hit counter script
D-Link DFL-900 User Manual
D-Link DFL-900 User Manual

D-Link DFL-900 User Manual

Firewall/vpn router
Hide thumbs Also See for DFL-900:
Table of Contents

Advertisement

Quick Links

D-Link DFL-900
Firewall/VPN Router
User Manual
D-Link
Building Networks for People

Advertisement

Table of Contents
loading

Summary of Contents for D-Link DFL-900

  • Page 1 D-Link DFL-900 Firewall/VPN Router User Manual D-Link Building Networks for People...
  • Page 2 © Copyright 2003 D-Link Systems, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of D-Link Systems, Inc.
  • Page 3: Table Of Contents

    Changing the LAN1 IP Address..........................13 2.2.1 From DMZ1 to configure DFL-900 LAN1 network settings................14 2.2.2 From CLI (command line interface) to configure DFL-900 LAN1 network settings........14 Chapter 3 Basic Setup ............................15 Demand ..................................15 Objectives................................. 15 Methods..................................
  • Page 4 IPSec Algorithms............................45 8.1.5 Key Management............................45 8.1.6 Encapsulation ..............................46 8.1.7 IPSec Protocols............................... 47 Make VPN packets pass through DFL-900......................47 Chapter 9 Virtual Private Network – IPSec......................49 Demands .................................. 49 Objectives ................................49 Methods..................................49 Steps..................................50 9.4.1 DES/MD5 IPSec tunnel: the IKE way......................
  • Page 5 13.3 Methods..................................77 13.4 Steps for SMTP Filters ............................. 78 13.5 Steps for POP3 Filters .............................. 79 Chapter 14 Content Filtering – FTP Filtering ....................81 14.1 Demands................................... 81 14.2 Objectives................................. 81 14.3 Methods..................................81 14.4 Steps ..................................82 Part V Intrusion Detection System ........................
  • Page 6: Part I Basic Configuration

    D-Link Part I Part I Basic Configuration...
  • Page 7: Chapter 1 Quick Start

    Before You Begin Prepare a computer with an Ethernet adapter for configuring the DFL-900. The default IP address for the DFL-900 is 192.168.1.254 (LAN1, Port 2) with a Subnet Mask of 255.255.255.0. You will need to assign your computer a Static IP address within the same range as the DFL-900’s IP address, say 192.168.1.2, to configure the DFL-900.
  • Page 8: Wiring The Dfl-900

    Wiring the DFL-900 First, connect the power cord to the socket at the back panel of the DFL-900 as in Figure 1-2 and then plug the other end of the power adapter to a wall outlet or power strip. The Power LED will turn ON to indicate proper operation.
  • Page 9: Default Architecture Of Dfl-900

    DMZ1 Port WAN1 Port For connecting computers that For connecting the DFL-900 to a DSL or Cable Modem supplied by your ISP to access the act as servers for Internet users Internet. to access. Figure 1-3 Front end of the DFL-900...
  • Page 10: Using The Setup Wizard

    Subnet Mask of 255.255.255.0 to be able to connect to the DFL-900. This address range can be changed later. There are instructions in the DFL-900 User’s Guide, if you do not know how to set the IP address and Subnet Mask for your computer.
  • Page 11: Quick Start

    BASIC SETUP > Wizard > Next > DHCP If Get IP Automatically (DHCP) is selected, DFL-900 will request for IP address, netmask, and DNS servers from your ISP. You can use your preferred DNS by clicking the DNS IP Address and then completing the Primary DNS and Secondary DNS server IP addresses.
  • Page 12: Internet Connectivity

    The LAN Settings page allows you to modify the IP address and Subnet Mask that will identify the DFL-900 on your LAN. This is the IP address you will enter in the URL field of your web browser to connect to the DFL-900. It is also the IP address that all of the...
  • Page 13: Wan1-To-Dmz1 Connectivity

