D-Link DFL-CPG310 Product Manual
D-Link DFL-CPG310 Manual
 |
UPC - 790069289309
View all D-Link DFL-CPG310 manuals
Add to My Manuals
Save this manual to your list of manuals |
D-Link DFL-CPG310 manual content summary:
- D-Link DFL-CPG310 | Product Manual - Page 1
D-Link NetDefend firewall Security VPN Firewall NetDefend secured by Check Point User Guide Version 1.0 Revised: 01/17/2006 - D-Link DFL-CPG310 | Product Manual - Page 2
VPN-1, VPN-1 Accelerator Card, VPN-1 Gateway, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, and VPN-1 Edge are trademarks, service GENERAL PUBLIC LICENSE Version 2, June not price. Our General that any problems introduced by files to carry prominent notices stating that you changed the files - D-Link DFL-CPG310 | Product Manual - Page 3
. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not - D-Link DFL-CPG310 | Product Manual - Page 4
plug and inform the responsible service personnel. Nonobservance may result in damage to the router. POWER ADAPTER Operate this product only from the type of power source indicated on the product's marking label. If you are not sure of the type of power supplied to your home, consult your dealer - D-Link DFL-CPG310 | Product Manual - Page 5
Contents About This Guide ...xi Introduction ...1 About Your D-Link NetDefend firewall 1 NetDefend Secured by Check Point Product Family 2 NetDefend Features and Compatibility 2 Connectivity ...2 Firewall ...3 VPN ...4 Management...4 Optional Security Services...5 Power Pack Features ...5 Package - D-Link DFL-CPG310 | Product Manual - Page 6
a PPTP or PPPoE Dialer Connection 59 Using PPPoE...60 Using PPTP...61 Using Internet Setup...63 Using a LAN Connection...65 Using a Cable Modem Connection 67 Using a PPPoE Connection...69 Using a PPTP Connection...71 Using a Telstra (BPA) Connection 73 ii D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 7
Contents Using a Dialup Connection ...75 Using No Connection...77 Setting Up a Dialup Modem ...84 Viewing Internet Connection Information 87 Enabling/Disabling the Internet Connection 88 Using Quick Internet Connection/Disconnection 90 Configuring a Backup Internet Connection 90 Setting Up a LAN - D-Link DFL-CPG310 | Product Manual - Page 8
Stations...182 Troubleshooting Wireless Connectivity 183 Viewing Reports ...187 Viewing the Event Log ...187 Using the Traffic Monitor ...191 Viewing Traffic Reports ...191 Configuring Traffic Monitor Settings 193 Exporting General Traffic Reports 194 iv D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 9
Contents Viewing Computers ...194 Viewing Connections ...197 Viewing Wireless Statistics...198 Setting Your Security Policy ...203 Default Security Policy ...203 Setting the Firewall Security Level 204 Configuring Servers ...207 Using Rules ...209 Adding and Editing Rules ...213 Enabling/Disabling - D-Link DFL-CPG310 | Product Manual - Page 10
and Manual Updates...294 Checking for Software Updates when Remotely Managed 294 Checking for Software Updates when Locally Managed 295 Working With VPNs...297 Overview ...297 Site-to-Site VPNs...298 Remote Access VPNs ...301 Internal VPN Server...302 Setting Up Your NetDefend firewall as a VPN - D-Link DFL-CPG310 | Product Manual - Page 11
Setting Up Remote VPN Access for Users 367 Using RADIUS Authentication...368 Configuring the RADIUS Vendor-Specific Attribute 372 Maintenance ...375 Viewing Firmware Status...375 Updating the Firmware ...377 Upgrading Your Software Product 379 Registering Your NetDefend firewall 383 Configuring - D-Link DFL-CPG310 | Product Manual - Page 12
firewall Configuration 415 Exporting the NetDefend firewall Configuration 415 Importing the NetDefend firewall Configuration 416 Resetting the NetDefend firewall to Defaults Troubleshooting ...437 Connectivity ...438 Service Center and Upgrades ...442 viii D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 13
Contents Other Problems ...443 Specifications ...445 Technical Specifications ...445 CE Declaration of Conformity ...449 Federal Communications Commission Radio Frequency Interference Statement 451 Glossary of Terms ...453 Index...461 Contents ix - D-Link DFL-CPG310 | Product Manual - Page 14
- D-Link DFL-CPG310 | Product Manual - Page 15
About Your D-Link NetDefend firewall About This Guide To make finding information in this manual easier, some types of DFL-CP310 or DFL-CPG310, with or without the Power Pack DFL-CPG310 only, with or without the Power Pack DFL-CP310 or DFL-CPG310, with the Power Pack only Chapter 1: About This Guide - D-Link DFL-CPG310 | Product Manual - Page 16
- D-Link DFL-CPG310 | Product Manual - Page 17
includes both wired and wireless models. The D-Link firewall, based on the services available from select service providers, including firewall security and software updates, Antivirus, Web Filtering, reporting, and VPN management. By supporting integrated VPN capabilities, the NetDefend firewall - D-Link DFL-CPG310 | Product Manual - Page 18
series includes the following hardware models: • DFL-CP310 Security VPN Firewall • DFL-CPG310 Wireless Security VPN Firewall You can upgrade your NetDefend firewall to include additional features without replacing the hardware by installing the DFL-CP310 Power Pack, and you can increase the number - D-Link DFL-CPG310 | Product Manual - Page 19
(DCD) • Traffic Monitoring • Traffic Shaping • VLAN Support (requires Power Pack) • Dynamic Routing (requires Power Pack) The NetDefend DFL-CPG310 firewall includes the following additional features: • Wireless LAN interface with dual diversity antennas supporting up to 108 Mbps (Super G) and - D-Link DFL-CPG310 | Product Manual - Page 20
, SSH, SNMP, Serial CLI • Central Management: SMP • NTP automatic time setting • TFTP Rapid Deployment • Local diagnostics tools: Ping, WHOIS, Packet Sniffer, VPN Tunnel Monitor, Connection Table Monitor, Wireless Monitor, Active Computers Display, Local Logs 4 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 21
Scanning Service Power Pack Features The table below describes the differences between the standard DFL-CP310 and DFL-CPG310 with the Power Pack installed. Feature High Availability Traffic Shaper DiffServ Tagging Dynamic Routing Firewall/VPN Throughput (Mbps) Secure Hotspot DFL-CP310/CPG310 - D-Link DFL-CPG310 | Product Manual - Page 22
by SofaWare Security Management Portal (SMP). Package Contents The NetDefend series package includes the following: • D-Link NetDefend firewall VPN Firewall • Power adapter • CAT5 Straight-through Ethernet cable • Getting Started Guide • This User Guide 6 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 23
to the NetDefend firewall. Note: For optimal results, it is highly recommended to use either Microsoft Internet Explorer 5.5 or higher, or Mozilla Firefox 1.0 or higher. • When using the DFL-CPG310, an 802.11b, 802.11g or 802.11 Super G wireless card installed on each wireless station Chapter - D-Link DFL-CPG310 | Product Manual - Page 24
Panel Items The following table lists the NetDefend firewall 's rear panel elements. Table 1: NetDefend firewall Rear Panel Elements Label Description PWR A power jack used for supplying power to the unit. Connect the supplied power adapter to this jack. 8 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 25
press (7 seconds). Resets the NetDefend firewall to its factory defaults, and resets your firmware to the version that shipped with the NetDefend firewall. This results in the loss of all security services and passwords and reverting to the factory default firmware. You will have to re-configure - D-Link DFL-CPG310 | Product Manual - Page 26
On (Red) LAN 1-4/ WAN/ DMZ/WAN2 LINK/ACT Off, 100 Off LINK/ACT On, 100 Off Explanation Power off System boot-up Establishing Internet connection Normal operation Hacker attack blocked Error Link is down 10 Mbps link established for the corresponding port 10 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 27
) Flashing (Green) Explanation 100 Mbps link established for the corresponding port Data is being transmitted/received VPN port in use Serial port in use Getting to Know Your NetDefend firewall Rear Panel All physical connections (network and power) to the NetDefend firewall are made via the rear - D-Link DFL-CPG310 | Product Manual - Page 28
firewall to its factory default, and resets your firmware to the version that shipped with the NetDefend firewall. This results in the loss of all security services and passwords and reverting to the factory default firmware the supplied wireless antennas 12 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 29
firewall Status LEDs LED State Explanation PWR/SEC Off Power off Flashing quickly (Green) System boot-up Flashing slowly (Green) Establishing Internet connection On (Green) Normal operation Flashing (Red) Hacker attack blocked On (Red) Error Flashing (Orange) Software update - D-Link DFL-CPG310 | Product Manual - Page 30
/received VPN port in use Serial port in use USB port in use WLAN in use Contacting Technical Support If there is a problem with your NetDefend firewall, see http://support.dlink.com/. You can also download the latest version of this guide from the site. 14 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 31
obtains its IP address automatically. Refer to the relevant section in this guide in accordance with the operating system that runs on your computer. The sections below will guide you through the TCP/IP setup and installation process. Chapter 2: Installing and Setting up the NetDefend firewall 15 - D-Link DFL-CPG310 | Product Manual - Page 32
are using a NetDefend firewall, since the NetDefend firewall offers better protection. Checking the TCP/IP Installation 1. Click Start > Settings > Control Panel. The Control Panel window appears. 2. Double-click the Network and Dial-up Connections icon. 16 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 33
Before You Install the NetDefend firewall The Network and Dial-up Connections window appears. 3. Right-click the opens. icon and select Properties from the pop-up menu that Chapter 2: Installing and Setting up the NetDefend firewall 17 - D-Link DFL-CPG310 | Product Manual - Page 34
Before You Install the NetDefend firewall The Local Area Connection Properties window appears. 4. In the above window, check if TCP/IP appears in the TCP/IP does not appear in the Components list, you must install it as described in the next section. 18 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 35
Before You Install the NetDefend firewall Installing TCP/IP Protocol 1. In the Local Area Connection Properties window click Install.... The Select Network Component Type ) and click OK. TCP/IP protocol is installed on your computer. Chapter 2: Installing and Setting up the NetDefend firewall 19 - D-Link DFL-CPG310 | Product Manual - Page 36
Before You Install the NetDefend firewall TCP/IP Settings 1. In the Local Area Connection Properties window double Subnet Mask field, and click OK to save the new settings. (Note that 192.168.10 is the default value, and it may vary if you changed it in the My Network page.) 3. Click the Obtain DNS - D-Link DFL-CPG310 | Product Manual - Page 37
Windows 98/Millennium Checking the TCP/IP Installation 1. Click Start > Settings > Control Panel. The Control Panel window appears. Before You Install the NetDefend firewall 2. Double-click the icon. Chapter 2: Installing and Setting up the NetDefend firewall 21 - D-Link DFL-CPG310 | Product Manual - Page 38
Before You Install the NetDefend firewall The Network window appears. 3. In the Network window, check if TCP/IP appears in the network components list your computer skip this section and move directly to TCP/IP Settings. 1. In the Network window, click Add. 22 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 39
Before You Install the NetDefend firewall The Select Network Component Type window appears. 2. Choose . If Windows asks for original Windows installation files, provide the installation CD and relevant path when required (e.g. D:\win98) 5. Restart your computer if prompted. Chapter 2: Installing - D-Link DFL-CPG310 | Product Manual - Page 40
correct configurations. 1. In the Network window, double-click the TCP/IP service for the Ethernet card, which has been installed on your computer (e.g. ). The TCP/IP Properties window opens. 2. Click the Gateway tab, and remove any installed gateways. 24 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 41
Before You Install the NetDefend firewall 3. Click the DNS Configuration tab, and click the Disable DNS radio button. Chapter 2: Installing and Setting up the NetDefend firewall 25 - D-Link DFL-CPG310 | Product Manual - Page 42
Yes when prompted for "Do you want to restart your computer?". Your computer restarts, and the new settings to take effect. Your computer is now ready to access your NetDefend firewall. Mac OS Use the following procedure for setting up the TCP/IP Protocol. 26 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 43
the NetDefend firewall 1. Choose Apple Menus -> Control Panels -> TCP/IP. The TCP/IP window appears. 2. Click the Connect via drop-down list, and select Ethernet. 3. Click the Configure drop-down list, and select Using DHCP Server. 4. Close the window and save the setup. Chapter 2: Installing - D-Link DFL-CPG310 | Product Manual - Page 44
Before You Install the NetDefend firewall Mac OS-X Use the following procedure for setting up the TCP/IP Protocol. 1. Choose Apple -> System Preferences. The System Preferences window appears. 2. Click Network. The Network window appears. 28 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 45
Before You Install the NetDefend firewall 3. Click Configure. Chapter 2: Installing and Setting up the NetDefend firewall 29 - D-Link DFL-CPG310 | Product Manual - Page 46
mount your NetDefend firewall on the wall. To mount the NetDefend firewall on the wall 1. Decide where you want to mount your NetDefend firewall. 2. Decide on the mounting orientation. You can mount the appliance on the wall facing up, down, left, or right. 30 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 47
3.5 mm diameter holes, approximately 25 mm deep. 5. Insert two plastic conical anchors into the holes. Note: The conical anchors you received with your NetDefend firewall are suitable for concrete walls. If you want to mount the appliance on a plaster wall, you must use anchors that are suitable for - D-Link DFL-CPG310 | Product Manual - Page 48
to your computer. See Network Installation on page 35. Securing the Appliance against Theft The NetDefend firewall features a security slot to the rear of the right panel, which enables you to secure shown in the diagram below. Figure 6: Looped Security Cable 32 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 49
Closed, and is used to connect the looped security cable to the appliance's security slot. To install an anti-theft device on the NetDefend firewall 1. If your anti-theft device has a combination lock, set the desired code, as described in the documentation that came with your device. 2. Connect the - D-Link DFL-CPG310 | Product Manual - Page 50
Securing the Appliance against Theft 4. Insert the bolt into the NetDefend firewall's security slot, and then slide the bolt to the Closed position until the bolt holes are the anti-theft device, as described in the documentation that came with your device. 34 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 51
to a Cable Modem, xDSL modem or office network. 4. Connect the power adapter to the power socket, labeled PWR, at the back of the NetDefend firewall. 5. Plug the power adapter into the wall electrical outlet. Warning: The NetDefend firewall power adapter is compatible with either 100, 120 or 230 VAC - D-Link DFL-CPG310 | Product Manual - Page 52
power requirement does not exceed the appliance's USB power supply Setup Wizard automatically displays the dialog boxes for registering your NetDefend firewall. If desired, you can exit the Setup Wizard and perform each of these steps separately. 36 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 53
a wireless network (DFL-CPG310 only) Configuring a Wireless Network on page 161 Installing the Product Key Upgrading Your Software Product on page 379 Registering your NetDefend firewall Registering Your NetDefend firewall on page 383 Setting up subscription services Connecting to a Service Center - D-Link DFL-CPG310 | Product Manual - Page 54
Setting Up the NetDefend firewall To access the Setup Wizard 1. Click Setup in the main menu, and click the Firmware tab. The Firmware page appears. 2. Click NetDefend Setup Wizard. The NetDefend Setup Wizard opens with the Welcome page displayed. 38 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 55
contains all the information you need in order to get started using your NetDefend firewall. This chapter includes the following topics: Initial Login to the NetDefend Portal 39 Portal, you must set up your password. To log on to the NetDefend Portal for the first time 1. Browse to http://my - D-Link DFL-CPG310 | Product Manual - Page 56
2. Type a password both in the Password and the Confirm Password fields. Note: The password must be five to 25 characters (letters or numbers). Note: You can change your password at any time. For further information, see Changing Your Password. 3. Click OK. 40 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 57
54. After you have completed the Internet Wizard, the Setup Wizard continues to guide you through appliance setup. For more information, see Setting Up the NetDefend firewall. • Internet Setup Internet Setup offers advanced setup options, such as configuring two Internet connections. To use Internet - D-Link DFL-CPG310 | Product Manual - Page 58
Note: By default, HTTP and HTTPS access to the NetDefend Portal is not allowed from the WLAN, unless you do one of the following: • Configure a specific firewall rule to 1. Do one of the following: • Browse to http://my.firewall. Or • To log on through HTTPS (locally or remotely), follow the procedure Accessing - D-Link DFL-CPG310 | Product Manual - Page 59
The login page appears. Logging on to the NetDefend Portal 2. Type your username and password. 3. Click OK. Chapter 3: Getting Started 43 - D-Link DFL-CPG310 | Product Manual - Page 60
your internal network. Note: In order to access the NetDefend Portal remotely using HTTPS, you must first do both of the following: • Configure your password, using HTTP. See Initial Login to the NetDefend Portal on page 39. • Configure HTTPS Remote Access. See Configuring HTTPS on page 390. 44 - D-Link DFL-CPG310 | Product Manual - Page 61
Using HTTPS Note: Your browser must support 128-bit cipher strength. To check your browser's cipher strength, open Internet Explorer and click Help > About Internet Explorer. To access the NetDefend Portal from your internal network • Browse to https://my.firewall. (Note that the URL starts with - D-Link DFL-CPG310 | Product Manual - Page 62
