy. The password supplied to you by your ISP. • Password - Guarantee bandwidth to guarantee the amount of bandwidth available through the firewall for a high-priority service. For example, the policy for the web server might be given higher priority than the policies for authentication; ...
... IP is specified it's possible to control whichever policies have the highest priority when large amounts of data are moving through the DFL-700. Traffic Shaping When Traffic Shaping is enabled and the correct maximum up and downstream bandwidth is assigned with DHCP. • Username...policy. The password supplied to you by your ISP. • Password - Guarantee bandwidth to guarantee the amount of bandwidth available through the firewall for a high-priority service. For example, the policy for the web server might be given higher priority than the policies for authentication; ...
Product Manual
Page 22
...is specified, the interface IP address of the next router hop used . Specifies the IP address of the firewall will be automatically published on System in security. Specifies the network address for a particular route, without having a route that covers the gateway's IP address... describing routes is specified. Additional IP Address - Instead, you can specify a gateway for this route via another interface. The DFL-700 uses a slightly different method of describing routes compared to reach the destination network. This address will publish the remote network on all...
...is specified, the interface IP address of the next router hop used . Specifies the IP address of the firewall will be automatically published on System in security. Specifies the network address for a particular route, without having a route that covers the gateway's IP address... describing routes is specified. Additional IP Address - Instead, you can specify a gateway for this route via another interface. The DFL-700 uses a slightly different method of describing routes compared to reach the destination network. This address will publish the remote network on all...
Product Manual
Page 24
Logging Click on System in the network. The DLink DFL-700 logs activity by the firewall, is done to one or two log receivers in the menu bar, and then click Logging below it. The log format used for SYSLog logging is suitable for logging activity. The D-Link DFL-700 provides several options for automated processing and searching. 24 All logging is a vital part in all network security products. Logging, the ability to audit decisions made by sending the log data to SYSLog recipients.
Logging Click on System in the network. The DLink DFL-700 logs activity by the firewall, is done to one or two log receivers in the menu bar, and then click Logging below it. The log format used for SYSLog logging is suitable for logging activity. The D-Link DFL-700 provides several options for automated processing and searching. 24 All logging is a vital part in all network security products. Logging, the ability to audit decisions made by sending the log data to SYSLog recipients.
Product Manual
Page 25
...firewall, follow the steps below to apply the settings or click Cancel to see how much traffic specific connections account for instance when allowed connections are opened and closed, are mandatory and will send the e-mail alerts. Follow these steps to enable E-mail alerting. Step 3. Click the Apply button below . The D-Link DFL-700... to use by checking the Enable E-mail alerting for IDS/IDP events to up to three valid email addresses to which the DFL-700 will always generate log entries. It is also possible to have to fill in the SMTP server to receive the e-mail alerts...
...firewall, follow the steps below to apply the settings or click Cancel to see how much traffic specific connections account for instance when allowed connections are opened and closed, are mandatory and will send the e-mail alerts. Follow these steps to enable E-mail alerting. Step 3. Click the Apply button below . The D-Link DFL-700... to use by checking the Enable E-mail alerting for IDS/IDP events to up to three valid email addresses to which the DFL-700 will always generate log entries. It is also possible to have to fill in the SMTP server to receive the e-mail alerts...
Product Manual
Page 28
...In addition to this blank to the stateful inspection engine, which will explain the meanings of the firewall. Logging is carried out if audit logging has been enabled in configuring security policies is to configure the mode for return traffic will immediately be compared to bottom, until ...without performing address translation. To use NAT mode select Hide source addresses (many-to-one NAT) and to use DFL-700 network address translation to the external interface. The firewall can connect a private network to the internal interface, a DMZ network to the DMZ interface, and a public ...
...In addition to this blank to the stateful inspection engine, which will explain the meanings of the firewall. Logging is carried out if audit logging has been enabled in configuring security policies is to configure the mode for return traffic will immediately be compared to bottom, until ...without performing address translation. To use NAT mode select Hide source addresses (many-to-one NAT) and to use DFL-700 network address translation to the external interface. The firewall can connect a private network to the internal interface, a DMZ network to the DMZ interface, and a public ...
Product Manual
Page 30
.... 30 If Prevention is enabled and configured. much the same way firewall policies are three different priorities when configuring the traffic shaping, Normal, High...policies using a policy a minimum bandwidth, this policy. There are implemented. D-Link updates the attack database periodically. Limit works by measuring and queuing IP packets,...security as well as a functionality perspective, is the maximum bandwidth that identifies and takes action against a wide variety of the malicious attack, the IDS will send e-mails to an attack, the IDS will protect the networks behind the DFL-700...
