Network Security Firewall

(1)

The NetDefend family of Firewall/VPN Security Appliances is D-Link’s answer for hardware-based network security. The new D-Link Network Security Firewall (DFL-210) is an easy-to-deploy VPN and firewall solution designed specifically for the Small Office / Home Office (SOHO) market that demands superior performance and security.

Advanced Hardware Features

The DFL-210 is a powerful security solution that provides integrated Network Address Translation (NAT), SPI Firewall, advanced content filtering features, IDS protection, bandwidth management, as well as Virtual Private Network (VPN) support. The DFL-210 hardware includes four trusted LAN ports, a WAN port, and a user-configurable DMZ port to support local servers such as e-mail, Web, and FTP. The DMZ port can also be reconfigured as a WAN fail-over port. All of these features conveniently fit into a desktop chassis that can be easily integrated into your network.

Enterprise-class Security

To provide enterprise-class network security, the DFL-210 has several flexible firewall features to manage, monitor, and maintain a healthy and secure network. Network management features include: Remote Management, Bandwidth Control Policies, URL/Keyword Blocking, Access Policies, and SNMP. For network monitoring, the DFL-210 supports e-mail alerts, system log, consistency checks, and real-time statistics. These features, along with a firmware backup function, provide and maintain maximum network performance and security.

VPN Performance

For optimal VPN configuration, the DFL-210 has an integrated VPN Client and Server to support almost any required VPN policy. This high-end appliance has a hardware VPN engine to support and manage up to 100 VPN configurations. The DFL-210 can support IPSec, PPTP, and L2TP protocols in Client/Server mode and can handle pass-through traffic as well. Advanced VPN configuration options include: DES/3DES/AES/Twofish/ Blowfish/CAST-128 encryption, Manual or IKE/ISAKMP key management, Quick/Main/Aggressive Negotiation modes, and VPN authentication support using either an external RADIUS server or the internal 500-user database.

Configurable User Interface

The DFL-210 features an intuitive user interface that can easily be configured via D-Link’s Web-based interface and monitored using the Command Line Interface (CLI). These configuration options can be managed through Admin, Read/Write, or Read-only administrator rights. With these access management levels, any authorized user can easily configure or access the administrative functions of the DFL-210.

With businesses becoming increasingly network-dependent, the need to invest in a reliable security solution is crucial. The D-Link DFL-210 Network Security Firewall offers high return on investment through robust security features, flexible configuration, and maximum network protection for SOHO networks.

Network Security Firewall

Multi-Function Security

+ Network Firewall + VPN Server + Content Manager + Bandwidth Manager + Transparent Firewall Mode

Ports

+ 1 Ethernet WAN + 4 Ethernet LAN + 1 Ethernet DMZ/WAN2

Advanced Firewall Features

+ Stateful Packet Inspection + Detect/Drop Intruding Packets + User-Configurable DMZ Port + User Authentication (RADIUS, LDAP, IAS) + Intrusion Detection System (IDS) + 80Mbps Firewall Throughout + X.509v3 PKI

Embedded VPN Accelerator

+ Up to 100 VPN Tunnels¹

+ IPsec, PPTP, L2TP, L2TP with IPsec + DES, 3DES, AES, Twofish, Blowfish, and

CAST-128 Encryption

(2)

Technical Specifications

Firewall Mode of Operation + Layer 3 Mode: Route Mode, NAT Mode + Policy-based NAT + Layer 2 Mode: Transparent Mode + Port Forwarding

+ Network Address Translation (NAT) + Static Address Translation (SAT) + Port Address Translation (PAT) + Time Scheduled Policies

VPN Security + VPN Tunnels: 100 (IPsec, PPTP, L2TP) + IPSec NAT-Traversal

+ IPSec LAN-to-LAN / Roaming User + DHCP over IPSec

+ PPTP/L2TP Server/Client + Encryption Transform: DES, 3DES, AES, Twofish, Blowfish, CAST-128

+ IPsec Hub and Spoke + XAUTH (Extended Authentication) for IPSec

Authentication

Firewall Security + Stateful Packet Inspection (SPI) + RADIUS, LDAP, IAS

+ Policy-based User Authentication + HTTP Traffic Filter: Keyword, URL, Exempt List + DoS/DDoS Attack Protection + Script Filter: Java Applet, Java Scripts, VB Scripts,