and Setup). Main frame Displays information and controls related to the selected topic. The main frame may also contain tabs that allow you to view different pages related to the selected topic. Status bar Shows your Internet connection and managed services status. 46 D-Link NetDefend firewall - D-Link DFL-CPG310 | Product Manual - Page 63
established connections. Security Provides controls and options for setting the security of any computer in the network. Antivirus Allows you to configure VStream Antivirus settings. Services Allows you to control your subscription to subscription - D-Link DFL-CPG310 | Product Manual - Page 64
Setup Users VPN Help Logout Does this... Allows you to manage and configure your network settings and Internet connections. Provides a set of tools for managing your NetDefend firewall. Allows you to upgrade your license and firmware are described throughout this guide. Status Bar The status - D-Link DFL-CPG310 | Product Manual - Page 65
connection is down. • Establishing Connection. The NetDefend firewall is connecting to the Internet. • Contacting Gateway. The NetDefend firewall is trying to contact the Internet default gateway. • Disabled. The Internet connection has been manually disabled. Note: You can configure both a primary - D-Link DFL-CPG310 | Product Manual - Page 66
services. • Connection Failed. The NetDefend firewall failed to connect to the Service Center. • Connecting. The NetDefend firewall is connecting to the Service Center. • Connected. You are connected to the Service Center, and security services are active. 50 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 67
off Logging off terminates your administration session. Any subsequent attempt to connect to the NetDefend Portal will require re-entering of the administration password. To log off of the NetDefend Portal • Do one of the following: • If you are connected through HTTP, click Logout in the main - D-Link DFL-CPG310 | Product Manual - Page 68
- D-Link DFL-CPG310 | Product Manual - Page 69
before you can access the Internet through the NetDefend firewall. You can configure your Internet connection using any of the following setup tools: • Setup Wizard. Guides you through the NetDefend firewall setup step by step. The first part of the Setup Wizard is the Internet Wizard. For further - D-Link DFL-CPG310 | Product Manual - Page 70
Wizard The Internet Wizard allows you to configure your NetDefend firewall for Internet connection quickly and easily through its user-friendly on to the NetDefend Portal, the Internet Wizard starts automatically as part of the Setup Wizard. In this case, you should skip to step 3 in the procedure - D-Link DFL-CPG310 | Product Manual - Page 71
Using the Internet Wizard The Internet Wizard opens with the Welcome page displayed. 3. Click Next. The Internet Connection Method dialog box appears. 4. Select the Internet connection method you want to use for connecting to the Internet. Chapter 4: Configuring the Internet Connection 55 - D-Link DFL-CPG310 | Product Manual - Page 72
Network) connection. The Confirmation screen appears. 1. Click Next. The system attempts to connect to the Internet via the selected connection. The Connecting... screen appears. 56 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 73
Using the Internet Wizard At the end of the connection process the Connected screen appears. 2. Click Finish. Chapter 4: Configuring the Internet Connection 57 - D-Link DFL-CPG310 | Product Manual - Page 74
in the Host Name field. The ISP will supply you with the proper hostname, if required. Most to specific, recognized MAC addresses, they will instruct you to enter the MAC address. Otherwise, MAC address of your computer to the NetDefend firewall. Or • If the ISP requires authentication using - D-Link DFL-CPG310 | Product Manual - Page 75
Using the Internet Wizard 3. Click Next. The Confirmation screen appears. 4. Click Next. The system attempts to connect to the Internet. The Connecting... screen appears. At the end of the connection process the Connected screen appears. 5. Click Finish. Using a PPTP or PPPoE Dialer Connection If - D-Link DFL-CPG310 | Product Manual - Page 76
to the Internet via the DSL connection. The Connecting... screen appears. At the end of the connection process the Connected screen appears. 4. Click Finish. 60 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 77
Wizard Table 8: PPPoE Connection Fields In this field... Do this... Username Type your user name. Password Type your password. Confirm password Type your password again. Service Type your service name. This field can be left blank. Using PPTP If you selected the PPTP connection method - D-Link DFL-CPG310 | Product Manual - Page 78
password Type your password again. Service Type your service name. Server IP Type the IP address of the PPTP modem. Internal IP Type the local IP address required for accessing the PPTP modem. Subnet Mask Type the subnet mask of the PPTP modem. 62 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 79
Using Internet Setup Using Internet Setup Internet Setup allows you to manually configure your Internet connection. To configure the Internet connection using Internet Setup 1. Click Network in the main menu, and click the Internet tab. 2. Next to the desired Internet connection, click Edit. - D-Link DFL-CPG310 | Product Manual - Page 80
Using Internet Setup The Internet Setup page appears. 3. From the Connection Type drop-down list, select the Internet connection type you are using/ selected. The following steps should be performed in accordance with the connection type you have chosen. 64 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 81
Using a LAN Connection Using Internet Setup 1. Complete the fields using the relevant information in Internet Setup Fields on page 77. Chapter 4: Configuring the Internet Connection 65 - D-Link DFL-CPG310 | Product Manual - Page 82
. 2. Click Apply. The NetDefend firewall attempts to connect to the Internet, and the Status Bar displays the Internet status "Connecting". This may take several seconds. Once the connection is made, the Status Bar displays the Internet status "Connected". 66 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 83
Using a Cable Modem Connection Using Internet Setup 1. Complete the fields using the relevant information in Internet Setup Fields on page 77. Chapter 4: Configuring the Internet Connection 67 - D-Link DFL-CPG310 | Product Manual - Page 84
. 2. Click Apply. The NetDefend firewall attempts to connect to the Internet, and the Status Bar displays the Internet status "Connecting". This may take several seconds. Once the connection is made, the Status Bar displays the Internet status "Connected". 68 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 85
Using a PPPoE Connection Using Internet Setup 1. Complete the fields using the relevant information in Internet Setup Fields on page 77. Chapter 4: Configuring the Internet Connection 69 - D-Link DFL-CPG310 | Product Manual - Page 86
. 2. Click Apply. The NetDefend firewall attempts to connect to the Internet, and the Status Bar displays the Internet status "Connecting". This may take several seconds. Once the connection is made, the Status Bar displays the Internet status "Connected". 70 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 87
Using a PPTP Connection Using Internet Setup 1. Complete the fields using the relevant information in Internet Setup Fields on page 77. Chapter 4: Configuring the Internet Connection 71 - D-Link DFL-CPG310 | Product Manual - Page 88
Using Internet Setup New fields appear, depending on the check boxes you selected. 2. Click Apply. The NetDefend firewall attempts to connect to the Internet, and the Status Bar displays the Internet status "Connecting". This may take several seconds. 72 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 89
Using Internet Setup Once the connection is made, the Status Bar displays the Internet status "Connected". Using a trademark of Telstra Corporation Limited. 1. Complete the fields using the relevant information in Internet Setup Fields on page 77. Chapter 4: Configuring the Internet Connection 73 - D-Link DFL-CPG310 | Product Manual - Page 90
. 2. Click Apply. The NetDefend firewall attempts to connect to the Internet, and the Status Bar displays the Internet status "Connecting". This may take several seconds. Once the connection is made, the Status Bar displays the Internet status "Connected". 74 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 91
first set up the dialup modem. For information, see Setting Up a Dialup Modem on page 84. 1. Complete the fields using the relevant information in Internet Setup Fields on page 77. Chapter 4: Configuring the Internet Connection 75 - D-Link DFL-CPG310 | Product Manual - Page 92
. 2. Click Apply. The NetDefend firewall attempts to connect to the Internet, and the Status Bar displays the Internet status "Connecting". This may take several seconds. Once the connection is made, the Status Bar displays the Internet status "Connected". 76 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 93
connection, set the connection type to None. • Click Apply. Table 10: Internet Setup Fields In this field... Do this... Username Type your user name. Password Type your password. Confirm password Type your password. Service Type your service name. If your ISP has not provided you with - D-Link DFL-CPG310 | Product Manual - Page 94
Using Internet Setup In this firewall to obtain an IP address automatically using DHCP. IP Address Type the static IP address of your NetDefend firewall. Subnet Mask Select the subnet mask that applies to the static IP address of your NetDefend firewall. 78 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 95
automatically Primary DNS Server Secondary DNS Server WINS Server QoS Shape Upstream: Link Rate Do this... Type the IP address of your ISP's default gateway. Clear this option if you want the NetDefend firewall to obtain an IP address automatically using DHCP, but not to automatically configure - D-Link DFL-CPG310 | Product Manual - Page 96
Setup In this field... Do this... Shape Downstream: Link have to fill it in unless your ISP has instructed you to do so. MTU This field allows default MTU, it is recommended that you consult with your ISP first and use MTU values between 1300 and 1500. 80 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 97
Setup to automatically "clone" the MAC address of your computer to the NetDefend firewall. • If the ISP requires authentication using the MAC address of a different to WAN2. The High Availability area only appears in NetDefend with Power Pack. If you are using High Availability (HA), select this - D-Link DFL-CPG310 | Product Manual - Page 98
Setup In this field... Probe Next Hop Do this... Select this option to automatically detect loss of connectivity to the default gateway. If you selected LAN, this is done by sending ARP requests to the default . This option is selected by default. 82 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 99
router, which is usually at your ISP, connectivity to the next hop router does not always indicate that the Internet is accessible. For example, if there is a problem with a different router box is selected. This is the default value. • Ping Addresses. Ping anywhere have Check Point VPN gateways, and - D-Link DFL-CPG310 | Product Manual - Page 100
you chose the Probe VPN Gateway (RDP) connection probing method, type the IP addresses or DNS names of the desired VPN gateways. You can clear dialup modem 1. Connect a regular or ISDN dialup modem to your NetDefend firewall's serial port. For information on locating the serial port, see Rear Panel - D-Link DFL-CPG310 | Product Manual - Page 101
The Ports page appears. Setting Up a Dialup Modem 3. In the RS232 drop-down list, select Dialup. 4. Click Apply. 5. Next to the RS232 drop-down list, click Setup. Chapter 4: Configuring the Internet Connection 85 - D-Link DFL-CPG310 | Product Manual - Page 102
whether the test succeeded. 9. Configure a Dialup Internet connection using the information in Using Internet Setup on page 63. Table 11: Dialup Fields In this field... Do this... Modem Type Select selected a standard modem type, this field is read-only. 86 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 103
Viewing Internet Connection Information In this field... Dial Mode Port Speed Do this... Select the dial mode the modem uses. Select the modem's port speed (in bits per second). Viewing Internet Connection Information You can view information on your Internet connection(s) in terms of status, - D-Link DFL-CPG310 | Product Manual - Page 104
and do not want to leave your computer connected to the Internet. If you have two Internet connections, you can force the NetDefend firewall to use a particular connection, by disabling the other connection. The Internet connection's Enabled/Disabled status is persistent through reboots. 88 - D-Link DFL-CPG310 | Product Manual - Page 105
Enabling/Disabling the Internet Connection To enable/disable an Internet connection 1. Click Network in the main menu, and click the Internet tab. The Internet page appears. 2. Next to the Internet connection, do one of the following: • To enable the connection, click . The button changes to and the - D-Link DFL-CPG310 | Product Manual - Page 106
. Note: You can configure different DNS servers for the primary and secondary connections. The NetDefend firewall acts as a DNS relay and routes requests from computers within the network to the appropriate DNS server for the active Internet connection. 90 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 107
your two modems or routers to the hub/switch. 3. Configure two Internet connections. For instructions, see Using Internet Setup on page 63. Important: The two connections can be of different types. However, they cannot both be LAN DHCP connections. Using the NetDefend firewall's DMZ/WAN2 Port To - D-Link DFL-CPG310 | Product Manual - Page 108
Up a Dialup Modem on page 84. 2. Configure a LAN or broadband primary Internet connection. For instructions, see Using Internet Setup on page 63. 3. Configure a Dialup secondary Internet connection. For instructions, see Using Internet Setup on page 63. 92 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 109
to do so. Note: If you change the network settings to incorrect values and are unable to correct the error, you can reset the NetDefend firewall to its default settings. See Resetting the NetDefend firewall to Defaults on page 418. Chapter 5: Managing Your Network 93 - D-Link DFL-CPG310 | Product Manual - Page 110
DHCP relay. When in DHCP relay mode, the NetDefend firewall relays information from the desired DHCP server to the devices on your network. Note: You can perform DHCP reservation using network objects. For information, see Using Network Objects on page 129. 94 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 111
Configuring Network Settings Enabling/Disabling the NetDefend DHCP Server You can enable and disable the NetDefend DHCP Server for internal networks. Note: Enabling and disabling the DHCP Server is not available for the OfficeMode network. To enable/disable the NetDefend DHCP server 1. Click Network - D-Link DFL-CPG310 | Product Manual - Page 112
is configured to obtain its IP address automatically (using DHCP), and either the NetDefend DHCP server or another DHCP server is enabled, restart your computer. If you enabled the DHCP server, your computer obtains an IP address in the DHCP address range. 96 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 113
Settings Configuring the DHCP Address Range By default, the NetDefend DHCP server automatically sets the addressed computers. If desired, you can set the NetDefend DHCP range manually. Note: Setting the DHCP range manually is not available for the OfficeMode network. To configure the DHCP address - D-Link DFL-CPG310 | Product Manual - Page 114
7. If your computer is configured to obtain its IP address automatically (using DHCP), and either the NetDefend DHCP server or another DHCP server is enabled, restart your computer. Your computer obtains an IP address in the new DHCP address range. 98 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 115
Configuring DHCP Relay Configuring Network Settings You can configure DHCP relay for internal networks. Note: DHCP relay will not work if the appliance is located behind a NAT device. Note: Configuring DHCP options are not available for the OfficeMode network. To configure DHCP relay 1. Click - D-Link DFL-CPG310 | Product Manual - Page 116
7. If your computer is configured to obtain its IP address automatically (using DHCP), and either the NetDefend DHCP server or another DHCP server is enabled, restart your computer. Your computer obtains an IP address in the DHCP address range. 100 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 117
Configuring Network Settings Configuring DHCP Server Options If desired, you can configure the following custom DHCP options for an internal network: • Domain suffix • DNS servers • WINS servers • NTP servers • VoIP call managers • TFTP server and boot filename Note: Configuring DHCP options are not - D-Link DFL-CPG310 | Product Manual - Page 118
Configuring Network Settings The DHCP Server Options page appears. 4. Complete the fields using the relevant information in the table below. 102 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 119
computer is configured to obtain its IP address automatically (using DHCP), restart your computer. Your computer obtains an IP address in the DHCP address Options Fields In this field... Do this... Domain Name Type a default domain suffix that should be passed to DHCP clients. The DHCP client - D-Link DFL-CPG310 | Product Manual - Page 120
1, 2 Automatically assign WINS server WINS Server 1, 2 Other Services Time Server 1, 2 Call Manager 1, 2 Do this... Clear servers as specified by the Internet connection configuration (in the Internet Setup page). The WINS Server 1 and WINS Server 2 fields appear. Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 121
server to the DHCP clients, type the IP address of the TFTP server. Type the boot file to use for booting DHCP clients via TFTP. Changing IP Addresses If desired, you can change your NetDefend firewall's internal IP address, or the entire range of IP addresses in your internal network. You may - D-Link DFL-CPG310 | Product Manual - Page 122
, restart your computer. Your computer obtains an IP address in the new range. • Otherwise, manually reconfigure your computer to use the new address range using the TCP/IP settings. For information on configuring TCP/IP, see TCP/IP Settings on page 24, on page 20. 106 D-Link NetDefend firewall - D-Link DFL-CPG310 | Product Manual - Page 123
hiding" the private IP addresses of the internal computers behind the NetDefend firewall's single Internet IP address. Note: If Hide NAT is disabled, a range of Internet IP addresses from your ISP. Hide NAT is enabled by default. Note: Static NAT and Hide NAT can be used together. To enable/disable - D-Link DFL-CPG310 | Product Manual - Page 124
