Product Manual
Page 2
Using PPTP 18 WAN Interface Settings - Using DHCP 16 WAN Interface Settings - Using BigPond 20 Traffic Shaping 20 MTU Configuration 21 Routing 22 Add a new Static Route 23 Remove a Static Route 23 Logging 24 Enable Logging 25 Enable Audit... 7 Introduction to Firewalls 7 Introduction to Local Area Networking 8 LEDs ...9 Physical Connections 9 Package Contents 10 System Requirements 10 Managing D-Link DFL-700 11 Resetting the DFL-700 11 Administration Settings 12 Administrative Access 12 Add ping access to an interface 13 Add Admin access to an interface 13 Add Read-only...
Using PPTP 18 WAN Interface Settings - Using DHCP 16 WAN Interface Settings - Using BigPond 20 Traffic Shaping 20 MTU Configuration 21 Routing 22 Add a new Static Route 23 Remove a Static Route 23 Logging 24 Enable Logging 25 Enable Audit... 7 Introduction to Firewalls 7 Introduction to Local Area Networking 8 LEDs ...9 Physical Connections 9 Package Contents 10 System Requirements 10 Managing D-Link DFL-700 11 Resetting the DFL-700 11 Administration Settings 12 Administrative Access 12 Add ping access to an interface 13 Add Admin access to an interface 13 Add Read-only...
Product Manual
Page 3
... 32 Delete policy 32 Configure Intrusion Detection 32 Configure Intrusion Prevention 33 Port mapping / Virtual Servers 34 Add a new mapping 34 Delete mapping 35 Administrative users 36 Add Administrative User 36 Change Administrative User Access level 37 Change Administrative User Password 37 Delete Administrative User 38 Users 39 The DFL-700 RADIUS Support 39...
... 32 Delete policy 32 Configure Intrusion Detection 32 Configure Intrusion Prevention 33 Port mapping / Virtual Servers 34 Add a new mapping 34 Delete mapping 35 Administrative users 36 Add Administrative User 36 Change Administrative User Access level 37 Change Administrative User Password 37 Delete Administrative User 38 Users 39 The DFL-700 RADIUS Support 39...
Product Manual
Page 4
... 64 Disable DNS Relayer 64 Tools 65 Ping ...65 Ping Example 65 Dynamic DNS 66 Add Dynamic DNS Settings 66 Backup 67 Exporting the DFL-700's Configuration 67 Restoring the DFL-700's Configuration 67 Restart/Reset 68 4 IPSec VPN between two networks 53 Creating a LAN-to-LAN IPSec VPN Tunnel 53 VPN between client and an...
... 64 Disable DNS Relayer 64 Tools 65 Ping ...65 Ping Example 65 Dynamic DNS 66 Add Dynamic DNS Settings 66 Backup 67 Exporting the DFL-700's Configuration 67 Restoring the DFL-700's Configuration 67 Restart/Reset 68 4 IPSec VPN between two networks 53 Creating a LAN-to-LAN IPSec VPN Tunnel 53 VPN between client and an...
Product Manual
Page 7
... rights for bandwidth management. z Web Management Configurable through . Or a firewall can be a computer using a Web browser supporting Java. For example, a firewall can also run specific security functions based on the type of application or type of port that allows users to set of data. Introduction The DFL-700 provides three 10/100Mbps Ethernet network...
... rights for bandwidth management. z Web Management Configurable through . Or a firewall can be a computer using a Web browser supporting Java. For example, a firewall can also run specific security functions based on the type of application or type of port that allows users to set of data. Introduction The DFL-700 provides three 10/100Mbps Ethernet network...
Product Manual
Page 8
... set-up the communication over a small area such as hubs or switches that a switch can connect computers together. Networks take some time in order to configure your needs. 8 A switch minimizes network traffic overhead and speeds up for a specific piece of LANs connected over radio waves. A LAN consists of buildings. Each computer...
... set-up the communication over a small area such as hubs or switches that a switch can connect computers together. Networks take some time in order to configure your needs. 8 A switch minimizes network traffic overhead and speeds up for a specific piece of LANs connected over radio waves. A LAN consists of buildings. Each computer...
