Page 1 D-Link DFL-900/1500 VPN/Firewall Router User Manual D-Link Building Networks for People...
Page 2 © Copyright 2003 D-Link Systems, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of D-Link Systems, Inc.
Page 3: Table Of Contents
Check Your Package Contents...........................5 1.1.1 DFL-900 ................................5 1.1.2 DFL-1500 .................................5 Hardware..................................6 Software Specifications .............................8 Five steps to configure DFL-900/1500 quickly .......................10 Wiring the DFL-900/1500 ............................12 Default Settings and architecture of DFL-900/1500 ....................13 Using the Setup Wizard ............................15 Internet Connectivity ...............................19 1.8.1 LAN1-to-WAN1 Connectivity........................19 1.8.2...
Page 4 4.4.2 DDNS setting ..............................47 4.4.3 DNS Proxy setting............................48 4.4.4 DHCP Relay setting ............................48 4.4.5 SNMP Control..............................49 4.4.6 Change DFL-1500 interface ...........................50 Chapter 5 Remote Management .........................51 Demands ..................................51 Methods ...................................51 Remote Management Access Methods ........................51 Steps..................................53 5.4.1 Telnet................................53 5.4.2 SSH ................................53 5.4.3 WWW ................................53 5.4.4...
Page 5 8.4.2 Add a policy routing entry..........................78 The priority of the routing............................81 Part IV Firewall & IP/MAC Binding ......................84 Chapter 9 IP/Services grouping ..........................85 Demands ..................................85 Objectives ................................85 Methods ...................................85 Steps..................................85 9.4.1 Setup Address..............................85 9.4.2 Setup Service..............................89 9.4.3 Setup Schedule ...............................91 Chapter 10 Firewall ............................93 10.1 Demands ..................................93...
Page 6 14.3 Methods .................................127 14.4 Steps..................................127 Chapter 15 Virtual Private Network – Hub and Spoke VPN................133 15.1 Demands ................................133 15.2 Objectives ................................133 15.3 Methods .................................133 15.4 Steps..................................134 Chapter 16 PPTP Client with PPTP Server ......................139 16.1 Demands ................................139 16.2 Objectives ................................139 16.3 Methods .................................139 16.4...
Page 7 21.3 Methods .................................186 21.4 Steps..................................187 21.5 Priority of web filter functions..........................193 Chapter 22 Content Filtering – Mail Filters .....................195 22.1 Demands ................................195 22.2 Objectives ................................195 22.3 Methods .................................195 22.4 Steps..................................196 22.4.1 SMTP Filters ..............................196 22.4.2 POP3 Filters ..............................197 Chapter 23 Content Filtering – FTP Filtering....................199 23.1 Demands ................................199 23.2...
Page 8 28.4 Steps..................................227 28.4.1 System Logs ..............................227 28.4.2 Syslog & Mail log ............................228 Chapter 29 System Maintenance ........................231 29.1 Demands ................................231 29.2 Firmware upgrade from TFTP ..........................231 29.3 Firmware upgrade from Web GUI.........................232 29.4 Database Update from Web GUI ...........................233 29.5 Factory Reset .................................234 29.5.1 Factory reset under web GUI ........................234...
Page 10: Part I Overview
Part I Overview Part I Overview D-Link...
Page 11: About This User Manual
All the examples after Chapter 2 in this manual, which instruct you how to configure the VPN/Firewall Router, are taken from DFL-1500. The hardware and software specifications of the DFL-900 and DFL-1500 will be introduced in Chapter 1. You can refer the examples to configure your VPN/Firewall Router.
Page 12: What's New In Version 2.004
This section describes the enhancements that were made to DFL-900/1500 as compared to the previous version. It includes changes to the way that the DFL-900/1500 operates, some of which are reflected by changes to the WBI and others that were made to the DFL-900/1500 engine to improve performance and accuracy.
Page 13: Chapter 1 Quick Start
Check Your Package Contents 1.1.1 DFL-900 These are the items included with your DFL-900 purchase as Figure 1-2. They are the following items DFL-900 Device * 1 Ethernet cable (RJ-45) * 2 RS-232 console * 1...
Page 14: Hardware
Part I Overview Figure 1-2 All items in the DFL-1500 package Hardware Feature DFL-900 DFL-1500 Chassis Dimensions Rack mount 1U size Rack mount 1U size 146 mm (H) x 275 mm (D) x 203 mm 146 mm (H) x 275 mm (D) x 203 mm (W)(8''*5.75''*10'')
Page 15 DFL-900/1500 User Manual Chapter 1 Quick Start LAN port 1 port for connecting inbound LAN 2 ports for connecting inbound LAN RJ-45 connector RJ-45 connector IEEE 802.3 compliance IEEE 802.3 compliance IEEE 802.3u compliance IEEE 802.3u compliance Support Half/Full-Duplex operations Support Half/Full-Duplex operations Support backpressure at Half-Duplex operation.
Page 16: Software Specifications
Part I Overview Safety Approval TUV/GS TUV/GS T-mark T-mark Table 1-1 DFL-900/1500 Hardware Software Specifications Product DFL VPN/Firewall Router Model DFL-900 DFL-1500 Features Basic Setup ü ü Wizard ü ü Transparent Mode ü ü WAN1 IP (no default WAN Link) û...
Page 17 DFL-900/1500 User Manual Chapter 1 Quick Start ü ü Firewall Rule Firewall ü ü Anti-DoS ü ü Web Filter ü ü Content Filters Mail Filter ü ü FTP Filter ü ü ü ü Bandwidth Management Edit Actions ü ü Binding IP/MAC Binding ü...
Page 18: Five Steps To Configure Dfl-900/1500 Quickly
Five steps to configure DFL-900/1500 quickly Let’s look at the common network topology without DFL-900/1500 applying like Figure 1-3. This is a topology which is almost used by all the small/medium business or SOHO use as their internet connectivity. Although that your topology is not necessarily the same diagram below, but it still can give you a guideline to configure DFL-900/1500 quickly.
Page 19 Quick Start Here we would like to alter the original IP Sharer with the DFL-900/1500 like Figure 1-4. If we hope to have DFL-900/1500 to replace the IP Sharer, we just need to simply execute the following five steps as Figure 1-5 showed. By these steps, we hope to build an image to tell you how to let DFL-900/1500 work basically.
Page 20: Wiring The Dfl-900/1500
Step 5. Virtual Server: If there is any server located inside the DFL-900/1500. You may hope these servers can provide services outside. So you should configure the Virtual Server which provides connections of WAN to LAN direction. For more information, please refer to section 1.8.2.
Page 21: Default Settings And Architecture Of Dfl-900/1500
You should have an Internet account already set up and have been given most of the following information as Table 1-3. Fill out this table when you edit the web configuration of DFL-900/1500. DFL-900 has three ports inclusive of the WAN1 (port1), LAN1 (port2) and DMZ1 (port3) while DFL-1500 has five ports inclusive of the WAN1 (port1), WAN2 (port2), DMZ1 (port3), LAN1 (port4), and LAN2 (port5).
Page 22 ____.____.____.____ DMZ1 IP Subnet Mask 255.255.255.0 ____.____.____.____ 255.255.255.0 ____.____.____.____ IP Address 192.168.1.254 ____.____.____.____ 192.168.1.254 ____.____.____.____ LAN1 IP Subnet Mask 255.255.255.0 ____.____.____.____ 255.255.255.0 ____.____.____.____ IP Address 192.168.2.254 ____.____.____.____ LAN2 IP Subnet Mask 255.255.255.0 ____.____.____.____ Table 1-3 DFL-900/1500 related network settings D-Link...
Page 23: Using The Setup Wizard
DFL-1500 in the basic appliances. We are going to introduce you how to configure the VPN/Firewall Router by the example of the DFL-1500 in this document. It is the same way to configure the DFL-900. For the related software specification, please refer to Table 1-2.
Page 24 NAT mode rules use network address translation to hide the addresses in a more secure network from users in a less NAT/Route mode secure network. Ÿ Route mode rules accept or deny connections between networks without performing address translation. D-Link...
Page 25 Transparent mode provides the same basic protection as NAT mode. Packets received by the DFL-900/1500 are intelligently forwarded or blocked according to firewall rules. The DFL-900/1500 can be inserted in your network at any point without the need to make any changes to your network or any of its components. However, VPN, NAT, Routing and some advanced firewall features (such as Authentication, IP/MAC Binding) are only available in NAT/Route mode.
Page 26 Please Note that an alert message box “When changing to none fixed ip mode, system will delete all ip alias!” will appear while you change Get IP Automatically (DHCP) or PPP over Ethernet but not Fixed IP Address as your WAN link. D-Link...
Page 27: Internet Connectivity
DFL-900/1500 User Manual Chapter 1 Quick Start Step 6. System Status BASIC SETUP > Wizard > Run Setup Wizard > Next > Next Here we select Fixed IP method in WAN1 port. Then the DFL-1500 provides a short summary of the system. Please check if anything mentioned above is properly set into the system.
Page 28 The rule Basic-LAN1 means that, when matching the condition (requests of LAN/DMZ-to-WAN direction with its source IP falling in the range of 192.168.1.254 / request will 255.255.255.0), translated into a public-source-IP requests, and then be forwarded to the destinations. D-Link...
Page 29: Wan1-To-Dmz1 Connectivity
DFL-900/1500 User Manual Chapter 1 Quick Start 1.8.2 WAN1-to-DMZ1 Connectivity This section tells you how to provide an FTP service with a server installed under your DMZ1 to the public Internet users. After following the steps, users at the WAN side can connect to the FTP server at the DMZ1 side.
Page 30 WAN side cannot connect to a private-IP (ex.10.1.1.5) through the internet. The data connections would be fail. After enabling this feature, the DFL-1500 will translate the private IP/port into an IP/port of its own. Thus the problem is gracefully solved. D-Link...
Page 31: Nat/Router Mode And Transparent Mode
DFL-900/1500 User Manual Chapter 1 Quick Start ü Warning message After applying the virtual server rule, there will appear two messages as above diagrams. The purpose of the above two message boxes are trying to remind you to add firewall/NAT rules manually while you add a virtual server rule for your existing server.
Page 32 However, some advanced firewall features are only available in NAT/Route mode. Transparent mode will not support the following features currently: WAN PPPoE link Authentication VPN (IPSec / PPTP / L2TP) Routing IP/MAC Binding DDNS / DNS Proxy / DHCP Relay Interface change Show IPSec sessions VPN Logs D-Link...
