Product Manual
Page 1
D-Link NetDefend firewall Security VPN Firewall NetDefend secured by Check Point User Guide Version 1.0 Revised: 01/17/2006
D-Link NetDefend firewall Security VPN Firewall NetDefend secured by Check Point User Guide Version 1.0 Revised: 01/17/2006
Product Manual
Page 2
... and to any derivative work based on part of it , when started Whether that you to -Address Mapping, UserAuthority, Visual Policy Editor, VPN-1, VPN-1 Accelerator Card, VPN-1 Gateway, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, and VPN-1 Edge are trademarks, service marks, or registered trademarks of warranty; Check Point, the Check Point logo, FireWall-1, FireWall-1 SecureServer, FireWall-1 SmallOffice...
... and to any derivative work based on part of it , when started Whether that you to -Address Mapping, UserAuthority, Visual Policy Editor, VPN-1, VPN-1 Accelerator Card, VPN-1 Gateway, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, and VPN-1 Edge are trademarks, service marks, or registered trademarks of warranty; Check Point, the Check Point logo, FireWall-1, FireWall-1 SecureServer, FireWall-1 SmallOffice...
Product Manual
Page 5
Contents Contents About This Guide ...xi Introduction ...1 About Your D-Link NetDefend firewall 1 NetDefend Secured by Check Point Product Family 2 NetDefend Features and Compatibility 2 Connectivity ...2 Firewall ...3 VPN ...4 Management...4 Optional Security Services...5 Power Pack Features ...5 Package Contents ...6 Network Requirements ...7 Getting to Know Your NetDefend firewall 8 Rear Panel ...8 Front Panel ...10 Getting to Know ...
Contents Contents About This Guide ...xi Introduction ...1 About Your D-Link NetDefend firewall 1 NetDefend Secured by Check Point Product Family 2 NetDefend Features and Compatibility 2 Connectivity ...2 Firewall ...3 VPN ...4 Management...4 Optional Security Services...5 Power Pack Features ...5 Package Contents ...6 Network Requirements ...7 Getting to Know Your NetDefend firewall 8 Rear Panel ...8 Front Panel ...10 Getting to Know ...
Product Manual
Page 10
... Remote Access VPNs ...301 Internal VPN Server...302 Setting Up Your NetDefend firewall as a VPN Server 303 Configuring the Remote Access VPN Server 305 Configuring the Internal VPN Server 306 Installing SecuRemote ...307 Adding and Editing VPN Sites ...308 Configuring a Remote Access VPN Site 311 Configuring a Site-to-Site VPN Gateway 324 Deleting a VPN Site ...340 vi D-Link NetDefend firewall...
... Remote Access VPNs ...301 Internal VPN Server...302 Setting Up Your NetDefend firewall as a VPN Server 303 Configuring the Remote Access VPN Server 305 Configuring the Internal VPN Server 306 Installing SecuRemote ...307 Adding and Editing VPN Sites ...308 Configuring a Remote Access VPN Site 311 Configuring a Site-to-Site VPN Gateway 324 Deleting a VPN Site ...340 vi D-Link NetDefend firewall...
Product Manual
Page 11
... Certificate ...345 Generating a Self-Signed Certificate 346 Importing a Certificate ...350 Uninstalling a Certificate ...352 Viewing VPN Tunnels ...353 Viewing IKE Traces for VPN Connections 356 Managing Users...359 Changing Your Password...359 Adding and Editing Users ...361 Adding Quick Guest HotSpot Users... 365 Viewing and Deleting Users ...367 Setting Up Remote VPN Access for Users 367 Using RADIUS Authentication...368 Configuring the RADIUS Vendor-Specific Attribute 372 Maintenance ...375 Viewing Firmware Status...375...
... Certificate ...345 Generating a Self-Signed Certificate 346 Importing a Certificate ...350 Uninstalling a Certificate ...352 Viewing VPN Tunnels ...353 Viewing IKE Traces for VPN Connections 356 Managing Users...359 Changing Your Password...359 Adding and Editing Users ...361 Adding Quick Guest HotSpot Users... 365 Viewing and Deleting Users ...367 Setting Up Remote VPN Access for Users 367 Using RADIUS Authentication...368 Configuring the RADIUS Vendor-Specific Attribute 372 Maintenance ...375 Viewing Firmware Status...375...
Product Manual
Page 17
... from select service providers, including firewall security and software updates, Antivirus, Web Filtering, reporting, and VPN management. Chapter 1: Introduction 1 About Your D-Link NetDefend firewall Chapter 1 Introduction This chapter introduces the D-Link NetDefend firewall and this guide. The D-Link firewall, based on the world-leading Check Point Embedded NGX Stateful Inspection technology, inspects and filters...
