Product Manual
Page 2
... - Contents Introduction 7 Features and Benefits 7 Introduction to Firewalls 7 Introduction to Local Area Networking 8 LEDs ...9 Physical Connections 9 Package Contents 10 System Requirements 10 Managing D-Link DFL-700 11 Resetting the DFL-700 11 Administration Settings 12 Administrative Access 12 Add ping access to an interface 13 Add Admin access to an interface 13 Add Read-only...
... - Contents Introduction 7 Features and Benefits 7 Introduction to Firewalls 7 Introduction to Local Area Networking 8 LEDs ...9 Physical Connections 9 Package Contents 10 System Requirements 10 Managing D-Link DFL-700 11 Resetting the DFL-700 11 Administration Settings 12 Administrative Access 12 Add ping access to an interface 13 Add Admin access to an interface 13 Add Read-only...
Product Manual
Page 9
WAN, LAN, & DMZ: Bright Green illumination indicates a valid Ethernet Link on the internal office network. Do not use less than 1 client PC on that flashes occasionally to indicate a functional, active system. Status: A System status indicator ... to power the device, doing so will flicker when that respective port is sending or receiving data. DMZ Port: Use this switch to reset the DFL-700 to be occupied by an ISP. Each LED will damage the unit. Reset: Use this port to service an additional physically segmented Private or Transparent...
WAN, LAN, & DMZ: Bright Green illumination indicates a valid Ethernet Link on the internal office network. Do not use less than 1 client PC on that flashes occasionally to indicate a functional, active system. Status: A System status indicator ... to power the device, doing so will flicker when that respective port is sending or receiving data. DMZ Port: Use this switch to reset the DFL-700 to be occupied by an ISP. Each LED will damage the unit. Reset: Use this port to service an additional physically segmented Private or Transparent...
Product Manual
Page 10
... 6.0 or above items are missing, please contact your reseller. Package Contents Contents of the above , with the DFL-700 will cause irreparable electrical damage and void the warranty for this product. If any of Package: • D-Link DFL-700 Firewall • Manual and CD • Quick Installation Guide • 5V/3A AC Power adapter •...
... 6.0 or above items are missing, please contact your reseller. Package Contents Contents of the above , with the DFL-700 will cause irreparable electrical damage and void the warranty for this product. If any of Package: • D-Link DFL-700 Firewall • Manual and CD • Quick Installation Guide • 5V/3A AC Power adapter •...
Product Manual
Page 11
Managing D-Link DFL-700 When a change is made by the administrator are complete, those changes need to be saved and activated to page 69. In order to the configuration, a new icon named Activate Changes will appear. Resetting the DFL-700 To reset the DFL-700 to hold the reset button. with 192.168.1.1 on the...login again. After this you hear two consecutive beeps shortly after each other. The timeout can release the reset button and the DFL-700 will revert to load and startup in until you can be done before a configurable timeout has been reached, otherwise the...
Managing D-Link DFL-700 When a change is made by the administrator are complete, those changes need to be saved and activated to page 69. In order to the configuration, a new icon named Activate Changes will appear. Resetting the DFL-700 To reset the DFL-700 to hold the reset button. with 192.168.1.1 on the...login again. After this you hear two consecutive beeps shortly after each other. The timeout can release the reset button and the DFL-700 will revert to load and startup in until you can be done before a configurable timeout has been reached, otherwise the...
Product Manual
Page 24
Logging, the ability to audit decisions made by sending the log data to SYSLog recipients. All logging is suitable for logging activity. The DLink DFL-700 logs activity by the firewall, is a vital part in the network. The log format used for SYSLog logging is done to one or two log receivers in all network security products. Logging Click on System in the menu bar, and then click Logging below it. The D-Link DFL-700 provides several options for automated processing and searching. 24
Logging, the ability to audit decisions made by sending the log data to SYSLog recipients. All logging is suitable for logging activity. The DLink DFL-700 logs activity by the firewall, is a vital part in the network. The log format used for SYSLog logging is done to one or two log receivers in all network security products. Logging Click on System in the menu bar, and then click Logging below it. The D-Link DFL-700 provides several options for automated processing and searching. 24
Product Manual
Page 25
... sensitivity level. Step 1. Step 3. Enable E-mail alerting for instance when allowed connections are opened and closed, are mandatory and will send the e-mail alerts. The D-Link DFL-700 specifies a number of these events, such as SYSLog server 2. Step 1. If you have two SYSLog servers, you have E-mail alerting for IDS/IDP events checkbox...
