Home » D-Link Manuals » Networking » D-Link DFL-700 » Manual Viewer

D-Link DFL-700 Product Manual - Page 126

SYSTEM, ROUTING, Add New, Network, Subnet Mask, Proxy ARP, Apply, Example Scenario using DMZ w/out NAT

UPC - 790069264535

Add to My Manuals
Save this manual to your list of manuals

Page 126 highlights

Example Scenario using DMZ w/out NAT: An alternative method to that described in the preceding pages is to isolate publicly accessible servers to the DMZ interface with NAT disabled. This configuration requires multiple (at least 2) Public IP addresses to function, as the Firewall will assume one IP and the Server(s) will use the other(s). Configure the Static Routes: A new route must be added to inform the firewall on which interface the Public IP will reside. Navigate to SYSTEM > ROUTING in the web-based configuration of the DFL-700. Click on Add New to create a new static route. Select DMZ as the Interface. Enter the IP Address (WAN Network) you wish to forward to a server on the DMZ interface in the Network field. Select a 32-bit subnet mask from the Subnet Mask dropdown box. Be sure to have Proxy ARP enabled by checking the checkbox. Click Apply to save any changes. 126

Section	Page
Introduction	7
Features and Benefits	7
Introduction to Firewalls	7
Introduction to Local Area Networking	8
LEDs	9
Physical Connections	9
Package Contents	10
System Requirements	10
Managing D-Link DFL-700	11
Resetting the DFL-700	11
Administration Settings	12
Administrative Access	12
Add ping access to an interface	13
Add Admin access to an interface	13
Add Read-only access to an interface	14
Enable SNMP access to an interface	14
System	15
Interfaces	15
Change IP of the LAN or DMZ interface	15
WAN Interface Settings – Using Static IP	16
WAN Interface Settings – Using DHCP	16
WAN Interface Settings – Using PPPoE	17
WAN Interface Settings – Using PPTP	18
WAN Interface Settings – Using L2TP	19
WAN Interface Settings – Using BigPond	20
Traffic Shaping	20
MTU Configuration	21
Routing	22
Add a new Static Route	23
Remove a Static Route	23
Logging	24
Enable Logging	25
Enable Audit Logging	25
Enable E-mail alerting for IDS/IDP events	25
Time	26
Changing time zone	27
Using NTP to sync time	27
Setting time and date manually	27
Firewall	28
Policy	28
Policy modes	28
Action Types	28
Source and Destination Filter	28
Service Filter	29
Schedule	29
Intrusion Detection / Prevention	30
	30
Traffic Shaping	30
Add a new policy	31
Change order of policy	32
Delete policy	32
Configure Intrusion Detection	32
Configure Intrusion Prevention	33
Port mapping / Virtual Servers	34
Add a new mapping	34
Delete mapping	35
Administrative users	36
Add Administrative User	36
Change Administrative User Access level	37
Change Administrative User Password	37
Delete Administrative User	38
Users	39
The DFL-700 RADIUS Support	39
Enable User Authentication via HTTP / HTTPS	40
Enable RADIUS Support	40
Add User	41
Change User Password	41
Delete User	42
	42
Schedules	43
Add new recurring schedule	43
Add new one-time schedule	44
Services	45
Adding TCP, UDP or TCP/UDP Service	45
Adding IP Protocol	46
Grouping Services	46
Protocol-independent settings	47
VPN	48
Introduction to IPSec	48
Introduction to PPTP	48
Introduction to L2TP	49
Point-to-Point Protocol	49
Authentication Protocols	50
MPPE, Microsoft Point-To-Point Encryption	50
L2TP/PPTP Clients	51
L2TP/PPTP Servers	52
IPSec VPN between two networks	53
Creating a LAN-to-LAN IPSec VPN Tunnel	53
VPN between client and an internal network	54
	54
Creating a Roaming Users IPSec Tunnel	54
	54
Adding an L2TP/PPTP VPN Client	55
Adding an L2TP/PPTP VPN Server	55
VPN – Advanced Settings	56
Limit MTU	56
IKE Mode	56
IKE DH Group	56
PFS – Perfect Forward Secrecy	56
NAT Traversal	56
Keepalives	56
Proposal Lists	57
IKE Proposal List	57
IPSec Proposal List	57
Certificates	58
Trusting Certificates	58
Local identities	58
Certificates of remote peers	58
Certificate Authorities	58
Identities	59
Content Filtering	60
Edit the URL Global Whitelist	60
Edit the URL Global Blacklist	61
Active content handling	61
Servers	62
DHCP Server Settings	62
Enable DHCP Server	63
Enable DHCP Relay	63
Disable DHCP Server/Relay	63
DNS Relay Settings	64
Enable DNS Relayer	64
Disable DNS Relayer	64
Tools	65
Ping	65
Ping Example	65
Dynamic DNS	66
Add Dynamic DNS Settings	66
Backup	67
Exporting the DFL-700’s Configuration	67
Restoring the DFL-700’s Configuration	67
Restart/Reset	68
Restoring system settings to factory defaults	69
Upgrade	70
Upgrade Firmware	70
Upgrade IDS Signature-database	70
Status	71
System	71
Interfaces	72
VPN	73
Connections	74
DHCP Server	75
Users	76
How to read the logs	77
	77
USAGE events	77
	77
DROP events	77
CONN events	78
Step by Step Guides	79
LAN-to-LAN VPN using IPSec	80
Settings for Main office	82
LAN-to-LAN VPN using PPTP	84
Settings for Main office	86
LAN-to-LAN VPN using L2TP	90
Settings for Branch office	90
Settings for Main office	93
A more secure LAN-to-LAN VPN solution	97
Settings for Branch office	97
Settings for Main office	100
	100
Windows XP client and PPTP server	101
Settings for the Windows XP client	101
Settings for Main office	108
Windows XP client and L2TP server	111
Settings for the Windows XP client	111
Settings for Main office	113
Intrusion Detection and Prevention	115
Appendixes	118
Appendix A: ICMP Types and Codes	118
Appendix B: Common IP Protocol Numbers	120
Appendix C: Multiple Public IP addresses	121
Appendix D: HTTP Content Filtering	129
Warranty	135
Copyright Statement: No part of this publication or documentation accompanying this Product may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems, Inc., as stipulated by the United States Copyright Act of 1976. Contents are subject to change without prior notice. Copyright© 2005 by D-Link Corporation/D-Link Systems, Inc. All rights reserved.	137
	137
	137
	137
	137
	137