Cookies, ActiveX

Network Service + Static IP Address + Static Routes

+ PPPoE for xDSL + Policy-based Routing

+ PPTP/L2TP Client for xDSL + DNS Resolving of Remote Gateway

+ DHCP Client for WAN Interface + Dynamic DNS Poster

+ BigPond Cable, Telia Compliance + Custom Application Layer Gateway

+ Internal DHCP Server + Support for IEEE 802.1q VLAN Tag (8)

+ DHCP Relay + Firewall Policies per VLAN Tag

+ WAN Failover/Load Sharing4 _{+ DHCP Server per VLAN Tag}

+ IP Alias

Bandwidth Management + Guaranteed Bandwidth + Policy-based Traffic Shaping

+ Maximum Bandwidth + Time-scheduled Traffic Shaping

+ Priority-bandwidth Utilization + Bandwidth Management in VPN Tunnel

System + SYSLog Support + Simple Network Time Protocol (SNTP)

+ Firewall Configuration Backup + Simple Network Management Protocol (SNMP)

+ E-mail Alerts + Configuration Consistency Checks

+ Management – HTTP/HTTPS/SSH

Intrusion Detection System + NIDS Pattern Auto Update + Attack Alarm via E-mail Notification

Device Ports: + WAN: 1 10/100BASE-TX Port + DMZ/WAN2: 1 10/100BASE-TX Port

+ LAN: 4 10/100BASE-TX Ports + Console Port: Serial COM Port

Diagnostic LED + Power + WAN (Link/Activity per Port)

+ System + DMZ (Link/Activity per Port)

+ LAN (Link/Activity per Port)

Power Input 5VDC, 3.0A Switching External Power Supply

(3)

Power Consumption 15 Watts Max.

Dimensions + Item: 9.25” x 6.38” x 1.42” + Packaging: 10.79” x 8.19” x 4.64”

Weight + Item: 1.1 lbs + Packaging: 2.66 lbs

Temperature + Operating: 32°F to 140°F + Storage: -4°F to 158°F

Humidity 5% to 95% (Non-Condensing)

Emission (EMI) + FCC Class A + C-Tick

+ CE

Safety + UL + LVD (EN60950)

+ TUV

Warranty 1-Year Limited²

D-Link Systems, Inc. 17595 Mt. Herrmann Street, Fountain Valley, CA 92708 ©2006-2008 D-Link Corporation/D-Link Systems, Inc. All rights reserved. D-Link and the D-Link logo are registered trademarks of D-Link Corporation or its subsidiaries in the United States and/or other countries. Other trademarks or registered trademarks are the property of their respective owners. Visit www.dlink.com for more details.

1_{Actual performance may vary depending on network conditions and activated services.} 2_{1-Year Limited Warranty available only in the USA and Canada.}

3_{The latest software and documentation are available on http://support.dlink.com.} 4_{DMZ configured as WAN2 required.}

(4)

Overview

The NetDefend family of Firewall/VPN Security Appliances is D-Link’s answer for hardware-based network security. The new D-Link DFL-800 Network Security Desktop VPN Firewall network security appliance is an easy-to-deploy VPN and firewall solution designed for small-to-medium sized businesses that demand superior performance and security.

Advanced Hardware Features

The DFL-800 is a powerful security solution that provides integrated Network Address Translation (NAT), SPI Firewall, advanced content filtering features, IDS protection, bandwidth management, as well as Virtual Private Network (VPN) support. The DFL-800 hardware includes seven trusted LAN ports, dual-WAN ports for load balancing, and a user-configurable DMZ port to support local servers such as e-mail, Web, and FTP. All of these features conveniently fit into a desktop chassis that can be easily integrated into your network.

Enterprise-class Security

To provide enterprise-class network security, the DFL-800 has several flexible firewall features to manage, monitor, and maintain a healthy and secure network. Network management features include: Remote Management, Bandwidth Control Policies, URL/Keyword Blocking, Access Policies, and SNMP. For network monitoring, the DFL-800 supports e-mail alerts, system log, consistency checks, and real-time statistics. These features along with a firmware backup function provide and maintain maximum network performance and security.