    IP assigned by the ISP. Step 5 ¡ Ð Check NAT Rules ADVANCED SETTINGS > NAT > NAT Rules The DFL-900 has added two NAT rules. The rule Basic-LAN1 (number 2) means that, when matching condition...
  • Page 14 IP assigned by the ISP. Step 5 ¡ Ð Check NAT Rules ADVANCED SETTINGS > NAT > NAT Rules The DFL-900 has added two NAT rules. The rule Basic-DMZ1 (number 1) means that, when matching condition...
  • Page 15 Customize the rule name as the ftpServer. For any packets with its destination IP equaling to the WAN1 IP (61.2.1.1) and destination port equaling to 44444, ask DFL-900 to translate the packet’s destination IP/port into 10.1.1.5/21. Check the Passive FTP at this port to maximize the compatibility of the FTP protocol.
  • Page 17: Chapter 2 System Overview

    Topology In this chapter, we introduce a typical network topology for the DFL-900. In Figure 2-1, the left half side is a DFL-900 with one LAN, one DMZ, and one WAN links. Notice there are three ports in DFL-900. In this topology, we only use one LAN.
  • Page 18: From Dmz1 To Configure Dfl-900 Lan1 Network Settings

    Part I and then logout the system. That will clean up the zombie left in the system so you will be able to login to the DFL-900 from the LAN1 side after your computer’s IP is changed into the new subnet.
  • Page 19: Chapter 3 Basic Setup

    Select the PPPoE method in the DFL-900 Basic Setup/WAN settings/WAN1 IP, and then configure the related account and password in order to connet to the internet. Configure the related network settings in the pages of the DFL-900 Basic Setup / DMZ settings / DMZ1 Status and Basic Setup / LAN settings / LAN1 Status.
  • Page 20: Setup Wan1 Ip

    D-Link Part I 3.4.1 Setup WAN1 IP Step 1 ¡ Ð Setup WAN1 port BASIC SETUP > WAN Settings > WAN1 IP > PPPoE Here we select PPP over Ethernet method in WAN1 port. Fill in the ISP-given User Name and Password and the optional Service Name.
  • Page 21: Setup Dmz1, Lan1 Status

    Basic Setup DFL-900 User Manual Step 2 ¡ Ð Show the Warning message BASIC SETUP > WAN Settings > WAN1 IP > PPPoE Note that if you have already enabled bandwidth management (ADVANCED SETTINGS>Bandwidth Mgt>Enable Bandwidth Management) and then select PPPoE in BASIC SETUP>WAN Settings>WAN1 IP>PPPoE as...
  • Page 22: Setup Wan1 Ip Alias

    D-Link Part I Step 2 ¡ Ð Setup LAN port BASIC SETUP > LAN Settings > LAN1 Status Here we are going to configure the LAN1 settings. Setup IP Address and IP Subnet Mask, and determine if you would like to enable the DHCP Server.
  • Page 23: Basic Setup

    Basic Setup DFL-900 User Manual Netmask The netmask of the IP alias 255.255.255.248 Table 3-4 Add a IP alias record Step 2 ¡ Ð Edit, Delete IP alias record BASIC SETUP > WAN Settings > IP Alias You can easily add, edit, or delete IP alias...
  • Page 25: Chapter 4 System Tools

    Basic configurations for domain name, password, system time, and management timeout. DDNS: Suppose the DFL-900’s WAN uses dynamic IP but needs a fixed host name. When the IP is changed, it is necessary to have the DNS record updated accordingly. To use this service, one has to register the account, password, and the wanted host name with the service provider.
  • Page 26 Figure 4-1 DDNS mechanism chart 3. DNS Proxy: After activating the DNS proxy mode, the client can set its DNS server to the DFL-900 (that is, send the DNS requests to the DFL-900). The DFL-900 will then make the enquiry to the DNS server and return the result to the client.
  • Page 27: Steps

    Click Apply. FIELD DESCRIPTION EXAMPLE Host Name the host name of the DFL-900 device DFL-1 Domain Name Fill in the domain name of company dlink.com Table 4-1 System Tools - General Setup menu Step 2 ¡...
  • Page 28 You can also enter an IP address instead. Check the Continuously (every 3 min) update system clock and click Apply. The DFL-900 will immediately update the system time and will periodically update it. Check the Update system clock...
  • Page 29: System Tools