called a DMZ (demilitarized zone) network. For information on default security policy rules controlling traffic to and from the DMZ, see Default Security Policy on page 203. To configure a DMZ network and click the Ports tab. The Ports page appears. 108 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 125
desired, configure a DHCP server. See Configuring a DHCP Server on page 94. 10. In the IP Address field, type the IP address of the DMZ network's default gateway. Note: The DMZ network must not overlap other networks. 11. In the Subnet Mask text box, type the DMZ's internal network range. 12. Click - D-Link DFL-CPG310 | Product Manual - Page 126
default, VPN Clients connect to the VPN Server using an Internet IP address locally assigned by an ISP. This may lead to the following problems: • VPN VPN clients. It is not supported by Check Point SecuRemote. When OfficeMode is not supported by the VPN 110 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 127
same physical network: traffic flows freely between them, without passing through a firewall. In contrast, traffic between a VLAN and other networks passes through the firewall and is subject to the security policy. By default, traffic from a VLAN to any other internal network (including other VLANs - D-Link DFL-CPG310 | Product Manual - Page 128
another division without rewiring your network, by simply reassigning them to the desired VLAN. The NetDefend firewall supports the following VLAN types: • Tag-based In tag-based VLAN you use one of the gateway to the correct VLAN. Figure 10: Tag-based VLAN 112 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 129
appliance's internal switch has only four ports. You can define up to ten VLAN networks (port-based and tag-based combined). For information on the default security policy for VLANs, see Default Security Policy on page 203. Chapter 5: Managing Your Network 113 - D-Link DFL-CPG310 | Product Manual - Page 130
the Network Name field, type a name for the VLAN. 4. In the Type drop-down list, select Port Based VLAN. The VLAN Tag field disappears. 114 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 131
Configuring Network Settings 5. In the IP Address field, type the IP address of the VLAN network's default gateway. Note: The VLAN network must not overlap other networks. 6. In the Subnet Mask field, type the VLAN's internal network range. 7. If desired, enable or - D-Link DFL-CPG310 | Product Manual - Page 132
integer between 1 and 4095. 6. In the IP Address field, type the IP address of the VLAN network's default gateway. Note: The VLAN network must not overlap other networks. 7. In the Subnet Mask field, type the server. See Configuring a DHCP Server on page 94. 116 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 133
untagged packets. 15. Configure a VLAN trunk (802.1Q) port on the VLAN-aware switch, according to the vendor instructions. Define the same VLAN IDs on the switch. 16. Connect the NetDefend firewall's DMZ/WAN2 port to the VLAN-aware switch's VLAN trunk port. Chapter 5: Managing Your Network 117 - D-Link DFL-CPG310 | Product Manual - Page 134
tab. The My Network page appears. 3. In the desired VLAN's row, click the Erase icon. A confirmation message appears. 4. Click OK. The VLAN is deleted. 118 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 135
more NetDefend firewalls. For example, you can install two NetDefend firewalls on your network, one acting as the "Master", the default gateway the Active Gateway. The NetDefend firewall supports Internet connection tracking, which means that each firewall tracks its Internet connection's status - D-Link DFL-CPG310 | Product Manual - Page 136
fail-over, switch off the primary box or disconnect it from the LAN network. The NetDefend firewall supports configuring multiple HA clusters on the same network segment. To this end, each cluster must configuring HA, the following requirements must be met: 120 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 137
have at least two identical NetDefend firewalls. • The appliances must have identical firmware versions and firewall rules. • The appliances' internal configure HA for the WLAN network: • A passive appliance's wireless transmitter will be disabled until the gateway becomes active. • The two WLAN - D-Link DFL-CPG310 | Product Manual - Page 138
. Each appliance must have a different internal IP address. See Changing IP Addresses on page 105. 2. Click Setup in the main menu, and click the High Availability tab. The High Availability page appears. 3. Select the Gateway High Availability check box. 122 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 139
High Availability 4. Next to each network for which you want to enable HA, select the HA check box. 5. In the Virtual IP field, type the default gateway IP address. This can be any unused IP address in the network, and must be the same for all gateways. 6. Click the Synchronization radio - D-Link DFL-CPG310 | Product Manual - Page 140
. Otherwise, multiple appliances may become active, causing unpredictable problems. 7. Complete the fields using the information the table for all gateways. For further information, see Using Internet Setup on page 63. Table 14: High Availability Page Fields In Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 141
Type the amount to reduce the gateway's priority if the LAN port's Ethernet link is lost. DMZ Advanced Group ID Type the amount to reduce the gateway's should belong. This must be an integer between 1 and 255. The default value is 55. If only one HA cluster exists, there is no need to change - D-Link DFL-CPG310 | Product Manual - Page 142
192.168.101.3. Gateway A is the Active Gateway. To configure HA for Gateway A and Gateway B 1. Connect the LAN port of Gateways A and B to hub 1. 126 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 143
the table above. See Changing IP Addresses on page 105. b. Click Setup in the main menu, and click the High Availability tab. The High the HA check box. g. In the DMZ network's Virtual IP field, type the default gateway IP address 192.168.101.3. h. Click the Synchronization radio button next to DMZ - D-Link DFL-CPG310 | Product Manual - Page 144
. See Changing IP Addresses on page 105. b. Click Setup in the main menu, and click the High Availability tab box. g. In the DMZ network's Virtual IP field, type the default gateway IP address 192.168.101.3. h. Click the Synchronization radio button next 128 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 145
address is mapped. For further information, see Using Rules on page 209. Note: Static NAT and Hide NAT can be used together. Note: The NetDefend firewall supports Proxy ARP (Address Resolution Protocol). When an external source attempts to communicate with such a computer, the NetDefend - D-Link DFL-CPG310 | Product Manual - Page 146
are hosting a public Internet server on your network. • Secure HotSpot enforcement In NetDefend with Power Pack, you can specify whether or not to exclude the network object from HotSpot enforcement. the main menu, and click the Network Objects tab. 130 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 147
Configuring High Availability The Network Objects page appears with a list of network objects. 2. Do one of the following: • To add a network object, click New. • To edit an existing network object, click Edit next to the desired computer in the list. Chapter 5: Managing Your Network 131 - D-Link DFL-CPG310 | Product Manual - Page 148
network object should represent a single computer or device, click Single Computer. • To specify that the network object should represent a network, click Network. 4. Click Next. 132 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 149
Configuring High Availability The Step 2: Computer Details dialog box appears. If you chose Single Computer, the dialog box includes the Perform Static NAT option. If you chose Network, the dialog box does not include this option. 5. Complete the fields using the information in the tables below. - D-Link DFL-CPG310 | Product Manual - Page 150
Finish. To add or edit a network object via the Active Computers page 1. Click Reports in the main menu, and click the Active Computers tab. 134 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 151
The Active Computers page appears. Configuring High Availability If a computer has not yet been added as a network object, the Add button appears next to it. If a computer has already been added as a network object, the Edit button appears next to it. 2. Do one of the following: • To add a network - D-Link DFL-CPG310 | Product Manual - Page 152
. 7. To change the network object name, type the desired name in the field. 8. Click Finish. The new object appears in the Network Objects page. 136 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 153
a MAC address, and to allow the network object to connect to the WLAN when MAC Filtering is used. For information about MAC Filtering, see Configuring a Wireless Network on page 161. MAC Address Type the MAC address you want to assign to the network object's IP address, or click This Computer to - D-Link DFL-CPG310 | Product Manual - Page 154
object, do the following: a. In the desired network object's row, click the Erase A confirmation message appears. b. Click OK. The network object is deleted. icon. 138 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 155
destined for a certain subnet. Packets with a source and destination that does not match any defined static route will be routed to the default gateway. To modify the default gateway, see Using a LAN Connection on page 65. A static route can be based on the packet's destination IP address, or based - D-Link DFL-CPG310 | Product Manual - Page 156
Using Static Routes The Static Routes page appears, with a list of existing static routes. 2. Do one of the following: • To add a static route, click New Route. • To edit an existing static route, click Edit next to the desired route in the list. 140 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 157
Using Static Routes The Static Route Wizard opens displaying the Step 1: Source and Destination dialog box. 3. To select a specific source network (source routing), do the following: a) In the Source drop-down list, select Specified Network. New fields appear. b) In the Network field, type the IP - D-Link DFL-CPG310 | Product Manual - Page 158
. b) In the Network field, type the IP address of the destination network. c) In the Netmask drop-down list, select the subnet mask. 5. Click Next. 142 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 159
Routes 6. In the Next Hop IP field, type the IP address of the gateway (next hop router) to which to route the packets destined for this network. 7. In the Metric field, type the destination and has the lowest metric. The default value is 10. 8. Click Next. Chapter 5: Managing Your Network 143 - D-Link DFL-CPG310 | Product Manual - Page 160
Routes The new static route is saved. Viewing and Deleting Static Routes Note: The "default" route cannot be deleted. To delete a static route 1. Click Network in the main the Erase icon. A confirmation message appears. 3. Click OK. The route is deleted. 144 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 161
Managing Ports Managing Ports The NetDefend firewall enables you to quickly and easily assign its ports to different uses, as shown in the table below. Furthermore, you can restrict each port to a specific link speed and duplex setting. Table 18: Ports and Assignments You can assign this port... - D-Link DFL-CPG310 | Product Manual - Page 162
Managing Ports Viewing Port Statuses You can view the status of the NetDefend firewall's ports on the Ports page, including each Ethernet connection's duplex state. This The Ports page appears. The following information is displayed for each enabled port: 146 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 163
port's current assignment. For example, if the DMZ/WAN2 port is currently used for the DMZ, the drop-down list displays "DMZ". • Link Configuration. The configured link speed (10 Mbps or 100 Mbps) and duplex (Full Duplex or Half Duplex) configured for the port. Automatic Detection indicates that the - D-Link DFL-CPG310 | Product Manual - Page 164
list to the right of the port, select the desired port assignment. 2. Click Apply. The port is reassigned to the specified network or purpose. 148 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 165
Configurations Managing Ports By default, the NetDefend automatically detects the link speed and duplex. If desired, you can manually restrict the NetDefend firewall's ports to a specific link speed. To modify a port's link configuration 1. Click Network in the main menu, and click the Ports tab - D-Link DFL-CPG310 | Product Manual - Page 166
currently established connections that are not supported by the default settings may be broken. For example, if you were using the DMZ/WAN2 port as WAN2, the port reverts to its DMZ assignment, and the secondary Internet connection moves to the WAN port. 150 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 167
and Editing Classes 155 Deleting Classes 159 Restoring Traffic Shaper Defaults 160 Overview Traffic Shaper is a bandwidth management solution traffic is deemed three times as important as FTP traffic, and these services are assigned weights of 30 and 10 respectively. If the lines are congested - D-Link DFL-CPG310 | Product Manual - Page 168
used by Peer-To-Peer file-sharing applications may be Power Pack. Note: You can prioritize wireless traffic from WMM-compliant multimedia applications, by enabling Wireless Multimedia (WMM) for the WLAN network. See Manually Configuring a WLAN on page 165. 152 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 169
Shaper for the Internet connection, using the procedure Using Internet Setup on page 63. You can enable Traffic Shaper for incoming DFL-CP310, you have Simplified Traffic Shaper, and you cannot add or modify the classes. To add or modify classes, upgrade to DFLCP310 with Power Pack, which supports - D-Link DFL-CPG310 | Product Manual - Page 170
traffic is assigned to this class by default. Urgent 15 High Traffic that is highly sensitive to delay. For (Interactive Traffic) example, IP telephony, videoconferencing, and interactive protocols that require quick user response, such as telnet. 154 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 171
. Adding and Editing Classes To add or edit a QoS class 1. Click Network in the main menu, and click the Traffic Shaper tab. The Quality of Service Classes page appears. 2. Click Add. Chapter 6: Using Traffic Shaper 155 - D-Link DFL-CPG310 | Product Manual - Page 172
of Service Parameters dialog box displayed. 3. Complete the fields using the relevant information in the table below. 4. Click Next. The Step 2 of 3: Advanced Options dialog box appears. 5. Complete the fields using the relevant information in the table below. 156 D-Link NetDefend firewall User - D-Link DFL-CPG310 | Product Manual - Page 173
only if necessary. For information on enabling Traffic Shaper for incoming and outgoing traffic, see Using Internet Setup on page 63. 6. Click Next. The Step 3 of 3: Save dialog box appears with a . The new class appears in the Quality of Service Classes page. Chapter 6: Using Traffic Shaper 157 - D-Link DFL-CPG310 | Product Manual - Page 174
option to guarantee a minimum bandwidth for incoming traffic belonging to this class. Then type the minimum bandwidth (in kilobits/second) in the field provided. 158 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 175
their DSCP. To use this option, your ISP or private WAN must support DiffServ. You can obtain the correct DSCP value from your ISP or Network in the main menu, and click the Traffic Shaper tab. The Quality of Service Classes page appears. 2. Click the Erase icon of the class you wish to delete - D-Link DFL-CPG310 | Product Manual - Page 176
or not, by viewing the Rules page. To restore Traffic Shaper defaults 1. Click Network in the main menu, and click the Traffic Shaper tab. The Quality of Service Classes page appears. 2. Click Restore Defaults. A confirmation message appears. 3. Click OK. 160 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 177
when using the DFL-CPG310. For information on default security policy rules controlling traffic to and from the WLAN, see Default Security Policy on page 203. You can configure a WLAN network in either of the following ways: • Wireless Configuration Wizard. Guides you through the WLAN setup step by - D-Link DFL-CPG310 | Product Manual - Page 178
Hardware in Your NetDefend firewall About the Wireless Hardware in Your NetDefend firewall Your NetDefend firewall features a built-in 802.11b/g access point that is tightly integrated with the firewall and hardware-accelerated VPN. The DFL-CPG310 supports the latest 802.11g standard (up to 54Mbps - D-Link DFL-CPG310 | Product Manual - Page 179
firewall rules. This method is suitable for creating public access points. WEP encryption In the WEP (Wired Equivalent Privacy) encryption security method, wireless first be authenticated by a RADIUS server (authentication server) which supports 802.1x . All messages are passed in EAP (Extensible - D-Link DFL-CPG310 | Product Manual - Page 180
WPA-PSK security methods, the NetDefend enables you to restrict access to the WLAN network to wireless stations that support the WPA2 security method. If this setting is not selected, the NetDefend firewall allows clients to connect using both WPA and WPA2. 164 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 181
and authenticated. For information, see Internal VPN Server on page 302 and Setting Up Your NetDefend firewall as a VPN Server on page 303. Manually Configuring a WLAN To manually configure a WLAN network 1. Prepare the appliance for a wireless connection as described in Network Installation on - D-Link DFL-CPG310 | Product Manual - Page 182
Manually Configuring a WLAN The Edit Network Settings page appears. 5. In the Mode drop-down list, select Enabled. The fields are enabled. /Disabling Hide NAT on page 107. 7. If desired, configure a DHCP server. See Configuring a DHCP Server on page 94. 166 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 183
Manually Configuring a WLAN 8. Complete the fields using the information in Basic WLAN Settings Fields on page 168. 9. To configure advanced . 10. Click Apply. A warning message appears, telling you that you are about to change your network settings. Chapter 7: Configuring a Wireless Network 167 - D-Link DFL-CPG310 | Product Manual - Page 184
Manually Configuring a WLAN 11. Click OK. A success message appears. 12. Prepare the wireless stations. See Preparing the Wireless Stations on page 182. Table 24: WLAN Settings Fields In this field... Do this... IP Address Type the IP address of the WLAN network's default gateway. Note: The - D-Link DFL-CPG310 | Product Manual - Page 185