VPN Performance

For optimal VPN configuration, the DFL-800 has both an integrated VPN Client and Server to support almost any required VPN policy. This high-end appliance has a hardware VPN engine to support and manage up to 300 VPN connections. The DFL-800 can support IPSec, PPTP, and L2TP protocols in Client/Server mode and can handle pass-through traffic as well. Advanced VPN configuration options include: DES/3DES/AES/Twofish/ Blowfish/CAST-128 encryption, Manual or IKE/ISAKMP key management, Quick/Main/Aggressive Negotiation modes, and VPN authentication support using either an external RADIUS server or the internal 500-user database.

Configurable User Interface

The DFL-800 can be configured via the D-Link Web-based interface and monitored using the Command Line Interface (CLI). These configuration options can be managed through Admin, Read/Write, or Read-Only administrator rights. With these access management levels, any authorized user can easily configure or access the administrative functions of the DFL-800. With businesses becoming increasingly network-dependent, the need to invest in a reliable security solution is crucial. The D-Link DFL-800 NetDefend Network Security Desktop VPN Firewall offers high return on investment through robust security features, flexible configuration, and maximum network protection.

NetDefend Network Security Desktop VPN Firewall

Multi-Function Security

Advanced Firewall Features

+ Stateful Packet Inspection + Detect/Drop Intruding Packets + User-Configurable DMZ Port + User Authentication (RADIUS, LDAP,

IAS)

+ Intrusion Detection System (IDS) + X.509v3 PKI

Embedded VPN Accelerator

+ Up to 300 VPN Tunnels

+ IPsec, PPTP, L2TP, L2TP with IPsec + DES, 3DES, AES, Twofish, Blowfish,

and CAST-128 Encryption + Automated Key Management via

IKE/ISAKMP

+ Aggressive/Main/Quick Negotiation + xAuthentication

Performance Optimization

+ 802.1q VLAN Tagging

+ Dual-WAN Ports for Active Clustering/ Load Balancing

+ Traffic Shaping/Priority

Enhanced Network Services

(5)

Technical Specifications

Software

Firewall Mode of Operation + Layer 3 Mode: Route Mode, NAT Mode + Layer 2 Mode: Transparent Mode

+ Network Address Translation (NAT)) + Port Address Translation (PAT) + Static Address Translation (SAT) + Policy-Based NAT

+ Port Forwarding + Time Scheduled Policies

+ Time Scheduled Policies

VPN Security + VPN Tunnels: 300 (IPsec, PPTP, L2TP, L2TP with IPsec) + IPsec LAN-to-LAN / Roaming User

+ PPTP/L2TP Server/Client + IPsec Hub and Spoke

+ IPsec NAT-Traversal + DHCP over IPsec

+ Encryption Transform: DES, 3DES, AES, Twofish, Blowfish,

CAST-128 + XAUTH (Extended Authentication) for IPsec Authentication

Firewall Security + Stateful Packet Inspection (SPI) + Policy-Based User Authentication

+ DoS/DDoS Attack Protection + RADIUS, LDAP, IAS

+ HTTP Traffic Filter: Keyword, URL, Exempt List + Script Filter: Java Applet, Java Scripts, VB Scripts, Cookies, ActiveX

Network Service + Static IP Address + PPPoE for xDSL

+ PPTP/L2TP Client for xDSL + DHCP Client for WAN Interface

+ BigPond Cable, Telia Compliance + Internal DHCP Server

+ DHCP Relay + WAN Failover/Load Sharing

+ IP Alias + Static Routes

+ OSPF Dynamic Routing + Policy-Based Routing

+ DNS Resolving of Remote Gateway + Dynamic DNS Poster

+ Custom Application Layer Gateway + Support for IEEE 802.1q VLAN Tag (16) + Firewall Policies per VLAN Tag + DHCP Server per VLAN Tag

Bandwidth Management + Guaranteed Bandwidth + Maximum Bandwidth

+ Priority-Bandwidth Utilization + Policy-Based Traffic Shaping

+ Time-Scheduled Traffic Shaping + Bandwidth Management in VPN Tunnel

System + SYSLog Support + Firmware Configuration Backup

+ E-mail Alerts + Management – HTTP/HTTPS, SSH

+ Simple Network Time Protocol (SNTP) + Simple Network Management Protocol (SNMP) + Configuration Consistency Checks