    DNS server of the WAN link. When there Enable DNS Proxy Enabled is a response from DNS, DFL-900 will forward it back to the host of the LAN/DMZ. Table 4-5 System Tools – DNS Proxy menu...
  • Page 30 Click the Apply button. FIELD DESCRIPTION EXAMPLE When the host of the LAN/DMZ in the DFL-900 internal network sends a DHCP request, DFL-900 will forward it automatically to the specified Enable DHCP Relay Enabled DHCP server (different subnet from the network segment of the DHCP client).
  • Page 31: Chapter 5 Remote Management

    Administrators may want to manage the DFL-900 remotely from any PC in LAN1 with HTTP at port 8080, and from WAN_PC with TELNET. In addition, the DFL-900 may be more secure if monitored by a trusted host (PC1_1). What is more, the DFL-900 should not respond to ping to hide itself.
  • Page 32: Steps

    SYSTEM TOOLS > Remote Mgt. > SNMP Check the LAN1 checkbox, click the Selected, and enter the IP address (192.168.40.1) that will read the SNMP MIBs at the DFL-900. And click the Apply. Setup ICMP SYSTEM TOOLS > Remote Mgt. > MISC Uncheck the WAN1 checkbox and then click the Apply.
  • Page 34: Part Ii Nat & Firewall

    D-Link Part II Part II NAT & Firewall...
  • Page 35: Chapter 6 Nat

    Chapter 6 This chapter introduces NAT and explains how to implement it in DFL-900. To facilitate the explanation on how DFL-900 implements NAT and how to use it, we zoom in the left part of Figure 1-4 into Figure 6-1.
  • Page 36: Methods

    Part II Methods 1. Assign private IP addresses to the PC1_1~PC1_5. Setup NAT at DFL-900 to map those assigned private hosts under LAN1 to the public IP address WAN_IP at the WAN1 side. 2. Assign a private IP address to the FTPServer1. Setup Virtual Server at DFL-900 to redirect “any connections towards some port of WAN1”...
  • Page 37 Network Address Translation Mode. Click Apply. After applying the setting, the page will highlight a warning saying that the rules are no more automatically maintained by the DFL-900. If you change the LAN/DMZ IP settings, you have to manually update related rules by yourself.
  • Page 38 DFL-900 to translate the private IPs into the pool of public IPs. The DFL-900 will use the first public IP until DFL-900 uses up all source ports for the public IP. DFL-900 will then choose the second public IP from the address pool.
  • Page 39: Setup Virtual Server For The Ftpserver1

    Step 2 ¡ Ð Client IP Range Enable the DHCP server if you want to use DFL-900 to assign IP addresses to the computers under DMZ1. Here we do not want to make the DHCP feature enable. Step 3 ¡ Ð...
  • Page 40 Step 5 ¡ Ð Check NAT Rules ADVANCED SETTINGS > NAT > NAT Rules The DFL-900 has added two NAT rules. The rule Basic-DMZ1 (number 1) means that, when matching the condition (requests of LAN/DMZ-to-WAN direction with its source IP falling in the range of 10.1.1.254/255.255.255.0), the request will...
  • Page 41 44444 If the Passive FTP client is checked, it will connect to the Passive FTP client internal DMZ FTP server of DFL-900 when FTP client enabled uses passive mode. Otherwise, it will not work. The IP address which is actually transferred to the Translated dest IP 10.1.1.5...
  • Page 42 Step 9 ¡ Ð View the Result ADVANCED SETTINGS > NAT > Virtual Servers Now any request towards the DFL-900’s WAN1 IP (61.2.1.1) with port 44444 will be translated into a request towards 10.1.1.5 with port 21, and then be forwarded to the 10.1.1.5. The FTP server listening at port 21 in 10.1.1.5 will...
  • Page 43: Chapter 7 Firewall

    Administrators detect that PC1_1 in LAN1 is doing something that may hurt our company and should instantly block his traffic towards the Internet. A DMZ server was attacked by SYN-Flooding attack and requires the DFL-900 to protect it. Objectives Block the traffic from PC1_1 in LAN1 to the Internet in WAN1.
  • Page 44: Steps

    D-Link Part II Steps 7.4.1 Block internal PC session (LAN WAN) Step 1 ¡ Ð Setup NAT ADVANCED SETTINGS > Firewall > Status Check the Enable Stateful Inspection Firewall checkbox, and click the Apply. Step 2 ¡ Ð Add a Firewall Rule ADVANCED SETTINGS >...
  • Page 45: Setup Alert Detected Attack