... from select service providers, including firewall security and software updates, Antivirus, Web Filtering, reporting, and VPN management. Chapter 1: Introduction 1 About Your D-Link NetDefend firewall Chapter 1 Introduction This chapter introduces the D-Link NetDefend firewall and this guide. The D-Link firewall, based on the world-leading Check Point Embedded NGX Stateful Inspection technology, inspects and filters...
Product Manual
Page 18
... includes the following hardware models: • DFL-CP310 Security VPN Firewall • DFL-CPG310 Wireless Security VPN Firewall You can increase the number of licensed users by installing the DFL-CP310 Power Pack, and you can upgrade ...your reseller for console access and dialup modem connection • Supported Internet connection methods: Static IP, DHCP Client, Cable Modem, PPTP Client, PPPoE Client, Telstra BPA login, Dialup • Concurrent firewall connections: 8,000 • DHCP server, client, and relay • MAC cloning 2 D-Link...
... includes the following hardware models: • DFL-CP310 Security VPN Firewall • DFL-CPG310 Wireless Security VPN Firewall You can increase the number of licensed users by installing the DFL-CP310 Power Pack, and you can upgrade ...your reseller for console access and dialup modem connection • Supported Internet connection methods: Static IP, DHCP Client, Cable Modem, PPTP Client, PPPoE Client, Telstra BPA login, Dialup • Concurrent firewall connections: 8,000 • DHCP server, client, and relay • MAC cloning 2 D-Link...
Product Manual
Page 20
...monitoring VPN The NetDefend series includes the following features: • Remote Access VPN Server with OfficeMode and RADIUS support • Remote Access VPN Client • Site to Site VPN Gateway • IPSEC VPN pass-...Based Secure RNG (Random Number Generator) • IPSec NAT traversal (NAT-T) • Route-based VPN • Backup VPN gateways Management The NetDefend series includes the following features: • Management via HTTP, HTTPS, SSH,... tools: Ping, WHOIS, Packet Sniffer, VPN Tunnel Monitor, Connection Table Monitor, Wireless Monitor, Active Computers Display, Local Logs...
...monitoring VPN The NetDefend series includes the following features: • Remote Access VPN Server with OfficeMode and RADIUS support • Remote Access VPN Client • Site to Site VPN Gateway • IPSEC VPN pass-...Based Secure RNG (Random Number Generator) • IPSec NAT traversal (NAT-T) • Route-based VPN • Backup VPN gateways Management The NetDefend series includes the following features: • Management via HTTP, HTTPS, SSH,... tools: Ping, WHOIS, Packet Sniffer, VPN Tunnel Monitor, Connection Table Monitor, Wireless Monitor, Active Computers Display, Local Logs...
Product Manual
Page 21
...; Web Filtering • Email Antivirus and Antispam Protection • VStream Embedded Antivirus Updates • VPN Management • Security Reporting • Vulnerability Scanning Service Power Pack Features The table below describes the differences between the standard DFL-CP310 and DFL-CPG310 with Power Pack Advanced 150/30 Chapter 1: Introduction 5 Feature High Availability Traffic Shaper DiffServ...
...; Web Filtering • Email Antivirus and Antispam Protection • VStream Embedded Antivirus Updates • VPN Management • Security Reporting • Vulnerability Scanning Service Power Pack Features The table below describes the differences between the standard DFL-CP310 and DFL-CPG310 with Power Pack Advanced 150/30 Chapter 1: Introduction 5 Feature High Availability Traffic Shaper DiffServ...
Product Manual
Page 22
... User Guide 6 D-Link NetDefend firewall User Guide VPN Throughput Site-to-Site VPN 20 Mbps 2 tunnels 30 Mbps 15 tunnels Site-to-Site VPN (Managed) * 10 tunnels 100 tunnels Included VPN-1 SecuRemote client Licenses 5 users 25 users * When managed by SofaWare Security Management Portal (SMP). NetDefend Features and Compatibility Feature DFL-CP310/CPG310 DFL-CP310/CPG310 with Power Pack...
... User Guide 6 D-Link NetDefend firewall User Guide VPN Throughput Site-to-Site VPN 20 Mbps 2 tunnels 30 Mbps 15 tunnels Site-to-Site VPN (Managed) * 10 tunnels 100 tunnels Included VPN-1 SecuRemote client Licenses 5 users 25 users * When managed by SofaWare Security Management Portal (SMP). NetDefend Features and Compatibility Feature DFL-CP310/CPG310 DFL-CP310/CPG310 with Power Pack...