Intrusion and Detection System + NIDS Pattern Auto Update + Attack Alarm via E-mail Notification

(6)

Physical & Environmental

Diagnostic LEDs + Power + System

+ WAN (Link/Activity per Port) (2) + LAN (Link/Activity per Port) (7) + DMZ (Link/Activity per Port) (1)

Device Ports + WAN: 2 10/100BASE-TX ports + LAN: 7 10/100BASE-TX ports

+ DMZ: 10/100BASE-TX port + Console Port: Serial COM port

Power Input 5VDC, 4.0A switching external power supply

Power Consumption 20 Watts Maximum

Dimensions (W x D x H) 11.0in x 8.43in x 1.73in

Weight 2.8 lbs (Device Only)

Temperature + Operating: 32˚ to 140˚F (0˚ to 60˚C) + Storage: -4˚ to 158˚F (-20˚ to 70˚C)

Humidity 5% ~ 95% (Non-condensing)

+ CE

Warranty 1-Year Limited1

1_{1-Year Limited Warranty available only in the USA and Canada.}

(7)

Overview

The NetDefend family of Firewall/VPN Security Appliances is D-Link’s answer for hardware-based network security. The new DFL-1600 NetDefend Network Security Rackmount VPN Firewall is an easy-to-deploy VPN and firewall solution designed for enterprise and small-to-medium sized businesses that demand superior performance and security.

Advanced Hardware Features

The DFL-1600 is a powerful security solution that provides integrated Network Address Translation (NAT), SPI Firewall, advanced content filtering features, IDS protection, bandwidth management, as well as Virtual Private Network (VPN) support. The DFL-1600 includes six configurable gigabit Ethernet ports that can be used for LAN, WAN, and DMZ. All of these features conveniently fit into a 1U rack-mountable chassis that can be easily integrated into your switch/server rack.

Enterprise-class Security

To provide enterprise-class network security, the DFL-1600 has several flexible firewall features to manage, monitor, and maintain a healthy and secure network. Network management features include: Remote Management, Bandwidth Control Policies, URL/Keyword Blocking, Access Policies, and SNMP. For network monitoring, the DFL-1600 supports e-mail alerts, system log, consistency checks, and real-time statistics. For at a glance monitoring, the 20x2 line LCM display provides hardware status info as well as alert events to enable visual verifications. These features along with a firmware backup function provide and maintain maximum network performance and security.

VPN Performance

For optimal VPN configuration, the DFL-1600 has both an integrated VPN Client and Server to support almost any required VPN policy. This high-end appliance has a hardware VPN engine to support and manage up to 1200 VPN connections. The DFL-1600 can support IPSec, PPTP, and L2TP protocols in Client/Server mode and can handle pass-through traffic as well. Advanced VPN configuration optionsinclude:DES/3DES/AES/Twofish/Blowfish/CAST-128 encryption, Manual or IKE/ISAKMP key management, Quick/Main/Aggressive Negotiation modes, and VPN authentication support using either an external RADIUS server or the internal 500-user database.

Multiple Network Central Features

Additional network control features supported by the DFL-1600 include 802.1q VLAN tagging and extensive High Availability (HA) features. VLAN tagging supports integration of the DFL-1600 into your rack system with L2/L3 managed switches to segment your network and prioritize traffic. HA options include WAN Fail-Over, Active/Passive Modes, Device Failure Detection, Link Failure Detection, and Session Synchronization. Additionally, support for Active Clustering or Load Balancing optimizes network uptime and performance.

Configurable User Interface

The DFL-1600 can be configured via D-Link’s Web-based interface and monitored using the Command Line Interface (CLI). These configuration options can be managed through Admin, Read/Write, or Read-Only administrator rights. With these access management levels, any authorized user can easily configure or access the administrative functions of the DFL-1600.

With businesses becoming increasingly network-dependent, the need to invest in a reliable security solution is crucial. The D-Link DFL-1600 NetDefend Network Security Rackmount VPN Firewall offers high return on investment through robust security features, flexible configuration, and maximum network protection.