    Step 1 ¡ Ð Setup Attack Alert ADVANCED SETTINGS > Firewall > Attack Alert With the Firewall enabled, the DFL-900 is already equipped with an Anti-DoS engine within it. Normal DoS attacks will show up in the log when detecting and blocking such traffic. However, Flooding attacks require extra parameters to recognize.
  • Page 46 This is the rate of new half –open sessions that causes the firewall to start deleting half open sessions. When the rate of One Minute High new connection attempts rises above this number, the DFL-900 deletes half-open sessions as required to accommodate new connection attempts.
  • Page 48: Part Iii Virtual Private Network

    D-Link Part III Part III Virtual Private Network...
  • Page 49: Chapter 8 Vpn Technical Introduction

    VPN Technical Introduction DFL-900 User Manual Chapter 8 VPN Technical Introduction This chapter introduces VPN related technology Terminology Explanation 8.1.1 VPN A VPN (Virtual Private Network) logically provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of encryption, tunneling, authentication, and access control used to transport traffic over the Internet or any insecure TCP/IP networks.
  • Page 50: Encapsulation

    This may be unnecessary for data that does not require such security, so PFS is disabled (None) by default in the DFL-900. Disabling PFS means new authentication and encryption keys are derived from the same root secret (which may have security implications in the long run) but allows faster SA setup (by bypassing the Diffie-Hellman key exchange).
  • Page 51: Ipsec Protocols

    Step 1 ¡ Ð Enable IPSec ADVANCED SETTINGS > VPN Settings > Pass Through If we need to setup DFL-900 between the existed IPSec / PPTP / L2TP connections. We need to open up the Firewall blocking port of DFL-900 in advance.
  • Page 53: Chapter 9 Virtual Private Network - Ipsec

    Virtual Private Network – IPSec DFL-900 User Manual Chapter 9 Virtual Private Network – IPSec This chapter introduces IPSec VPN and explains how to implement it. As described in the Figure 2-1, we will extend to explain how to make a VPN tunnel between LAN_1 and LAN_2 in this chapter.
  • Page 54: Steps

    D-Link Part III Difference The “Pre-Shared Key” must be the same at both The types and keys of “Encryption” and “Authenticate” DFL-900s. must be set the same on both DFL-900s. However, the “Outgoing SPI” at DFL-1 must equal to “Incoming SPI”...
  • Page 55 Choose Tunnel or Transport mode, see Chapter 8 for Encapsulation Mode Tunnel details. The IP address of local site DFL-900 Firewall/VPN My IP Address 61.2.1.1 Router The IP address of remote site device, like DFL-900 Security Gateway Addr 210.2.1.1 Firewall/VPN Router.
  • Page 56 D-Link Part III Encrypt and Select the Encryption and Authentication Algorithm Authenticate ESP Algorithm combination. (DES¡ B MD5) AH Algorithm Select Authentication Algorithm (MD5 or SHA1) Authenticate (MD5) Pre-Shared Key The key which is pre-shared with remote side. 1234567890 Table 9-2 Related field explanation of adding a IPSec policy rule Step 4 ¡...
  • Page 57 Virtual Private Network – IPSec DFL-900 User Manual Encrypt and Authenticate Encryption Algorithm Choose an encryption and authentication algorithm. (DES¡ B MD5) Set the IKE SA lifetime. A value of 0 means IKE SA SA Life Time 28800 sec negotiation never times out. See Chapter 8 for details.
  • Page 58 ADVANCED SETTINGS > Firewall > Edit Rules Here we have a new rule before the default firewall rule. This rule will allow packets from 192.168.88.0 / 255.255.255.0 pass through DFL-900. And accomplish the VPN tunnel establishment. At DFL-2: Step 1 ¡ Ð...
  • Page 59 Virtual Private Network – IPSec DFL-900 User Manual Step 2 ¡ Ð Add an IKE rule ADVANCED SETTINGS > VPN Settings > IPSec > IKE Click the IKE hyperlink and click Add to add a new IPSec VPN tunnel endpoint.
  • Page 60: Des/Md5 Ipsec Tunnel: The Manual-Key Way

