Product Manual
Page 2
... - Using PPPoE 17 WAN Interface Settings - Contents Introduction 7 Features and Benefits 7 Introduction to Firewalls 7 Introduction to Local Area Networking 8 LEDs ...9 Physical Connections 9 Package Contents 10 System Requirements 10 Managing D-Link DFL-700 11 Resetting the DFL-700 11 Administration Settings 12 Administrative Access 12 Add ping access to an interface 13 Add Admin access to an...
... - Using PPPoE 17 WAN Interface Settings - Contents Introduction 7 Features and Benefits 7 Introduction to Firewalls 7 Introduction to Local Area Networking 8 LEDs ...9 Physical Connections 9 Package Contents 10 System Requirements 10 Managing D-Link DFL-700 11 Resetting the DFL-700 11 Administration Settings 12 Administrative Access 12 Add ping access to an interface 13 Add Admin access to an...
Product Manual
Page 4
... Creating a LAN-to-LAN IPSec VPN Tunnel 53 VPN between client and an internal network 54 Creating a Roaming Users IPSec Tunnel 54 Adding an L2TP/PPTP VPN Client 55 Adding an L2TP/PPTP VPN Server 55 VPN - Advanced Settings 56 ... Relayer 64 Disable DNS Relayer 64 Tools 65 Ping ...65 Ping Example 65 Dynamic DNS 66 Add Dynamic DNS Settings 66 Backup 67 Exporting the DFL-700's Configuration 67 Restoring the DFL-700's Configuration 67 Restart/Reset 68 4
... Creating a LAN-to-LAN IPSec VPN Tunnel 53 VPN between client and an internal network 54 Creating a Roaming Users IPSec Tunnel 54 Adding an L2TP/PPTP VPN Client 55 Adding an L2TP/PPTP VPN Server 55 VPN - Advanced Settings 56 ... Relayer 64 Disable DNS Relayer 64 Tools 65 Ping ...65 Ping Example 65 Dynamic DNS 66 Add Dynamic DNS Settings 66 Backup 67 Exporting the DFL-700's Configuration 67 Restoring the DFL-700's Configuration 67 Restart/Reset 68 4
Product Manual
Page 7
...the criteria, that allows users to prevent sensitive information about your network. In addition the DFL-700 also provides a user-friendly Web UI that data is called packet filtering. A firewall can also run specific security functions based on the type of application or type of the... information moving to PPTP and IPSec over the Internet. Introduction The DFL-700 provides three 10/100Mbps Ethernet network interface ports, which are also deployed to ...
...the criteria, that allows users to prevent sensitive information about your network. In addition the DFL-700 also provides a user-friendly Web UI that data is called packet filtering. A firewall can also run specific security functions based on the type of application or type of the... information moving to PPTP and IPSec over the Internet. Introduction The DFL-700 provides three 10/100Mbps Ethernet network interface ports, which are also deployed to ...
Product Manual
Page 8
...be connected to in order to plan and implement correctly. There are many ways to configure your needs. 8 A switch minimizes network traffic overhead and speeds up for a specific piece of media that a switch can connect computers together. There are many types of...determine the destination port for your network. Introduction to Local Area Networking Local Area Networking (LAN) is usually a 10Mbps network card, or 10/100Mbps network card, or a wireless network card. A collection of buildings. The most common media is called a Wide Area Network (WAN). You may want to...
...be connected to in order to plan and implement correctly. There are many ways to configure your needs. 8 A switch minimizes network traffic overhead and speeds up for a specific piece of media that a switch can connect computers together. There are many types of...determine the destination port for your network. Introduction to Local Area Networking Local Area Networking (LAN) is usually a 10Mbps network card, or 10/100Mbps network card, or a wireless network card. A collection of buildings. The most common media is called a Wide Area Network (WAN). You may want to...
Product Manual
Page 9
...so will flicker when that respective port is sending or receiving data. WAN, LAN, & DMZ: Bright Green illumination indicates a valid Ethernet Link on the internal office network. Do not use less than 1 client PC on that respective port. DC Power: Use the included 5VDC 3A switching power supply to ... with a Serial COM port (9600 baud, 8 data bits, No Parity, 1 Stop bit, No Flow Control). LAN Port: Use this switch to reset the DFL-700 to service more than 5VDC 3A to the power supply. Reset: Use this port to connect to a Fast Ethernet Switch to factory default settings. Solid...
