D-link DFL-256E, DFL-860E, DFL-1660, DFL-2560 DATASHEET
Security | DFL-260E/860E/1660/2560(G)
1
DFL-260E/860E/1660/2560(G)
NetDefend UTM Firewall Series
Integrated Firewall/VPN
• Powerful Firewall Engine
• Virtual Private Network (VPN) Security
• Granular Bandwidth Management
• 802.1Q VLAN Tagging and port-based VLAN
• D-Link End-to-End Security Solutions (E2ES)
Integration with ZoneDefense
Advanced Functions
• Stateful Packet Inspection (SPI)
• Detect/Drop Intruding Packets
• Server Load Balancing
• Policy-Based Routing
Unied Threat Management
• Intrusion Prevention System (IPS)
• Antivirus (AV) Protection
• Web Content Filtering (WCF)
• Optional Service Subscriptions
Virtual Private Network
• IPSec NAT Traversal
• VPN Hub and Spoke
• IPSec, PPTP, L2TP
• DES, 3DES, AES, Twosh, Blowsh,
CAST- 128 Encryption
• Automated Key Management via
IKE/ISAKMP
• Aggressive/Main/Quick Negotiation
Enhanced Network Services
• DHCP Server/Client/Relay
• IGMP V3
• H.323 NAT Traversal
• Robust Application Security for ALGs
• OSPF Dynamic Routing Protocol
• Run-Time Web-Based Authentication
Performance Optimisation
• UTM Acceleration Engine
• Multiple WAN Interfaces for
Trac Load Sharing
Today’s continuously shifting security
environment presents a challenge for
small/home oce networks with limited IT
capabilities. Fortunately, the D-Link
NetDefend Unied Threat Management
(UTM) rewalls provide a powerful security
solution to protect business networks from
a wide variety of threats. UTM Firewalls oer
a comprehensive defense against virus
attacks, unauthorised intrusions and harmful
content, successfully enhancing fundamental
capabilities for managing, monitoring and
maintaining a healthy network.
Enterprise-Class Firewall Security
NetDefend UTM Firewalls provide complete
advanced security features to manage,
monitor, and maintain a healthy and secure
network. Network management features
include: Remote Management, Bandwidth
Control Policies URL Black/White Lists,
Access Policies, and SNMP. For network
monitoring, these rewalls support e-mail
alerts, system logs, consistency checks and
real-time statistics.
Unied Threat Management
NetDefend UTM Firewalls integrate an
intrusion detection and prevention system,
gateway antivirus and content ltering for
superior Layer 7 content inspection protection.
An acceleration engine increases throughput,
while the real-time update service keeps the
IPS information, antivirus signatures, and
URL databases current. Combined, these
enhancements help to protect the oce
network from application exploits, network
worms, malicious code attacks and provide
everything a business needs to safely
manage employee Internet access.
Powerful VPN Performance
NetDefend UTM Firewalls oer an integrated
VPN Client and Server. This allows remote
oces to securely connect to a head oce
or a trusted partner network. Mobile users
working from home or remote locations can
also safely connect to the oce network to
access company data and e-mail. NetDefend
UTM Firewalls have hardware-based VPN
engines to support and manage a large
number of VPN congurations. They support
IPSec, PPTP, and L2TP protocols in Client
Server mode and can handle pass- through
trac as well. Advanced VPN conguration
options include: DES/3DES/AES/Twosh/
Blowsh/ CAST-128 encryption, Manual or
IKE/ISAKMP key management, Quick/Main/
Aggressive Negotiation modes, and VPN
authentication support using either an external
RADIUS server or a large user database.
UTM Services
Maintaining an eective defense against the
various threats originating from the Internet,
requires that all three databases used by the
NetDefend UTM Firewalls are kept up-to-date.
In order to provide a robust defense, D-Link
oers optional NetDefend Firewall UTM
Service subscriptions which include updates
for each aspect of defense: Intrusion
Prevention Systems (IPS), Antivirus and Web
Content Filtering (WCF). NetDefend UTM
Subscriptions ensure that each of the
rewall’s service databases are complete
and eective.
Security | DFL-260E/860E/1660/2560(G)
2
DFL-260E/860E/1660/2560(G)
NetDefend UTM Firewall Series
Robust Intrusion Prevention
The NetDefend UTM Firewalls employ
component- based signatures. A unique IPS
technology which recognises and protects
against all varieties of known and unknown
attacks. This system can address all critical
aspects of an attack or potential attack
including payload, NOP sled, infection, and
exploits. In terms of signature coverage,
the IPS database includes attack information
and data from a global attack sensor-grid
and exploits collected data from public sites.
The NetDefend UTM Firewalls constantly
create and optimise NetDefend signatures
via the D-Link Auto-Signature Sensor System
without overloading existing security
appliances. These signatures ensure a high
ratio of detection accuracy and a low ratio
of false positives.