    192.168.40.0/24 to 192.168.88.0/24 will be allowed to pass through the DFL-900 and successfully access the 192.168.88.0/24 through the VPN tunnel. 9.4.2 DES/MD5 IPSec tunnel: the Manual-Key way Step-by-step configuration in DFL-1: Step 1 ¡ Ð...
  • Page 61 Virtual Private Network – IPSec DFL-900 User Manual Step 2 ¡ Ð Add a Manual Key rule ADVANCED SETTINGS > VPN Settings > IPSec > Manual Key Click the Manual Key hyperlink and click Add to add a new IPSec VPN tunnel endpoint.
  • Page 62 255.255.255.0 The IP address of local site DFL-900 Firewall/VPN My IP Address 61.2.1.1 Router The IP address of remote site device, like DFL-900 Security Gateway Addr 210.2.1.1 Firewall/VPN Router. The Outgoing SPI (Security Parameter Index) value. Notice¡ G HEX SPI must be a value between 600 and...
  • Page 63 Virtual Private Network – IPSec DFL-900 User Manual Enable Replay Detection Whether is the “Replay Detection” enabled¡ H Action Table 9-5 Setup Advanced feature in the IPSec Manual Key rule Step 5 ¡ Ð Add a Firewall rule ADVANCED SETTINGS > Firewall > Edit Rules Just follow the above link.
  • Page 64 D-Link Part III Step 3 ¡ Ð Customize the rule ADVANCED SETTINGS > VPN Settings > IPSec > Manual Key > Add Similar to those in DFL-1, except that you should interchange the Local IP Address with the Remote IP Address, the My IP Address with...
  • Page 65: Chapter 10 Virtual Private Network - Pptp

    10.3 Methods Setup the PPTP server at DFL-900. Setup the remote PC as the PPTP client. After dialing up to DFL-1, DFL-1 will assign a private IP which falls in the range of the settings in the PPTP server at DFL-1. Suppose the range is defined as...
  • Page 66: Steps

    The End IP is the allocated ending IP address in the internal network after End IP 192.168.40.253 PPTP client dials in the DFL-900. Username The account which allow PPTP client user to dial in DFL-900. PptpUsers Password The password which allow PPTP client user to dial in DFL-900. Dif3wk...
  • Page 67 Virtual Private Network – PPTP DFL-900 User Manual Customize the VPN Connection 1. Right-click the icon that you have created. 2. Select Properties > Security > Advanced > Settings. 3. Select No Encryption from the Data Encryption and click Apply.
  • Page 69: Chapter 11 Virtual Private Network - L2Tp

    Virtual Private Network – L2TP DFL-900 User Manual Chapter 11 Virtual Private Network – L2TP This chapter introduces L2TP and explains how to implement it. 11.1 Demands One employee in our company may sometimes want to connect back to our coporate network to work on something. His PC is PC1_1 in LAN1 instead of DMZ1 so he cannot directly access the host by simply with virtual server settings.
  • Page 70: Steps

    Part III 2. Setup the DFL-900 as the L2TP client (LAC: L2TP Access Concentrator). Let all the client PCs behind the DFL-900. They can connect to the network behind L2TP Server by passing through DFL-900. It sounds like no Internet exists but can connect with each other.
  • Page 71 6. If the Public Network dialog box appears, choose the Don’t dial up initial connection and select Next. 7. In the VPN Server Selection dialog, enter the public IP or hostname of the DFL-900 to connect to and select Next. 8. Set Connection Availability to Only for myself and select Next.
  • Page 72: Setup L2Tp Network Client

    “Assigned IP” field, and the IP address of LAC host peer host will appear in the “Remote IP“ field. FIELD DESCRIPTION EXAMPLE Enable L2TP LAC Enable L2TP LAC feature of DFL-900 enabled LNS IP The IP address of LNS server. 61.2.1.1 Username The designed account which allows LAC client to dial in.
  • Page 74: Part Iv Content Filters

    D-Link Part IV Part IV Content Filters...
  • Page 75: Chapter 12 Content Filtering - Web Filters