.... 30 If Prevention is enabled and configured. much the same way firewall policies are three different priorities when configuring the traffic shaping, Normal, High...policies using a policy a minimum bandwidth, this policy. There are implemented. D-Link updates the attack database periodically. Limit works by measuring and queuing IP packets,...security as well as a functionality perspective, is the maximum bandwidth that identifies and takes action against a wide variety of the malicious attack, the IDS will send e-mails to an attack, the IDS will protect the networks behind the DFL-700...
Product Manual
Page 31
... position. Choose Deny to match. Specifies the sender span of usernames, separated by a comma (,) or write Any for details on the Add new link. Source Users/Groups: Specifies if an authenticated username is needed for this policy to match everything . Step 4. Click the Apply button below to apply... the changes or click Cancel to traverse the firewall. If it is left blank there is used for this policy to add a new outgoing policy. Either make a list of IP addresses to ...
... position. Choose Deny to match. Specifies the sender span of usernames, separated by a comma (,) or write Any for details on the Add new link. Source Users/Groups: Specifies if an authenticated username is needed for this policy to match everything . Step 4. Click the Apply button below to apply... the changes or click Cancel to traverse the firewall. If it is left blank there is used for this policy to add a new outgoing policy. Either make a list of IP addresses to ...
Product Manual
Page 34
... Either make a custom service. Destination IP: Leave empty to use Intrusion Detection / Prevention on Port mapped services. Pass To: The IP of the firewall, or enter an additional IP address to be used mainly as a rule reference in log data and for easy reference in the following values: Name... authenticated user. Add a new mapping Follow these steps to discard changes. Choose Always for no need for authentication for details on the Add new link. Click the Apply button below to apply the changes or click Cancel to add a new mapping on the WAN interface. Note: Refer to Appendix...
... Either make a custom service. Destination IP: Leave empty to use Intrusion Detection / Prevention on Port mapped services. Pass To: The IP of the firewall, or enter an additional IP address to be used mainly as a rule reference in log data and for easy reference in the following values: Name... authenticated user. Add a new mapping Follow these steps to discard changes. Choose Always for no need for authentication for details on the Add new link. Click the Apply button below to apply the changes or click Cancel to add a new mapping on the WAN interface. Note: Refer to Appendix...
Product Manual
Page 36
... that already exists. Click on add after the type of the DFL-700 and so on. Step 3. The user name and password can add, edit and remove rules, change settings of user you are not allowed. 36 Administrative users Click on Firewall in each access level. Add Administrative User Follow these steps to...
... that already exists. Click on add after the type of the DFL-700 and so on. Step 3. The user name and password can add, edit and remove rules, change settings of user you are not allowed. 36 Administrative users Click on Firewall in each access level. Add Administrative User Follow these steps to...
Product Manual
Page 37
.... • Read-only - Follow these steps to change level of. Enable the Change password checkbox. Note: The password should be at the configuration of the firewall. • No Admin Access - The user is only used for user authentication. Step 2. Change Administrative User Password To change the password of a user click on...
.... • Read-only - Follow these steps to change level of. Enable the Change password checkbox. Note: The password should be at the configuration of the firewall. • No Admin Access - The user is only used for user authentication. Step 2. Change Administrative User Password To change the password of a user click on...
Product Manual
Page 39
... either by itself or as the less secure of the user password when the RADIUS-packet is allowed to 100 characters, and must first authenticate him/her-self. The DFL-700 uses a shared secret when connecting to the firewall. The DFL-700 can be stored in plaintext on both the firewall and the RADIUS server. It is...
... either by itself or as the less secure of the user password when the RADIUS-packet is allowed to 100 characters, and must first authenticate him/her-self. The DFL-700 uses a shared secret when connecting to the firewall. The DFL-700 can be stored in plaintext on both the firewall and the RADIUS server. It is...
Product Manual
Page 40
... be used for up to two RADIUS servers. Specify if HTTP and HTTPS or only HTTPS should be idle before being logged out by the firewall. Step 3. Click the Apply button below to apply the settings or click Cancel to discard changes. 40 Choose new ports for the web-based management...
... be used for up to two RADIUS servers. Specify if HTTP and HTTPS or only HTTPS should be idle before being logged out by the firewall. Step 3. Click the Apply button below to apply the settings or click Cancel to discard changes. 40 Choose new ports for the web-based management...