Product Manual
Page 10
... Ethernet adapter configured to communicate using TCP/IP. • Internet Explorer or Netscape Navigator, version 6.0 or above items are missing, please contact your reseller. Package Contents Contents of the above , with the DFL-700 will cause irreparable electrical damage and void the warranty for this product. If any of Package: • D-Link DFL-700 Firewall •...
... Ethernet adapter configured to communicate using TCP/IP. • Internet Explorer or Netscape Navigator, version 6.0 or above items are missing, please contact your reseller. Package Contents Contents of the above , with the DFL-700 will cause irreparable electrical damage and void the warranty for this product. If any of Package: • D-Link DFL-700 Firewall •...
Product Manual
Page 11
..., making the new changes take effect by the administrator are complete, those changes need to be done before a configurable timeout has been reached, otherwise the DFL-700 will continue to page 69. After this you hear two consecutive beeps shortly after each other. When all changes...This has to be saved and activated to take effect. Power on the unit, and continue to the configuration, a new icon named Activate Changes will appear. Managing D-Link DFL-700 When a change is made by clicking on the Activate Changes button on the reset procedure, refer to load...
..., making the new changes take effect by the administrator are complete, those changes need to be done before a configurable timeout has been reached, otherwise the DFL-700 will continue to page 69. After this you hear two consecutive beeps shortly after each other. When all changes...This has to be saved and activated to take effect. Power on the unit, and continue to the configuration, a new icon named Activate Changes will appear. Managing D-Link DFL-700 When a change is made by clicking on the Activate Changes button on the reset procedure, refer to load...
Product Manual
Page 12
... Server Management UI (HTTP and HTTPS) can ping the IP interface of the DFL-700. Ping - this can be HTTPS or HTTP and HTTPS. These values must change configuration; Admin - In the case where Read-Only access is enabled (User Authentication uses 80 and 443 to that interface will ... the DFL700 and look at the configuration; Read-Only - Administration Settings Administrative Access Management UI Ports - If enabled, it specifies who can be in Read-Only mode. 12 If enabled, it allows all users with admin access to connect to the DFL-700 and change if User Authentication is ...
... Server Management UI (HTTP and HTTPS) can ping the IP interface of the DFL-700. Ping - this can be HTTPS or HTTP and HTTPS. These values must change configuration; Admin - In the case where Read-Only access is enabled (User Authentication uses 80 and 443 to that interface will ... the DFL700 and look at the configuration; Read-Only - Administration Settings Administrative Access Management UI Ports - If enabled, it specifies who can be in Read-Only mode. 12 If enabled, it allows all users with admin access to connect to the DFL-700 and change if User Authentication is ...
Product Manual
Page 15
Choose which the DFL-700 is being configured is a DHCP client, you will be changed to correspond with this interface from the drop down menu. Step 3. Step 2. This configuration will determine the IP addresses that the DHCP scope will result in the firewall configuration reverting back to the state prior to changing the LAN IP. Please...
Choose which the DFL-700 is being configured is a DHCP client, you will be changed to correspond with this interface from the drop down menu. Step 3. Step 2. This configuration will determine the IP addresses that the DHCP scope will result in the firewall configuration reverting back to the state prior to changing the LAN IP. Please...
Product Manual
Page 17
... the IP address of the external interface. Using PPPoE Use the following procedure to configure the DFL-700 external interface to use PPPoE (Point-to fill in the username and password provided to you by the PPPoE service. This configuration is required if your DNS servers; When using PPPoE some ISPs require you by...
... the IP address of the external interface. Using PPPoE Use the following procedure to configure the DFL-700 external interface to use PPPoE (Point-to fill in the username and password provided to you by the PPPoE service. This configuration is required if your DNS servers; When using PPPoE some ISPs require you by...
Product Manual
Page 18
... actual physical interface that the DFL-700 will connect to enter your ISP, the physical (WAN) interface parameters must be filled in some DSL and cable modem networks. Specifies the IP address of the default gateway used to connect to your account details, and possibly also IP configuration parameters of ISP used to...
