Link DFL-500 | D-Link instruction

D-Link DFL-500

Network Security Firewall

Manual

Building Networks for People

DFL-500 User Manual	1

Image 1

D-Link user manual Link DFL-500

Contents

Link DFL-500 Regulatory Compliance Table of Contents Firewall configuration IPSec VPNs Logging and reporting Page NAT/Route mode NAT/Route mode and Transparent modeTransparent mode Introduction For more information Customer service and technical supportDFL-500 QuickStart Guide DFL-500 CLI Reference Guide Getting started Package contentsMounting Powering on Connecting to the web-based manager Initial configuration DFL-500 login Connecting to the command line interface CLIBits per second Data bits Parity Next stepsStop bits Flow control Preparing to configure NAT/Route mode NAT/Route mode installationNAT/Route mode settings Using the command line interface Using the setup wizardStarting the setup wizard Reconnecting to the web-based manager Set system route number 1 gw1 Connecting to your networks Completing the configuration Configuring your internal networkSetting the date and time DFL-500 NPG network connections Preparing to configure Transparent mode Transparent mode installationChanging to Transparent mode Transparent mode settings Administrator Password Set system management ip 10.10.10.2 Configuring the Transparent mode management IP address Connecting to your network Setting the date and timeConfigure the Transparent mode default gateway DFL-500 network connections Default policy Firewall configuration Changing to NAT/Route mode Adding NAT/Route mode policiesGo to Firewall Policy Authentication Source Destination Schedule Service ActionDynamic IP Pool Fixed Port VPN Tunnel Web filter Content filtering Source Destination Schedule Service Adding Transparent mode policiesAdding a NAT/Route Int -Ext policy Log Traffic Authentication Web filter Adding a Transparent mode Int -Ext policy Configuring policy listsPolicy matching in detail Changing the order of policies in a policy list AddressesEnabling and disabling policies Deleting addresses Adding addressesGo to Firewall Address Adding a firewall address Organizing addresses into address groups ServicesGo to Firewall Address Group Adding an internal address group Providing access to custom services Predefined servicesGrouping services Go to Firewall Service Custom Schedules Adding a service groupCreating one-time schedules Go to Firewall Schedule One-time Creating recurring schedules Virtual IPsAdding a schedule to a policy Go to Firewall Schedule Recurring Go to Firewall Virtual IP Adding static NAT virtual IPsStatic NAT Port Forwarding Adding a static NAT virtual IP Using port forwarding virtual IPs Go to Firewall Policy Ext Int Adding policies with virtual IPsAdding a Port Forwarding virtual IP Source Authentication Log Traffic Web filter Destination Schedule Service ActionIP pools IP/MAC binding Go to Firewall IP/MAC Binding SettingGo to Firewall IP/MAC Binding Static IP/MAC Adding an IP Pool Adding IP/MAC addresses Configuring IP/MAC binding for packets going to the firewall Viewing the dynamic IP/MAC list IP/MAC settingsEnabling IP/MAC binding Go to Firewall IP/MAC Binding Dynamic IP/MAC Setting authentication time out Users and authenticationAdding user names and configuring authentication Adding user names and configuring authentication Deleting user names from the internal database DisableAdding a user name Example Radius configuration Configuring Radius supportAdding Radius servers Deleting Radius servers Adding user groups Configuring user groups Adding a user group Deleting user groups Interoperability with IPSec VPN products IPSec VPNs See Adding a remote gateway Configuring AutoIKE key IPSec VPN Configuring dialup VPN Configuring manual key IPSec VPNConfiguring a VPN concentrator for hub and spoke VPN Configuring the member VPNs Configuring the VPN concentrator Configuring IPSec redundancy Go to VPN Ipsec Remote Gateway Adding a remote gatewayLocal ID Nat-traversal Keepalive Frequency About dialup VPN authenticationAdding a remote gateway Dialup User selected Main mode with no user group selected About the P1 proposal About DH groupsLocal ID Empty Key About NAT traversal Adding an AutoIKE key VPN tunnelGo to VPN Ipsec AutoIKE Key About replay detection About the P2 proposalAutokey Keep Alive Concentrator Adding an AutoIKE key VPN tunnel About perfect forward secrecy PFS Adding a manual key VPN tunnelGo to VPN Ipsec Manual Key Adding a manual key VPN tunnel Adding a VPN concentrator Adding a VPN concentrator Adding an encrypt policy Adding an encrypt policy Go to Firewall Policy Int-ExtVPN Tunnel Allow inbound Allow outbound Inbound Viewing VPN tunnel status Viewing dialup VPN connection status Testing a VPNAutoIKE key tunnel status Page Pptp and L2TP VPNs Pptp VPN configuration Go to VPN Pptp Pptp Range Configuring the DFL-500 NPG as a Pptp gatewayPptp VPN between a Windows client and the DFL-500 NPG Source Destination Service Action Example Pptp Range configuration Configuring the DFL-500 NPG as an L2TP gateway L2TP VPN configurationGo to VPN L2TP L2TP Range L2TP VPN between a Windows client and the DFL-500 NPG Sample L2TP address range configuration Enabling web content Filtering Web content filteringBlocking web pages that contain unwanted content Configuring content filtering Clearing the banned word list Changing the content block messageBacking up and restoring the banned word list Configuring URL blocking Blocking access to URLsGo to Web Filter URL Block Changing the URL block message Clearing the URL block listDownloading the URL block list Uploading a URL block list Removing scripts from web pages Exempting URLs from content or URL blockingGo to Web Filter Script Filter Clearing the Exempt URL list Adding URLs to the Exempt URL ListDownloading the Exempt URL list Go to Web Filter Exempt URL Uploading an Exempt URL list Go to Log&Report Log setting Configuring LoggingLogging and reporting Recording logs on a remote computer Example log settings Configuring alert emailSelecting what to log Go to System Network DNS Configuring alert email System status Administration Execute ping Upgrading the DFL-500 NPG firmware Enter Local Address Enter Tftp Server AddressEnter File Name image.out Restoring system settings Backing up system settingsRestoring system settings to factory defaults Displaying the DFL-500 NPG serial number Changing to Transparent mode Shutting down the DFL-500 NPG Restarting the DFL-500 NPGSystem status monitor System status monitor Network configurationCPU usage Memory usage Up time Total Number of Sessions Protocol From IP From Port To IP To Port Expire Clear Configuring the external interface Configuring the internal interfaceConfiguring the internal interface Go to System Network Interface Configuring the external interface with a static IP address Configuring the external interface Configuring the external interface for PPPoE Https Ping SSH Snmp Configuring the management interface Transparent mode Configuring routingSetting DNS server addresses Adding routing gateways Adding routes to the routing table Adding a default routeGo to System Network Routing Table Adding routes Transparent mode Configuring the routing tableEnabling RIP server support Go to System Network Routing Default Route Exclusion Range Providing Dhcp services to your internal networkGo to System Network Dhcp Starting IP Ending IP Netmask Lease Duration Domain Sample Dhcp settings System configurationExample Dynamic IP list Go to System Config Time Setting system date and timeExample date and time setting Go to System Config Admin Adding and editing administrator accountsChanging web-based manager options Read Write Only Go to System Config Snmp Configuring Snmp 100 101 Glossary 102 103 104 Index 105 CLI 106 Dhcp 107 Snmp 108 PFS 109 Transparent mode manual key Adding VPN tunnel IPSec VPN 110 NTP 111 Pptp 112 Smtp 113 VPN 114 IPSec VPN Remote Gateway user groups Deleting 115 116 Technical Support 117 Registration Card 118 119 Limited Warranty 120 121 122 Registration