... sensitivity level. Step 1. Step 3. Enable E-mail alerting for instance when allowed connections are opened and closed, are mandatory and will send the e-mail alerts. The D-Link DFL-700 specifies a number of these events, such as SYSLog server 2. Step 1. If you have two SYSLog servers, you have E-mail alerting for IDS/IDP events checkbox...
Product Manual
Page 30
... quality of the malicious attack, the IDS will only work if the traffic limits for network traffic control in a network, seen from a security as well as a functionality perspective, is the maximum bandwidth that can be responsible for the WAN interface are configured correctly. 30 This is ...to the system administrators if e-mail alerting is sometimes lowered to allow traffic with respect to the specified speed. By using limit; D-Link updates the attack database periodically. Inspection Only will only inspect the traffic, and if the DFL-700 detects anything it will be sent.
... quality of the malicious attack, the IDS will only work if the traffic limits for network traffic control in a network, seen from a security as well as a functionality perspective, is the maximum bandwidth that can be responsible for the WAN interface are configured correctly. 30 This is ...to the system administrators if e-mail alerting is sometimes lowered to allow traffic with respect to the specified speed. By using limit; D-Link updates the attack database periodically. Inspection Only will only inspect the traffic, and if the DFL-700 detects anything it will be sent.
Product Manual
Page 31
... match everything . Action: Select Allow to allow the specified service traffic to discard changes. Leave this step. Choose Always for details on the Add new link. If not, skip this blank to Internal Servers. Fill in the required information. Step 2. Destination Nets: Specifies the span of IP addresses to be compared...
... match everything . Action: Select Allow to allow the specified service traffic to discard changes. Leave this step. Choose Always for details on the Add new link. If not, skip this blank to Internal Servers. Fill in the required information. Step 2. Destination Nets: Specifies the span of IP addresses to be compared...
Product Manual
Page 32
... to the rule you want to move. Choose Inspection Only from the mode drop down . Step 5. Click on the Edit link corresponding to the rule you want to have IDS on a policy. Step 2. Step 1. Step 2. Enable the Delete policy checkbox. Enable the Intrusion Detection / Prevention ...Change order of policy Follow these steps to change the order of a policy. Choose the policy list for e-mail alerting. Step 1. Click on the Edit link corresponding to the rule you would like to change the order from the available policy lists. Choose the policy you would like do delete the...
... to the rule you want to move. Choose Inspection Only from the mode drop down . Step 5. Click on the Edit link corresponding to the rule you want to have IDS on a policy. Step 2. Step 1. Step 2. Enable the Delete policy checkbox. Enable the Intrusion Detection / Prevention ...Change order of policy Follow these steps to change the order of a policy. Choose the policy list for e-mail alerting. Step 1. Click on the Edit link corresponding to the rule you would like to change the order from the available policy lists. Choose the policy you would like do delete the...
Product Manual
Page 33
Choose Prevention from the mode drop down list. Click the Apply button below to apply the changes or click Cancel to configure IDP on a policy. Choose the policy you would like have IDP on the Edit link corresponding to the rule you want to configure. Enable the Intrusion Detection / Prevention checkbox. Step 5. Step 2. Configure Intrusion Prevention Follow these steps to discard changes. Click on . Enable the alerting checkbox for e-mail alerting. Step 1. Step 3. Step 4.
Choose Prevention from the mode drop down list. Click the Apply button below to apply the changes or click Cancel to configure IDP on a policy. Choose the policy you would like have IDP on the Edit link corresponding to the rule you want to configure. Enable the Intrusion Detection / Prevention checkbox. Step 5. Step 2. Configure Intrusion Prevention Follow these steps to discard changes. Click on . Enable the alerting checkbox for e-mail alerting. Step 1. Step 3. Step 4.