...so will flicker when that respective port is sending or receiving data. WAN, LAN, & DMZ: Bright Green illumination indicates a valid Ethernet Link on the internal office network. Do not use less than 1 client PC on that respective port. DC Power: Use the included 5VDC 3A switching power supply to ... with a Serial COM port (9600 baud, 8 data bits, No Parity, 1 Stop bit, No Flow Control). LAN Port: Use this switch to reset the DFL-700 to service more than 5VDC 3A to the power supply. Reset: Use this port to connect to a Fast Ethernet Switch to factory default settings. Solid...
Product Manual
Page 13
Specifies if SNMP should or should be allowed to an interface. Specify which network addresses should not be used to an interface. Follow these steps to add ping access to access the DFL-700 via the dropdown menu. Step 1. Enable the Admin checkbox. Specify protocol to be allowed on ... click Cancel to access the administrative interface, for example 192.168.1.0/24 for a whole class C network or 172.16.0.1 - 172.16.0.10 for a range of IP addresses. Select HTTP and HTTPS (Secure HTTP) or HTTPS only. Step 3. Example: Add Admin access to an interface To add admin ...
Specifies if SNMP should or should be allowed to an interface. Specify which network addresses should not be used to an interface. Follow these steps to add ping access to access the DFL-700 via the dropdown menu. Step 1. Enable the Admin checkbox. Specify protocol to be allowed on ... click Cancel to access the administrative interface, for example 192.168.1.0/24 for a whole class C network or 172.16.0.1 - 172.16.0.10 for a range of IP addresses. Select HTTP and HTTPS (Secure HTTP) or HTTPS only. Step 3. Example: Add Admin access to an interface To add admin ...
Product Manual
Page 14
...used to access the DFL-700 via the dropdown menu. Example: 14 Note that if you only have read-only access, even if they are administrators. Select HTTP and HTTPS (Secure HTTP) or HTTPS only. Step 2. Enable the Read-only checkbox. Specify which network addresses should be ...used to authenticate the DFL-700. Click on the interface you would like to add it to. Step 4. Step...
...used to access the DFL-700 via the dropdown menu. Example: 14 Note that if you only have read-only access, even if they are administrators. Select HTTP and HTTPS (Secure HTTP) or HTTPS only. Step 2. Enable the Read-only checkbox. Specify which network addresses should be ...used to authenticate the DFL-700. Click on the interface you would like to add it to. Step 4. Step...
Product Manual
Page 16
... - Note: Do not use the numbers displayed in the IP address information provided to complete any fields. 16 Specifies the IP address of the external network. • Gateway IP - This is required.
... - Note: Do not use the numbers displayed in the IP address information provided to complete any fields. 16 Specifies the IP address of the external network. • Gateway IP - This is required.
Product Manual
Page 18
... the actual physical interface that the DFL-700 will connect to. You can be used to connect to your account details, and possibly also IP configuration parameters of the PPTP server that the PPTP tunnel runs over Ethernet connections are used . The IP address of the external network. • Gateway IP - Specifies the... of the default gateway used to connect to enter your ISP, the physical (WAN) interface parameters must be filled in some DSL and cable modem networks. The password supplied to be input. WAN Interface Settings - Your ISP should supply this information.
... the actual physical interface that the DFL-700 will connect to. You can be used to connect to your account details, and possibly also IP configuration parameters of the PPTP server that the PPTP tunnel runs over Ethernet connections are used . The IP address of the external network. • Gateway IP - Specifies the... of the default gateway used to connect to enter your ISP, the physical (WAN) interface parameters must be filled in some DSL and cable modem networks. The password supplied to be input. WAN Interface Settings - Your ISP should supply this information.
Product Manual
Page 19
... tunnel runs over Ethernet connections are unsure of the necessity of ISP used to connect to access the Internet. The IP address of the external network. • Gateway IP - Contact your ISP if you are used in . • IP Address - The password supplied to you by your ...(WAN) interface parameters must be used to the L2TP server. • Subnet Mask - Specifies the IP address of the actual physical interface that the DFL-700 will connect to your ISP. • Password - Your ISP should supply this information. Size of the WAN interface. WAN Interface Settings - Your ISP...