Product Manual
Page 27
Getting to Know Your NetDefend firewall LED VPN Serial State LINK/ACT On, 100 On LNK/ACT Flashing Flashing (Green) Flashing (Green) Explanation 100 Mbps link established for supplying power to the NetDefend firewall are made via the rear panel of your NetDefend firewall. Chapter 1: Introduction 11 Table 3: NetDefend firewall Rear ...
Getting to Know Your NetDefend firewall LED VPN Serial State LINK/ACT On, 100 On LNK/ACT Flashing Flashing (Green) Flashing (Green) Explanation 100 Mbps link established for supplying power to the NetDefend firewall are made via the rear panel of your NetDefend firewall. Chapter 1: Introduction 11 Table 3: NetDefend firewall Rear ...
Product Manual
Page 30
Contacting Technical Support LED VPN Serial USB WLAN State LINK/ACT On, 100 On LNK/ACT Flashing Flashing (Green) Flashing (Green) Flashing (Green) Flashing (Green) Explanation 100 Mbps link established for the corresponding port Data is being transmitted/received VPN port in use Serial port in use USB port in use WLAN in use Contacting Technical Support If there is a problem with your NetDefend firewall, see http://support.dlink.com/. You can also download the latest version of this guide from the site. 14 D-Link NetDefend firewall User Guide
Contacting Technical Support LED VPN Serial USB WLAN State LINK/ACT On, 100 On LNK/ACT Flashing Flashing (Green) Flashing (Green) Flashing (Green) Flashing (Green) Explanation 100 Mbps link established for the corresponding port Data is being transmitted/received VPN port in use Serial port in use USB port in use WLAN in use Contacting Technical Support If there is a problem with your NetDefend firewall, see http://support.dlink.com/. You can also download the latest version of this guide from the site. 14 D-Link NetDefend firewall User Guide
Product Manual
Page 64
Allows you to VPN sites. Allows you to manage, configure, and log on what model you to upgrade your network settings and Internet connections....differ depending on to manage and configure your license and firmware and to configure HTTPS access to manage NetDefend users. Network Setup Users VPN Help Logout Does this guide. Provides context-sensitive help. Allows you select. Main Frame The main frame displays the relevant data ... tools for managing your NetDefend firewall. It displays the fields below, as well as the date and time. 48 D-Link NetDefend firewall User Guide
Allows you to VPN sites. Allows you to manage, configure, and log on what model you to upgrade your network settings and Internet connections....differ depending on to manage and configure your license and firmware and to configure HTTPS access to manage NetDefend users. Network Setup Users VPN Help Logout Does this guide. Provides context-sensitive help. Allows you select. Main Frame The main frame displays the relevant data ... tools for managing your NetDefend firewall. It displays the fields below, as well as the date and time. 48 D-Link NetDefend firewall User Guide
Product Manual
Page 99
..., the Internet connection is considered to use for 45 seconds none of the following: • None. Use this option if you have Check Point VPN gateways, and you have reliable servers that can be used, if the Probe Next Hop check box is considered to these gateways are more than... one to three Check Point VPN gateways specified by IP address or DNS name in the 1, 2, and 3 fields. Do this field... Chapter 4: Configuring the Internet Connection 83 Do not perform...
..., the Internet connection is considered to use for 45 seconds none of the following: • None. Use this option if you have Check Point VPN gateways, and you have reliable servers that can be used, if the Probe Next Hop check box is considered to these gateways are more than... one to three Check Point VPN gateways specified by IP address or DNS name in the 1, 2, and 3 fields. Do this field... Chapter 4: Configuring the Internet Connection 83 Do not perform...
Product Manual
Page 100
This is useful in the main menu, and click the Ports tab. 84 D-Link NetDefend firewall User Guide To set up a dialup backup connection, see Rear Panel. 2. Click Network in locations where broadband Internet access is unavailable. When used ...as a primary or secondary Internet connection method. Setting Up a Dialup Modem In this field... 1, 2, 3 Do this... If you chose the Probe VPN Gateway (RDP) connection probing method, type the IP addresses or DNS names of the desired servers. Connect a regular or ISDN dialup modem to your NetDefend...
This is useful in the main menu, and click the Ports tab. 84 D-Link NetDefend firewall User Guide To set up a dialup backup connection, see Rear Panel. 2. Click Network in locations where broadband Internet access is unavailable. When used ...as a primary or secondary Internet connection method. Setting Up a Dialup Modem In this field... 1, 2, 3 Do this... If you chose the Probe VPN Gateway (RDP) connection probing method, type the IP addresses or DNS names of the desired servers. Connect a regular or ISDN dialup modem to your NetDefend...