    Content Filtering – Web Filters DFL-900 User Manual Chapter 12 Content Filtering – Web Filters This chapter introduces web content filters and explains how to implement it. 12.1 Demands Someone (PC1_1) is browsing the web pages at the WebServer3. The contents of the web pages may include cookies, Java applets, Javascripts, or Active-X objects that may contain malicious program of users’...
  • Page 76: Steps

    FIELD DESCRIPTION EXAMPLE Enable Web Filter Enable Web Filter feature of DFL-900 enabled Setting up the component (Include ActiveX, Java, Java Script, Cookies, Restricted Features Web Proxy) Table 12-1 Web Filter Web setting page...
  • Page 77 Step 5 ¡ Ð Update the Built-in Database ADVANCED SETTINGS > Content Filters > Web Filter > Database Update Click the Download button to ask DFL-900 to instantly download the database from the DFL-900 fwupdate.dlinktw.com.tw. can be set to automatically check the site for any...
  • Page 78 Trusted Domains. However, if the web objects are set to be blocked by the DFL-900 in step 3, these allowed accesses will never be able to retrieve these objects. Check the “Don’t block …”...
  • Page 79 Content Filtering – Web Filters DFL-900 User Manual FIELD DESCRIPTION EXAMPLE Enable Filter List Customization Enable the Filter List Customization feature of web filter Disable all web traffic except for trusted domains Enabled Except the following specified domain range specified by the trusted domain.
  • Page 81: Chapter 13 Content Filtering - Mail Filters

    Content Filtering – Mail Filters DFL-900 User Manual Chapter 13 Content Filtering – Mail Filters This chapter introduces SMTP proxies and explains how to implement it. 13.1 Demands Sometimes there are malicious scripts like *.vbs that may be attached in the email. If the users accidentally open such files, their computers may be infectious with virus.
  • Page 82: Steps For Smtp Filters

    Check the Enable SMTP Proxy checkbox and click Apply. FIELD DESCRIPTION EXAMPLE Enable SMTP Proxy Enable SMTP Proxy feature of DFL-900 enabled Filename extension When the filename extension of attachment file matches “Filename extension”, add the “.bin” extension to the attachment file. Append ".bin" to E-mail...
  • Page 83: Steps For Pop3 Filters

    Check the Enable POP3 Proxy checkbox and click Apply. FIELD DESCRIPTION EXAMPLE Enable POP3 Proxy Enable POP3 Proxy feature of DFL-900 enabled Filename extension When the filename extension of attachment file matches “Filename extension”, add the “.bin” extension to the attachment file. Append ".bin" to E-mail...
  • Page 84 D-Link Part IV Step 2 – Add a POP3 Filter ADVANCED SETTINGS > Content Filters > Mail Filters > POP3 Select filename extension, enter vbs, and click Add to add a rule. This rule will apply to all DMZ/WAN-to-LAN POP3 connections. All such POP3 traffic will be examined to change the filename extension from vbs to vbs.bin.
  • Page 85: Chapter 14 Content Filtering - Ftp Filtering

    Content Filtering – FTP Filtering DFL-900 User Manual Chapter 14 Content Filtering – FTP Filtering This chapter introduces FTP proxies and explains how to implement it. 14.1 Demands Some users in LAN1 use FTP to download big MP3 files and cause waste of bandwidth.
  • Page 86: Steps

    FIELD DESCRIPTION EXAMPLE Enable FTP Filter Enable FTP Filter feature of DFL-900 enabled Table 14-1 FTP Filter FTP setting page Step 2 ¡ Ð Add an FTP Filter ADVANCED SETTINGS > Content Filters > FTP Filter > FTP > Add Enter mp3 in the Name field and select Extension Name in the Blocked Type field.
  • Page 87 Content Filtering – FTP Filtering DFL-900 User Manual Step 3 ¡ Ð Add an Exempt Zone ADVANCED SETTINGS > Content Filters > FTP Filter > FTP Exempt Zone > Add Add a new Exempt Zone record. It’s IP address range between 192.168.40.10...
  • Page 88: Part V Intrusion Detection System

    D-Link Part V Part V Intrusion Detection System...
  • Page 89: Chapter 15 Intrusion Detection Systems