Page 33: Chapter 2 System Overview
DFL-900/1500 User Manual Chapter 2 System Overview Chapter 2 System Overview In this chapter, we will introduce the network topology for use with later chapters. Typical Example Topology In this chapter, we introduce a typical network topology for the DFL-1500. In Figure 2-1, the left half side is a DFL-1500 with one LAN, one DMZ, and one WAN link.
Page 34: Changing The Lan1 Ip Address
Use an IE at 192.168.1.1 to connect to https://192.168.1.254 Using a network line to connect DFL-1500 with LAN1 port. The PC which connected to DFL-1500 must be assigned 192.168.1.X address (LAN1 default IP address is 192.168.1.254/24). Type https://192.168.1.254 http://192.168.1.254:8080 configure DFL-1500 in the web browser. D-Link...
Page 35: From Cli (Command Line Interface) To Configure Dfl-1500 Lan1 Network Settings
DFL-900/1500 User Manual Chapter 2 System Overview Step 2. Setup LAN1 IP information BASIC SETUP > LAN Settings > LAN1 Status Enter the IP Address and IP Subnet Mask with 192.168.40.254 / 255.255.255.0 and click Apply. Warning: After you apply the changed settings,...
Page 36: The Design Principle
Figure 2-2 You can select the functional area by the sequence in Web GUI If we want to configure DFL-1500, we can follow the sequence as the Figure 2-2 illustrated. Step1. Select Main-function Step2. Select Sub-function Step3. Select Tag Step4. Configure the real parameters D-Link...
Page 37: Rule Principle
DFL-900/1500 User Manual Chapter 2 System Overview 2.3.2 Rule principle Figure 2-3 The rule configuration is divided into three parts You may find many rules configuration in the DFL-1500. They are distributed in the respective feature. These rules include NAT rule...
Page 38 Part I Overview Figure 2-4 The rules in the page of the rule edition are also divided into three parts. D-Link...
Page 40: Part Ii Basic Configuration
Part II Basic Configuration Part II Basic Configuration D-Link...
Page 42: Chapter 3 Basic Setup
BASIC SETUP > WAN Settings > WAN1 IP > Fixed IP Address Here we select Fixed IP Address method in WAN1 port. Fill in the IP Address, Subnet Mask, Gateway IP. And then enter the other DNS IP Address, Routing Protocol fields. Click Apply to finish this setting. D-Link...
Page 43: Basic Setup
DFL-900/1500 User Manual Chapter 3 Basic Setup IP Address FIELD DESCRIPTION Range / Format EXAMPLE Assignment Default WAN When Default WAN link is enabled. All the link packets sent out from DFL-1500 will be via Enable/Disable Enabled (Gateway/DNS) this port.
Page 44: Setup Dmz1, Lan1 Status
7200 None / RIPv1In / Determine to enable the dynamic routing protocol (RIP), to RIPv1In+out / Routing Protocol receive RIP message, to send out RIP message if the RIPv2In / None message is received or not. RIPv2In+out / OSPF D-Link...
Page 45 DFL-900/1500 User Manual Chapter 3 Basic Setup IPv4 format or digit string (Max OSPF Area ID Specify OSPF area ID number 9 bits) Table 3-2 Configure DMZ network settings Step 2. Setup LAN port BASIC SETUP > LAN Settings > LAN1 Status Here we are going to configure the LAN1 settings.
Page 46: Setup Wan1 Ip Alias
WAN interfaces WAN1 IP alias The alias IP address IPv4 format 61.2.1.2 Netmask The netmask of the IP alias netmask format 255.255.255.248 Alias size The size of IP alias address Max 60 Table 3-5 Add a IP alias record D-Link...
Page 47 DFL-900/1500 User Manual Chapter 3 Basic Setup Step 4. Edit, Delete IP alias record BASIC SETUP > WAN Settings > IP Alias You can easily add, edit, or delete IP alias records by the Add, Edit, or Delete button. FIELD...
Page 49: Chapter 4 System Tools
DFL-900/1500 User Manual Chapter 4 System Tools Chapter 4 System Tools This chapter introduces System Management and explains how to implement it. Demands Basic configurations for domain name, password, system time, timeout and services. DDNS: Suppose the DFL-1500’s WAN uses dynamic IP but needs a fixed host name. When the IP is changed, it is necessary to have the DNS record updated accordingly.
Page 50 Figure 4-2 DNS Proxy mechanism chart DHCP Relay: Activate the DHCP relay mode of DFL-1500 so that the DFL-1500 will become the relay agent and relay the DHCP broadcast to the configured DHCP server. As the following Figure 4-3 described, DFL-1 redirects the DHCP D-Link...
Page 51 DFL-900/1500 User Manual Chapter 4 System Tools request from the preconfigured port (LAN1) to the real DHCP server (10.1.1.4). Besides, in this diagram, we can find that the PC of DMZ region communicated with the DHCP server directly. Figure 4-3 DHCP Relay mechanism chart As the following Figure 4-4 demonstrated, there is an embedded snmp agent in the DFL-1500.
Page 52 (3 WAN, 1 DMZ, 1 LAN). As the following Figure 4-5 demonstrated, there are three ISP connected onto DFL-1500. So we must adjust the interface up to 3 WAN ports to fit the current condition. Figure 4-5 Adjust DFL-1500 interface to fit present situation D-Link...
Page 53: Steps
DFL-900/1500 User Manual Chapter 4 System Tools Steps 4.4.1 General settings Step 1. General Setup SYSTEM TOOLS > Admin Settings > General Enter the Host Name as DFL-1, Domain Name as the domain name of your company. Click Apply. FIELD...
Page 54 10 minutes after your last touching of it. FIELD DESCRIPTION EXAMPLE System Auto Timeout When system is idle for a specified time, system will force the people Lifetime who logins into the system will logout automatically. Table 4-4 System Tools – Timeout menu D-Link...
Page 55: Ddns Setting
DFL-900/1500 User Manual Chapter 4 System Tools 4.4.2 DDNS setting Step 1. Setup DDNS SYSTEM TOOLS > Admin Settings > DDNS If the IP address of DFL-1500 WAN port is dynamic allocated, you may want to have the Dynamic DNS mechanism to make your partner always use the same domain name (like xxx.com)
Page 56: Dns Proxy Setting
DHCP server (different subnet from the network segment of the DHCP client). DHCP Server Current location of the DHCP server. 10.1.1.4 Relay Domain The locations of the DHCP clients. Enable LAN1 Table 4-7 System Tools – DHCP Relay menu D-Link...
Page 57: Snmp Control
DFL-900/1500 User Manual Chapter 4 System Tools 4.4.5 SNMP Control Step 1. Setup SNMP Control SYSTEM TOOLS > SNMP Control Through setting the related information in this page, we can use SNMP manager to monitor the system status, network status of DFL-1500.
Page 58: Change Dfl-1500 Interface
You can specify WAN / LAN / DMZ for each port by your preference. Port1 ~ Port5 However, there must be one WAN and one LAN interface existing in the Port3 : WAN DFL-1500. Port4 : DMZ Port5 : LAN Table 4-9 Change the DFL-1500 interface setting D-Link...
Page 59: Chapter 5 Remote Management
DFL-900/1500 User Manual Chapter 5 Remote Management Chapter 5 Remote Management This chapter introduces remote management and explains how to implement it. Demands Administrators may want to manage the DFL-1500 remotely from any PC in LAN_1 with HTTP at port 8080, and from WAN_PC with TELNET.
Page 60 CLI commands “tcpdump”. The priority of Telnet SSH is equal with telnet method. For the CLI commands of SSH/Telnet, please refer Appendix A. HTTPS The priority of HTTPS is equal with HTTP. HTTP Table 5-2 Priorities of login method D-Link...
Page 61: Steps
DFL-900/1500 User Manual Chapter 5 Remote Management Steps 5.4.1 Telnet Step 1. Setup Telnet SYSTEM TOOLS > Remote Mgt. > TELNET Enter 23 instead of the default 2323 in the field. Check the checkbox. Server Port WAN1 Click the Selected...
Page 62: Https
IP address for reading the SNMP MIBs at the DFL-1500. Finally click the Apply button. 5.4.6 ICMP Step 1. Setup ICMP SYSTEM TOOLS > Remote Mgt. > MISC Uncheck the WAN1 checkbox and make others checked. Then click the Apply button. D-Link...
Page 63: Chapter 6 Authentication
DFL-900/1500 User Manual Chapter 6 Authentication Chapter 6 Authentication This chapter introduces user authentication and explains how to implement it. Demands DFL-1500 VPN/Firewall Router supports user authentication against the internal user database, a RADIUS server or a LDAP server. You can create a user account by adding username and password to the internal database to grant the user an access to Internet, etc.
Page 64: Pop3(S) Setting
Click Authentication Type as Pop3(s). Enter Server IP and Server Port. Check the Encryption as SSL if the server port is 995 (PoP3s). Click Apply to store the settings. FIELD DESCRIPTION EXAMPLE Server IP The IP address of the POP3(s) server. 10.1.1.1 D-Link...
Page 65: Imap(S) Setting
DFL-900/1500 User Manual Chapter 6 Authentication The port which the data goes into or out of the POP3(s) server. For instance, Server Port POP3 service uses port 110 and POP3s service uses port 995. Encryption is the process of changing data into a form that can be read only by the intended receiver.
Page 66: Radius Setting
LDAP server. Please refer to Table 6-4 for details. FIELD DESCRIPTION EXAMPLE Server IP The IP address of the LDAP server. 192.168.40.66 ou=people,dc=yourcompany, The distinguished name used to look up entries on the LDAP server. For Base DN example: dc=com,dc=tw D-Link...
Page 67: Exempt Host
DFL-900/1500 User Manual Chapter 6 Authentication In OpenLDAP: entry1: uid=mary,ou=people,dc= yourcompay,dc=com entry2: uid=jack,ou=people,dc= yourcompay,dc=com Base DN: ou=people,dc=yourcompany,dc=com UID : uid In Windows AD (special case): entry1: cn=mary,dc= yourcompay,dc=com entry2: cn=jack ,dc= yourcompay,dc=com Base DN: cn=Users,dc=yourcompany,dc=com UID: cn UID is the field name and used to look up entries on LDAP server. Please refer to the above description.
Page 68: Part Iii Nat & Routing
Part III NAT & Routing Part III NAT & Routing D-Link...
Page 69: Chapter 7 Nat
DFL-900/1500 User Manual Chapter 7 Chapter 7 This chapter introduces NAT and explains how to implement it in DFL-1500. To facilitate the explanation on how DFL-1500 implements NAT and how to use it, we zoom in the left part of Figure 1-10 into Figure 7-1.
Page 70: Objectives
LAN1 to the public IP address WAN_IP at the WAN1 side. Assign a private IP address to the FTPServer1. Setup Virtual Server at DFL-1500 to redirect “any connections towards some port of WAN1” to the port 21 at the FTPServer1. D-Link...
Page 71: Steps
DFL-900/1500 User Manual Chapter 7 Figure 7-3 DFL-1500 plays the role as Virtual Server As the above Figure 7-3 illustrates, the server 10.1.1.5 provides FTP service. But it is located on the DMZ region behind DFL-1500. And DFL-1500 will act as a Virtual Server role which redirects the packets to the real server 10.1.1.5. And you can announce to the internet users that there exists a ftp server IP/port is 61.2.1.1/44444.
Page 72 DFL-1500. If you change the LAN/DMZ IP settings, you have to manually update related rules by yourself. Otherwise, hosts in your LAN/DMZ cannot establish connections to the hosts in the WAN side. D-Link...
Page 73 DFL-900/1500 User Manual Chapter 7 Step 4. Customize NAT Rules ADVANCED SETTINGS > NAT > NAT Rules In the full-feature mode, the rules can be further customized. Incoming packets from LAN/DMZ zones are top-down matched by the NAT rules. Namely, NAT implements first match. Select the rule item that you want to do with: insert a new rule before it;...