NetDefend Network Security Rackmount VPN Firewall

Multi-Function Security

Advanced Firewall Features

+ Stateful Packet Inspection + Detect/Drop Intruding Packets + Embedded VPN

+ User Authentication (RAIDUS, LDAP, IAS)

+ Intrusion Detection System (IDS) + x.509v3 PKI

Embedded VPN Accelerator

+ Up to 1,200 VPN Tunnels

+ IPsec, PPTP, L2TP, L2TP with IPsec + DES, 3DES, AES, Twofish, Blowfish,

and CAST-128 Encryption + Automated Key Management via

IKE/ISAKMP

+ Aggressive/Main/Quick Negotiation + xAuthentication

Performance Optimization

+ 802.1q VLAN Tagging

+ Dual-WAN Ports for Active Clustering/ Load Balancing

+ Traffic Shaping/Priority

Enhanced Network Services

(8)

Technical Specifications

Software

Firewall Mode of Operation + Layer 3 Mode: Route Mode, NAT Mode + Layer 2 Mode: Transparent Mode

+ Network Address Translation (NAT)) + Port Address Translation (PAT) + Static Address Translation (SAT) + Policy-Based NAT

+ Port Forwarding + Server Load Balancing

+ Time Scheduled Policies

VPN Security + VPN Tunnels: 300 (IPsec, PPTP, L2TP, L2TP with IPsec) + IPsec LAN-to-LAN / Roaming User

+ PPTP/L2TP Server/Client + IPsec Hub and Spoke

+ IPsec NAT-Traversal + DHCP over IPsec

+ Encryption Transform: DES, 3DES, AES, Twofish, Blowfish,

CAST-128 + XAUTH (Extended Authentication) for IPsec Authentication

Firewall Security + Stateful Packet Inspection (SPI) + Policy-Based User Authentication

+ DoS/DDoS Attack Protection + RADIUS, LDAP, IAS

+ HTTP Traffic Filter: Keyword, URL, Exempt List + Script Filter: Java Applet, Java Scripts, VB Scripts, Cookies, ActiveX

Network Service + Static IP Address + PPPoE for xDSL

+ PPTP/L2TP Client for xDSL + DHCP Client for WAN Interface

+ BigPond Cable, Telia Compliance + Internal DHCP Server

+ DHCP Relay + WAN Failover/Load Sharing

+ IP Alias + Static Routes

+ OSPF Dynamic Routing + Policy-Based Routing

+ DNS Resolving of Remote Gateway + Dynamic DNS Poster

+ Custom Application Layer Gateway + Support for IEEE 802.1q VLAN Tag (128) + Firewall Policies per VLAN Tag + DHCP Server per VLAN Tag

+ WAN Failover/Load Sharing

Bandwidth Management + Guaranteed Bandwidth + Maximum Bandwidth

+ Priority-Bandwidth Utilization + Policy-Based Traffic Shaping

+ Time-Scheduled Traffic Shaping + Bandwidth Management in VPN Tunnel

System + SYSLog Support + Firmware Configuration Backup

+ E-mail Alerts + Management – HTTP/HTTPS, SSH

+ Simple Network Time Protocol (SNTP) + Simple Network Management Protocol (SNMP) + Configuration Consistency Checks

(9)

Intrusion and Detection System + NIDS Pattern Auto Update + Attack Alarm via E-mail Notification

High Availability + Active-Passive HA mode + Network Notification on Failover

+ Device Failure Detection + Configuration Synchronization

+ Firewall/VPN Session Synchronization + Average Failover Time: < 800ms

Physical & Environmental

Diagnostic LEDs + Power + System

+ Gigabit Ethernet (Link/Activity per Port)

Device Ports + Gigabit Ethernet: 6 10/100/1000BASE-T Ports + Console Port: Serial COM port

LCM Module + 20 x 2 Line Liquid Crystal Module + Display HW Status and Events

Power Input AC Input 100 ~ 240VAC 50 ~ 60Hz

Power Consumption 200 Watts Maximum

Dimensions (W x D x H) + 17.3in x 10.0in x 1.73in + 19in 1U Rack Mountable

Weight 8.8 lbs (Device Only)

Temperature + Operating: 32˚ to 140˚F (0˚ to 60˚C) + Storage: -4˚ to 158˚F (-20˚ to 70˚C)

Humidity 5% ~ 95% (Non-condensing)

+ CE

Warranty 1-Year Limited1

1_{1-Year Limited Warranty available only in the USA and Canada.}