Manually Configuring a WLAN In this field... Operation Mode Do this... Select an operation mode: • 802 bandwidth and degrades with distance. Important: The station wireless cards must support the selected operation mode. For a list of cards supporting 802.11g Super, refer to http://www.super-ag - D-Link DFL-CPG310 | Product Manual - Page 186
firewall automatically selects a channel. This is the default. • A specific channel. The list of channels is dependent on the selected country and operation mode. Note: If there is another wireless network in the vicinity, the two networks may interfere with one another. To avoid this problem - D-Link DFL-CPG310 | Product Manual - Page 187
stations using either WPA or WPA2 can access the WLAN network. This is the default. If you selected WEP encryption, you must configure at least one WEP key. The wireless stations must be configured with the same key, as well. Key 1, 2, 3, 4 radio Click the radio button next to the WEP key that - D-Link DFL-CPG310 | Product Manual - Page 188
and attempt to connect to your network. This is the default. Note: Hiding the SSID does not provide strong security, because by a determined attacker can still discover your SSID. Therefore, it is not recommended to rely on this setting alone for security. 172 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 189
Manually Configuring a WLAN In this field Wireless Transmitter Transmission Rate Select the transmission rate: • Automatic. The NetDefend firewall automatically selects a rate. This is the default. • A specific rate Transmitter Power Select the transmitter power. Setting a higher transmitter power - D-Link DFL-CPG310 | Product Manual - Page 190
them. NetDefend firewalls avoid the problems of multipath distortion by using an antenna diversity system. To provide antenna diversity, each wireless security appliance has to a high value (around 2000), to reduce overhead. The default value is 2346. 174 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 191
. • Enabled. XR mode is enabled. XR will be automatically negotiated with XR-enabled wireless stations and used as needed. This is the default. For more information on XR mode, see About the Wireless Hardware in Your NetDefend firewall on page 162. Multimedia QoS (WMM) Specify whether to use the - D-Link DFL-CPG310 | Product Manual - Page 192
's row, click Edit. The Edit Network Settings page appears. 4. Click Wireless Wizard. The Wireless Configuration Wizard opens, with the Wireless Configuration dialog box displayed. 5. Select the Enable wireless networking check box to enable the WLAN. 176 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 193
Fields on page 168. 7. Click Next. 8. The Wireless Security dialog box appears. 9. Do one of the mode for small, private wireless networks, which want to authenticate and encrypt wireless data but do not WEP security mode. Using WEP, wireless stations must use a pre-shared key to connect to your network - D-Link DFL-CPG310 | Product Manual - Page 194
. For information on configuring these modes, see Manually Configuring a WLAN on page 165. 10. Click Next. WPA-PSK If you chose WPA-PSK, the Wireless Configuration-WPA-PSK dialog box appears. Do the special characters, and is case-sensitive. 2. Click Next. 178 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 195
Using the Wireless Configuration Wizard The Wireless Security Confirmation dialog box appears. 3. Click Next. 4. The Wireless Security Complete dialog box appears. 5. Click Finish. The wizard closes. 6. Prepare the wireless stations. Chapter 7: Configuring a Wireless Network 179 - D-Link DFL-CPG310 | Product Manual - Page 196
characters. • 152 Bits - The key length is 32 hexadecimal characters. Some wireless card vendors call these lengths 40/104/128, respectively. Note that WEP is and is not case-sensitive. The wireless stations must be configured with this same key. 180 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 197
Confirmation dialog box appears. 4. Click Next. The Wireless Security Complete dialog box appears. 5. Click Finish. The wizard closes. 6. Prepare the wireless stations. See Preparing the Wireless Stations on page 182. No Security The Wireless Security Complete dialog box appears. • Click Finish - D-Link DFL-CPG310 | Product Manual - Page 198
Preamble" or "Short Preamble". Note: The wireless cards' region and the NetDefend firewall's region must both match the region of the world where you are located. If you purchased your NetDefend firewall in a different region, contact technical support. 182 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 199
Troubleshooting Wireless Connectivity Troubleshooting Wireless Connectivity I cannot connect to the WLAN from a wireless station. What should I do? • Check that the SSID configured on the station matches the NetDefend firewall's SSID. The SSID is case-sensitive. • Check that the encryption settings - D-Link DFL-CPG310 | Product Manual - Page 200
Troubleshooting Wireless Connectivity • Check the Transmission Power parameter in the WLAN's advanced settings (see Manually firewall supports XR (Extended Range) technology. For best range, enable XR mode in the WLAN's advanced settings (see Manually to this problem lies in see Manually Configuring - D-Link DFL-CPG310 | Product Manual - Page 201
Troubleshooting Wireless Connectivity In addition, try setting the Fragmentation Threshold parameter in the WLAN's advanced settings (see Manually the section about reception problems. Better reception means better speed. • Check that all your wireless stations support the wireless standard you are - D-Link DFL-CPG310 | Product Manual - Page 202
- D-Link DFL-CPG310 | Product Manual - Page 203
Monitor 191 Viewing Computers 194 Viewing Connections 197 Viewing Wireless Statistics 198 Viewing the Event Log You can track setup that you have made yourself or as a result of a security update implemented by your Service Center. Red Connection attempts that were blocked by your firewall - D-Link DFL-CPG310 | Product Manual - Page 204
marked by a lock icon in the VPN column. This information is useful for troubleshooting. You can export the logs to an *.xls (Microsoft Excel) file, and then store it for analysis purposes or send it to technical support. Note: You can configure the NetDefend firewall to send event logs to a Syslog - D-Link DFL-CPG310 | Product Manual - Page 205
the attacker's details, by clicking on the IP address of the attacking machine. The NetDefend firewall queries the Internet WHOIS server, and a window displays the name of the entity to whom Refresh. 4. To save the displayed events to an *.xls file: a. Click Save. Chapter 8: Viewing Reports 189 - D-Link DFL-CPG310 | Product Manual - Page 206
of your choice. d. Type a name for the configuration file and click Save. The *.xls file is created and saved to the specified directory. 5. To clear all displayed events: a. Click Clear. A confirmation message appears. b. Click OK. All events are cleared. 190 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 207
Table 27: Traffic Monitor Color Coding for Networks Traffic marked in this color... Indicates... Blue VPN-encrypted traffic Red Traffic blocked by the firewall Green Traffic accepted by the firewall You can export a detailed traffic report for all enabled networks and all defined QoS classes - D-Link DFL-CPG310 | Product Manual - Page 208
QoS classes. For information on enabling Traffic Shaper see Using Internet Setup on page 63. The selected report appears in the Traffic Monitor Refresh. 4. To clear all traffic reports, click Clear. Note: The firewall blocks broadcast packets used during the normal operation of your network. This - D-Link DFL-CPG310 | Product Manual - Page 209
. The Traffic Monitor Settings page appears. 3. In the Sample monitoring data every field, type the interval (in seconds) at which the NetDefend firewall should collect traffic data. The default value is one sample every 1800 seconds (30 minutes). 4. Click Apply. Chapter 8: Viewing Reports 193 - D-Link DFL-CPG310 | Product Manual - Page 210
menu, and click the Traffic Monitor tab. The Traffic Monitor page appears. 2. Click Export. A standard File Download dialog box appears. 3. Click Save. The Save As dialog box appears. 4. Browse to a destination main menu, and click the Active Computers tab. 194 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 211
. If you are using the DFL-CPG310, the wireless stations are shown. For information on viewing statistics for these computers, see Viewing Wireless Statistics on page 198. If a wireless station has been blocked from accessing the Internet through the NetDefend firewall, the reason why it was blocked - D-Link DFL-CPG310 | Product Manual - Page 212
they are protected by the firewall. Note: To increase the number of computers allowed by your license, you can upgrade your product. For further information, see Upgrading Your Software Product on page 379 of nodes used. b. Click Close to close the window. 196 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 213
in the table below. 2. To refresh the display, click Refresh. 3. To view information on the destination machine, click its IP address. The NetDefend firewall queries the Internet WHOIS server, and a window displays the name of the entity to which the IP address is registered and their contact - D-Link DFL-CPG310 | Product Manual - Page 214
by VStream Antivirus. Viewing Wireless Statistics If your WLAN is enabled, you can view wireless statistics for the WLAN or for individual wireless stations. To view statistics for the WLAN 1. Click Reports in the main menu, and click the Wireless tab. 198 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 215
, click Refresh. Table 29: WLAN Statistics This field... Displays... Wireless Mode The operation mode used by the WLAN, followed by the transmission rate in Mbps MAC Address The MAC address of the NetDefend firewall's WLAN interface Domain The NetDefend access point's region Country The - D-Link DFL-CPG310 | Product Manual - Page 216
to each wireless station: • The signal strength in dB • A bar chart representing the signal strength 2. Mouse-over the information icon next to the wireless station. A tooltip displays statistics for the wireless station, as described in the table below. 200 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 217
. For more information, see Basic WLAN Settings Fields on page 168. XR Indicates whether the wireless client supports Extended Range (XR) mode. Possible values are: • yes. The wireless client supports XR mode. • no. The wireless client does not support XR mode. Chapter 8: Viewing Reports 201 - D-Link DFL-CPG310 | Product Manual - Page 218
Viewing Wireless Statistics This field... Displays... Cipher The security protocol used for the connection with the wireless client. For more information, see Wireless Security Protocols on page 163. 202 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 219
Web Filtering and Email Filtering. For information on subscribing to services, see Using Subscription Services on page 281. This chapter includes the following topics: Default Security Policy 203 Setting the Firewall Security Level 204 Configuring Servers 207 Using Rules 209 Using SmartDefense - D-Link DFL-CPG310 | Product Manual - Page 220
user-defined firewall rules. For further information, see Using Rules on page 209. Setting the Firewall Security Level The firewall security level can be controlled using a simple lever available on the Firewall page. You can set the lever to three states. 204 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 221
incoming connections, NetDefend firewall IP address, outgoing connections. This is the default level and is recommended for most allowed to the Internet except for Windows file sharing (NBT ports 137, 138, 139 , newsgroups, Telnet, DNS, IPSEC IKE and VPN traffic. Note: If the security policy is - D-Link DFL-CPG310 | Product Manual - Page 222
Level Note: The definitions of firewall security levels provided in this table represent the NetDefend firewall's default security policy. Security updates downloaded from a Service Center may alter this policy and change these definitions. To change the firewall security level 1. Click Security in - D-Link DFL-CPG310 | Product Manual - Page 223
set up your own Web server, Mail server or FTP server. Note: Configuring servers allows you to create simple Allow and Forward rules for common services, and it is equivalent to creating Allow and Forward rules in the Rules page. For information on creating rules, see Using Rules on page 209 - D-Link DFL-CPG310 | Product Manual - Page 224
of services and a host IP address for each allowed service. 2. In the desired service or application's row, click Clear. The Host IP field of the desired service is cleared. 3. Click Apply. The service or application is not allowed on the specific host. 208 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 225
of the employees will not be able to access any sensitive information on the accounting department computers. You can override the default security policy rules, by creating firewall rules that allow specific DMZ computers (such a manager's computer) to connect to the LAN network and the accounting - D-Link DFL-CPG310 | Product Manual - Page 226
Rules table than the first rule. In the figure below, the general rule is rule number 2, and the exception is rule number 1. The NetDefend firewall will process rule 1 first, allowing outgoing FTP traffic from the specified IP address, and only then it will process rule 2, blocking all outgoing FTP - D-Link DFL-CPG310 | Product Manual - Page 227
Using Rules Table 33: Firewall Rule Types Rule Description Allow and Forward This rule type enables you to do the following: • Permit incoming access from the Internet to a specific service in your internal network. • Forward all such connections to a specific computer in your network. • - D-Link DFL-CPG310 | Product Manual - Page 228
service on the Internet. Note: You can allow outgoing connections for services that are not permitted by the default network or VPN uses Hide service on the Internet. • Block incoming access from the Internet to a specific service in your internal network. 212 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 229
Adding and Editing Rules To add or edit a rule 1. Click Security in the main menu, and click the Rules tab. The Rules page appears. Using Rules 2. Do one of the following: • To add a new rule, click Add Rule. • To edit an existing rule, click the Edit icon next to the desired rule. Chapter 9: - D-Link DFL-CPG310 | Product Manual - Page 230
Step 1: Rule Type dialog box displayed. 3. Select the type of rule you want to create. 4. Click Next. The Step 2: Service dialog box appears. The example below shows an Allow rule. 5. Complete the fields using the relevant information in the table below. 214 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 231
7. Complete the fields using the relevant information in the table below. The Step 4: Done dialog box appears. 8. Click Finish. The new rule appears in the Firewall Rules page. Chapter 9: Setting Your Security Policy 215 - D-Link DFL-CPG310 | Product Manual - Page 232
connections you want to allow/block. To specify an IP address, select Specified IP and type the desired IP address in the filed provided. To specify an IP address range, select Specified Range and type the desired IP address range in the fields provided. 216 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 233
except the NetDefend Portal and network printers, select ANY. Quality of Service class Select the QoS class to which you want to assign the Select this option to log the specified blocked or allowed connections. By default, accepted connections are not logged, and blocked connections are logged. - D-Link DFL-CPG310 | Product Manual - Page 234
, click . The button changes to and the rule is enabled. • To disable the rule, click . The button changes to and the rule is disabled. 218 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 235
Changing Rules' Priority Using Rules To change a rule's priority 1. Click Security in the main menu, and click the Rules tab. The Rules page appears. 2. Do one of the following: • Click next to the desired rule, to move the rule up in the table. • Click next to the desired rule, to move the rule - D-Link DFL-CPG310 | Product Manual - Page 236
Using SmartDefense Using SmartDefense The NetDefend firewall includes Check Point SmartDefense Services, based on Check Point Application -Peer (P2P) file sharing, file-sharing operations, and File Transfer Protocol (FTP) uploading, among others. 220 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 237
and the nodes it contains, see SmartDefense Categories on page 224. Each node represents an attack type, a sanity check, or a protocol or service that is vulnerable to attacks. To control how SmartDefense handles an attack, you must configure the relevant node's settings. Chapter 9: Setting Your - D-Link DFL-CPG310 | Product Manual - Page 238
the icon next to it. • To collapse a category, click the icon next to it. 2. Expand the relevant category, and click on the desired node. 222 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 239
information in SmartDefense Categories on page 224. b) Click Apply. 4. To reset the node to its default values: a) Click Default. A confirmation message appears. b) Click OK. The fields are reset to their default values, and your changes are saved. Chapter 9: Setting Your Security Policy 223 - D-Link DFL-CPG310 | Product Manual - Page 240
on page 251 • Peer to Peer on page 252 • Instant Messengers on page 254 Denial of Service Denial of Service (DoS) attacks are aimed at overwhelming the target with spurious data, to the point where it is some computers to allocate too much memory and crash. 224 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 241
this... Action Specify what action to take when a Teardrop attack occurs, by selecting one of the following: • Block. Block the attack. This is the default. • None. No action. Track Specify whether to log Teardrop attacks, by selecting one of the following: • Log. Log the attack. This is the - D-Link DFL-CPG310 | Product Manual - Page 242
Ping of Death attack occurs, by selecting one of the following: • Block. Block the attack. This is the default. • None. No action. Track Specify whether to log Ping of Death attacks, by selecting one of the reply to itself and either reboots or crashes. 226 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 243
. Log the attack. This is the default. • None. Do not log the attack. Non-TCP Flooding Advanced firewalls maintain state information about connections in a State firewall State table is quickly filled up. This prevents the firewall from accepting new connections and results in a Denial of Service - D-Link DFL-CPG310 | Product Manual - Page 244