Page 74: Setup Virtual Server For The Ftpserver1
Always use Virtual Server rules first. 7.4.2 Setup Virtual Server for the FtpServer1 Step 1. Device IP Address BASIC SETUP > DMZ Settings > DMZ1 Status Setup the IP Address and IP Subnet Mask for the DFL-1500 of the DMZ1 interface. D-Link...
Page 75 DFL-900/1500 User Manual Chapter 7 Step 2. Client IP Range Enable the DHCP server if you want to use DFL-1500 to assign IP addresses to the computers under DMZ1. Here we make the DHCP feature enabled. Step 3. Apply the Changes Click Apply to save your settings.
Page 76 If the Passive FTP client is checked, it will Passive FTP connect to the internal DMZ FTP server of Enabled / Disabled Enabled client DFL-1500 when FTP client uses passive mode. Otherwise, it will not work. D-Link...
Page 77: Nat Modes Introduction
DFL-900/1500 User Manual Chapter 7 Redirect to LAN / DMZ internal server The subnet which is located the virtual server. DMZ1 regions under The IP address which is actually transferred to Internal IP IPv4 format 10.1.1.5 the internal DMZ Action The port number which is actually transferred to the internal DMZ.
Page 78: Many-To-Many Type
IP (such as 61.2.1.2) from the address pool. For example, Connection2 are forwarded out, the source IP address will be translated into the second public IP address (61.2.1.2) from the public IP address pools. So the translated IP address (61.2.1.2:7896) is different from Connection1 one (61.2.1.1:2933). D-Link...
Page 79: One-To-One Type
DFL-900/1500 User Manual Chapter 7 7.5.3 One-to-One type Figure 7-6 NAT One-to-One type As the above Figure 7-6 illustrated, NAT One to One type means that each local PC is translated into a unique public IP address when the packets are forwarded out through the DFL-1500. Take Connection1 for example. Its IP address and port are translated from 192.168.40.1:2933 to 61.2.1.1:2933.
Page 80: Nat Modes & Types
WAN to LAN/DMZ traffic. firewall rule to allow WAN to LAN (or DMZ) traffic forward. Then you can finish the settings. Be careful to use this type, or it will endanger your network security. Table 7-5 The NAT type comparison D-Link...
Page 81: Chapter 8 Routing
DFL-900/1500 User Manual Chapter 8 Routing Chapter 8 Routing This chapter introduces how to add static routing and policy routing entries To facilitate the explanation on how DFL-1500 implements routing and how to use it. We zoom in the left part of Figure 2-1 into Figure 8-1 and increase some devices for description.
Page 82: Objectives
FIELD DESCRIPTION Range / Format EXAMPLE Determine this static routing entry record is multiple hosts Type Net / Host (Net) or a single host (Host)。 Destination The destination IP address of this static routing entry record. IPv4 format 192.168.50.0 D-Link...
Page 83: Chapter 8 Routing
DFL-900/1500 User Manual Chapter 8 Routing The destination IP Netmask of this static routing entry Netmask IPv4 format 255.255.255.0 record. Gateway The default gateway of this static routing entry record. IPv4 format 192.168.40.253 Table 8-1Add a static routing entry Step 3.
Page 84: Add A Policy Routing Entry
Source IP field. Fill 255.255.255.192 in the Netmask field. In the Action region, fill forward to WAN1 with next-hop gateway 210.2.1.6. After setting as above, the packets which match the condition, they will follow the predefined action to forward to the next hop. D-Link...
Page 85 DFL-900/1500 User Manual Chapter 8 Routing FIELD DESCRIPTION Range / Format EXAMPLE Activate this rule The policy routing rule is enabled or not. Enabled / Disabled Enabled Status Rule name The policy routing rule name. text string GenlManaRoom Incoming packets...
Page 86 Finally click the “Routing Table” to see all the current routing table information. Note that the information of the policy routing entries will not be shown in this screen. It will just appear in the policy routing page as the previous step. D-Link...
Page 87: The Priority Of The Routing
DFL-900/1500 User Manual Chapter 8 Routing The priority of the routing As we know, there are many choices according to your requirement in the routing settings. As the following Table 8-3 indicates, the smaller priority sequence would be executed first when running routing policy.
Page 88 Part III NAT & Routing The number of each routing direction is indicated the example which is described in the above Table 8-3. Figure 8-2 The routing decision of DFL-1500/DFL-900 D-Link...
Page 90: Part Iv Firewall & Ip/Mac Binding
Part IV Firewall & IP/MAC Binding Part IV Firewall & IP/MAC Binding D-Link...
Page 91: Chapter 9 Ip/Services Grouping
DFL-900/1500 User Manual Chapter 9 IP/Services grouping Chapter 9 IP/Services grouping This chapter introduces group functions and explains how to edit it. Demands You hope to group some similar IP addresses to make it easier for editing the firewall rule.
Page 92 BASIC SETUP > Books > Address > Objects settings After entering Address object, subsequently we add the other two address objects. The result is shown in the “Object” page. Note: It is the same way to setup address objects in the other interfaces. D-Link...
Page 93 DFL-900/1500 User Manual Chapter 9 IP/Services grouping Step 4. Address Group Settings BASIC SETUP > Books > Address > Group You can add, edit, and delete all other addresses definition as required. You can also organize related addresses into address group to simplify firewall rule creation.
Page 94 Part IV Firewall & IP/MAC Binding Step 6. view the address group result BASIC SETUP > Books > Address > Group According to our setting as previous steps, the address group is shown as right diagram. D-Link...
Page 95: Setup Service
DFL-900/1500 User Manual Chapter 9 IP/Services grouping 9.4.2 Setup Service Step 1. Service Settings BASIC SETUP > Books > Service > Objects The DFL-1500 predefined firewall services are listed as right diagram. You can add these services to any firewall rule or you can add a service if you need to create a firewall rule for a service that is not in the predefined service list.
Page 96 Select the services from the available services list and click right arrow to copy them to the Members list. If you would like to remove the services from the members list, just select the services and then click left arrow to remove them. D-Link...
Page 97: Setup Schedule
DFL-900/1500 User Manual Chapter 9 IP/Services grouping FIELD DESCRIPTION Range / Format EXAMPLE The service group name. Note that group name should be an alphanumeric value (including dash ‘-‘ and underscore ‘_’), can start with a letter Group Name text string...
Page 98 Spaces and other special characters are not allowed. BUTTON DESCRIPTION -> Add the selected address object to the schedule group. <- Remove the selected address object from schedule group. Table 9-8 Define the schedule group D-Link...
Page 99: Chapter 10 Firewall
DFL-900/1500 User Manual Chapter 10 Firewall Chapter 10 Firewall This chapter introduces firewall and explains how to implement it. 10.1 Demands Administrators detect that PC1_1 in LAN_1 is doing something that may hurt our company and should instantly block his traffic towards the Internet.
Page 100: Steps
Edit __ to __ rules configure. WAN1 rules WAN/LAN/DMZ Default action for this Decide the default policy of firewall rule. Forward / Block Forward packet direction Decide the default log policy of firewall rule. Log / Don’t log Don’t log BUTTON DESCRIPTION D-Link...
Page 101 DFL-900/1500 User Manual Chapter 10 Firewall If there are more than one rule pages, you can press Prev. Page to back to the previous page. Prev. Page Next Page If there are more than one action rules, you can press Next Page to go to the next page.
Page 102 “RM-<method>” means the log is produced by remote management function (Almost it is the Rule illegal user who wants to use the Non-Opened remote management functions. “Rule-Name” The log is produced by which firewall rule. Table 10-4 Firewall log field description D-Link...
Page 103: Setup Anti-Dos
DFL-900/1500 User Manual Chapter 10 Firewall Log Message Description The firewall log is number 6. At the specified time ( 2004-11-30 10:50:18 the firewall the packet which came from source IP address/port 6 2004-11-30 10:50:18 blocked 192.168.17.173,4161 destination address/port 192.168.17.173:4161 140.112.1.1,1863 TCP LAN2 WAN1...
Page 104 Table 10-6 Setup the thresholds of Anti-DoS Step 2. View Anti-DoS Logs DEVICE Status > Firewall Logs > Anti-DoS Logs While there are any DoS attackts through DFL Firewall, it will block the attacked packets and log it as right diagram. D-Link...
Page 105: Chapter 11 Ip/Mac Binding
DFL-900/1500 User Manual Chapter 11 IP/MAC Binding Chapter 11 IP/MAC Binding This chapter introduces how to restrict local pc accessing according to their MAC address 11.1 Demands Your company would like to protect some servers or users avoid their IP address snatched by others, and control the computers to let them accepted or denied by the IP/MAC rules.
Page 106 FIELD DESCRIPTION Range / Format EXAMPLE Activate this rule Activate the IP/MAC binding rule. Enabled/Disabled Enabled The name of the IP/MAC binding rule. Rule name text string MyPC Note that rule name should begin with alphabet, followed by alphabet/digits/dashes. D-Link...
Page 107 DFL-900/1500 User Manual Chapter 11 IP/MAC Binding The type of IP/MAC “Binding” is combined IP address with MAC address together to decide packet is passed or blocked by the DFL-1500. Binding/Allow Rule Type Binding Another type of IP/MAC “Allow range” depends on the IP Range range to permit whether packets can pass or not.
Page 108 IP/MAC binding status to “Block” to prohibit invalid IP address to pass through DFL-1500. Step 7. Show the IP/MAC binding rule Advanced Setting > IP/MAC binding > Show Rules After finishing the setting, you can view the result as the right diagram shown. D-Link...
Page 109: Part V Virtual Private Network
DFL-900/1500 User Manual Chapter 11 IP/MAC Binding Part V Virtual Private Network...
Page 110: Chapter 12 Vpn Technical Introduction
12.2.4 IPSec Algorithms There are two types of the algorithms in the IPSec, including (1) Encryption Algorithms such as DES (Data Encryption Standard), and 3DES (Triple DES) algorithms, and (2) Authentication Algorithms such as HMAC-MD5 (RFC 2403), and HMAC-SHA1 (RFC 2404). D-Link...
Page 111: Key Management
DFL-900/1500 User Manual Chapter 12 VPN Technical Introduction 12.2.5 Key Management Key Management allows you to determine whether to use IKE (ISAKMP) or manual key configuration in order to setup a VPN. Ø IKE Phases There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange established an IKE SA and the second one uses that SA to negotiate SAa for IPSec.
Page 112: Encapsulation
The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. ESP authenticating properties are limited compared to the AH due to the non-inclusion of the IP header information during the authentication process. However, ESP is sufficient if only the upper layer protocols need to be authenticated. D-Link...
Page 113: Make Vpn Packets Pass Through Dfl-1500