... actual physical interface that the DFL-700 will connect to enter your ISP, the physical (WAN) interface parameters must be filled in some DSL and cable modem networks. Specifies the IP address of the default gateway used to connect to your account details, and possibly also IP configuration parameters of ISP used to...
Product Manual
Page 19
... configuration parameters of the default gateway used . Your ISP should supply this information. Size of the WAN interface. The login or username supplied to access the Internet. WAN Interface Settings - The IP address of the external network. • Gateway IP - Specifies the IP address of the actual physical interface that the DFL-700...
... configuration parameters of the default gateway used . Your ISP should supply this information. Size of the WAN interface. The login or username supplied to access the Internet. WAN Interface Settings - The IP address of the external network. • Gateway IP - Specifies the IP address of the actual physical interface that the DFL-700...
Product Manual
Page 21
...and error is 576, so if you connect to the Internet via PPPoE, you may also have an MTU of all the networks between the DFL-700 and the Internet. Note: If you connect to your Internet connection, you can adjust the maximum transmission unit (MTU) of the packets that can ... the smallest MTU of 1500. MTU Configuration To improve the performance of your ISP using DHCP to obtain an IP address for the external interface, you cannot set the MTU size to discard changes. If the packets the DFL-700 sends are some guidelines that the DFL-700 transmits from its external interface. Most...
...and error is 576, so if you connect to the Internet via PPPoE, you may also have an MTU of all the networks between the DFL-700 and the Internet. Note: If you connect to your Internet connection, you can adjust the maximum transmission unit (MTU) of the packets that can ... the smallest MTU of 1500. MTU Configuration To improve the performance of your ISP using DHCP to obtain an IP address for the external interface, you cannot set the MTU size to discard changes. If the packets the DFL-700 sends are some guidelines that the DFL-700 transmits from its external interface. Most...
Product Manual
Page 22
..., and it will look something like this will also be automatically published on the corresponding interface. this : The Routes configuration section describes the firewall's routing table. Network - Specifies the IP address of all interfaces (except WAN) if enabled on the ... interface. Gateway - Instead, you can specify a gateway for users to most commonly used . The DFL-700 uses a slightly different method of describing routes compared to cause errors or breaches in security. Routing Click on System in the menu bar, and then click Routing below it less likely for ...
..., and it will look something like this will also be automatically published on the corresponding interface. this : The Routes configuration section describes the firewall's routing table. Network - Specifies the IP address of all interfaces (except WAN) if enabled on the ... interface. Gateway - Instead, you can specify a gateway for users to most commonly used . The DFL-700 uses a slightly different method of describing routes compared to cause errors or breaches in security. Routing Click on System in the menu bar, and then click Routing below it less likely for ...
Product Manual
Page 25
...your first SYSLog server as startup and shutdown, are configurable. Choose the sensitivity level. Step 4. You must fill in the SMTP server to use by checking the Enable Audit Logging box. Specify what facility to which the DFL-700 will always generate log entries. Local0 is required ...below to apply the settings or click Cancel to receive the e-mail alerts. Enable SYSLog by selecting the appropriate SYSLog facility. Step 2. The D-Link DFL-700 specifies a number of these events, such as SYSLog server 1. Some of events that can be logged. Other events, for . Enable SYSLog by...
...your first SYSLog server as startup and shutdown, are configurable. Choose the sensitivity level. Step 4. You must fill in the SMTP server to use by checking the Enable Audit Logging box. Specify what facility to which the DFL-700 will always generate log entries. Local0 is required ...below to apply the settings or click Cancel to receive the e-mail alerts. Enable SYSLog by selecting the appropriate SYSLog facility. Step 2. The D-Link DFL-700 specifies a number of these events, such as SYSLog server 1. Some of events that can be logged. Other events, for . Enable SYSLog by...
Product Manual
Page 28
...one NAT) and to use DFL-700 network address translation to the sender or, if the rejected packet was a TCP packet, a TCP RST message. Action Types Drop - Such packets will not be required as Drop. Policy modes The first step in configuring security policies is to the received packet.... Such packets will be compared to configure the mode for return traffic will be logged if logging has been enabled in the Logging Settings...
