Product Manual
Page 2
Using PPTP 17 WAN Interface Settings - Contents Introduction 6 Features and Benefits 6 Introduction to Firewalls 6 Introduction to Local Area Networking 7 LEDs ...8 Physical Connections 8 Package Contents 9 System Requirements 9 Managing D-Link DFL-200 10 Resetting the DFL-200 10 Administration Settings 11 Administrative Access 11 Add ping access to an interface 12 Add Admin access to an interface 12 Add...
Using PPTP 17 WAN Interface Settings - Contents Introduction 6 Features and Benefits 6 Introduction to Firewalls 6 Introduction to Local Area Networking 7 LEDs ...8 Physical Connections 8 Package Contents 9 System Requirements 9 Managing D-Link DFL-200 10 Resetting the DFL-200 10 Administration Settings 11 Administrative Access 11 Add ping access to an interface 12 Add Admin access to an interface 12 Add...
Product Manual
Page 8
...Bright Green illumination indicates a valid Ethernet Link on the internal office network. LEDs Power: A solid light indicates a proper connection to page 63 for further instructions. Each LED will damage the unit. 8 WAN Port: Use this switch to reset the DFL-200 to power the device, doing so ...will flicker when that respective port. Refer to the power supply. DC Power: Use the included 5VDC 3A switching power supply to connect to indicate a functional, active system. Physical Connections COM Port: Serial Read-Only access to the firewall...
...Bright Green illumination indicates a valid Ethernet Link on the internal office network. LEDs Power: A solid light indicates a proper connection to page 63 for further instructions. Each LED will damage the unit. 8 WAN Port: Use this switch to reset the DFL-200 to power the device, doing so ...will flicker when that respective port. Refer to the power supply. DC Power: Use the included 5VDC 3A switching power supply to connect to indicate a functional, active system. Physical Connections COM Port: Serial Read-Only access to the firewall...
Product Manual
Page 9
If any of Package: • D-Link DFL-200 Firewall • Manual and CD • Quick Installation Guide • 5V/3A AC Power adapter • Straight-through CAT-5 cable • RS-232 Null Modem Cable .../IP. • Internet Explorer or Netscape Navigator, version 6.0 or above items are missing, please contact your reseller. Package Contents Contents of the above , with the DFL-200 will cause irreparable electrical damage and void the warranty for this product.
If any of Package: • D-Link DFL-200 Firewall • Manual and CD • Quick Installation Guide • 5V/3A AC Power adapter • Straight-through CAT-5 cable • RS-232 Null Modem Cable .../IP. • Internet Explorer or Netscape Navigator, version 6.0 or above items are missing, please contact your reseller. Package Contents Contents of the above , with the DFL-200 will cause irreparable electrical damage and void the warranty for this product.
Product Manual
Page 10
...a configurable timeout has been reached, otherwise the DFL-200 will continue to load and startup in default mode, i.e. After this the DFL-200 will revert to the previous configuration. with the unit powered on the LAN interface. Managing D-Link DFL-200 When a change is restarting with factory default... settings. In order to page 63. 10 Resetting the DFL-200 To reset the DFL-200 to factory default settings simply press down and hold the reset button for 15 seconds with 192.168.1.1 on . The firewall will ...
...a configurable timeout has been reached, otherwise the DFL-200 will continue to load and startup in default mode, i.e. After this the DFL-200 will revert to the previous configuration. with the unit powered on the LAN interface. Managing D-Link DFL-200 When a change is restarting with factory default... settings. In order to page 63. 10 Resetting the DFL-200 To reset the DFL-200 to factory default settings simply press down and hold the reset button for 15 seconds with 192.168.1.1 on . The firewall will ...
Product Manual
Page 22
All logging is a vital part in all network security products. The DLink DFL-200 logs activity by the firewall, is done to one or two log receivers in the menu bar, and then click Logging below it. Logging, the ability to audit decisions made by sending the log data to SYSLog recipients. The log format used for SYSLog logging is suitable for logging activity. Logging Click on System in the network. The D-Link DFL-200 provides several options for automated processing and searching. 22
All logging is a vital part in all network security products. The DLink DFL-200 logs activity by the firewall, is done to one or two log receivers in the menu bar, and then click Logging below it. Logging, the ability to audit decisions made by sending the log data to SYSLog recipients. The log format used for SYSLog logging is suitable for logging activity. Logging Click on System in the network. The D-Link DFL-200 provides several options for automated processing and searching. 22
Product Manual
Page 23
...Enable Audit Logging To start auditing all traffic through the firewall, follow the steps below to apply the settings or click Cancel to enable logging. Click the Apply button below to apply the settings or click Cancel to discard changes. The D-Link DFL-200 specifies a number of these events, such as SYSLog ...logged. It is also possible to have to fill in the SMTP server to enable auditing. Enable Logging Follow these steps to which the DFL-200 will always generate log entries. Fill in at least one as SYSLog server 2. If you have two SYSLog servers, you have E-mail ...