    Methods 1. Specify where our Web server is located to let the IDS on the DFL-900 focus more on the attacks. 2. Setup logs to email to the specified email address when the log is full. You can also set daily/weekly emails to periodically...
  • Page 90: Steps

    Apply button. FIELD DESCRIPTION EXAMPLE Enable IDS Enable IDS feature of DFL-900 enabled Detect Attacks Towards Specified the IP address region of each DMZ/LAN, Server area. Options This option is designed to memory efficient. This has configurable memory usage and fragment timeout options.
  • Page 91 Intrusion Detection Systems DFL-900 User Manual This option will normalize telnet control protocol characters from the session data. It Normalize Telnet accepts a list of ports to run on as arguments. It defaults to running on ports 21, 23, 25,...
  • Page 92: Part Vi Bandwidth Management

    D-Link Part VI Part VI Bandwidth Management...
  • Page 93: Chapter 16 Bandwidth Management

    Bandwidth Management DFL-900 User Manual Chapter 16 Bandwidth Management This chapter introduces bandwidth management and explains how to implement it. 16.1 Demands 1. PC1_1 is downloading the MP3 files from the FTP Server. This occupies the bandwidth of PC1_2 who is watching the video provided by the Web Server, causing the video to be blocked and to have poor quality.
  • Page 94: Steps

    Check the Enable Bandwidth Management checkbox, click the Apply. FIELD DESCRIPTION EXAMPLE Enable Bandwidth Enable Bandwidth Management feature of DFL-900 enabled Management Table 16-1 Setup Bandwidth Management status page Step 2 ¡ Ð Setup the LAN1 Link ADVANCED SETTINGS > Bandwidth Mgt. > Edit Actions Select ANY to LAN1 to setup traffic that will transmit by the LAN1 interface.
  • Page 95 Bandwidth Management DFL-900 User Manual FIELD DESCRIPTION EXAMPLE Activate this class Enable the bandwidth management class for later using enabled Class name Bandwidth management class name inFTP Bandwidth How many percentage does this class occupy higher class? When the bandwidth of this class is idle, it will let other class to borrow...
  • Page 96 D-Link Part VI Step 6 ¡ Ð Customize the Rules ADVANCED SETTINGS > Bandwidth Mgt. > Edit Rules > Insert Enter a rule name such as inFTP, enter the Source IP as 140.113.179.3 and the netmask as 255.255.255.255. Enter the Dest. IP as 192.168.40.1...
  • Page 97: Outbound Traffic Management

    Bandwidth Management DFL-900 User Manual Step 7 ¡ Ð View the rules ADVANCED SETTINGS > Bandwidth Mgt. > Edit Rules DFL-900 configured direct inFTP-matched packets into the inFTP queue (1019kbps), inVideo-matched packets into the inVideo queue (447kbps). The other traffic will be put into the def_class queue (any available bandwidth).
  • Page 98 D-Link Part VI Step 3 ¡ Ð Partition into Classes ADVANCED SETTINGS > Bandwidth Mgt. > Edit Actions > Create Sub-Class Create a sub-class named LANa-to-LANb from the default class. Enter 65% in the bandwidth field and click Apply. Select the default class and click the Create Sub-Class to create another sub-class named Others from the default class.
  • Page 99 Bandwidth Management DFL-900 User Manual Step 6 ¡ Ð View the rules ADVANCED SETTINGS > Bandwidth Mgt. > Edit Rules DFL-900 configured direct outWebDownload-matched packets into Others queue (463kbps), outVPN-matched packets into LANa-to-LANb queue (1003kbps). Here we reserve 65% WAN1...
  • Page 100: Part Vii System Maintenance

    D-Link Part VII Part VII System Maintenance...
  • Page 101: Chapter 17 Log System

    The System administrator would like to view the daily log report of DFL-900. 17.3 Methods Use the syslog server to receive mail. Or edit the “Mail Logs” page of DFL-900. Make the log mailed out automatically every periodic time. 17.4 Steps Step 1 ¡...
  • Page 102 D-Link Part VII Step 2 ¡ Ð Setup Mail Log method DEVICE STATUS > Log Config > Mail Logs Fill in the IP address of the mail server and mail subject. Also fill your E-Mail address for receiving logs. Select the preferred Log Schedule to mail out logs.
  • Page 103: Chapter 18 System Maintenance