Product Manual
Page 110
... you can perform DHCP reservation using network objects. When in your internal network, and you want to use a DHCP server on the Internet or via a VPN, instead of the NetDefend DHCP server, you do assign it an IP address outside of the NetDefend DHCP server, you must disable the NetDefend DHCP... DHCP server to obtain an IP address automatically. Note: The DHCP server only serves computers that are configured to the devices on page 129. 94 D-Link NetDefend firewall User Guide For information, see Using Network Objects on your network with their network configuration details.
... you can perform DHCP reservation using network objects. When in your internal network, and you want to use a DHCP server on the Internet or via a VPN, instead of the NetDefend DHCP server, you do assign it an IP address outside of the NetDefend DHCP server, you must disable the NetDefend DHCP... DHCP server to obtain an IP address automatically. Note: The DHCP server only serves computers that are configured to the devices on page 129. 94 D-Link NetDefend firewall User Guide For information, see Using Network Objects on your network with their network configuration details.
Product Manual
Page 126
... fields are on the same subnet, and they therefore attempt to communicate directly over the local network, instead of through the secure VPN link. • Some networking protocols or resources may lead to be installed on the same network will be an internal one. OfficeMode ...'s row, click Edit. This is because their IP addresses are enabled. 110 D-Link NetDefend firewall User Guide Note: OfficeMode requires Check Point SecureClient to the following problems: • VPN Clients on the VPN clients. The IP addresses are allocated from a pool called the OfficeMode network. The...
... fields are on the same subnet, and they therefore attempt to communicate directly over the local network, instead of through the secure VPN link. • Some networking protocols or resources may lead to be installed on the same network will be an internal one. OfficeMode ...'s row, click Edit. This is because their IP addresses are enabled. 110 D-Link NetDefend firewall User Guide Note: OfficeMode requires Check Point SecureClient to the following problems: • VPN Clients on the VPN clients. The IP addresses are allocated from a pool called the OfficeMode network. The...
Product Manual
Page 170
... the connection type to these classes, define firewall rules as telnet. 154 D-Link NetDefend firewall User Guide Note: If you create an Allow rule associating all outgoing VPN traffic with the Urgent QoS class, then Traffic Shaper will handle outgoing VPN traffic as specified in the rule. Table 21: Predefined QoS Classes Class...
... the connection type to these classes, define firewall rules as telnet. 154 D-Link NetDefend firewall User Guide Note: If you create an Allow rule associating all outgoing VPN traffic with the Urgent QoS class, then Traffic Shaper will handle outgoing VPN traffic as specified in the rule. Table 21: Predefined QoS Classes Class...
Product Manual
Page 178
...300 meters indoors, and up to 1 km (3200 ft) outdoors, with Super G compatible stations. The DFL-CPG310 also supports a special Super G mode that allows reaching a throughput of up to 108Mbps with XR-enabled ...long-range connections. The DFL-CPG310 transmits in 802.11b/g access point that is backwards compatible with the firewall and hardware-accelerated VPN. XR dramatically stretches the performance of a regular 802.11g access point. The DFL-CPG310 supports the latest 802....allows up to 105dBm, over 20 dB more information on environment). 162 D-Link NetDefend firewall User Guide
...300 meters indoors, and up to 1 km (3200 ft) outdoors, with Super G compatible stations. The DFL-CPG310 also supports a special Super G mode that allows reaching a throughput of up to 108Mbps with XR-enabled ...long-range connections. The DFL-CPG310 transmits in 802.11b/g access point that is backwards compatible with the firewall and hardware-accelerated VPN. XR dramatically stretches the performance of a regular 802.11g access point. The DFL-CPG310 supports the latest 802....allows up to 105dBm, over 20 dB more information on environment). 162 D-Link NetDefend firewall User Guide
Product Manual
Page 181
... that all connections from your internal networks, and to install SecuRemote on page 35. 2. For information on configuring RADIUS servers, see Internal VPN Server on page 368. 3. In the WLAN network's row, click Edit. For information, see Using RADIUS Authentication on page 302 and Setting... and click the My Network tab. Manually Configuring a WLAN Note: For increased security, it is recommended to enable the NetDefend internal VPN Server for users connecting from the WLAN to the LAN are encrypted and authenticated. Prepare the appliance for the WLAN, configure a RADIUS ...
... that all connections from your internal networks, and to install SecuRemote on page 35. 2. For information on configuring RADIUS servers, see Internal VPN Server on page 368. 3. In the WLAN network's row, click Edit. For information, see Using RADIUS Authentication on page 302 and Setting... and click the My Network tab. Manually Configuring a WLAN Note: For increased security, it is recommended to enable the NetDefend internal VPN Server for users connecting from the WLAN to the LAN are encrypted and authenticated. Prepare the appliance for the WLAN, configure a RADIUS ...