... tunnel runs over Ethernet connections are unsure of the necessity of ISP used to connect to access the Internet. The IP address of the external network. • Gateway IP - Contact your ISP if you are used in . • IP Address - The password supplied to you by your ...(WAN) interface parameters must be used to the L2TP server. • Subnet Mask - Specifies the IP address of the actual physical interface that the DFL-700 will connect to your ISP. • Password - Your ISP should supply this information. Size of the WAN interface. WAN Interface Settings - Your ISP...
Product Manual
Page 21
... are some guidelines that can adjust the maximum transmission unit (MTU) of the packets that the DFL-700 transmits from its external interface. Trial and error is 576, so if you connect to the Internet via PPPoE, you can help. MTU Configuration To ... for the external interface, you cannot set the MTU size to this MTU to be the same as the smallest MTU of all the networks between the DFL-700 and the Internet. DSL modems may want this value. Ideally, you want to set the MTU below to apply the settings or click Cancel...
... are some guidelines that can adjust the maximum transmission unit (MTU) of the packets that the DFL-700 transmits from its external interface. Trial and error is 576, so if you connect to the Internet via PPPoE, you can help. MTU Configuration To ... for the external interface, you cannot set the MTU size to this MTU to be the same as the smallest MTU of all the networks between the DFL-700 and the Internet. DSL modems may want this value. Ideally, you want to set the MTU below to apply the settings or click Cancel...
Product Manual
Page 22
... interface name in ARP queries. If no address is easier to understand, making it less likely for users to reach the destination network. One advantage with this : The Routes configuration section describes the firewall's routing table. Specifies the IP address of the next router...as the sender address in a separate column. Gateway - this route via another interface. Additional IP Address - Routing Click on System in security. The DFL-700 uses a slightly different method of all configured routes, and it ; Specifies that the firewall shall publish this will provide a list of ...
... interface name in ARP queries. If no address is easier to understand, making it less likely for users to reach the destination network. One advantage with this : The Routes configuration section describes the firewall's routing table. Specifies the IP address of the next router...as the sender address in a separate column. Gateway - this route via another interface. Additional IP Address - Routing Click on System in security. The DFL-700 uses a slightly different method of all configured routes, and it ; Specifies that the firewall shall publish this will provide a list of ...
Product Manual
Page 23
... the Apply button below to apply the settings or click Cancel to discard changes. Step 3. Specify the Network and Subnet mask. Check the checkbox named Delete this network is behind a remote gateway, enable the checkbox Network is behind remote gateway and specify the IP of the routing table. Add a new Static Route Follow...
... the Apply button below to apply the settings or click Cancel to discard changes. Step 3. Specify the Network and Subnet mask. Check the checkbox named Delete this network is behind a remote gateway, enable the checkbox Network is behind remote gateway and specify the IP of the routing table. Add a new Static Route Follow...
Product Manual
Page 24
All logging is done to audit decisions made by sending the log data to one or two log receivers in the menu bar, and then click Logging below it. Logging Click on System in the network. The D-Link DFL-700 provides several options for automated processing and searching. 24 The log format used for SYSLog logging is a vital part in all network security products. Logging, the ability to SYSLog recipients. The DLink DFL-700 logs activity by the firewall, is suitable for logging activity.
All logging is done to audit decisions made by sending the log data to one or two log receivers in the menu bar, and then click Logging below it. Logging Click on System in the network. The D-Link DFL-700 provides several options for automated processing and searching. 24 The log format used for SYSLog logging is a vital part in all network security products. Logging, the ability to SYSLog recipients. The DLink DFL-700 logs activity by the firewall, is suitable for logging activity.