    Sometimes one may want to reset the firmware to factory default due to loss of password, firmware corrupted, configuration corrupted. Since DFL-900 does not have a reset button to prevent careless pressing of it, factory default has to be set with web GUI or console terminal. Of course, when you loss the password, you have to use CLI only because you can never enter the web GUI with the lost password.
  • Page 104: Steps For Firmware Upgrade From Web Gui

    Resuming NAT/RMS/FW settings..Starting Web-based Configurator..HTTP started HTTPS started Wed Sep 10 18:13:23 2003 NetOS/i386 (DFL-900) (tty00) login: 18.3 Steps for Firmware upgrade from Web GUI Step 1 – Download the newest firmware Firmware upgrade site¡ G from web site http://fwupdate.dlinktw.com.tw/...
  • Page 105: Steps For Factory Reset

    Enter sys resetconf now to reset the firmware to factory default. Then enter sys reboot now to login: admin instantly reboot the system. Password: Welcome to DFL-900 Firewall/VPN Router! DFL-900> en DFL-900# sys resetconf now Resetting Configuration to default... DONE Please reboot the system DFL-900# sys reboot now Rebooting...
  • Page 106 D-Link Part VII Step 1 – Backup the current configuration SYSTEM TOOLS > System Utilities > Backup Configuration In the System Tools / System Utilities / Backup Configurations page, click Backup button to backup configuration file to local disk. Step 2 – Restore the previous saving SYSTEM TOOLS >...
  • Page 107: Appendix A Trouble Shooting

    If the power LED of DFL-900 is off when I turn on the power? Ans £ º Check the connection between the power adapter and DFL-900 power cord. If this problem still exists, contact with your sales vendor. How can I configure the DFL-900 if I loss the account/password of the DFL-900¡ H Ans £...
  • Page 108 Ans£ º It is because there is someone logining into the DFL-900 at the same time with the other IP address. Please logout the system from that IP address first and then login using your IP address again. You are definitely able to login into the DFL-900.
  • Page 109 DFL-900 from the same side. The final way is to power off the DFL-900, and then turn on the power. After DFL-900 reboot, you can login into DFL-900 again.
  • Page 111: Appendix B Glossary Of Terms

    NAT (Network Address Translation) – By the network address translation skill, we can transfer the internal network private address of DFL-900 to the public address for the Internet usage. By this method, we can use a large amount of private addresses in the enterprise.
  • Page 113 Customer Support DFL-900 User Manual Appendix C Customer Support Offices Australia D-Link Australia 1 Giffnock Avenue, North Ryde, NSW 2113, Sydney, Australia TEL: 61-2-8899-1800 FAX: 61-2-8899-1868 TOLL FREE (Australia): 1800-177100 URL: www.dlink.com.au E-MAIL: support@dlink.com.au & info@dlink.com.au Brazil D-Link Brasil Ltda.
  • Page 114 D-Link Part VII E-MAIL: info@dlink-france.fr Germany D-Link Central Europe (D-Link Deutschland GmbH) Schwalbacher Strasse 74, D-65760 Eschborn, Germany TEL: 49-6196-77990 FAX: 49-6196-7799300 URL: www.dlink.de BBS: 49-(0) 6192-971199 (analog) BBS: 49-(0) 6192-971198 (ISDN) INFO: 00800-7250-0000 (toll free) HELP: 00800-7250-4000 (toll free) REPAIR: 00800-7250-8000 E-MAIL: info@dlink.de...
  • Page 115 CHS Aptec (Dubai), P.O. Box 33550 Dubai, United Arab Emirates TEL: 971-4-366-885 FAX: 971-4-355-941 E-MAIL: Wxavier@dlink-me.com U.K. D-Link Europe (United Kingdom) Ltd Floor, Merit House, Edgware Road, Colindale, London NW9 5AB United Kingdom TEL: 44-020-8731-5555 SALES: 44-020-8731-5550 FAX: 44-020-8731-5511 SALES: 44-020-8731-5551 BBS: 44 (0) 181-235-5511 URL: www.dlink.co.uk E-MAIL: info@dlink.co.uk...

Table of Contents