...one NAT) and to use DFL-700 network address translation to the sender or, if the rejected packet was a TCP packet, a TCP RST message. Action Types Drop - Such packets will not be required as Drop. Policy modes The first step in configuring security policies is to the received packet.... Such packets will be compared to configure the mode for return traffic will be logged if logging has been enabled in the Logging Settings...
Product Manual
Page 30
... have configured the traffic limits on the WAN interface this limit is a real-time intrusion detection and prevention sensor that can traffic using a policy a minimum bandwidth, this policy. By using Guarantee, you have the components in a network, seen from a security as ... Differentiated rate limits and traffic guarantees based on the traffic. Intrusion Detection / Prevention The DFL-700 Intrusion Detection/Prevention System (IDS/IDP) is sometimes lowered to allow traffic with respect to a number of configurable parameters. D-Link updates the attack database periodically.
... have configured the traffic limits on the WAN interface this limit is a real-time intrusion detection and prevention sensor that can traffic using a policy a minimum bandwidth, this policy. By using Guarantee, you have the components in a network, seen from a security as ... Differentiated rate limits and traffic guarantees based on the traffic. Intrusion Detection / Prevention The DFL-700 Intrusion Detection/Prevention System (IDS/IDP) is sometimes lowered to allow traffic with respect to a number of configurable parameters. D-Link updates the attack database periodically.
Product Manual
Page 32
Click on the Edit link corresponding to the rule you would like to change the order of a policy. Change the number in from the available policy lists. Delete policy Follow these steps to configure IDS on . Choose the policy list from which you want to move the old policy ... Click the Apply button below to apply the changes or click Cancel to discard changes. 32 Step 1. Click on the Edit link corresponding to the rule you want to configure. Configure Intrusion Detection Follow these steps to delete a policy. Enable the alerting checkbox for which you would like to have IDS on...
Click on the Edit link corresponding to the rule you would like to change the order of a policy. Change the number in from the available policy lists. Delete policy Follow these steps to configure IDS on . Choose the policy list from which you want to move the old policy ... Click the Apply button below to apply the changes or click Cancel to discard changes. 32 Step 1. Click on the Edit link corresponding to the rule you want to configure. Configure Intrusion Detection Follow these steps to delete a policy. Enable the alerting checkbox for which you would like to have IDS on...
Product Manual
Page 33
Choose Prevention from the mode drop down list. Choose the policy you would like have IDP on the Edit link corresponding to the rule you want to configure. Step 1. Step 3. Step 5. Click on . Enable the alerting checkbox for e-mail alerting. Configure Intrusion Prevention Follow these steps to discard changes. Step 4. Click the Apply button below to apply the changes or click Cancel to configure IDP on a policy. Step 2. Enable the Intrusion Detection / Prevention checkbox.
Choose Prevention from the mode drop down list. Choose the policy you would like have IDP on the Edit link corresponding to the rule you want to configure. Step 1. Step 3. Step 5. Click on . Enable the alerting checkbox for e-mail alerting. Configure Intrusion Prevention Follow these steps to discard changes. Step 4. Click the Apply button below to apply the changes or click Cancel to configure IDP on a policy. Step 2. Enable the Intrusion Detection / Prevention checkbox.
Product Manual
Page 34
...needed for the rule. See the previous chapter for any authenticated user. Port mapping / Virtual Servers The Port mapping / Virtual Servers configuration section is where you can configure virtual servers (such as a LAN Web server) on the LAN or DMZ Interfaces to be passed to. One may also regulate how... bandwidth management (traffic shaping) is applied to add a new mapping on the Add new link. Either make a custom service. Click the Apply ...
...needed for the rule. See the previous chapter for any authenticated user. Port mapping / Virtual Servers The Port mapping / Virtual Servers configuration section is where you can configure virtual servers (such as a LAN Web server) on the LAN or DMZ Interfaces to be passed to. One may also regulate how... bandwidth management (traffic shaping) is applied to add a new mapping on the Add new link. Either make a custom service. Click the Apply ...