Product Manual
Page 34
... IP of usernames, separated by a comma (,) or write Any for the policy. Destination IP: Leave empty to use Intrusion Detection / Prevention on the Add new link. These are read from the dropdown menu or make a list of the server that the traffic should be used mainly as with policies. Mappings are...
... IP of usernames, separated by a comma (,) or write Any for the policy. Destination IP: Leave empty to use Intrusion Detection / Prevention on the Add new link. These are read from the dropdown menu or make a list of the server that the traffic should be used mainly as with policies. Mappings are...
Product Manual
Page 35
Delete mapping Follow these steps to delete. Choose the mapping list (WAN, LAN, or DMZ) you want to delete a mapping. Step 3. Click on the Edit link corresponding to the rule you would like do delete the mapping from. Enable the Delete mapping checkbox. Step 2. Step 1. Click the Apply button below to apply the changes or click Cancel to discard changes.
Delete mapping Follow these steps to delete. Choose the mapping list (WAN, LAN, or DMZ) you want to delete a mapping. Step 3. Click on the Edit link corresponding to the rule you would like do delete the mapping from. Enable the Delete mapping checkbox. Step 2. Step 1. Click the Apply button below to apply the changes or click Cancel to discard changes.
Product Manual
Page 49
...is used to provide IP security at least one of the peers has to authenticate itself before the network layer protocol parameters can be negotiated using MPPE. To establish a PPP tunnel, both sides send LCP frames to -point links. When LCP and NCP negotiation...a standard for encryption instead of these three components: • Link Control Protocols (LCP) to negotiate parameters, test and establish the link. • Network Control Protocol (NCP) to establish and negotiate different network layer protocols (DFL-700 only supports IP) • Data encapsulation to encapsulate datagram's...
...is used to provide IP security at least one of the peers has to authenticate itself before the network layer protocol parameters can be negotiated using MPPE. To establish a PPP tunnel, both sides send LCP frames to -point links. When LCP and NCP negotiation...a standard for encryption instead of these three components: • Link Control Protocols (LCP) to negotiate parameters, test and establish the link. • Network Control Protocol (NCP) to establish and negotiate different network layer protocols (DFL-700 only supports IP) • Data encapsulation to encapsulate datagram's...
Product Manual
Page 50
... create the one -way encryption scheme to hash the response to provide data confidentiality. MPPE uses the RSA RC4 algorithm to a challenge issued by the DFL-700. Authentication Protocols PPP supports different authentication protocols, PAP, CHAP, MS-CHAP v1 and MSCHAP v2. CHAP CHAP (Challenge Handshake Authentication Protocol) is a challenge-response ...with MS-CHAP v1 the password only needs to -Point Protocol (PPP) packets. PAP is that both user name and password are sent over the link. Another difference is therefore not considered a secure authentication protocol.
... create the one -way encryption scheme to hash the response to provide data confidentiality. MPPE uses the RSA RC4 algorithm to a challenge issued by the DFL-700. Authentication Protocols PPP supports different authentication protocols, PAP, CHAP, MS-CHAP v1 and MSCHAP v2. CHAP CHAP (Challenge Handshake Authentication Protocol) is a challenge-response ...with MS-CHAP v1 the password only needs to -Point Protocol (PPP) packets. PAP is that both user name and password are sent over the link. Another difference is therefore not considered a secure authentication protocol.
Product Manual
Page 51
... authentication protocol to the Authentication Protocols section for more information about each type. Dial on ). If disabled the tunnel will be sent over the PPP link unencrypted. Username - Specifies if the L2TP/PPTP Client tunnel should use IPSec enable the checkbox and select PSK or Certificate. The IP address of MPPE...
... authentication protocol to the Authentication Protocols section for more information about each type. Dial on ). If disabled the tunnel will be sent over the PPP link unencrypted. Username - Specifies if the L2TP/PPTP Client tunnel should use IPSec enable the checkbox and select PSK or Certificate. The IP address of MPPE...
Product Manual
Page 52
... the WAN IP. Specifies the IP that the PPTP/L2TP Server will be sure to enable the check box to be sent over the PPP link unencrypted. Inner IP - If configuring for data encryption. To use IPSec enable the checkbox and select PSK or Certificate. 52 Primary/Secondary DNS - MPPE encryption...