DFL-900/1500 User Manual Chapter 12 VPN Technical Introduction An added feature of the ESP is payload padding, which further protects communications by concealing the size of the packet being transmitted. 12.3 Make VPN packets pass through DFL-1500 Figure 12-1 Enable the Pass Through feature of DFL-1500 Sometimes there are some VPN devices existing in your network topology.
Page 114 / L2TP pass through checkbox on this page. Then the VPN connections of IPSec / PPTP / L2TP will pass through DFL-1500. As well as DFL-1500 will play the middle forwarding device role. For the IPSec/PPTP/L2TP description, please refer the later individual chapter discussion. D-Link...
Page 115: Chapter 13 Virtual Private Network - Ipsec
DFL-900/1500 User Manual Chapter 13 Virtual Private Network – IPSec Chapter 13 Virtual Private Network – IPSec This chapter introduces IPSec VPN and explains how to implement it. As described in the Figure 2-1, we will extend to explain how to make a VPN link between LAN_1 and LAN_2 in this chapter.
Page 116: Steps
DESCRIPTION EXAMPLE Use the IKE (Internet Key Exchange) method to negotiate the key used in Selected building IPSec tunnel. Use the key which you have been designated to build IPSec tunnel in peer Manual Key Non selected VPN device. D-Link...
Page 117 DFL-900/1500 User Manual Chapter 13 Virtual Private Network – IPSec BUTTON DESCRIPTION Prev. Page If there are more than one action pages, you can press Prev. Page to back to the previous page. Next Page If there are more than one action pages, you can press Next Page to go to the next page.
Page 118 User FQDN (mail box) IP Address / Fill the information of peer VPN device in this FQDN (domain Peer’s Identifier field. The filled information will be provided name) / IP Address for the IPSec tunnel establishment. User FQDN (mail box) D-Link...
Page 119 DFL-900/1500 User Manual Chapter 13 Virtual Private Network – IPSec Encrypt and Authenticate (DES, MD5) / Encrypt and Authenticate (DES, SHA1) / Encrypt and Authenticate ESP Algorithm may be grouped by the items (3DES, MD5) / Encryption Authentication Encrypt and Algorithms or execute separately.
Page 120 (3DES, MD5) / Encrypt and Authenticate (3DES, SHA1) 0~86400000 sec Set the IKE SA lifetime. A value of 0 means IKE SA Life Time SA negotiation never times out. See Chapter 12 0~1440000 min 28800 sec for details. 0~24000 hour D-Link...
Page 121 DFL-900/1500 User Manual Chapter 13 Virtual Private Network – IPSec Choose Diffie-Hellman public-key Key Group DH1 / DH2 / DH5 cryptography key group Phase2 View only, it is set previously and can not be Encapsulation Can not be edited Tunnel edited again.
Page 122 DFL-1500. And accomplish the VPN tunnel establishment. At DFL-2: Here we will install the IPSec properties of DFL-2. Note that the “Local Address” and “Remote address” field are opposite to the DFL-1, and so are “My IP Address” and “Peer’s IP Address” field. D-Link...
Page 123 DFL-900/1500 User Manual Chapter 13 Virtual Private Network – IPSec Step 1. Enable IPSec ADVANCED SETTINGS > VPN Settings > IPSec Check the Enable IPSec checkbox and click Apply. Step 2. Add an IKE rule ADVANCED SETTINGS > VPN Settings > IPSec > IKE Click the IKE hyperlink and click Add to add a new IPSec VPN tunnel endpoint.
Page 124 Enter the Rule Name as AllowVPN, Source IP as WAN1_VPNB (192.168.40.0), and Dest. IP as LAN1_VPNB (192.168.88.0). Click Apply to store this rule. If you have not yet configured the Source IP, Dest IP or Service objects. Please refer Chapter 9 for the setting information first. D-Link...
Page 125: Des/Md5 Ipsec Tunnel: The Manual-Key Way
DFL-900/1500 User Manual Chapter 13 Virtual Private Network – IPSec Step 7. View the result ADVANCED SETTINGS > Firewall > Edit Rules Now we have inserted a new rule before the default firewall rule. packets from 192.168.40.0/24 to 192.168.88.0/24 will...
Page 126 Subnet Address / Remote Address of VPN by using the remote subnet or the remote Subnet Address Type Single Address single host. IP Address The remote IP address IPv4 format 192.168.88.0 PrefixLen The remote IP Netmask IPv4 format 255.255.255.0 Subnet Mask D-Link...
Page 127 DFL-900/1500 User Manual Chapter 13 Virtual Private Network – IPSec Outgoing The WAN interface you are going to build IPSec WAN interfaces WAN1 Interface tunnel with. The IP address of remote site device, like Peer’s IP Address IPv4 format 210.2.1.1 DFL-1500 VPN/Firewall Router.
Page 128 Step 7. Customize the Firewall rule ADVANCED SETTINGS > Firewall > Edit Rules > Insert Enter the Rule Name as AllowVPN, Source IP as WAN1_VPNA (192.168.88.0), and Dest. IP as LAN1_VPNA (192.168.40.0). Click Apply to store this rule. D-Link...
Page 129 DFL-900/1500 User Manual Chapter 13 Virtual Private Network – IPSec Step 8. View the result ADVANCED SETTINGS > Firewall > Edit Rules Here we have a new rule before the default firewall rule. This rule will allow packets from 192.168.88.0 / 255.255.255.0 pass through DFL-1500.
Page 130 ADVANCED SETTINGS > VPN Settings > IPSec > Manual Key > Add After finishing IPSec rule settings, we need to add a firewall rule. Here system shows a window message to remind you of adding a firewall rule. Just press the OK button to add a firewall rule. D-Link...
Page 131 DFL-900/1500 User Manual Chapter 13 Virtual Private Network – IPSec Step 5. Add a Firewall rule ADVANCED SETTINGS > Firewall > Edit Rules Same as that in IKE method. Please make sure that the Firewall is enabled. Select WAN1-to-LAN1 to display the rules of this direction. The default action of this direction is Block with Logs.
Page 133: Chapter 14 Virtual Private Network -Dynamic Ipsec
DFL-900/1500 User Manual Chapter 14 Virtual Private Network –Dynamic IPSec Chapter 14 Virtual Private Network –Dynamic IPSec This chapter introduces Dynamic IPSec VPN and explains how to implement it. In the previous chapter, we have introduced static address method of IPSec. In this chapter, we will extend to explain how to make a dynamic VPN link between LAN_1 and LAN_2.
Page 134 Advanced button in this page. Otherwise it is ok to just leave the value default. Note that Peers Identifier must NOT be IP Address type in the Dynamic IP type. So, you have to select FQDN (domain name) or user FQDN (mailbox) as the Peer’s Identifier. D-Link...
Page 135 DFL-900/1500 User Manual Chapter 14 Virtual Private Network –Dynamic IPSec Step 11. Detail settings of IPSec IKE ADVANCED SETTINGS > VPN Settings > IPSec > IKE > Add > Advanced In this page, we will set the detailed value of IKE parameter.
Page 136 Here we will install the IPSec properties of DFL-2. Note that the “Local Address” and “Remote address” field are opposite to the DFL-1, and so are “My IP Address” and “Peer’s IP Address” field. Step 1. Enable IPSec ADVANCED SETTINGS > VPN Settings > IPSec Check the Enable IPSec checkbox and click Apply. D-Link...
Page 137 DFL-900/1500 User Manual Chapter 14 Virtual Private Network –Dynamic IPSec Step 2. Add an IKE rule ADVANCED SETTINGS > VPN Settings > IPSec > IKE Click the IKE hyperlink and click Add to add a new IPSec VPN tunnel endpoint.
Page 138 ADVANCED SETTINGS > Firewall > Edit Rules Now we have inserted a new rule before the default firewall rule. packets from 192.168.40.0/24 to 192.168.88.0/24 will be allowed to pass through the DFL-1500 and successfully access the 192.168.88.0/24 through the VPN tunnel. D-Link...
Page 139: Chapter 15 Virtual Private Network - Hub And Spoke Vpn
DFL-900/1500 User Manual Chapter 15 Virtual Private Network – Hub and Spoke VPN Chapter 15 Virtual Private Network – Hub and Spoke VPN This chapter introduces Hub and Spoke VPN and explains how to implement it. As described in the Figure 2-1, we will extend to explain how to make a VPN link between Main Office (the hub) and the branches in this chapter.
Page 140: Steps
Encrypt and Encrypt and Encrypt and Authenticate (DES, Authenticate (DES, Authenticate (DES, Authenticate (DES, MD5) MD5) MD5) MD5) AH Algorithm Not selected Not selected Not selected Not selected Pre-Shared Key 1234567890 1234567890 1234567890 1234567890 Table 15-1 The IKE tunnel configuration D-Link...
Page 141 DFL-900/1500 User Manual Chapter 15 Virtual Private Network – Hub and Spoke VPN Configuring the VPN Hub for Main Office Step 1. Add a Firewall rule ADVANCED SETTINGS > Firewall > Edit Rules Suppose Main Office has already added two VPN tunnels to communicate with two branch offices.
Page 142 Customize a Firewall rule ADVANCED SETTINGS > Firewall > Edit Rules > Insert Enter the Rule Name as AllowVPN, Source IP as Hub-Spoke2 [Hub (192.168.1.0), Spoke_2 (192.168.88.0)], and Dest. IP as Spoke_1 (192.168.40.0). Click Apply to store this rule. D-Link...
Page 143 DFL-900/1500 User Manual Chapter 15 Virtual Private Network – Hub and Spoke VPN Step 3. Add a VPN Spoke in Branch_1 ADVANCED SETTINGS > VPN Settings > VPN Spoke > Add Select Add to add a VPN Spoke. Enter a name in the Spoke Name field.
Page 144 Please Table 15-1 refer the IPSec tunnel information. Step 4. View the added VPN Spoke ADVANCED SETTINGS > VPN Settings > IPSec > IKE > Add > Advanced You can view the added VPN spoke here. D-Link...
Page 145: Chapter 16 Pptp Client With Pptp Server
DFL-900/1500 User Manual Chapter 16 PPTP Client with PPTP Server Chapter 16 PPTP Client with PPTP Server This chapter introduces how to build a site to site VPN using PPTP client and PPTP server. 16.1 Demands In our branch office, we need to provide secure connection methods to connect back to headquater for the internal company employees.
Page 146: Steps
The designed account which allows PPTP client to dial in. PptpUsers Password The designed password which allows PPTP client to dial in. Dif3wk Assigned IP The allocated IP address when PPTP client connects to the PPTP server. 192.168.40.180 Table 16-1 Setup PPTP Client settings D-Link...
Page 147 DFL-900/1500 User Manual Chapter 16 PPTP Client with PPTP Server Step 2. Add a static routing entry ADVANCED SETTINGS > Routing > Static Route Add a static routing entry. For all the packets which destinated route 192.168.40.0/255.255.255.255.0, these packets through the assigned IP address (192.168.40.180).
Page 149: Chapter 17 Remote Access Vpn - Pptp
DFL-900/1500 User Manual Chapter 17 Remote Access VPN – PPTP Chapter 17 Remote Access VPN – PPTP This chapter introduces PPTP and explains how to implement it. 17.1 Demands One employee in our company may sometimes want to connect back to our corporate network to work on something. His PC is PC1_1 in LAN_1 instead of DMZ_1 so he cannot directly access the host by simply with virtual server settings.
Page 150: Steps
Next. 7. In the VPN Server Selection dialog, enter the public IP or hostname of the DFL-1500 to connect to and select Next. 8. Set Connection Availability to Only for myself and select Next. 9. Select Finish. D-Link...
Page 151 DFL-900/1500 User Manual Chapter 17 Remote Access VPN – PPTP Customize the VPN Connection 1. Right-click the icon that you have created. 2. Select Properties > Security > Advanced > Settings. 3. Select No Encryption from the Data Encryption and click Apply.
Page 153: Chapter 18 Remote Access Vpn - L2Tp
DFL-900/1500 User Manual Chapter 18 Remote Access VPN – L2TP Chapter 18 Remote Access VPN – L2TP This chapter introduces L2TP and explains how to implement it. 18.1 Demands One employee in our company may sometimes want to connect back to our corporate network to work on something. His PC is PC1_1 in LAN1 instead of DMZ1 so he cannot directly access the host by simply with virtual server settings.