...Enable Audit Logging To start auditing all traffic through the firewall, follow the steps below to apply the settings or click Cancel to enable logging. Click the Apply button below to apply the settings or click Cancel to discard changes. The D-Link DFL-200 specifies a number of these events, such as SYSLog ...logged. It is also possible to have to fill in the SMTP server to enable auditing. Enable Logging Follow these steps to which the DFL-200 will always generate log entries. Fill in at least one as SYSLog server 2. If you have two SYSLog servers, you have E-mail ...
Product Manual
Page 28
...addresses to be compared to Internal Servers (click here). 28 Choose Deny to traverse the firewall. Specifies the sender span of the received packet. Leave this policy to match. Destination ...mail alert will log, e-mail an alert (if configured), and pass on the Add new link. Step 2. This name is needed for the policy. Position: Moves before given position. Source ...left blank there is needed for any authenticated user. only inspect the traffic, and if the DFL-200 detects anything it will be sent. Click on the traffic. Step 3. Action: Select Allow ...
...addresses to be compared to Internal Servers (click here). 28 Choose Deny to traverse the firewall. Specifies the sender span of the received packet. Leave this policy to match. Destination ...mail alert will log, e-mail an alert (if configured), and pass on the Add new link. Step 2. This name is needed for the policy. Position: Moves before given position. Source ...left blank there is needed for any authenticated user. only inspect the traffic, and if the DFL-200 detects anything it will be sent. Click on the traffic. Step 3. Action: Select Allow ...
Product Manual
Page 30
... rule. Step 2. Either make a custom service. Source Users/Groups: Specifies if an authenticated username is also possible to add a new mapping on the Add new link. These are read from the dropdown menu or make a list of the server that the traffic should be forwarded to Internal Servers. 30 Destination IP... the specified Pass To address. Port mapping / Virtual Servers The Port mapping / Virtual Servers configuration section is carried out. Note: Refer to Appendix C of the firewall, or enter an additional IP address to discard changes.
... rule. Step 2. Either make a custom service. Source Users/Groups: Specifies if an authenticated username is also possible to add a new mapping on the Add new link. These are read from the dropdown menu or make a list of the server that the traffic should be forwarded to Internal Servers. 30 Destination IP... the specified Pass To address. Port mapping / Virtual Servers The Port mapping / Virtual Servers configuration section is carried out. Note: Refer to Appendix C of the firewall, or enter an additional IP address to discard changes.
Product Manual
Page 32
This will see the following screen. Enter the new password twice. The first section links to change Administrative User password. Click on Firewall in the menu bar, and then click Users below to apply the settings or click Cancel to discard changes. The password can contain numbers (0-9) and ... click on the user name and you will display all the users. Follow these steps to the administrative user. Administrative users Click on the Administrator link to change the password.
This will see the following screen. Enter the new password twice. The first section links to change Administrative User password. Click on Firewall in the menu bar, and then click Users below to apply the settings or click Cancel to discard changes. The password can contain numbers (0-9) and ... click on the user name and you will display all the users. Follow these steps to the administrative user. Administrative users Click on the Administrator link to change the password.
Product Manual
Page 52
...field on the VPN page. Before a VPN tunnel with certificate based authentication can be replaced by a CA. Trusting Certificates When setting up , the firewall needs a certificate of its identity to the remote VPN peer. When using pre-shared keys, this is a list of all certificates of the ...to specify a name for the remote peer certificate and upload the certificate file. It links an identity to be told whom it can be deleted or renamed. Certificates A certificate is used for HTTPS access to the DFL-200. To add a new local identity certificate, click Add new. This is a ...
...field on the VPN page. Before a VPN tunnel with certificate based authentication can be replaced by a CA. Trusting Certificates When setting up , the firewall needs a certificate of its identity to the remote VPN peer. When using pre-shared keys, this is a list of all certificates of the ...to specify a name for the remote peer certificate and upload the certificate file. It links an identity to be told whom it can be deleted or renamed. Certificates A certificate is used for HTTPS access to the DFL-200. To add a new local identity certificate, click Add new. This is a ...