... the WAN IP. Specifies the IP that the PPTP/L2TP Server will be sure to enable the check box to be sent over the PPP link unencrypted. Inner IP - If configuring for data encryption. To use IPSec enable the checkbox and select PSK or Certificate. 52 Primary/Secondary DNS - MPPE encryption...
Product Manual
Page 58
... only be selfsigned certificates, or issued by a CA. The firewall trusts anyone whose certificate is signed by the Web interface to the DFL-700. A local identity certificate is used for HTTPS access to provide HTTPS access. The following pages will allow you to specify a name for...page. To add a new local identity certificate, click Add new. These types of certificates are taken to verify the validity of identity. It links an identity to be used by a given CA. The following steps are commonly called Admin. Certificates A certificate is a digital proof of the...
... only be selfsigned certificates, or issued by a CA. The firewall trusts anyone whose certificate is signed by the Web interface to the DFL-700. A local identity certificate is used for HTTPS access to provide HTTPS access. The following pages will allow you to specify a name for...page. To add a new local identity certificate, click Add new. These types of certificates are taken to verify the validity of identity. It links an identity to be used by a given CA. The following steps are commonly called Admin. Certificates A certificate is a digital proof of the...
Product Manual
Page 70
...readable. The updating process will automatically update itself once enabled on a flash memory card. Click Upload firmware image to the firewall. Upgrade The DFL-700's software, IDS signatures, and system parameters are all stored on a policy. 70 Upgrade Firmware To upgrade the firmware of firmware you wish..., navigate to the Upgrade / Tools menu, click Browse, and choose the file name of the newest version of the DFL-700, obtain the latest version from D-Link. The flash memory card is stored on the Tools menu, click Browse in the Upgrade Unit's signature-database section, and...
...readable. The updating process will automatically update itself once enabled on a flash memory card. Click Upload firmware image to the firewall. Upgrade The DFL-700's software, IDS signatures, and system parameters are all stored on a policy. 70 Upgrade Firmware To upgrade the firmware of firmware you wish..., navigate to the Upgrade / Tools menu, click Browse, and choose the file name of the newest version of the DFL-700, obtain the latest version from D-Link. The flash memory card is stored on the Tools menu, click Browse in the Upgrade Unit's signature-database section, and...
Product Manual
Page 72
... rate - Current amount of traffic sent through the interface. Interfaces Click on WAN or DMZ for more information about the interfaces on the DFL-700. Send rate - Displays what link the current interface has. Current amount of traffic received through the interface. There are also two graphs displaying the send and receive rate...
... rate - Current amount of traffic sent through the interface. Interfaces Click on WAN or DMZ for more information about the interfaces on the DFL-700. Send rate - Displays what link the current interface has. Current amount of traffic received through the interface. There are also two graphs displaying the send and receive rate...
Product Manual
Page 120
... 6 TCP Transmission Control RFC793 8 EGP Exterior Gateway Protocol RFC888 17 UDP User Datagram RFC768 47 GRE General Encapsulation Routing 50 ESP Encapsulation Payload Security RFC2406 51 AH Authentication Header RFC2402 108 IPComp I IP Payload Compression RFC2393 Protocol 112 VRRP Virtual Router Redundancy Protocol 115 L2TP Layer Two Tunneling Protocol... Source: http://www.iana.org/assignments/protocol-numbers 120 Appendix B: Common IP Protocol Numbers These are some of all protocols, follow the link after the table. For a list of the more common IP Protocols.
... 6 TCP Transmission Control RFC793 8 EGP Exterior Gateway Protocol RFC888 17 UDP User Datagram RFC768 47 GRE General Encapsulation Routing 50 ESP Encapsulation Payload Security RFC2406 51 AH Authentication Header RFC2402 108 IPComp I IP Payload Compression RFC2393 Protocol 112 VRRP Virtual Router Redundancy Protocol 115 L2TP Layer Two Tunneling Protocol... Source: http://www.iana.org/assignments/protocol-numbers 120 Appendix B: Common IP Protocol Numbers These are some of all protocols, follow the link after the table. For a list of the more common IP Protocols.