Page 154: Steps
The IP address ending range which is allowed user to dial in LNS server by 211.54.63.5 using L2TP protocol. Username The account which allows L2TP client user to dial in DFL-1500. L2tpUsers Password The password which allows L2TP client user to dial in DFL-1500. Dif3wk Table 18-1 Setup L2TP LNS Server settings D-Link...
Page 155 DFL-900/1500 User Manual Chapter 18 Remote Access VPN – L2TP Step 2. Setup Windows XP/2000 L2TP Configuring A L2TP Dial-Up Connection clients 1. Configure a L2TP dial-up connection Note that in the DFL-1500 release II version, both 2. Go to Start > Control Panel > Network and Internet PPTP and L2TP can support MPPE.
Page 156 Part V Virtual Private Network Connecting to the L2TP VPN 1. Connect to your ISP. 2. Start the dial-up connection configured in the previous procedure. 3. Enter your L2TP VPN User Name and Password. 4. Select Connect. D-Link...
Page 157: Chapter 19 Remote Access Vpn - Ds-601 Vpn Client
DFL-900/1500 User Manual Chapter 19 Remote Access VPN – DS-601 VPN client Chapter 19 Remote Access VPN – DS-601 VPN client This chapter introduces Remote Access VPN using DS-601 VPN client and explains how to implement it. As described in the Figure 2-1, we will extend to explain how to make a VPN link between LAN_1 and a remote client in this chapter.
Page 158 IP Address choose either Algorithm Algorithm, or system will show error message. If you hope to set the detailed item of IKE parameter. Click the Advanced button in this page. Otherwise it is ok to just leave the value default. D-Link...
Page 159 DFL-900/1500 User Manual Chapter 19 Remote Access VPN – DS-601 VPN client Step 4. Detailed settings of IPSec IKE ADVANCED SETTINGS > VPN Settings > IPSec > IKE > Add > Advanced In this page, we will set the detailed value of IKE parameter.
Page 160 WAN1_ds601 (61.64.148.197 / 255.255.255.255) pass through DFL-1500. And accomplish the VPN tunnel establishment. At DS-601 VPN client: Here we will introduce you how to setup DS-601 VPN client properties. Before that, please install the DS-601 VPN client into the remote client first. D-Link...
Page 161 DFL-900/1500 User Manual Chapter 19 Remote Access VPN – DS-601 VPN client Step 1. Enter a Connection Name Configuration > Profile Settings > New Entry Enter DFL-1500 Name connection field and click Next to proceed. Step 2. Select Link Type Configuration >...
Page 162 Pre-share Key Configuration > Profile Settings > New Entry Enter 1234567890 in the Shared secret field and retype it in the Confirm secret field. Select IP Address and enter 61.64.148.197 as the Type and ID in the Local identity area. D-Link...
Page 163 DFL-900/1500 User Manual Chapter 19 Remote Access VPN – DS-601 VPN client Step 5. General information Configuration > Profile Settings > Configure > General After finishing the previous setting, we can view the general information here. Step 6. IPSec General Settings Configuration >...
Page 164 Configuration > Profile Settings > Configure > IPSec Geneneral Settings > Policy editor > IKE Policy Enter DFL-1500[DES-MD5] as the IKE Policy name. Select DES/MD5/DH-Group 2 [1024 Bit] in the Encryption/Hash/DH Group field. Click OK to finish the settings. D-Link...
Page 165 DFL-900/1500 User Manual Chapter 19 Remote Access VPN – DS-601 VPN client Step 9. Setup IPSec Policy Configuration > Profile Settings > Configure > IPSec Geneneral Settings > Policy editor > IPSec Policy Enter IPSec DFL-1500[DES-MD5] Policy name. Select DES and MD5 in the Transform and Authentication field.
Page 166 Pre-shared key are correct or not. If yes, click OK to finish the settings. Step 12. IP Address Assignment Configuration > Profile Settings > Configure > IP Address Assignment Select Use local IP address and then click OK to finish this settings. D-Link...
Page 167 DFL-900/1500 User Manual Chapter 19 Remote Access VPN – DS-601 VPN client Step 13. Setup Remote Networks Configuration > Profile Settings > Configure > Remote Networks Enter the IP network address 192.168.40.0 and subnet masks 255.255.255.0, and then click OK to finish the settings.
Page 168 Part V Virtual Private Network D-Link...
Page 169: Chapter 20 Remote Access Vpn - Windows Client
DFL-900/1500 User Manual Chapter 20 Remote Access VPN – Windows client Chapter 20 Remote Access VPN – Windows client This chapter introduces Remote Access VPN using Windows client and explains how to implement it. 20.1 Demands Suppose an employee often works at home, he will have the requirement to access the resource inside the company. The topology is illustrated in the Figure 20-1.
Page 170: Steps
Enter the related IPSec parameter in the suitable field. For the field description, please refer Table 13-4 for details. Note that because the remote client is just a single WinXP machine, so we select Single Address in the Remote Address Type field. D-Link...
Page 171 DFL-900/1500 User Manual Chapter 20 Remote Access VPN – Windows client Step 2. Edit the detailed settings of ADVANCED SETTINGS > VPN Settings > IPSec > IKE > Add > IPSec rule Advanced Filled the detailed settings as the diagram of right side.
Page 172: Create A Custom Mmc Console
From Windows desktop, go to Start > Run, and in the Open textbox type mmc, click OK. Step 2. Add Snap-in On the Console window, click Add/Remove Snap-In. Step 3. Add a Standalone Snap-in In the Add/Remove Snap-In dialog box, click Add. D-Link...
Page 173 DFL-900/1500 User Manual Chapter 20 Remote Access VPN – Windows client Add “Computer Management” Step 4. snap-in In the Add Standalone Snap-in dialog box, click Computer Management, and then click Add. Step 5. Verify the Local Computer is selected Verify that Local Computer (default setting) is selected, and click Finish.
Page 174 Step 10. Verify the Local Computer is selected Verify that Local Computer (default setting) is selected, and click Finish. Step 11. Close the Add/Remove Snap-in windows Close the Add Standalone Snap-in dialog box. And then close the Add/Remove Snap-in dialog box. D-Link...
Page 175: Create An Ipsec Policy
DFL-900/1500 User Manual Chapter 20 Remote Access VPN – Windows client Step 12. Finish console creation After finishing the previous steps, we have selected three snap-in components in the mmc console. 20.4.3 Create an IPSec policy Step 1. Run secpol.msc From Windows desktop, go to Start >...
Page 176 Edit policy properties A dialog window will bring up for you to configure two filter rules for this policy. Click General tab and click Advanced button to setup IPSec phase1 parameters. Step 7. Key Exchange Settings Click Methods to proceed. D-Link...
Page 177: Add A Filter Rule From Winxp To Dfl-1500
DFL-900/1500 User Manual Chapter 20 Remote Access VPN – Windows client Step 8. Delete the extra items In this diagram, we are going to specify the phase1 parameter of IPSec rule at the WinXP. setup DFL-1500 IPSec phase1 with DES-MD5-DH1 (please refer Section 20.4.1 ),...
Page 178 Address, and enter the IP address of WinXP (ex. 211.54.27.6). Destination address, choose A specific IP Subnet, and enter the IP address and Subnet mask of the local subnet (ex. 192.168.40.0/255.255.255.0). Uncheck Mirror check box. Click OK to next. D-Link...
Page 179 DFL-900/1500 User Manual Chapter 20 Remote Access VPN – Windows client Step 5. Edit protocol filter properties Click the Protocol tab. Leave the protocol type to Any. Step 6. Edit the description of filter properties Click the Description tab. You can give a name for this filter list.
Page 180: Add A Filter Rule From Dfl-1500 To Winxp
In the Source address, choose A specific IP Subnet, and enter the IP address and Subnet local subnet (ex. mask 192.168.40.0/255.255.255.0). Destination address, choose A specific IP Address, and enter the IP address of WinXP (ex. 211.54.27.6). Uncheck Mirror check box. Click OK to next. D-Link...
Page 181 DFL-900/1500 User Manual Chapter 20 Remote Access VPN – Windows client Step 4. Edit protocol filter properties Click the Protocol tab. Leave the protocol type to Any. Step 5. Edit the description of filter properties Click the Description tab. You can give a name for this filter list.
Page 182: Configure A Rule For Winxp Client To Dfl-1500
WinXP to DFL-1500. Step 2. Tunnel Settings Click Tunnel Setting tab, enter the remote endpoint. For this filter list, the remote IPSec endpoint is DFL-1500 (61.2.1.1). Step 3. Connection Type Click Connection Type tab, and then click All network connections. D-Link...
Page 183 DFL-900/1500 User Manual Chapter 20 Remote Access VPN – Windows client Step 4. Edit filter action of WinXP to DFL-1500 IP filter list Click Filter Action tab, click Add to add a new Filter Action. Step 5. Set the properties of Security...
Page 184 IPSec phase2 at DFL-1500. Step 8. New Filter Action Properties Click the General tab. Give a name to the filter action. For example, DES-MD5, and click OK. Step 9. Filter Action Select the filter action (DES-MD5) you just created. D-Link...
Page 185 DFL-900/1500 User Manual Chapter 20 Remote Access VPN – Windows client Step 10. Authentication Methods Click the Authentication Methods tab, and then click Add. Step 11. Select authentication methods Select Use this string (pre-shared key) option. And enter the string 1234567890 in the text box.
Page 186: Configure A Rule For Dfl-1500 To Winxp Client
Click the IP Filter List tab. Select the filter list you created above from the IP Filter List (DFL-1500 to WinXP). Step 3. Tunnel Settings Click Tunnel Setting tab, and then enter the remote endpoint. For this filter list, the remote IPSec endpoint is WinXP (211.54.27.6). D-Link...
Page 187 DFL-900/1500 User Manual Chapter 20 Remote Access VPN – Windows client Step 4. Connection Type Click Connection Type tab, and then click All network connections. Step 5. Filter Action Click Filter Action tab, and then select the filter action (DES-MD5) you just created.
Page 188: Enable The Security Settings
Use the pop-up menu to assign the security rule which we have configured. Step 2. Finish all the settings of WinXP After the above configurations, now you can use WinXP to connect back to the local company behind the DFL-1500 device. D-Link...
Page 189: Part Vi Content Filters
DFL-900/1500 User Manual Chapter 20 Remote Access VPN – Windows client Part VI Content Filters...
Page 191: Chapter 21 Content Filtering - Web Filters
DFL-900/1500 User Manual Chapter 21 Content Filtering – Web Filters Chapter 21 Content Filtering – Web Filters This chapter introduces web content filters and explains how to implement it. 21.1 Demands Figure 21-1 Use web filter functionality to avoid users browsing the forbidden web site As the above Figure 21-1 illustrates, someone (PC1_1) is browsing the web pages at the WebServer3.
Page 192: Objectives
Setup content filtering for web objects such as cookies and Java applets. Setup content filtering for URL requests. For each URL, check the pre-defined upgradeable URL database, self-entered forbidden domains, and self-entered keywords to check if the URL is allowed. D-Link...
Page 193: Steps