Product Manual
Page 64
...stored on the PC connected to load the new firmware and restart the device. Upgrade Firmware To upgrade the firmware of the DFL-200, obtain the latest version from D-Link. Connect to the web-based GUI, navigate to the Upgrade / Tools menu, click Browse, and choose the file name...Unit's signature-database section, and choose the file name of the newest version of the IDS signatures. Click Upload firmware image to the firewall. Upgrade IDS Signature-database To upgrade the signature-database first download the newest IDS signatures from support.dlink.com (US). After downloading the...
...stored on the PC connected to load the new firmware and restart the device. Upgrade Firmware To upgrade the firmware of the DFL-200, obtain the latest version from D-Link. Connect to the web-based GUI, navigate to the Upgrade / Tools menu, click Browse, and choose the file name...Unit's signature-database section, and choose the file name of the newest version of the IDS signatures. Click Upload firmware image to the firewall. Upgrade IDS Signature-database To upgrade the signature-database first download the newest IDS signatures from support.dlink.com (US). After downloading the...
Product Manual
Page 115
...one for each public IP mapping to each private Server) Routing configuration: Static Route Configuration for each public IP we need to create the following firewall settings: - The Subnet Mask should be forwarded to. The above static route configuration explicitly defines the interface that the Internal Server is connected ...of the Web-based configuration. Specify the Public IP to be set to create the first static route. Select the Add New link to 255.255.255.255 (1-host). Select the Interface that the additional Public IP address should be forwarded in the Network field.
...one for each public IP mapping to each private Server) Routing configuration: Static Route Configuration for each public IP we need to create the following firewall settings: - The Subnet Mask should be forwarded to. The above static route configuration explicitly defines the interface that the Internal Server is connected ...of the Web-based configuration. Specify the Public IP to be set to create the first static route. Select the Add New link to 255.255.255.255 (1-host). Select the Interface that the additional Public IP address should be forwarded in the Network field.
Product Manual
Page 116
Specify the Public IP to create the second static route. NOTE: Be sure to enable Proxy ARP for both routes or the Firewall will not forward traffic destined for a Server on the DMZ: Navigate to the SYSTEM tab, then the ROUTING page of the Web-based configuration. Enable ... addresses to Internal servers. 116 Select the Interface that the additional Public IP address should be forwarded in the Network field. Select the Add New link to be set to (LAN or DMZ). The above static route configuration explicitly defines the interface that the Internal Server is connected to 255.255...
Specify the Public IP to create the second static route. NOTE: Be sure to enable Proxy ARP for both routes or the Firewall will not forward traffic destined for a Server on the DMZ: Navigate to the SYSTEM tab, then the ROUTING page of the Web-based configuration. Enable ... addresses to Internal servers. 116 Select the Interface that the additional Public IP address should be forwarded in the Network field. Select the Add New link to be set to (LAN or DMZ). The above static route configuration explicitly defines the interface that the Internal Server is connected to 255.255...
Product Manual
Page 117
... custom). Configure Port Mapping/Virtual Server Rules for LAN Server: Virtual Server Configuration for DMZ Server: Click the Add New link to save the configuration. Configure Port Mapping/Virtual Server Rules for a Server on the LAN: Navigate to the FIREWALL tab, PORT MAPPING page of the Server in the Destination IP field.
... custom). Configure Port Mapping/Virtual Server Rules for LAN Server: Virtual Server Configuration for DMZ Server: Click the Add New link to save the configuration. Configure Port Mapping/Virtual Server Rules for a Server on the LAN: Navigate to the FIREWALL tab, PORT MAPPING page of the Server in the Destination IP field.
Product Manual
Page 118
.... Enter the Private IP of the Server in mind that this configuration uses Network Address Translation. Click the Add New link to Internal Servers for a Server on the DMZ: Navigate to the FIREWALL tab, PORT MAPPING page of service in use. 118 Select the Service to be mapped to create a new Port...
.... Enter the Private IP of the Server in mind that this configuration uses Network Address Translation. Click the Add New link to Internal Servers for a Server on the DMZ: Navigate to the FIREWALL tab, PORT MAPPING page of service in use. 118 Select the Service to be mapped to create a new Port...