Non-TCP Traffic threshold, by selecting one of the following: • Log. Log the connections. • None. Do not log the connections. This is the default. Type the maximum percentage of state table capacity allowed for non-TCP connections. The default value is 0%. 228 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 245
Using SmartDefense IP and ICMP This category allows you to enable various IP and ICMP protocol tests, and to configure various protections against IP and ICMP-related attacks. It includes the following: • Packet Sanity on page 229 • Max Ping Size on page 231 • IP Fragments on page 232 • Network - D-Link DFL-CPG310 | Product Manual - Page 246
. The NetDefend firewall will drop packets that fail the UDP length verification check. • False. Do not disable relaxed UDP length verification. The NetDefend firewall will not drop packets that fail the UDP length verification check. This is the default. 230 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 247
take when an ICMP echo response exceeds the Max Ping Size threshold, by selecting one of the following: • Block. Block the request. This is the default. • None. No action. Specify whether to log ICMP echo responses that exceed the Max Ping Size threshold, by selecting one of the following: • Log - D-Link DFL-CPG310 | Product Manual - Page 248
ICMP echo response. The default value is 1500. IP Fragments When an IP packet is too big to be transported by a network link, it is split into several not always possible to detect such an attack. Therefore, the NetDefend firewall always reassembles all the fragments of a given IP packet, before - D-Link DFL-CPG310 | Product Manual - Page 249
number of fragmented packets allowed. Packets Incomplete Packets exceeding this threshold will be dropped. The default value is 300. Timeout for Discarding Incomplete Packets When the NetDefend firewall receives packet fragments, it waits for additional fragments to arrive, so that it can - D-Link DFL-CPG310 | Product Manual - Page 250
establishing a very large number of connections per second. To protect against Denial Of Service (DoS) attacks, Network Quota enforces a limit upon the number of connections per Log the connections. This is the default. • None. Do not log the connections. 234 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 251
Max. Connections/Second from Same Source IP Type the maximum number of network connections allowed per second from the same source IP address. The default value is 100. Set a lower threshold for stronger protection against DoS attacks. Note: Setting this value too low can lead to false alarms - D-Link DFL-CPG310 | Product Manual - Page 252
by default. When a Cisco IOS device is sent a specially crafted sequence of IPv4 packets (with protocol type 53 - SWIPE, 55 - IP Mobility, 77 Sun ND, or 103 - Protocol Independent Multicast - PIM), the router will stop processing inbound traffic on that interface. 236 D-Link NetDefend firewall - D-Link DFL-CPG310 | Product Manual - Page 253
by selecting one of the following: • Log. Log the attack. This is the default. • None. Do not log the attack. Number of Hops to Protect Type the number of hops from the enforcement module that Cisco routers should be protected. The default value is 10. Chapter 9: Setting Your Security Policy 237 - D-Link DFL-CPG310 | Product Manual - Page 254
is received, by selecting one of the following: • Block. Drop the packet. This is the default. • None. No action. Null Payload Some worms, such as Sasser, use ICMP echo request packets : • Block. Block the packets. This is the default. • None. No action. 238 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 255
one of the following: • Log. Log the packets. This is the default. • None. Do not log the packets. TCP This category allows you to In normal conditions, out-of-state TCP packets can occur after the firewall restarts, since connections which were established prior to the reboot are unknown. This - D-Link DFL-CPG310 | Product Manual - Page 256
one of the following: • Block. Block the packets. • None. No action. This is the default. Specify whether to log null payload ping packets, by selecting one of the following: • Log. Log the packets. This is the default. • None. Do not log the packets. 240 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 257
is smaller than the Minimal MTU Size threshold, by selecting one of the following: • Block. Block the packet. • None. No action. This is the default. Specify whether to issue logs for packets are smaller than the Minimal MTU Size threshold, by selecting one of the following: • Log. Issue logs. This - D-Link DFL-CPG310 | Product Manual - Page 258
large value might degrade performance and cause legitimate requests to be dropped. The default value is 300. Port Scan An attacker can perform a port scan to determine can configure how the NetDefend firewall should react when a port scan is detected. 242 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 259
is 30, and 40 ports are accessed within a specified period of time, SmartDefense will detect the activity as a port scan. For Host Port Scan, the default value is 30. For Sweep Scan, the default value is 50. Chapter 9: Setting Your Security Policy 243 - D-Link DFL-CPG310 | Product Manual - Page 260
originating from the Internet, by from Internet only selecting one of the following: • False. Do not detect only scans from the Internet. This is the default. • True. Detect only scans from the Internet. 244 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 261
Using SmartDefense FTP This category allows you to configure various protections related to the FTP protocol. It includes the following: • FTP Bounce on page 245 • Block Known Ports on page 246 • Block Port Overflow on page 247 • Blocked FTP Commands on page 248 FTP Bounce When connecting to an FTP - D-Link DFL-CPG310 | Product Manual - Page 262
following: • Block. Block the attack. This is the default. • None. No action. Track Specify whether to log following: • Log. Log the attack. This is the default. • None. Do not log the attack. Block Known Known ports are published ports associated with services (for example, SMTP is port 25). - D-Link DFL-CPG310 | Product Manual - Page 263
attempts to connect to a well-known port, by selecting one of the following: • Block. Block the connection. • None. No action. This is the default. Block Port Overflow FTP clients send PORT commands when connecting to the FTP sever. A PORT command consists of a series of numbers between 0 and 255 - D-Link DFL-CPG310 | Product Manual - Page 264
255, by selecting one of the following: • Block. Block the PORT command. This is the default. • None. No action. Blocked FTP Commands Some seldom-used FTP commands may compromise FTP server will be blocked. FTP command blocking is enabled by default. 248 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 265
FTP command blocking is enabled or disabled. Microsoft Networks This category includes File and Print Sharing. Microsoft operating systems and Samba clients rely on Common Internet File System (CIFS), a protocol for sharing files and printers. However, this protocol is also widely used by worms as - D-Link DFL-CPG310 | Product Manual - Page 266
the attack. • None. Do not log the attack. This is the default. Select the worm patterns to detect. Patterns are matched against file names (including file paths but excluding the disk share name) that the client is trying to read or write from the server. 250 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 267
the IGMP protocol. IGMP is used by hosts and routers to dynamically register and discover multicast group membership. Attacks on by selecting one of the following: • Block. Block the attack. This is the default. • None. No action. Specify whether to log IGMP attacks, by selecting one of the following: - D-Link DFL-CPG310 | Product Manual - Page 268
is the default. • downloads, but also search operations. This category includes the following nodes: • KaZaA • Gnutella • eMule • BitTorrent Note: SmartDefense can detect peer-to-peer traffic regardless of the TCP port being used to initiate the session. 252 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 269
action to take when a connection is attempted, by selecting one of the following: • Block. Block the connection. • None. No action. This is the default. Track Specify whether to log peer-to-peer connections, by selecting one of the following: • Log. Log the connection. • None. Do not log the - D-Link DFL-CPG310 | Product Manual - Page 270
initiate the session. In each node, you can configure how instant messaging connections of the selected type should be handled, using the table below. 254 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 271
action to take when a connection is attempted, by selecting one of the following: Track • Block. Block the connection. • None. No action. This is the default. Specify whether to log instant messenger connections, by selecting one of the following: • Log. Log the connection. • None. Do not log the - D-Link DFL-CPG310 | Product Manual - Page 272
you to add guest users quickly and easily. By default, guest users are given a username and password that expire in 24 hours and granted HotSpot Access permissions only. For information on adding quick guest users, see Adding Quick Guest Users on page 365. 256 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 273
the Internal VPN Server are automatically exempt from HotSpot enforcement. This allows, for example, authenticated employees to gain full access to the corporate LAN, while guest users are permitted to access the Internet only. Note: HotSpot enforcement can block traffic passing through the firewall - D-Link DFL-CPG310 | Product Manual - Page 274
the check box next to the network. • To disable Secure HotSpot for a specific network, clear the check box next to the network. 3. Click Apply. 258 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 275
Customizing Secure HotSpot Using Secure HotSpot To customize Secure HotSpot 1. Click Security in the main menu, and click the My HotSpot tab. The My HotSpot page appears. 2. Complete the fields using the information in the table below. Additional fields may appear. 3. To preview the My HotSpot - D-Link DFL-CPG310 | Product Manual - Page 276
the title that should appear on the My HotSpot page. The default title is "Welcome to My HotSpot". My HotSpot Terms Type the . My HotSpot is password protected Select this option to require users to enter their username and password before accessing the Internet Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 277
allows you to define an exposed host, which is a computer that is not protected by the firewall. This is useful for setting up a public server. It allows unlimited incoming and outgoing connections between the Internet and the exposed host computer. The exposed - D-Link DFL-CPG310 | Product Manual - Page 278
in the main menu, and click the Exposed Host tab. The Exposed Host page appears. 2. Click Clear. 3. Click Apply. No exposed host is defined. 262 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 279
266 Configuring VStream Antivirus 267 Updating VStream Antivirus 279 Overview The NetDefend firewall includes VStream Antivirus, an files for malicious content on the fly, without downloading the files into intermediate storage. This means minimal added latency and support for unlimited file - D-Link DFL-CPG310 | Product Manual - Page 280
effort" approach to detect viruses. In such cases, detection of viruses is not guaranteed and depends on the specific encoding used by the protocol. 264 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 281
service, VStream Antivirus virus signatures are automatically updated, Service Center for scanning, while VStream Antivirus scans for viruses in the gateway itself. • Email Antivirus is specific to email, scanning incoming POP3 and outgoing SMTP connections only, while VStream Antivirus supports - D-Link DFL-CPG310 | Product Manual - Page 282
the daily database empty. This system of incremental updates to the main database allows for quicker updates and saves on network bandwidth. You can view information about the VStream signature databases currently in use, in the VStream Antivirus page. 266 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 283
Daily database The date and time at which the daily database was last updated, followed by the version number. Next update The next date and time at which the NetDefend firewall will check for updates. Status The current status of the database. This includes the following statuses: • Database - D-Link DFL-CPG310 | Product Manual - Page 284
below, the general rule is rule number 2, and the exception is rule number 1. The NetDefend firewall will process rule 1 first, passing outgoing SMTP traffic from the specified IP address, and only then Antivirus should not scan traffic matching the rule. 268 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 285
Configuring VStream Antivirus Rule Scan Description This rule type enables you to specify that VStream Antivirus should scan traffic matching the rule. If a virus is found, it is blocked and logged. Adding and Editing Rules To add or edit a rule 1. Click Antivirus in the main menu, and click the - D-Link DFL-CPG310 | Product Manual - Page 286
Step 1: Rule Type dialog box displayed. 3. Select the type of rule you want to create. 4. Click Next. The Step 2: Service dialog box appears. The example below shows a Scan rule. 5. Complete the fields using the relevant information in the table below. 270 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 287
. 7. Complete the fields using the relevant information in the table below. The Step 4: Done dialog box appears. 8. Click Finish. The new rule appears in the Firewall Rules page. Chapter 10: Using VStream Antivirus 271 - D-Link DFL-CPG310 | Product Manual - Page 288
connections you want to allow/block. To specify an IP address, select Specified IP and type the desired IP address in the filed provided. To specify an IP address range, select Specified Range and type the desired IP address range in the fields provided. 272 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 289
Direction Select the direction of connections to which the rule should apply: • Download and Upload data. The rule applies to downloaded and uploaded data. This is the default. • Download data. The rule applies to downloaded data, that is, data flowing from the destination of the connection to the - D-Link DFL-CPG310 | Product Manual - Page 290
, and click the Policy tab. The Antivirus Policy page appears. 2. Click the Erase icon of the rule you wish to delete. A confirmation message appears. 274 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 291
Advanced tab. The Advanced Antivirus Settings page appears. 2. Complete the fields using the table below. 3. Click Apply. 4. To restore the default VStream Antivirus settings, do the following: a) Click Default. A confirmation message appears. b) Click OK. Chapter 10: Using VStream Antivirus 275 - D-Link DFL-CPG310 | Product Manual - Page 292
• Files with {CLSID} in their name • The following file extensions: ade, adp, bas, bat, chm, cmd,com, cpl, crt, exe, hlp, hta, inf, ins, isp, js, jse, lnk, mdb, mde, msc, msi, msp, mst, pcd, pif, reg, scr, sct, shs,shb, url, vb, vbe, vbs, wsc, wsf, wsh. 276 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 293
ASF • RealMedia • JPEG - only the header is scanned, and the rest of the file is skipped Selecting this option reduces the load on the gateway by skipping safe file types. This option is selected by default. Type the maximum number of nested content levels that VStream Antivirus should scan. Setting - D-Link DFL-CPG310 | Product Manual - Page 294
scan password-protected files inside archive. Specify how VStream Antivirus should handle such files, by selecting one of the following: • Pass file without scanning. Accept the file without scanning it. This is the default. • Block file. Block the file. 278 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 295
subscribed to the VStream Antivirus updates service, VStream Antivirus virus signatures are automatically updated, keeping security up-to-date with no need for user intervention. However, you can still check for updates manually, if needed. To update the VStream Antivirus virus signature database - D-Link DFL-CPG310 | Product Manual - Page 296
- D-Link DFL-CPG310 | Product Manual - Page 297
Center Connection 288 Configuring Your Account 288 Disconnecting from Your Service Center 289 Web Filtering 290 Automatic and Manual Updates 294 Connecting to a Service Center To connect to a Service Center 1. Click Services in the main menu, and click the Account tab. Chapter 11: Using - D-Link DFL-CPG310 | Product Manual - Page 298
Connecting to a Service Center The Account page appears. 2. In the Service Account area, click Connect. 282 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 299
box is selected. 4. Do one of the following: • To connect to the SofaWare Service Center, choose usercenter.sofaware.com. • To specify a Service Center, choose Specified IP and then in the Specified IP field, enter the desired Service Center's IP address, as given to you by your system administrator - D-Link DFL-CPG310 | Product Manual - Page 300
. Enter your gateway ID and registration key in the appropriate fields, as given to you by your service provider, then click Next. • The Connecting... screen appears. • The Confirmation dialog box appears with a list of services to which you are subscribed. 284 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 301
. Connecting to a Service Center 7. Click Finish. The following things happen: • If a new firmware is available, the NetDefend firewall may start downloading it. This may take several minutes. Once the download is complete, the NetDefend firewall restarts using the new firmware. • The Welcome - D-Link DFL-CPG310 | Product Manual - Page 302
to which you are subscribed are now available on your NetDefend firewall and listed as such on the Account page. See Viewing Services Information on page 287 for further information. • The Services submenu includes the services to which you are subscribed. 286 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 303
The Account page displays the following information about your subscription. Table 62: Account Page Fields This field... Displays... Service Center Name The name of the Service Center to which you are connected (if known). Gateway ID Your gateway ID. Subscription will end on The date - D-Link DFL-CPG310 | Product Manual - Page 304
and Automatic and Manual Updates on page 294. Refreshing Your Service Center Connection This option restarts your NetDefend firewall's connection to the Service Center and refreshes your NetDefend firewall's service settings. To refresh your Service Center connection 1. Click Services in the main - D-Link DFL-CPG310 | Product Manual - Page 305