DFL-900/1500 User Manual Chapter 21 Content Filtering – Web Filters 21.4 Steps Step 1. Enable Web Filter ADVANCED SETTINGS > Content Filters > Web Filter > Web Check the Enable Web Filter checkbox and click the Apply right on the right side.
Page 194 Apply the above selected “Exempt Computers” radius button. Apply Add the specified IP range which filled in the above “Range From” field. Delete the specified IP range which filled in the above “Range From” field. Delete Table 21-2 Web Filter Exempt Zone setting page D-Link...
Page 195 DFL-900/1500 User Manual Chapter 21 Content Filtering – Web Filters Step 3. Customize the specified sites ADVANCED SETTINGS > Content Filters > Web Filter > Customize Check Enable Filter List Customization to allow all accesses to the while disallowing Trusted Domains accesses to the Forbidden Domains.
Page 196 Internet using browser. The contents about the URL will be text string block. BUTTON DESCRIPTION Apply Apply the setting which configured on the checkbox. Add the Keyword to the list. Delete Delete the selected keyword from the list. Table 21-4 Web Filter Domain Name setting page D-Link...
Page 197 DFL-900/1500 User Manual Chapter 21 Content Filtering – Web Filters Step 5. Customize Categories ADVANCED SETTINGS > Content Filters > Web Filter > Categories With the built-in URL database, DFL-1500 can block web sessions towards several pre-defined Categories of URLs. Check the items that you want to block or log.
Page 198 English language. blood BUTTON DESCRIPTION Apply Apply the settings which have been configured. Add the Keyword to the list. Delete Delete the Keyword from the list. Table 21-7 Web Filter Content Keywords setting page D-Link...
Page 199: Priority Of Web Filter Functions
DFL-900/1500 User Manual Chapter 21 Content Filtering – Web Filters 21.5 Priority of web filter functions The priority of web filter functions are shown as the following Figure 21-3 illustrated. From the left feature (Exempt Zone) to the right feature (Keyword). Their priority is high to low.
Page 200 Web Filter > Features Web page Features”, or the keywords indicated in “Web Filter > contents Web Filter > Keyword Keyword”. The forbidden components will be taken off from the web page by web filter. Table 21-8 web filter features priority D-Link...
Page 201: Demands
DFL-900/1500 User Manual Chapter 22 Content Filtering – Mail Filters Chapter 22 Content Filtering – Mail Filters This chapter introduces SMTP proxies and explains how to implement it. 22.1 Demands Sometimes there are malicious scripts like *.vbs that may be attached in the email. If the users accidentally open such files, their computers may be infectious with virus.
Page 202: Steps
LAN-to-DMZ/WAN SMTP connections. All such SMTP traffic will be examined to change the filename extension from vbs to vbs.bin. Note that the filename to block cannot contain the marks such as “ /, \, *, ?, “, <, >, | ”. D-Link...
Page 203: Pop3 Filters
DFL-900/1500 User Manual Chapter 22 Content Filtering – Mail Filters Step 3 – Customize the local zones ADVANCED SETTINGS > Content Filters > Mail Filters > SMTP Exempt Zone You can configure to what range the filters will apply to the local zones. By default, the web filters apply to all computers so the “Enforce SMTP...
Page 204 Click “Include …… “ and Apply if you want web filters to only apply to the specified ranges. Click “Ex “ and Apply clude…… if you want web filters to apply to all computers except those specified ranges. D-Link...
Page 205: Chapter 23 Content Filtering - Ftp Filtering
DFL-900/1500 User Manual Chapter 23 Content Filtering – FTP Filtering Chapter 23 Content Filtering – FTP Filtering This chapter introduces FTP proxies and explains how to implement it. 23.1 Demands Some users in LAN1 use FTP to download big MP3 files and cause waste of bandwidth.
Page 206: Steps
FTP server. Extension Name / Blocked Type Extension Name Ø Full Name Full Name When the exact filename of download file is matching, the action is blocked download from FTP server. Table 23-2 FTP Filter FTP adding filter entry D-Link...
Page 207 DFL-900/1500 User Manual Chapter 23 Content Filtering – FTP Filtering Step 3. View the result ADVANCED SETTINGS > Content Filters > FTP Filter > FTP We can see the specified record in this page. FIELD DESCRIPTION Range / Format EXAMPLE...
Page 208 If there is more than one page, you can press Next Page to go to the next page. Apply Apply the configured settings. Create an exempt zone. Delete Delete the indicated exempt zone. Table 23-5 Add FTP filter exempt zone D-Link...
Page 210: Part Vii Intrusion Detection System
Part VII Intrusion Detection System Part VII Intrusion Detection System D-Link...
Page 211: Chapter 24 Intrusion Detection Systems
DFL-900/1500 User Manual Chapter 24 Intrusion Detection Systems Chapter 24 Intrusion Detection Systems This chapter introduces Intrusion Detection System (IDS) and explains how to implement it. 24.1 Demands Even though we have already configured the firewall rules, it is still not enough. Crackers may hack into our system through Firewall-allowed channels with sophisticated skills.
Page 212: Steps
Select the Log Schedule of emailing the logs to your email server. Step 3 – View logs DEVICE STATUS > IDS Logs If there are attacks towards the WAN port from the public Internet, there will be logs describing the details. D-Link...
Page 213 DFL-900/1500 User Manual Chapter 24 Intrusion Detection Systems Step 4 – Update Attack Patterns System Tools > Database Update > Update IDS attack patterns require frequent updates because there are many new attacks every week. Please go to System Tools > Database Update >...
Page 214: Bandwidth Management、High Availability
Part VIII Bandwidth Management、High Availability Part VIII Bandwidth Management、High Availability D-Link...
Page 215: Chapter 25 Bandwidth Management
DFL-900/1500 User Manual Chapter 25 Bandwidth Management Chapter 25 Bandwidth Management This chapter introduces bandwidth management and explains how to implement it. 25.1 Demands Figure 25-1 Use bandwidth management mechanism to shape the data flow on the downlink direction As the above Figure 25-1 illustrated, we hope LAN_1 users can watch the Video Stream Server smoothly. Besides, we...
Page 216: Objectives
PCs of LAN_1 have the smooth stream quality that must have at least 1% of LAN1 total bandwidth (1000 kbps) speed rate. Besides, we have another web server located at DMZ region. Because the web server is located at local area, so we can assign larger bandwidth for this direction (web traffic from DMZ à LAN). D-Link...
Page 217: Methods
DFL-900/1500 User Manual Chapter 25 Bandwidth Management The remaining bandwidths are named Other traffic. They are reserved for other ANY to LAN1 data transmission which don’t list in the above Figure 25-1 diagram. Reserve at least 600kbps for the LAN_1 to LAN_2 transfer. The LAN_1 PCs can share about 20% (308kbps) for using E-Commerce Services.
Page 218: Steps
ANY to Edit ANY to LAN1 Edit __ to __ classes going to configure one. WAN/LAN/DMZ classes LAN1 Interface Bandwidth Fill the real bandwidth which is located in the 10 to 100000 kbps 100000 kbps __ kbps upper direction. D-Link...
Page 219 DFL-900/1500 User Manual Chapter 25 Bandwidth Management BUTTON DESCRIPTION Prev. Page If there are more than one action pages, you can press Prev. Page to back to the previous page. Next Page If there are more than one action pages, you can press Next Page to go to the next page.
Page 220 Click Insert to insert a rule before the default rule. ü Note Regarding the above field description, please refer to Table 10-2 Add a firewall rule for details. D-Link...
Page 221 DFL-900/1500 User Manual Chapter 25 Bandwidth Management Step 6. Customize the Rule ADVANCED SETTINGS > Firewall > Edit Rules > Insert Enter a rule name such as web-from-WAN, select the Source IP as WAN1_ALL and Dest. IP as LAN1_ALL Besides, make sure the service is HTTP (port 80) because of this is web service.
Page 222 Note: In the Action region, the web-from-DMZ class was edited in the previous Step 4 before. Step 10. View the results ADVANCED SETTINGS > Firewall > Edit Rules We can see the result of our settings at the DMZ-to-LAN rule direction. D-Link...
Page 223: Outbound Traffic Management
DFL-900/1500 User Manual Chapter 25 Bandwidth Management 25.4.2 Outbound Traffic Management Step 1. Enable Bandwidth ADVANCED SETTINGS > Bandwidth Mgt. > Status Management Check the Enable Bandwidth Management checkbox, click the Apply. Step 2. Setup the WAN1 Link ADVANCED SETTINGS > Bandwidth Mgt. > Edit Actions Select ANY to WAN1 to setup traffic that will be transmitted by the WAN1 interface.
Page 224 LAN_1-to-LAN_2 queue (617 kbps). Here we reserve 40% WAN1 bandwidth for the LAN_1 to LAN_2 VPN data, to guarantee the data communication between VPN. The other traffic will be put into the def_class queue (any available bandwidth). D-Link...
Page 225: Chapter 26 High Availability
DFL-900/1500 User Manual Chapter 26 High Availability Chapter 26 High Availability This chapter introduces High Availability and explains how to implement it. 26.1 Demands Figure 26-1 Use High Availability mechanism to let network connection continually As the above Figure 22-1 illustrates, your company is afraid that the firewall may be crashed someday, so it needs a backup system to let the network connection continually.
Page 226: Methods
The interface which the HA devices will connect to. LAN1/LAN2/DMZ LAN1 IP Address The IP address of the other HA device. IPv4 format 192.168.40.100 BUTTON DESCRIPTION Apply Apply the settings which have been configured. Table 26-1 Setup status page of High Availability D-Link...
Page 227: High Availability
DFL-900/1500 User Manual Chapter 26 High Availability Step 2. Show the result in Web ADVANCED SETTINGS > High Availability > Status After you apply the High Availability feature, the Primary device will show the message to tell you “Sync that...
Page 228: Part Ix System Maintenance
Part IX System Maintenance Part IX System Maintenance D-Link...
Page 229: Chapter 27 System Status
DFL-900/1500 User Manual Chapter 27 System Status Chapter 27 System Status 27.1 Demands Since we have finished the settings of DFL-1500, we need to gather the device information quickly. Then we can have a overview of the system status. 27.2 Objectives We can know the current situation easily through an integrated interface.
Page 230 MAC Address The MAC address of the specified host which gets the IP address by DHCP. Leases Expires The expired lease time of the specified host which gets the IP address by DHCP. Table 27-2 field description of DHCP table D-Link...
Page 231 DFL-900/1500 User Manual Chapter 27 System Status Step 5. Routing Table DEVICE STATUS > System Status > Routing Table Click the Routing Table to see the routing table information of DFL-1500. FIELD DESCRIPTION The type of this specified routing entry.
Page 232 Source Address/Port Destination IP Address/Port. Step 8. IPSec Sessions DEVICE STATUS > System Status > IPSec Sessions If we use the IPSec to establish VPN with other device, then we can view the IPSec tunnel information in this page. D-Link...
Page 233: Chapter 28 Log System