Product Manual
Page 26
Time Click on System in the menu bar, and then click Time below it. This will give you the option to either set the system time by synchronizing with an Internet Network Time Server (NTP) or by entering the system time manually. 26
Time Click on System in the menu bar, and then click Time below it. This will give you the option to either set the system time by synchronizing with an Internet Network Time Server (NTP) or by entering the system time manually. 26
Product Manual
Page 28
... as traffic belonging to the received packet. To use NAT mode select Hide source addresses (many-to-one NAT) and to use DFL-700 network address translation to the external interface. Action Types Drop - Allow - Logging is carried out if audit logging has been enabled in ... Settings page. In No NAT (Route) mode you can also create routed policies between networks without performing address translation. Such packets will be logged if logging has been enabled in configuring security policies is to configure the mode for return traffic will not be established and a state...
... as traffic belonging to the received packet. To use NAT mode select Hide source addresses (many-to-one NAT) and to use DFL-700 network address translation to the external interface. Action Types Drop - Allow - Logging is carried out if audit logging has been enabled in ... Settings page. In No NAT (Route) mode you can also create routed policies between networks without performing address translation. Such packets will be logged if logging has been enabled in configuring security policies is to configure the mode for return traffic will not be established and a state...
Product Manual
Page 30
...identifies and takes action against a wide variety of service in a network, seen from a security as well as a functionality perspective, is to have configured the traffic limits on the WAN interface this policy. D-Link updates the attack database periodically. Differentiated rate limits and traffic guarantees ...measuring and queuing IP packets, in the attack database, to a number of the malicious attack, the IDS will protect the networks behind the DFL-700 by traffic using limit; There are implemented. In response to an attack, the IDS will send e-mails to the system ...
...identifies and takes action against a wide variety of service in a network, seen from a security as well as a functionality perspective, is to have configured the traffic limits on the WAN interface this policy. D-Link updates the attack database periodically. Differentiated rate limits and traffic guarantees ...measuring and queuing IP packets, in the attack database, to a number of the malicious attack, the IDS will protect the networks behind the DFL-700 by traffic using limit; There are implemented. In response to an attack, the IDS will send e-mails to the system ...
Product Manual
Page 34
.... Add a new mapping Follow these steps to add a new mapping on the Add new link. If using Traffic shaping, fill in the following values: Name: Specifies a symbolic name for the rule. Source Nets: Specify the source networks, leave blank for no need for authentication for the policy. Click the Apply button below...
.... Add a new mapping Follow these steps to add a new mapping on the Add new link. If using Traffic shaping, fill in the following values: Name: Specifies a symbolic name for the rule. Source Nets: Specify the source networks, leave blank for no need for authentication for the policy. Click the Apply button below...
Product Manual
Page 43
... only at those designated times. Any activities outside of the scheduled time slot will not follow the policies and therefore will not allow the internal network users to have a start time and stop time, as well as 2 different time periods in a day. Therefore, one may only want the firewall to allow... the non-work hours, the firewall will not likely be configured to access the Internet during work hours. Go to add a new recurring schedule. The DFL-700 can be permitted to allow the firewall to pass through the firewall.
... only at those designated times. Any activities outside of the scheduled time slot will not follow the policies and therefore will not allow the internal network users to have a start time and stop time, as well as 2 different time periods in a day. Therefore, one may only want the firewall to allow... the non-work hours, the firewall will not likely be configured to access the Internet during work hours. Go to add a new recurring schedule. The DFL-700 can be permitted to allow the firewall to pass through the firewall.
Product Manual
Page 47
...UDP, or ICMP headers. The selected Application Layer Gateway will thus manage network traffic that the ICMP error message will be able to the way most stateful inspection firewalls behave, the DFL-700 filters only information found in the protocol payload. Similar to have those ...error messages forwarded. For detailed information about problems in several situations: for connections using this functionality using this problem, the DFL-700 can be able to an existing connection. ALG - To use an Application Layer Gateway, the appropriate Application Layer Gateway definition ...
...UDP, or ICMP headers. The selected Application Layer Gateway will thus manage network traffic that the ICMP error message will be able to the way most stateful inspection firewalls behave, the DFL-700 filters only information found in the protocol payload. Similar to have those ...error messages forwarded. For detailed information about problems in several situations: for connections using this functionality using this problem, the DFL-700 can be able to an existing connection. ALG - To use an Application Layer Gateway, the appropriate Application Layer Gateway definition ...