Center, this button will not appear. Your Service Center's Web site opens. 3. Follow the on-screen instructions. Disconnecting from Your Service Center If desired, you can disconnect from your Service Center. To disconnect from your Service Center 1. Click Services in the main menu, and click the - D-Link DFL-CPG310 | Product Manual - Page 306
and subscribed to this service. Enabling/Disabling Web Filtering Note: If you are remotely managed, contact your Service Center to change these settings. To enable/disable Web Filtering 1. Click Services in the main menu, and click the Web Filtering tab. 290 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 307
, by selecting the categories. Categories marked with will remain visible, while categories marked with will be blocked and will require the administrator password for viewing. Note: If you are remotely managed, contact your Service Center to change these settings. Chapter 11: Using Subscription - D-Link DFL-CPG310 | Product Manual - Page 308
the Web Filtering service. To temporarily disable Web Filtering 1. Click Services in the main menu, and click the Web Filtering tab. The Web Filtering page appears. 2. Click Snooze. • Web Filtering is temporarily disabled for all internal network computers. 292 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 309
changes to Resume. Web Filtering • The Web Filtering Off popup window opens. 3. To re-enable the service, click Resume, either in the popup window, or on the Web Filtering page. • The service is re-enabled for all internal network computers. • If you clicked Resume in the Web Filtering page - D-Link DFL-CPG310 | Product Manual - Page 310
for software updates and installs them without user intervention. However, you can still check for updates manually, if needed. To manually check for security and software updates 1. Click Services in the main menu, and click the Software Updates tab. 294 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 311
when Locally Managed If your NetDefend firewall is locally managed, you can set it to automatically check for software updates, or you can set it so that software updates must be checked for manually. To configure software updates when locally managed 1. Click Services in the main menu, and click - D-Link DFL-CPG310 | Product Manual - Page 312
be checked for manually, drag the Automatic/Manual lever downwards. The NetDefend firewall does not check for software updates automatically. 4. To manually check for software updates, click Update Now. The system checks for new updates and installs them. 296 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 313
topics: Overview 297 Setting Up Your NetDefend firewall as a VPN Server 303 Adding and Editing VPN Sites 308 Deleting a VPN Site 340 Enabling/Disabling a VPN Site 340 Logging on to a Remote Access VPN Site 341 Logging off a Remote Access VPN Site 345 Installing a Certificate 345 Uninstalling - D-Link DFL-CPG310 | Product Manual - Page 314
the Service Center can automatically deploy VPN configuration for your appliance. Site-to-Site VPNs A Site-to-Site VPN consists of two or more Site-to-Site VPN Gateways that can communicate with each other in a bi-directional relationship. The connected 298 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 315
Overview networks function as a single network. You can use this type of VPN to mesh office branches into one corporate network. Figure 12: Site-to-Site VPN Chapter 12: Working With VPNs 299 - D-Link DFL-CPG310 | Product Manual - Page 316
, or create a PPPoE tunnel to the first VPN site, using the procedure Adding and Editing VPN Sites on page 308. b. Then enable the Remote Access VPN Server using the procedure Setting Up Your NetDefend firewall as a Remote Access VPN Server on page 303. 300 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 317
Overview Remote Access VPNs A Remote Access VPN consists of one Remote Access VPN Server or Site-to-Site VPN Gateway, and one or more Remote Access VPN Clients. You can use this type of VPN to make an office network remotely available to authorized users, such as employees working from home, who - D-Link DFL-CPG310 | Product Manual - Page 318
Access VPN Client. 2. On the office VPN site's firewall, enable the Remote Access VPN Server. See Setting Up Your NetDefend firewall as a Remote Access VPN Server on page 303. Internal VPN Server You can use your NetDefend firewall as an internal VPN Server, for enhanced wired and wireless security - D-Link DFL-CPG310 | Product Manual - Page 319
, can enhance security both for wired networks and for wireless networks, which are particularly vulnerable to security breaches. The internal VPN Server can be used in the NetDefend firewall wireless appliance, regardless of the wireless security settings. It also can be used in wired appliances - D-Link DFL-CPG310 | Product Manual - Page 320
VPN access for users. See Setting Up Remote VPN Access for Users on page 367. Note: Disabling the VPN Server for a specific type of connection (from the Internet or from internal networks) will cause all existing VPN tunnels of that type to disconnect. 304 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 321
Setting Up Your NetDefend firewall as a VPN Server Configuring the Remote Access VPN Server To configure the Remote Access VPN Server 1. Click VPN in the main menu, and click the VPN Server tab. The SecuRemote VPN Server page appears. 2. Select the Allow SecuRemote users to connect from the - D-Link DFL-CPG310 | Product Manual - Page 322
Apply. The Remote Access VPN Server is enabled for the specified connection types. Configuring the Internal VPN Server To configure the internal VPN Server 1. Click VPN in the main menu, and click the VPN Server tab. The SecuRemote VPN Server page appears. 306 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 323
and access your internal network without restriction, select the Bypass the firewall check box. Bypass NAT is always enabled for the internal VPN server, and cannot be disabled. 4. Click Apply. The internal VPN Server is enabled for the specified connection types. Installing SecuRemote If you - D-Link DFL-CPG310 | Product Manual - Page 324
the main menu, and click the VPN Server tab. The SecuRemote VPN Server page appears. 2. Click the Download SecuRemote VPN client link. The VPN-1 SecuRemote for NetDefend page opens in a new window. 3. Follow the online instructions to complete installation. SecuRemote is installed. For information - D-Link DFL-CPG310 | Product Manual - Page 325
The VPN Sites page appears with a list of VPN sites. Adding and Editing VPN Sites 2. Do one of the following: • To add a VPN site, click New Site. • To edit a VPN site, click Edit in the desired VPN site's row. Chapter 12: Working With VPNs 309 - D-Link DFL-CPG310 | Product Manual - Page 326
following: • Select Remote Access VPN to establish remote access from your Remote Access VPN Client to a Remote Access VPN Server. • Select Site-to-Site VPN to create a permanent bi-directional connection to another Site-to-Site VPN Gateway. 4. Click Next. 310 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 327
If you selected Remote Access VPN, the VPN Gateway Address dialog box appears. 1. Enter the IP address of the Remote Access VPN Server to which you want to connect, as given to you by the network administrator. 2. To allow the VPN site to bypass the firewall and access your internal network without - D-Link DFL-CPG310 | Product Manual - Page 328
want to obtain the VPN network configuration. Refer to VPN Network Configuration Fields on page 320. 5. Click Next. The following things happen in the order below: • If you chose Specify Configuration, a second VPN Network Configuration dialog box appears. 312 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 329
Adding and Editing VPN Sites Complete the fields using the information in VPN Network Configuration Fields on page 320 and click Next. • The Authentication Method dialog box appears. 6. Complete the fields using the information in Authentication Methods Fields - D-Link DFL-CPG310 | Product Manual - Page 330
Authentication Method If you selected Username and Password, the VPN Login dialog box appears. 1. Complete the fields using the information in VPN Login Fields on page 322. 2. Click Next. • If you selected Automatic Login, the Connect dialog box appears. 314 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 331
Do the following: 1) To try to connect to the Remote Access VPN Server, select the Try to Connect to the VPN Gateway check box. This allows you to test the VPN connection. Warning: If you try to connect to the VPN site before completing the wizard, all existing tunnels will be terminated. 2) Click - D-Link DFL-CPG310 | Product Manual - Page 332
reappears. If you added a VPN site, the new site appears in the VPN Sites list. If you edited a VPN site, the modifications are reflected in the VPN Sites list. Certificate Authentication Method If you selected Certificate, the Connect dialog box appears. 316 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 333
be terminated. 2. Click Next. If you selected Try to Connect to the VPN Gateway, the Connecting... screen appears, and then the Contacting VPN Site screen appears. The Site Name dialog box appears. 3. Enter a name for the VPN site. You may choose any name. 4. Click Next. Chapter 12: Working With - D-Link DFL-CPG310 | Product Manual - Page 334
reappears. If you added a VPN site, the new site appears in the VPN Sites list. If you edited a VPN site, the modifications are reflected in the VPN Sites list. RSA SecurID Authentication Method If you selected RSA SecurID, the Site Name dialog box appears. 318 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 335
name. 2. Click Next. The VPN Site Created screen appears. Adding and Editing VPN Sites 3. Click Finish. The VPN Sites page reappears. If you added a VPN site, the new site appears in the VPN Sites list. If you edited a VPN site, the modifications are reflected in the VPN Sites list. Chapter 12 - D-Link DFL-CPG310 | Product Manual - Page 336
through the central office, you can choose to route all traffic from the remote offices through the central office. Note: You can only configure one VPN site to route all traffic. 320 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 337
on the relevant commands for OSPF, refer to the NetDefend CLI Reference Guide. This option is only available for when configuring a Site-to-Site VPN gateway. Destination network Type up to three destination network addresses at the VPN site to which you want to connect. Subnet mask Select the - D-Link DFL-CPG310 | Product Manual - Page 338
authenticating to the VPN site, you must enter a four-digit PIN code and the SecurID passcode shown in your SecurID token's display. The RSA SecurID token generates a new passcode every minute. SecurID is only supported in Remote Access manual login mode. 322 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 339
only when the appropriate user name and password have been entered. For further information on Automatic and Manual Login, see, Logging on to a VPN Site on page 341. Automatic Login Click this option to enable the NetDefend firewall to log on to the VPN site automatically. You must then fill in - D-Link DFL-CPG310 | Product Manual - Page 340
a Site-to-Site VPN Gateway If you selected Site-to-Site VPN, the VPN Gateway Address dialog box appears. 1. Complete the fields using the information in VPN Gateway Address Fields on page 335. 2. Click Next. The VPN Network Configuration dialog box appears. 324 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 341
you want to obtain the VPN network configuration. Refer to VPN Network Configuration Fields on page 320. 4. Click Next. • If you chose Specify Configuration, a second VPN Network Configuration dialog box appears. Complete the fields using the information in VPN Network Configuration Fields on page - D-Link DFL-CPG310 | Product Manual - Page 342
Complete the fields using the information in Route Based VPN Fields on page 336, and then click Next. • The Authentication Method dialog box appears. 5. Complete the fields using the information in Authentication Methods Fields on page 337. 6. Click Next. 326 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 343
Method If you selected Shared Secret, the Authentication dialog box appears. If you chose Download Configuration, the dialog box contains additional fields. 1. Complete the fields using the information in VPN Authentication Fields on page 337 and click Next. Chapter 12: Working With - D-Link DFL-CPG310 | Product Manual - Page 344
and Editing VPN Sites The Security Methods dialog box appears. 2. To configure advanced security settings, click Show Advanced Settings. New fields appear. 3. Complete the fields using the information in Security Methods Fields on page 337 and click Next. 328 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 345
Sites 4. To try to connect to the Remote Access VPN Server, select the Try to Connect to the VPN Gateway check box. This allows you to test the VPN connection. Warning: If you try to connect to the VPN site before completing the wizard, all existing tunnels will be terminated. 5. Click Next. • If - D-Link DFL-CPG310 | Product Manual - Page 346
Name dialog box appears. 6. Enter a name for the VPN site. You may choose any name. 7. To keep the tunnel to the VPN site alive even if there is no network traffic between the NetDefend firewall and the VPN site, select Keep this site alive. 8. Click Next. 330 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 347
, and previously you chose Download Configuration, the "Keep Alive" Configuration dialog box appears. Do the following: 1) Type up to three IP addresses which the NetDefend firewall should ping in order to keep the tunnel to the VPN site alive. 2) Click Next. • The VPN Site Created screen appears - D-Link DFL-CPG310 | Product Manual - Page 348
the Authentication dialog box appears. Complete the fields using the information in VPN Authentication Fields on page 337 and click Next. • The Security Methods dialog box appears. 1. To configure advanced security settings, click Show Advanced Settings. 332 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 349
fields appear. Adding and Editing VPN Sites 2. Complete the fields using the information in Security Methods Fields on page 337 and click Next. The Connect dialog box appears. 3. To try to connect to the Remote Access VPN Server, select the Try to Connect to the VPN Gateway check box. This allows - D-Link DFL-CPG310 | Product Manual - Page 350
Name dialog box appears. 5. Enter a name for the VPN site. You may choose any name. 6. To keep the tunnel to the VPN site alive even if there is no network traffic between the NetDefend firewall and the VPN site, select Keep this site alive. 7. Click Next. 334 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 351
, and previously you chose Download Configuration, the "Keep Alive" Configuration dialog box appears. Do the following: 1) Type up to three IP addresses which the NetDefend firewall should ping in order to keep the tunnel to the VPN site alive. 2) Click Next. • The VPN Site Created screen appears - D-Link DFL-CPG310 | Product Manual - Page 352
selected by default. Bypass the firewall Select this option to allow the VPN site to bypass the firewall and access your internal network without restriction. Table 67: Route Based VPN Fields In for OSPF, refer to the NetDefend CLI Reference Guide. 336 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 353
a Certificate on page 345 for more information about certificates and instructions on how to install a certificate.) Table 69: VPN Authentication Fields In this field... Do this... Topology User Type the topology user's user name. Topology Password Use Shared Secret Type the topology user - D-Link DFL-CPG310 | Product Manual - Page 354
day). Phase 2 Security Methods Select the encryption and integrity algorithm to use for VPN traffic: • Automatic. The NetDefend firewall automatically selects the best security methods supported by the site. This is the default. • A specific algorithm 338 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 355
extreme security is required. Diffie-Hellman group Select the Diffie-Hellman group to use: • Automatic. The NetDefend firewall automatically selects a group. This is the default. • A specific group A group with more bits ensures a stronger key but lowers performance. Renegotiate every Type the - D-Link DFL-CPG310 | Product Manual - Page 356
VPN Sites tab. The VPN Sites page appears, with a list of VPN sites. 2. To enable a VPN site, do the following: a. Click the icon in the desired VPN site's row. A confirmation message appears. b. Click OK. The icon changes to , and the VPN site is enabled. 340 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 357
Click OK. The icon changes to , and the VPN site is disabled. Logging on to a Remote Access VPN Site You need to manually log on to Remote Access VPN Servers configured for Manual Login. You do not need to manually log on to a Remote Access VPN Server configured for Automatic Login or a Site-to-Site - D-Link DFL-CPG310 | Product Manual - Page 358
Login tab. The VPN Login page appears. 2. From the Site Name list, select the site to which you want to log on. Note: Disabled VPN sites will not appear in the Site Name list. 3. Type your user name and password in the appropriate fields. 4. Click Login. 342 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 359
Login Status box remains open until you manually log off the VPN site. Logging on through the my.vpn page Note: You don't need to know the my.firewall page administrator's password in order to use the my.vpn page. To manually log on to a VPN site through the my.vpn page 1. Direct your Web browser to - D-Link DFL-CPG310 | Product Manual - Page 360
Login Status box appears. The Status field tracks the connection's progress. • Once the NetDefend firewall has finished connecting, the Status field changes to "Connected". • The VPN Login Status box remains open until you manually log off of the VPN site. 344 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 361
a Remote Access VPN Site Logging off a Remote Access VPN Site You need to manually log off a VPN site, if it is a Remote Access VPN site configured for Manual Login. To log off a VPN site • In the VPN Login Status box, click Logout. All open tunnels from the NetDefend firewall to the VPN site are - D-Link DFL-CPG310 | Product Manual - Page 362
generated and downloaded to your appliance. In this case, there is no need to generate a self-signed certificate. Generating a Self-Signed Certificate To generate a self-signed certificate 1. Click VPN in the main menu, and click the Certificate tab. 346 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 363