DFL-900/1500 User Manual Chapter 28 Log System Chapter 28 Log System 28.1 Demands The System Administrator wants to know all the actions of administration in the past. So it can avoid illegal system administration. The System Administrator needs to check the logs of VPN, IDS, Firewall, and Content Filter everyday. But he / she feels inconvient to verify the DFL-1500 logs.
Page 234: Syslog & Mail Log
/ Immediately The schedule which the mail logs will be sent out. Note if you choose “Immediately”, it will increase the load of the / Hourly Log Schedule Daily DFL-1500 device, especially, many logs will be producing. /Daily /Weekly D-Link...
Page 235 DFL-900/1500 User Manual Chapter 28 Log System When selecting Weekly in the “Log Schedule” field, we have to choose which day the mail logs will be sent out in Day for Sending Logs Monday ~ Sunday Monday the “Day for Sending Logs” field.
Page 237: Chapter 29 System Maintenance
DFL-900/1500 User Manual Chapter 29 System Maintenance Chapter 29 System Maintenance This chapter introduces how to do system maintenance. 29.1 Demands DFL-1500 is designed to provide upgradeable firmware and database to meet the upcoming dynamics of the Internet. New features, new attack signatures and new forbidden URLs require timely updates to the DFL-1500. This chapter introduces how to upgrade your system with TFTP and Web UI respectively.
Page 238: Firmware Upgrade From Web Gui
29.3 Firmware upgrade from Web GUI Step 1. Download the newest firmware Firmware upgrade site： from web site http://fwupdate.dlinktw.com.tw/ If a new firmware issued, we can download it from the web site (fwupdate.dlinktw.com.tw) to the local computer. D-Link...
Page 239: Database Update From Web Gui
DFL-900/1500 User Manual Chapter 29 System Maintenance Step 2. Upgrade firmware SYSTEM TOOLS > Firmware Upgrade > Firmware Upgrade In the System Tools / Firmware Upgrade page. Select the path of firmware through Browse button, check Preserve Saved Configurations to reserve original settings.
Page 240: Factory Reset
We can make DFL-1500 configuration restored to the factory defaults with simply clicking the Apply button. Warning: Be careful to use this function. It will make all your present configurations disappear. And the configuration will restore to the factory default. D-Link...
Page 241: Normal Factory Reset
DFL-900/1500 User Manual Chapter 29 System Maintenance 29.5.2 NORMAL factory reset Step 1. Factory reset NetOS/i386 (DFL-1500) (tty00) In the CLI mode. Enter sys resetconf now to reset the firmware to factory default. Then the login: admin system will reboot automatically.
Page 242: Save The Current Configuration
The DFL-1500 powered off or The configuration restoring will fail. After rebooting the DFL-1500, it will remain the rebooted. original configuration. It seems that there is no configuration restoring before. Table 29-2 The result while an accident happens during the configuration restoring. D-Link...
Page 243: Reset Password
DFL-900/1500 User Manual Chapter 29 System Maintenance 29.8 Reset password >> NetOS Loader (i386), V1.5 (Fri Feb 20 10:25:11 CST 2004) Step 1. Enter the boot loader Press <TAB> to prompt - starting in 0 If you forget the password, you can use the following way to reset the password.
Page 244 Part IX System Maintenance D-Link...
Page 245: Appendix A Command Line Interface (Cli)
DFL-900/1500 User Manual Appendix A Command Line Interface (CLI) Appendix A Command Line Interface (CLI) You can configure the DFL-1500 through the web interface (http/https) for the most time. Besides you can use another method, console/ssh/telnet method to configure the DFL-1500 in the emergency. This is known as the Command Line Interface (CLI). By the way of CLI commands, you can effectively set the IP addresses, restore factory reset, reboot/shutdown system etc.
Page 246 Show system and network status tcpdump (tc) sys tcpdump INTF0 host 10.1.1.1 Capture the information of specified packets which pass through the indicated interface. version (ver) sys version Show DFL-1500 firmware version Table A-2 Privileged mode of normal mode D-Link...
Page 247: Cli Commands List (Rescue Mode)
DFL-900/1500 User Manual A.3CLI commands list (Rescue Mode) The Full tftp commands are described in the following Table A-3. Prefix Postfix command Example Command description command command command ip tftp upgrade config Upgrade configuration file config FILENAME WORD conf-0101 192.168.1.170 image from tftp server.
Page 248 Reboot system resetconf sys resetconf now Reset system configuration to default settings status (st) sys status Show the mode name and firmware version. version (ver) sys version Show the firmware version Table A-5 Privileged mode CLI commands D-Link...
Page 249: Appendix B Trouble Shooting
DFL-900/1500 User Manual Appendix B Trouble Shooting Appendix B Trouble Shooting If the power LED of DFL-1500 is off when I turn on the power? Ans： Check the connection between the power adapter and DFL-1500 power cord. If this problem still exists, contact with your sales vendor.
Page 250 When you add a Firewall rule, the Source IP and Netmask are the IP address, PrefixLen/Subnet Mask in the pages of the Remote Address Type. And the Dest IP and Netmask are the IP Address, PrefixLen/Subnet Mask in the pages of the Local Address Type. D-Link...
Page 251: Appendix B Trouble Shooting
DFL-900/1500 User Manual Appendix B Trouble Shooting The following Figure B-1, Figure B-2 indicated the DFL_A IPSec and Firewall setting. The Figure B-3, Figure B-4 indicated the opposite side DFL_B IPSec and Firewall setting. When you configure an IPSec policy, please be sure to add a rule to let the packets of the IPSec pass from WAN to LAN.
Page 252 Lan-A and Lan-B may fail. But when each host (Lan-A or Lan-B) is finish pinging, the other host can continue the pinging action. While I am upgrading firmware from local disk, the download is not complete but the network has been disconnected. What will it happen in such situation? D-Link...
Page 253 DFL-900/1500 User Manual Appendix B Trouble Shooting Ans： Under this circumstance, the DFL-1500 will automatically reboot and all configurations will still remain as before. While I am upgrading firmware from local disk, the download is complete. After md5 checks, the screen appears “Upgrading kernel image”.
Page 255: Appendix C Rule Entry Limitation
DFL-900/1500 User Manual Appendix C Rule entry limitation Appendix C Rule entry limitation For the DFL-1500 web configuration, there is a limitation of permitted maximum entering rule. Here we provide a list for your reference. Permitted Maximum Classification Item Refer section...
Page 256 Anti-DoS Logs IDS Logs Section 24.4 Web Filter Logs Mail Filter Logs POP3 Filter Logs IPSec Logs – IKE IPSec Logs – Manual Key PPTP Logs – Server PPTP Logs – Client L2TP Logs Table C-1 Rule entries limitation D-Link...
Page 257: Appendix D System Log Syntax
DFL-900/1500 User Manual Appendix D System Log Syntax Appendix D System Log Syntax In the DFL-1500, all the administration action will be logged by the system. You can refer all your management process through System log (DEVICE STATUS > System Logs > System Access Logs). Besides, all the system log descriptions are following the same syntax format.
Page 258 CONTENT: [C16] Updated ftp filter blocked file configuration configuration by admin (192.168.17.100:443). EID=19 FTP Filter blocking list CONTENT: [C17] FTP Filter blocking list updated by admin updated (192.168.17.100:443). EID=20 Web filter keyword added CONTENT: [C18] Web filter keyword added by admin (192.168.17.100:443). EID=21 D-Link...
Page 259: Smtp Filters
DFL-900/1500 User Manual Appendix D System Log Syntax Web filter keyword deleted CONTENT: [C19] Web filter keyword deleted by admin (192.168.17.100:443). EID=22 Enable web filter keyword CONTENT: [C20] Enable web filter keyword matching by admin matching (192.168.17.100:443). EID=23 Disable web filter keyword...
Page 260 SYSTEM: [S03] WAN1: Got PPPoE IP Address F63/255.255.255.0. Startup/Shutdown DHCP SYSTEM: [S04] Enable DHCP server on LAN1 by admin Server (192.168.17.102:443) SYSTEM: [S04] Disable DHCP server on LAN1. Startup/Shutdown HTTP SYSTEM: [S05] HTTP started. Server SYSTEM: [S05] HTTP stopped. D-Link...
Page 261 DFL-900/1500 User Manual Appendix D System Log Syntax Startup/Shutdown HTTPS SYSTEM: [S06] HTTPS started. Server Startup TELNET Server Set Interface IP Address SYSTEM: [S08] WAN1: IP Address: 192.168.17.102/255.255.255.0. (192.168.17.102:443). IP Alias SYSTEM: [S09] LAN1: Add IP address alias 192.168.1.2/255.255.255.0 by admin (192.168.17.102:443).
Page 262 SYSTEM: [S38] Update WAN NAT settings to Basic operation Disable WAN NAT feature SYSTEM: [S38] Disable WAN NAT feature Update pass-through settings VPN: [V1] Update pass-through settings VPN: [V2] Deactivated IPSec Deactivated IPSec Activated IPSec Table D-2 All the System Log descriptions D-Link...
Page 263: Appendix E Glossary Of Terms
DFL-900/1500 User Manual Appendix E Glossary of Terms Appendix E Glossary of Terms CF (Content Filter) – A content filter is one or more pieces of software that work together to prevent users from viewing material found on the Internet. This process has two components.
Page 264 The key feature of a VPN, however, is its ability to use public networks like the Internet rather than rely on private leased lines. VPN technologies implement restricted-access networks that utilize the same cabling and routers as a public network, and they do so without sacrificing features or basic security. D-Link...
Page 265: Appendix F Index
DFL-900/1500 User Manual Appendix F Index Appendix F Index backup configuration ..............236 POP3 ..................195, 197 Bandwidth Management ............209, 219 bidirectional ................65, 66, 72 restore configuration..............236 Routing...................73 Content Filter ................183 policy routing ................73 FTP Filter ................199 static routing................73 Mail Filter................
Page 267: Appendix G Customer Support
DFL-900/1500 User Manual Appendix G Customer Support Appendix G Customer Support Offices Australia D-Link Australia 1 Giffnock Avenue, North Ryde, NSW 2113, Sydney, Australia TEL: 61-2-8899-1800 FAX: 61-2-8899-1868 TOLL FREE (Australia): 1800-177100 URL: www.dlink.com.au E-MAIL: support@dlink.com.au & info@dlink.com.au Brazil D-Link Brasil Ltda.
Page 268 Appendix G TEL: 33-1-3023-8688 FAX: 33-1-3023-8689 URL: www.dlink-france.fr E-MAIL: info@dlink-france.fr Germany D-Link Central Europe (D-Link Deutschland GmbH) Schwalbacher Strasse 74, D-65760 Eschborn, Germany TEL: 49-6196-77990 FAX: 49-6196-7799300 URL: www.dlink.de BBS: 49-(0) 6192-971199 (analog) BBS: 49-(0) 6192-971198 (ISDN) INFO: 00800-7250-0000 (toll free) HELP: 00800-7250-4000 (toll free) REPAIR: 00800-7250-8000 E-MAIL: info@dlink.de...
Page 269: Appendix G Customer Support
CHS Aptec (Dubai), P.O. Box 33550 Dubai, United Arab Emirates TEL: 971-4-366-885 FAX: 971-4-355-941 E-MAIL: Wxavier@dlink-me.com U.K. D-Link Europe (United Kingdom) Ltd Floor, Merit House, Edgware Road, Colindale, London NW9 5AB United Kingdom TEL: 44-020-8731-5555 SALES: 44-020-8731-5550 FAX: 44-020-8731-5511 SALES: 44-020-8731-5551 BBS: 44 (0) 181-235-5511 URL: www.dlink.co.uk E-MAIL: info@dlink.co.uk...