Stream-Based Virus Scanning
The NetDefend UTM Firewalls examine les
of any size, using a stream-based virus
scanning technology which eliminates the
need to cache incoming les. This zero-cache
scanning method not only increases inspection
performance, but also reduces network
bottlenecks. NetDefend UTM rewalls use
virus signatures from Kaspersky Labs to
provide systems with reliable and accurate
antivirus protection, as well as prompt signature
updates. Consequentially, viruses and malware
can be blocked before they reach the
desktops or mobile devices.
Web Content Filtering
Web Content Filtering helps administrators
monitor, manage and control employee
Internet usage. The NetDefend UTM Firewalls
implement multiple global index servers with
millions of URLs and real-time website data
to enhance performance capacity and
maximize service availability. These rewalls
use granular policies and explicit black/
white lists to control access to certain types
of websites for any combination of users,
interfaces and IP networks. The rewall can
actively handle Internet content by stripping
potential malicious objects, such as Java
Applets, JavaScripts/VBScripts, ActiveX
objects, and cookies.
NetDefend UTM Subscription
The standard NetDefend UTM Subscription
provides your rewall with UTM service
updates for 12 months* starting from the
day you activate or extend your service.
The NetDefend UTM Subscription can be
renewed regularly to provide your rewalls
with the most up-to-date security service
available from D-Link.
NetDefend Center: http://www.netdefend.eu
*Actual service package may vary depending on region.
Powerful VPN Engine
Hardware-based data encryption and
authentication for IPSec, PPTP, and L2TP
in Client/Server mode enable fast and
safe handling of VPN trac. The Professional
Intrusion Prevention System (IPS) automatically
updates from a comprehensive IPS signature
database focus on attack payloads to protect
the network against zero-day attacks. The RealTime Antivirus Inspection engine scans using
the most complete, most up-to-date antivirus
signature database. Streaming-based pattern
matching provides the effective protection
against viruses.
DFL-260E
• Firewall Throughput: 150 Mbps
• VPN Performance: 45 Mbps (3DES/AES)
• 1 10/100/1000 Ethernet WAN Ports
• 5 10/100/1000 Ethernet LAN Ports
• 1 10/100/1000 Ethernet DMZ Port
DFL-860E
• Firewall Throughput: 200 Mbps
• VPN Performance: 60 Mbps (3DES/AES)
• 2 10/100/1000 Ethernet WAN Ports
• 8 10/100/1000 Ethernet LAN Ports
• 1 10/100/1000 Ethernet DMZ Port
DFL-1660
• Firewall Throughput: 1.2 Gbps
• VPN Performance: 350 Mbps (3DES/AES)
• 6 Congurable Gigabit Ethernet Ports
DFL-2560(G)
• Firewall Throughput: 2 Gbps
• VPN Performance: 1 Gbps (3DES/AES)
• 10 Congurable Gigabit Ethernet Ports
• 4 SFP Ports (DFL-2560G)
Fast, Ecient Web Content Filtering
Multiple index server implementation,
granular policies, black lists and active
content handlingenhance performance
and eectiveness of web surng control.
Acceleration Engine for Unied
Threat Management
A powerful processor allows the rewall
to carry out IPS and Antivirus scanning
simultaneously without performance
degradation.
Licensed for Unlimited Users
Optional subscription services for IPS,
Antivirus Scanning and Web Content Filtering
are priced per rewall rather than per user,
thus reducing the total cost of ownership for
licensing.
WAN Link Load-Balancing and
Fault-Tolerance
Multiple WAN ports support trac load
balancing and failover, guaranteeing Internet
availability and bandwidth.
D-Link End-to-End Security (E2ES)
Solutions*
The ZoneDefense mechanism operating in
conjunction with D-Link xStack switches
automatically quarantines infected
workstations and prevents them from
ooding the internal network with
malicious trac.
*For DFL-860E, DFL-1660, and DFL-2560(G) only
D-Link Green Certied
The D-Link Green certied DFL-1660 and
DFL-2560(G) are built with an 80 PLUS
internal power supply. 80 PLUS certied
power supplies oer increased reliability due
to greater eciency, and provide a reduced
cost of ownership through longer equipment
life. Additionally, 80 PLUS power supplies
help prevent pollution by limiting energy
consumption, and run at a lower temperature
to reduce cooling costs.
The DFL-260E and DFL-860E save energy
automatically through cable length and link
status detection. By detecting the length of
cables connected to a port, the amount of
power used for the port can be adjusted,
only using as much as is needed. The DFL260E/860E can also detect if a port is not in
use, such as when a connected computer
is shut down or if nothing is connected to
the port, and can automatically reduce the
power used for that port, cutting energy
used for it by a substantial amount.
D-Link Green certied devices comply with
RoHS (Restriction of Hazardous Substances)
and WEEE (Waste Electrical and Electronic
Equipment) directives. RoHS directives
restrict the use of specic hazardous
materials during manufacturing, while
WEEE implements standards for proper
recycling and disposal. Together, these
considerations make D-Link Green rewall
products the environmentally responsible
choice.
dlink
3
DFL-260E/860E/1660/2560(G)
NetDefend UTM Firewall Series
Security | DFL-260E/860E/1660/2560(G)
Loading...