The Certificate page appears. Installing a Certificate 2. Click Install Certificate. The NetDefend Certificate Wizard opens, with the Certificate Wizard dialog box displayed. 3. Click Generate a self-signed security certificate for this gateway. Chapter 12: Working With VPNs 347 - D-Link DFL-CPG310 | Product Manual - Page 364
Create Self-Signed Certificate dialog box appears. 4. Complete the fields using the information in the table below. 5. Click Next. The NetDefend firewall generates the certificate. This may take a few seconds. The Done dialog box appears, displaying the certificate's details. 6. Click Finish. 348 - D-Link DFL-CPG310 | Product Manual - Page 365
Installing a Certificate The NetDefend firewall installs the certificate. If a certificate is already installed, it is overwritten. The Certificate Wizard closes. The Certificates dates between which the gateway's certificate and the CA's certificate are valid Chapter 12: Working With VPNs 349 - D-Link DFL-CPG310 | Product Manual - Page 366
renew the certificate when it expires. Importing a Certificate To install a certificate 1. Click VPN in the main menu, and click the Certificate tab. The Certificate page appears. 2. box displayed. 3. Click Import a security certificate in PKCS#12 format. 350 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 367
from which to locate and select the file. The filename that you selected is displayed. 5. Click Next. The Import-Certificate Passphrase dialog box appears. This may take a few moments. 6. Type the pass-phrase you received from the network security administrator. Chapter 12: Working With VPNs 351 - D-Link DFL-CPG310 | Product Manual - Page 368
VPN site currently defined to use certificate authentication. Note: If you want to replace a currently installed certificate, there is no need to uninstall the certificate first. When you install the new certificate, the old certificate will be overwritten. 352 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 369
with the site, the tunnel will be reestablished. • Remote Access VPN sites configured for Manual Login A tunnel is created whenever your computer attempts any kind of communication with a computer at the VPN site, after you have manually logged on to the site. All open tunnels connecting to the - D-Link DFL-CPG310 | Product Manual - Page 370
in the table below. 2. To refresh the table, click Refresh. Table 72: VPN Tunnels Page Fields This field... Displays... Type The currently active security protocol (IPSEC). . The entity's type is indicated by an icon. See VPN Tunnel Icons on page 355. 354 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 371
: Encryption type/Authentication type Note: All VPN settings are automatically negotiated between the two sites. The encryption and authentication schemes used for the connection are the strongest of those used at the two sites. Your NetDefend firewall supports AES, 3DES, and DES encryption schemes - D-Link DFL-CPG310 | Product Manual - Page 372
stored IKE traces 1. Click Reports in the main menu, and click the VPN Tunnels tab. The VPN Tunnels page appears with a table of open tunnels to VPN sites. 2. Click Clear IKE Trace. All IKE trace data currently stored on the NetDefend firewall is cleared. 356 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 373
problems. For information on when and how VPN tunnels are established, see Viewing VPN Tunnels on page 353. 2. Click Reports in the main menu, and click the VPN Tunnels tab. The VPN Tunnels page appears with a table of open tunnels to VPN sites. 3. Click Save IKE Trace. A standard File Download - D-Link DFL-CPG310 | Product Manual - Page 374
- D-Link DFL-CPG310 | Product Manual - Page 375
13 Managing Users This chapter describes how to manage NetDefend firewall users. You can define multiple users, set their passwords, and assign them various permissions. This chapter includes the following topics: Changing Your Password 359 Adding and Editing Users 361 Adding Quick Guest HotSpot - D-Link DFL-CPG310 | Product Manual - Page 376
Changing Your Password The Internal Users page appears. 2. In the row of your username, click Edit. The Account Wizard opens displaying the Set User Details dialog box. 3. Edit the Password and Confirm password fields. 360 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 377
5 to 25 characters (letters or numbers) for the new password. 4. Click Next. The Set User Permissions dialog box appears. users. For information on quickly adding guest HotSpot users via a shortcut that the NetDefend firewall provides, see Adding Quick Guest HotSpot Users on page 365. To add or edit - D-Link DFL-CPG310 | Product Manual - Page 378
opens displaying the Set User Details dialog box. 3. Complete the fields using the information in Set User Details Fields on page 363. 4. Click Next. 362 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 379
Users The options that appear on the page are dependant on the software and services you are using. 5. Complete the fields using the information in Set User Permissions Username Enter a username for the user. Password Enter a password for the user. Use five to 25 characters (letters or numbers) for the - D-Link DFL-CPG310 | Product Manual - Page 380
level to technical support personnel who need to view the Event Log. The default level is No Access. The "admin" user's Administrator Level (Read/Write) cannot be changed. VPN Remote Access Select this option to allow the user to connect to this NetDefend firewall using their VPN client. For - D-Link DFL-CPG310 | Product Manual - Page 381
service is DFL-CP310 with Power Pack. Adding Quick Guest HotSpot Users The NetDefend firewall default, the quick guest user has the following characteristics: • Username in the format guest, where is a unique three-digit number. For example: guest123 • Randomly generated password - D-Link DFL-CPG310 | Product Manual - Page 382
. The guest user is saved. You can edit the guest user's details and permissions using the procedure Adding and Editing Users on page 361. 366 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 383
A confirmation message appears. b) Click OK. The expired users are deleted. Setting Up Remote VPN Access for Users If you are using your NetDefend firewall as a Remote Access VPN Server or as an internal VPN Server, you can allow users to access it remotely through their Chapter 13: Managing Users - D-Link DFL-CPG310 | Product Manual - Page 384
the NetDefend Portal, the NetDefend firewall sends the entered user name and password to the RADIUS server. The server then checks whether the RADIUS database contains a matching user name and password pair. If so, then the user is logged on. By default, all RADIUS-authenticated users are assigned - D-Link DFL-CPG310 | Product Manual - Page 385
Using RADIUS Authentication server for a specific user, the gateway will use the default permission set for this user. To use RADIUS authentication 1. Click Users in the main menu, and click the RADIUS tab. The RADIUS page appears. 2. Complete - D-Link DFL-CPG310 | Product Manual - Page 386
to host the service. To clear the text box, click Clear. Port Type the port number on the RADIUS server's host computer. The default port number is 1812. Shared Secret Type the shared secret to use for secure communication with the RADIUS server. 370 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 387
JohnS" attempts to log on to the NetDefend Portal, the NetDefend firewall will send the RADIUS server an authentication request with the username " time in seconds between attempts to communicate with the RADIUS server. The default value is 3 seconds. If the RADIUS VSA (Vendor-Specific Attribute) - D-Link DFL-CPG310 | Product Manual - Page 388
option only appears if the Web Filtering service is defined. Select this option to allow the user to access the My HotSpot page. This option only appears in DFL-CP310 with Power Pack. Configuring the RADIUS Vendor-Specific Attribute For detailed instructions and examples, refer to the "Configuring - D-Link DFL-CPG310 | Product Manual - Page 389
the user can access the network from a Remote Access VPN Client. String true. The user can remotely access the network via VPN. false. The user cannot remotely access the network via VPN. This permission is only relevant if the NetDefend Remote Access VPN Server is enabled. The gateway must have - D-Link DFL-CPG310 | Product Manual - Page 390
Filtering. String true. The user can override Web Filtering. false. The user cannot override Web Filtering. This permission is only relevant if the Web Filtering service is enabled. 374 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 391
415 Resetting the NetDefend firewall to Defaults 418 Running Diagnostics 421 Rebooting the NetDefend firewall 422 Viewing Firmware Status The firmware is the software program embedded in the NetDefend firewall. You can view your current firmware version and additional details. Chapter - D-Link DFL-CPG310 | Product Manual - Page 392
example... WAN MAC Address The MAC address used for the Internet connection 00:80:11:22:33:44 Firmware Version The current version of the 6.0 firmware Installed Product The licensed software and the number of allowed nodes NetDefend unlimited nodes 376 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 393
on page 281. If you are not subscribed to the Software Updates service, you must update your firmware manually. To update your NetDefend firmware manually 1. Click Setup in the main menu, and click the Firmware tab. The Firmware page appears. 2. Click Firmware Update. Chapter 14: Maintenance 377 - D-Link DFL-CPG310 | Product Manual - Page 394
. Your NetDefend firewall firmware is updated. Updating may take a few minutes, during which time the PWR/SEC LED may start flashing red or orange. Do not power off the appliance. At the end of the process the NetDefend firewall restarts automatically. 378 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 395
To purchase the Power Pack or node upgrades, contact your NetDefend firewall provider. To upgrade your product, you must install the new Product Key. To install a Product Key 1. Click Setup in the main menu, and click the Firmware tab. The Firmware page appears. 2. Click Upgrade Product. Chapter 14 - D-Link DFL-CPG310 | Product Manual - Page 396
Upgrading Your Software Product The NetDefend Licensing Wizard opens, with the Install Product Key dialog box displayed. 3. Click Enter a field, enter the new Product Key. 5. Click Next. The Installed New Product Key dialog box appears. 6. Click Next. 380 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 397
The first Registration dialog box appears. Upgrading Your Software Product 7. Do one of the following: • To register your NetDefend firewall later on, clear the I want to register my product check box and then click Next. • To register your NetDefend firewall now, do the following: 1) Click Next. - D-Link DFL-CPG310 | Product Manual - Page 398
2) Enter your contact information in the appropriate fields. 3) To receive email notifications regarding new firmware versions and services, select the check box. 4) Click Next. The Registration... screen appears. The third Registration dialog box appears. 382 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 399
Your NetDefend firewall is restarted and the Welcome page appears. Registering Your NetDefend firewall If you want to activate your warranty and optionally receive notifications of new firmware versions and services, you must register your NetDefend firewall. Privacy Statement: D-Link is committed - D-Link DFL-CPG310 | Product Manual - Page 400
tools for managing your logs. Note: Kiwi Syslog Daemon is freeware and can be downloaded from http://www.kiwisyslog.com. For technical support, contact Kiwi Enterprises. To configure Syslog logging 1. Click Setup in the main menu, and click the Logging tab. 384 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 401
network computers), or click This Computer to allow your computer to host the service. Clear Click to clear the Syslog Server field. Syslog Port Type the port number of the Syslog server. Default Click to reset the Syslog Port field to the default (port 514 UDP). Chapter 14: Maintenance 385 - D-Link DFL-CPG310 | Product Manual - Page 402
Using the NetDefend Portal on page 386. • Using a console connected to the NetDefend firewall. For information, see Using the Serial Console on page 388. • Using an SSH via the NetDefend Portal 1. Click Setup in the main menu, and click the Tools tab. 386 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 403
The Tools page appears. Controlling the Appliance via the Command Line 2. Click Command. The Command Line page appears. 3. In the upper field, type a command. Chapter 14: Maintenance 387 - D-Link DFL-CPG310 | Product Manual - Page 404
supported commands using the command help. For information on all commands, refer to the NetDefend CLI Reference Guide. 4. Click Go. The command is implemented. Using the Serial Console You can connect a console to the NetDefend firewall serial console to your NetDefend firewall's serial port, using - D-Link DFL-CPG310 | Product Manual - Page 405
. Controlling the Appliance via the Command Line 3. In the RS232 drop-down list, select Console. 4. Click Apply. You can now control the NetDefend firewall from the serial console. For information on all supported commands, refer to the NetDefend CLI Reference Guide. Chapter 14: Maintenance 389 - D-Link DFL-CPG310 | Product Manual - Page 406
. See Access Options on page 391 for information. Warning: If remote HTTPS is enabled, your NetDefend firewall settings can be changed remotely, so it is especially important to make sure all NetDefend firewall users' passwords are difficult to guess. 390 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 407
Configuring HTTPS Note: You can use HTTPS to access the NetDefend Portal from your internal network, by surfing to https://my.firewall. If you selected IP Address Range, additional fields appear. 3. If you selected IP Address Range, enter the desired IP address range in the fields provided. 4. - D-Link DFL-CPG310 | Product Manual - Page 408
and The internal network and your VPN. VPN IP Address Range A particular range supported. To configure SSH 1. Click Setup in the main menu, and click the Management tab. The Management page appears. 2. Specify from where SSH access should be granted. 392 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 409
NetDefend firewall settings can be changed remotely, so it is especially important to make sure all NetDefend firewall users' passwords are difficult NetDefend firewall from the Internet, using an SSHv2 client. For information on all supported commands, refer to the NetDefend CLI Reference Guide. - D-Link DFL-CPG310 | Product Manual - Page 410
SNMP 1. Click Setup in the main menu, and click the Management tab. The Management page appears. 2. Specify from where SNMP access should be granted. See Access Options on page 391 for information. If you selected IP Address Range, additional fields appear. 394 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 411
Community field, type the name of the SNMP community string. SNMP clients uses the SNMP community string as a password, when connecting to the NetDefend firewall. The default value is "public". It is recommended to change this string. 5. To configure advanced SNMP settings, click Advanced. Chapter - D-Link DFL-CPG310 | Product Manual - Page 412
purposes. System Contact Type the name of the contact person. This information will be visible to SNMP clients, and is useful for administrative purposes. 396 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 413
In this field... SNMP Port Do this... Type the port to use for SNMP. The default port is 161. Setting the Time on the Appliance You set the time displayed in the NetDefend Portal during initial appliance setup. If desired, you can change the date and time using the procedure below. To - D-Link DFL-CPG310 | Product Manual - Page 414
and time, the Specify Date and Time dialog box appears. Set the date, time, and time zone in the fields provided, then click Next. 398 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 415
Setting the Time on the Appliance • If you selected Use a Time Server, the Time Servers dialog box appears. Complete the fields using the information in Time Servers Fields on page 400, then click Next. • The Date and Time Updated screen appears. 5. Click Finish. Chapter 14: Maintenance 399 - D-Link DFL-CPG310 | Product Manual - Page 416
Secondary NTP server. This field is optional. Clear Clear the field. Select your time zone Select the time zone in which you are located. 400 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 417
the Internet. Using IP Tools on page 402 Traceroute Display a list of all routers used to connect from the NetDefend firewall to a specific IP address or DNS name. Using IP Tools on page is Using Packet Sniffer on page useful troubleshooting network problems. 404 Chapter 14: Maintenance 401 - D-Link DFL-CPG310 | Product Manual - Page 418
Diagnostic Tools Using IP Tools To use an IP tool 1. Click Setup in the main menu, and click the Tools tab. The Tools page • If you selected Traceroute, the following things happen: The NetDefend firewall connects to the specified IP address or DNS name. 402 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 419
Using Diagnostic Tools The IP Tools window opens and displays a list of routers used to make the connection. • If you selected WHOIS, the following things happen: The NetDefend firewall queries the Internet WHOIS server. A window displays the name of the entity to which the IP address or DNS name is - D-Link DFL-CPG310 | Product Manual - Page 420
to capture packets from any internal network or NetDefend port. This is useful for troubleshooting network problems and for collecting data about network behavior. The NetDefend firewall saves the captured packets to a file on your computer. You can use a free protocol analyzer, such as Ethereal, to - D-Link DFL-CPG310 | Product Manual - Page 421
, and the percentage of storage space remaining on the appliance for storing the packets. 5. Click Stop to stop collecting packets. A standard File Download dialog box appears. 6. Click Save. The Save As dialog box appears. 7. Browse to a destination directory of your choice. 8. Type a name for - D-Link DFL-CPG310 | Product Manual - Page 422
from which to collect packets. The list includes the primary Internet connection, the NetDefend firewall ports, and all defined networks. Filter String Type the filter string to use for Sniffer will collect packets for all traffic on the interface. 406 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 423
Using Diagnostic Tools Filter String Syntax The following represents a list of basic filter string elements: • and on page 407 • dst on page 408 • dst port on page 408 • ether proto on page 409 • host on page 410 • not on page 410 • or on page 411 • port on page 411 • src on page 412 • src port on - D-Link DFL-CPG310 | Product Manual - Page 424