This manual is also suitable for:

Dfl-1500

D-Link DFL-900 User Manual

Chapter 1 Quick Start

Chapter 2 System Overview

Chapter 3 Basic Setup

Chapter 4 System Tools

Chapter 5 Remote Management

Chapter 6 Authentication

Chapter 7 NAT

Chapter 8 Routing

Chapter 9 Ip/Services Grouping

Chapter 10 Firewall

Chapter 11 IP/MAC Binding

Chapter 12 VPN Technical Introduction

Chapter 13 Virtual Private Network - Ipsec

Chapter 14 Virtual Private Network -Dynamic Ipsec

Chapter 15 Virtual Private Network - Hub and Spoke VPN

Chapter 16 PPTP Client with PPTP Server

Chapter 17 Remote Access VPN - PPTP

Chapter 18 Remote Access VPN - L2TP

Chapter 19 Remote Access VPN - DS-601 VPN Client

Chapter 20 Remote Access VPN - Windows Client

Chapter 21 Content Filtering - Web Filters

Chapter 22 Content Filtering – Mail Filters

Chapter 23 Content Filtering - FTP Filtering

Chapter 24 Intrusion Detection Systems

Chapter 25 Bandwidth Management

Chapter 26 High Availability

Chapter 27 System Status

Chapter 28 Log System

Chapter 29 System Maintenance

Appendix

Appendix A Command Line Interface (CLI)

Appendix B Trouble Shooting

Appendix B Trouble Shooting

Appendix C Rule Entry Limitation

Appendix D System Log Syntax

Appendix E Glossary of Terms

Appendix F Index

Appendix G Customer Support

Appendix G Customer Support

Quick Links

Troubleshooting

Related Manuals for D-Link DFL-900

Summary of Contents for D-Link DFL-900