.168.10.1: dst 192.168.10.1 dst port PURPOSE The dst port element captures all packets destined for a specific port. SYNTAX dst port port 408 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 425
Using Diagnostic Tools Note: This element can be prepended by tcp or udp. For information, see tcp on page 413 and udp on page 414. PARAMETERS port EXAMPLE Integer. The port to which the packet is sent. The following filter string saves packets that are destined for port 80: dst port 80 ether - D-Link DFL-CPG310 | Product Manual - Page 426
.168.10.1 not PURPOSE The not element is used to negate filter string elements. SYNTAX not element ! element PARAMETERS element String. A filter string element. 410 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 427
Using Diagnostic Tools EXAMPLE The following filter string saves packets that are not destined for port 80: not dst port 80 or PURPOSE The or element is used to alternate between string elements. The filtered packets must match at least one of the filter string elements. SYNTAX element or element - D-Link DFL-CPG310 | Product Manual - Page 428
.168.10.1: src 192.168.10.1 src port PURPOSE The src port element captures all packets originating from a specific port. SYNTAX src port port 412 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 429
Using Diagnostic Tools Note: This element can be prepended by tcp or udp. For information, see tcp on page 413 and udp on page 414. PARAMETERS port EXAMPLE Integer. The port to which the packet is sent. The following filter string saves packets that originated from port 80: src port 80 tcp - D-Link DFL-CPG310 | Product Manual - Page 430
from or destined for a specific port. • src port - Capture all UDP packets originating from a specific port. The following filter string captures all UDP packets: 414 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 431
CLI script format and the supported CLI commands, see the NetDefend CLI Reference Guide. Exporting the NetDefend firewall Configuration Exporting the NetDefend firewall configuration creates a configuration file. To export the NetDefend firewall configuration 1. Click Setup in the main menu, and - D-Link DFL-CPG310 | Product Manual - Page 432
configuration 1. Click Setup in the main menu, and click the Tools tab. The Tools page appears. 2. Click Import. The Import Settings page appears. 3. Do one of the following: • In the Import Settings field, type the full path to the configuration file. 416 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 433
Or • Click Browse, and browse to the configuration file. 4. Click Upload. A confirmation message appears. 5. Click OK. The NetDefend firewall settings are imported. The Import Settings page displays the configuration file's content and the result of implementing each configuration command - D-Link DFL-CPG310 | Product Manual - Page 434
the Reset button (hardware) located at the back of the NetDefend firewall. To reset the NetDefend firewall to factory defaults via the Web interface 1. Click Setup in the main menu, and click the Tools tab. The Tools page appears. 2. Click Factory Settings. 418 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 435
. Resetting the NetDefend firewall to Defaults 3. To revert to the firmware version that shipped with the appliance, select the check box. 4. Click OK. • The Please Wait screen appears. • The NetDefend firewall returns to its factory defaults. • The NetDefend firewall is restarted (the PWR/SEC - D-Link DFL-CPG310 | Product Manual - Page 436
the NetDefend firewall by disconnecting the power cable and then reconnecting it, be sure to leave the NetDefend firewall disconnected for at least three seconds, or the NetDefend firewall might not function properly until you reboot it as described below. 420 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 437
technical information about your NetDefend firewall's hardware, firmware, license, network status, and Service Center. This information is useful for troubleshooting. You can export it to an *.html file and send it to technical support. To view diagnostic information 1. Click Setup in the main menu - D-Link DFL-CPG310 | Product Manual - Page 438
is not functioning properly, rebooting it may solve the problem. To reboot the NetDefend firewall 1. Click Setup in the main menu, and click the Firmware tab. The Firmware page appears. 2. Click Restart. A confirmation message appears. 3. Click OK. • The Please Wait screen appears. • The NetDefend - D-Link DFL-CPG310 | Product Manual - Page 439
USB-based printers to the appliance and share them across the network. Note: When using computers with a Windows 2000/XP operating system, the NetDefend firewall supports connecting up to four USB-based printers to the appliance. When using computers with a MAC OS-X operating system, the NetDefend - D-Link DFL-CPG310 | Product Manual - Page 440
the NetDefend firewall detected the printer, the printer is listed on the page. 4. If the printer is not listed, check that you connected the printer correctly, then click Refresh to refresh the page. 5. Write down the port number allocated to the printer. 424 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 441
Configuring Computers to Use Network Printers The port number appears in the Printer Server TCP Port field. You will need this number later, when configuring computers to use the network printer. 6. To change the port number, do the following: a. Type the desired port number in the Printer Server - D-Link DFL-CPG310 | Product Manual - Page 442
opens with the Welcome dialog box displayed. 5. Click Next. The Local or Network Printer dialog box appears. 6. Click Local printer attached to this computer. 426 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 443
Configuring Computers to Use Network Printers Note: Do not select the Automatically detect and install my Plug and Play printer check box. 7. Click Next. The Select a Printer Port dialog box appears. 8. Click Create a new port. 9. In the Type of port drop-down list, select Standard TCP/IP Port. 10. - D-Link DFL-CPG310 | Product Manual - Page 444
box appears. 12. In the Printer Name or IP Address field, type the NetDefend firewall's LAN IP address, or "my.firewall". You can find the LAN IP address in the NetDefend Portal, under Network > My box displayed. 14. Click Custom. 15. Click Settings. 428 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 445
Configuring Computers to Use Network Printers The Configure Standard TCP/IP Port Monitor dialog box opens. 16. In the Port Number field, type the printer's port number, as shown in the Printers page. 17. In the Protocol area, make sure that Raw is selected. 18. Click OK. The Add Standard TCP/IP - D-Link DFL-CPG310 | Product Manual - Page 446
in the popup menu. The printer's Properties dialog box opens. 25. In the Ports tab, in the list box, select the port you added. 430 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 447
IP address>. 26. Click OK. MAC OS-X This procedure is relevant for computers with the latest version of the MAC OS-X operating system. Note: This procedure may not apply to earlier MAC OS-X versions. To configure a computer to use a network printer 1. If the computer for which you want to enable - D-Link DFL-CPG310 | Product Manual - Page 448
Configuring Computers to Use Network Printers The System Preferences window appears. 3. Click Show All to display all categories. 4. In the Hardware area, click Print & Fax. The Print & Fax window appears. 5. In the Printing tab, click Set Up Printers. 432 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 449
IP Printing. 8. In the Printer Type drop-down list, select Socket/HP Jet Direct. 9. In the Printer Address field, type the NetDefend firewall's LAN IP address, or "my.firewall". You can find the LAN IP address in the NetDefend Portal, under Network > My Network. 10. In the Queue Name field, type - D-Link DFL-CPG310 | Product Manual - Page 450
. Click Add. The new printer appears in the Printer List window. 14. In the Printer List window, select the newly added printer, and click Make Default. 434 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 451
view network printers 1. Click Setup in the main menu, restarting. • Fail. An error occurred. See the Event Log for details (Viewing the Event T Log on page 187). T 2. To refresh the display, click Refresh. Changing Network Printer Ports When you set up a new network printer, the NetDefend firewall - D-Link DFL-CPG310 | Product Manual - Page 452
to do this if the print job has stalled. To reset a network printer 1. Click Setup in the main menu, and click the Printers tab. The Printers page appears. 2. Next to the desired printer, click Reset. The network printer's current print job is restarted. 436 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 453
the NetDefend firewall. Note: For information on troubleshooting wireless connectivity, see Troubleshooting Wireless Connectivity on page 183. T T This chapter includes the following topics: Connectivity 438 H H Service Center and Upgrades 442 H H Other Problems 443 H H Chapter - D-Link DFL-CPG310 | Product Manual - Page 454
not, check the power connection to the NetDefend firewall. • Check if the WAN LINK/ACT LED is firewall rules which block your Internet connectivity. • Check with your ISP for possible service routers. Some DSL equipment can be configured to work both ways. 438 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 455
. Note: You may need to use a crossed cable when connecting the NetDefend firewall to another hub/switch. • Try surfing to 192.168.10.1 instead of to my.firewall. Note: 192.168.10 is the default value, and it may vary if you changed it in the My Network page. Chapter 16: Troubleshooting 439 - D-Link DFL-CPG310 | Product Manual - Page 456
device that performs NAT, such as a DSL router or Wireless router, but the device will block all incoming connections from reaching your NetDefend firewall. To fix this problem, do ONE of the following. (The solutions are listed in order of preference.) 440 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 457
you really need the router. The NetDefend firewall can be used as a replacement for your router, unless you need it for some additional functionality that it provides, such as Wireless access. • If possible, disable NAT in the router. Refer to the router's documentation for instructions on how to do - D-Link DFL-CPG310 | Product Manual - Page 458
that you have exceeded the node limit. To upgrade your NetDefend firewall to support more nodes, purchase a new Product Key. Contact your reseller for upgrade information. While trying to connect to a Service Center, I received the message "The Service Center did not respond". What should I do? • If - D-Link DFL-CPG310 | Product Manual - Page 459
Problems I have forgotten my password. What should I do? Reset your NetDefend firewall to factory defaults using the Reset button as detailed in Resetting the NetDefend firewall to Defaults on page 418. T T Why are the date and time displayed incorrectly? You can adjust the time on the Setup - D-Link DFL-CPG310 | Product Manual - Page 460
- D-Link DFL-CPG310 | Product Manual - Page 461
451 H Technical Specifications Table 86: NetDefend Appliance Attributes Attribute DFL-CP310 DFL-CPG310 General Dimensions 20 x 3.1 x 15.5 cm (width x height x depth) (7.9 x 1.2 x 6.1 inches) Weight 0.69 kg (1.55 lbs) Power supply nominal All Models: 100~240VAC, input voltage, frequency - D-Link DFL-CPG310 | Product Manual - Page 462
Technical Specifications Attribute DFL-CP310 DFL-CPG310 Max. Power Consumption 8W (1.6A) Retail box dimensions 29 x 25 x 7.6 cm (width x height x depth) to +70°C - 5°C ~ 50°C 5%~90% at 25°C/ None condensed CNS1219 C6343 EN60950/ IEC60950/ cTUVus 60950 446 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 463
Attribute DFL-CP310 Technical Specifications DFL-CPG310 Quality Mean Time Between Failures (MTBF) ISO9001:2000 TL9000-HW R3.0 ISO14001 Ohsas18001: 1999 68,000 Hours at 30 ºC ISO9001:2000 TL9000-HW R3.0 ISO14001 Ohsas18001: 1999 68,000 Hours at 30 ºC Chapter 17: Specifications 447 - D-Link DFL-CPG310 | Product Manual - Page 464
Wireless Attributes Attribute DFL-CPG310 series Operation Frequency 2.412-2.484 MHz Transmission Power 79.4 mW Modulation OFDM, DSSS, 64QAM, 16QAM, QPSK, BPSK, CCK, DQPSK, DBPSK WPA Authentication Modes EAP-TLS, EAP-TTLS, PEAP (EAP-GTC), PEAP (EAP-MSCHAP V2) 448 D-Link NetDefend firewall - D-Link DFL-CPG310 | Product Manual - Page 465
(Radio Equipment and Telecommunications Terminal Equipment Directive) In accordance with the following standards: Table 88: NetDefend Appliance Standards Attribute DFL-CP310 DFL-CPG310 EMC EN 55022:1998 EN 61000-3-2: 1995 EN 61000-3-3: 1995 EN 61000-4-2:1995 EN 61000-4-3:1995 EN 61000-4-4:1995 - D-Link DFL-CPG310 | Product Manual - Page 466
CE Declaration of Conformity Attribute DFL-CP310 DFL-CPG310 EN 61000-4-8:1993 EN 61000-4-2:1995 EN 61000-4-11:1994 EN 61000-4-3:1996/A2: the Original Signed Declaration (in full conformance with EN45014), please contact SofaWare at the above address. 450 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 467
and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Shielded cables must complies with Canadian ICES-003. FCC Radiation Exposure Statement for Wireless Models This equipment complies with FCC radiation exposure limits set - D-Link DFL-CPG310 | Product Manual - Page 468
- D-Link DFL-CPG310 | Product Manual - Page 469
themselves using the public keys in the certificates. Cracking An activity in which someone breaks into someone else's computer system, bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. The end result is that whatever resides on the - D-Link DFL-CPG310 | Product Manual - Page 470
network. F Firmware Software embedded in a device. G Gateway A network point that acts as an entrance to another network. H Hacking An activity in which someone breaks into someone else's computer system, bypasses passwords or licenses in computer programs; or in D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 471
HTTP application. This directs messages to a secure port number rather than the default Web port number, and uses a public key to encrypt data HTTPS is packet with the source IP address of an internal host. The firewall can protect against IP spoofing attacks by limiting network access based on - D-Link DFL-CPG310 | Product Manual - Page 472
IP address assigned by the ISP among several PCs. Check Point FireWall-1's Stateful Inspection Network Address Translation (NAT) implementation supports hundreds of pre-defined applications, services, and protocols, more than any other firewall vendor. 456 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 473
the Internet. When any file (e-mail message, HTML file, GIF file etc.) is sent from one place to another on the Internet, the file is divided into " connector for digital transmission over ordinary phone wire. Router A router is a device that determines the next network point to which a packet - D-Link DFL-CPG310 | Product Manual - Page 474
they have arrived to forward them to you as a single file. TCP/IP TCP/IP (Transmission Control Protocol/Internet Protocol) is a communications protocol that offers a limited amount of service when messages are exchanged between computers in a network that . Unlike D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 475
privacy through the use of a tunneling protocol and security procedures. VPN tunnel A secure connection between a Remote Access VPN Client and a Remote Access VPN Server. Glossary of Terms W WLAN A WLAN is a wireless local area network protected by the NetDefend firewall. Glossary of Terms 459 - D-Link DFL-CPG310 | Product Manual - Page 476
- D-Link DFL-CPG310 | Product Manual - Page 477
8 802.1x • 161, 163 A account, configuring • 288 active computers, viewing • 194 active connections, viewing • 197 Allow and Forward rules, explained • 213 Allow rules, explained • 213 Automatic login • 341 B backup connection configuring • 90 dialup • 92 LAN or broadband • 91 Block Known Ports • - D-Link DFL-CPG310 | Product Manual - Page 478
File and Print Sharing • 249 firewall levels • 204 rule types • 211 setting security level • 204 firmware explained • 375, 454 updating manually • 377 viewing status • 375 462 FTP Bounce • 245 G gateways backup • 119 default , viewing • 356 initial login • 39 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 479
troubleshooting • 438 viewing information • 87 Internet Setup • 63 Internet Wizard • 54 IP address changing • 105 explained • 455 hiding • 107 IP Fragments • 232 IPSEC VPN , 438 upgrading • 379 link configurations, modifying • 149 logs exporting • 187 viewing • 187 M MAC address • 456 Manual Login • - D-Link DFL-CPG310 | Product Manual - Page 480
link configurations • 149 resetting to defaults • 150 viewing statuses • 146 PPTP connection • 61, 71 explained • 457 print server • 423 printers changing ports • 435 configuring computers to use • 425 resetting • 436 setting up • 424 using • 423 viewing • 435 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 481
configuring • 303, 305 explained • 297 Remote Access VPN sites • 311 reports active computers • 194 active connections • 197 Index Index event log • 187 node limit • 194 traffic • 191 viewing • 187 wireless statistics • 198 routers • 90, 119, 401, 438, 457 rules security • 209 VStream Antivirus - D-Link DFL-CPG310 | Product Manual - Page 482
software updates checking for manually • 294 explained • 294 source routing, about • 139 SSH configuring • 392 explained • 392 Stateful Inspection • 456, 457 Static NAT explained • 129 using • 130 static routes adding and editing • 139 explained • 139 using • 139 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 483
services Teardrop • 224 technical support • 14 Telstra • defaults • 160 setting up • 153 simplified • 151 using • 151 troubleshooting • 437 U UDP, explained • 458 URL, explained • 459 users adding and editing • 361 adding quick guest HotSpot • 365 managing • 359 setting up remote VPN - D-Link DFL-CPG310 | Product Manual - Page 484
• 209 ports • 35, 90 Web Filtering enabling/disabling • 290 selecting categories for • 291 snoozing • 292 temporarily disabling • 292 Welchia • 235 WEP • 161, 163 WHOIS • 401 wireless hardware • 162 wireless protocols • 163 D-Link NetDefend firewall User Guide - D-Link DFL-CPG310 | Product Manual - Page 485
Index wireless stations preparing • 182 viewing • 198 WLAN configuring • 161 defined • 459 preparing stations for • 182 troubleshooting connectivity • 183 viewing statistics for • 198 WPA • 161, 163 WPA2 • 163 WPA-PSK • 161, 163 Index 469
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
 |
 |
D-Link NetDefend firewall
Security VPN Firewall
NetDefend secured by Check Point
User Guide
Version 1.0
Revised: 01/17/2006