Limited Warranty and Registration ..................... 129
Package Contents
Contents of Package:
• D-Link DFL-600 Firewall/VPN Router
• Manual
• Quick Installation Guide
• Power Adapter, 5V DC, 2.5A*
• CAT-5 UTP Cable
If any of the above items are missing, please contact your reseller.
*Using a power supply with a different voltage rating will damage the
product and void the warranty.
System Requirements:
Internet Explorer 5.5 or higher or Netscape Navigator 7.1 or higher, with JavaScript
enabled.
One computer with an installed 10Mbps, 100Mbps or 10/100 Mbps Ethernet
adapter.
One RJ-45 DSL/Cable Modem for Internet connection.
Introduction
The D-Link DFL-600 VPN Router enables your network to connect to the
Internet via a secure, private connection using a Cable or DSL modem. The
Virtual Private Network (VPN) that is created on the Internet between your
home and a VPN server in your office is secure from interference when you
use the DFL-600.
It is an ideal way to connect your computer to a Local Area Network (LAN).
After completing the steps outlined in the Quick Install Guide (included in
your package) you will have the ability to share information and resources,
such as files and printers, and take full advantage of a secure “connected”
environment.
Connect the WAN port on the DFL-600 to the Ethernet port on your
Cable/DSL modem using an Ethernet cable. Your entire LAN can now
access the Internet using just one Internet account. The DFL-600 has 3 LAN
ports, one DMZ port, and one WAN port. That means that 3 computers can
share the benefits of the DFL-600-equipped network and 1 computer can be
configured as a server for Internet applications that may conflict with the
advanced protection from intrusion offered by your new DFL-600.
For the price of one Internet account, the DHCP-capable DFL-600 will
automatically provide unique IP Addresses for all the computers on the
network. (DHCP stands for Dynamic Host Configuration Protocol. It is a
protocol for assigning IP Addresses automatically. With a DHCP router like
the DFL-600, there is no need to assign static IP Addresses, or purchase
multiple addresses from your Internet Service Provider.)
Everyone in your home can access the Internet on his or her own computer, at
the same time, without any noticeable decrease in speed and with Firewall
Protection, Hacker-attack logging, and Virtual Private Networking, the DFL600 provides a level of security suitable for many businesses.
This manual provides a quick introduction to network technology. Please
take a moment to read through this manual and get acquainted with your
DFL-600.
Front View
LED Indicators
WAN
Link/Act.
WAN 10/100 (Green) Green LED will LIGHT when a 100 Mbps Link is
DMZ
Link/Act.
DMZ 10/100 (Green) Green LED will LIGHT when a 100 Mbps Link is
LAN (1-3)
Link/Act.
LAN (1-3)
10/100
Power (Green) GreenLED will LIGHT when powered ON.
(Green) GreenLED will LIGHT when a good link is
established. GreenLED will BLINK when packet is
transmitting or receiving (Act.).
established. Green LED will NOT LIGHT when a
10 Mbps Link is established.
(Green) GreenLED will LIGHT when a good link is
established. GreenLED will BLINK when packet is
transmitting or receiving (Act.).
established. Green LED will NOT LIGHT when a
10 Mbps Link is established.
(Green) Green LED will LIGHT when link is established
(Link). GreenLED will BLINK when packet is
transmitting or receiving (Act.).
(Green) Green LED will LIGHT when a 100 Mbps Link is
established. Green LED will NOT LIGHT when a
10 Mbps Link is established.
Rearview
Power (5V
Connects the DC power adapter to the Power port
2.5A DC)
WAN Connects DSL/Cable modem to the WAN Ethernet port
Ports 1-3 Connect networked devices such as computers and ftp
servers to the three LAN ports. All LAN ports support
auto crossover.
DMZ Connects a networked device to the DMZ zone of the
Firewall/VPN Router. The DMZ feature can be disabled.
Reset To reload the factory default settings, press the reset
button. Pressing the Reset button will clear the current
configuration as reset the DFL-600 to the factory default
settings.
Product Features
VPN
Provides Virtual Private Networking when communicating with a VPN serverequipped office, or with another DFL-600-equipped network. Supports IPSEC,
PPTP, L2TP, and VPN pass through.
DSL/Cable Modem support
The DFL-600 can connect any Cable or DSL modem to the network.
DHCP
The DFL-600 is a DHCP-capable router. It automatically assigns unique IP
Addresses to each network users that is connected to the DFL-600, for the price of
one Internet account.
Firewall Protection
Supports general hacker attack pattern monitoring and logging.
PPPoE Client
Supports PPPoE client function to connect to a remote PPPoE server.
Virtual Server
Allows the internal server to be accessible from the Internet
Upgradeable New Features
Allows new features to be added in the future
High Performance 64 bit RISC CPU Engine
With the most advanced 64 bit RISC CPU Engine, DFL-600 guarantees full
compatibility with future DSL/Cable technologies.
IPSec Security
(DES, 3DES, MD5, SHA-1)
Idle Timer
Set a specified idle-time before automatically disconnecting
Dial-on Demand
Eliminates the need for Dial-up. Automatically logs in to your ISP.
Web-Based Configuration
No software installation required. Can be configured through a web browser making
it OS independent.
IP Address Settings and Computer Settings
In order to install the DFL-600 you will need to check your computer’s
settings and the values from your ISP.
The information offered by your ISP:
• Dynamic IP settings
• Your fixed IP address for the gateway
• Your subnet mask for the gateway
• Your default gateway IP address
• Your DNS IP address
If you would like to use PPPoE, you will need the following values from your
ISP in order to install your router:
• User Name
• Password
The static IP settings for the PC:
• Your PC’s fixed IP address
• Your PC’s subnet mask
• Your PC’s default gateway
• Your PC’s primary DNS IP address
Note: The router’s default IP address setting is 192.168.0.1, with a subnet
mask of 255.255.255.0.
Dynamic IP Settings:
It is recommended that you allow your PC’s IP settings be automatically assigned by
a DHCP server. By default, your new DFL-600 VPN Firewall functions as a DHCP
server, and it will give your PC the necessary IP settings, every time you boot your
PC.
Introduction and Overview
The DFL-600 Firewall/VPN Router creates two separate networks on the
LAN side of your network − by default, a 192.168.0.0 subnet and a
192.168.1.0 subnet (both with a subnet mask of 255.255.255.0). The DFL600 routes packets between these two subnets and the Internet (or the
network connected to the DFL-600’s WAN port). An Internet Service
Provider (ISP) or a network administrator provides the network address
information on the WAN network.
The 192.168.0.0 network
Area Network on the front panel, and 1, 2, and 3 on the rear panel − are, by
default, assigned the IP address range between 192.168.0.2 to 192.168.0.254.
So computers and other devices connected to these three ports either allow
the DFL-600’s DHCP server to assign them IP addresses from this range, or
you can manually assign devices connected to these ports an IP address from
this range. Remember that the IP address, 192.168.0.0, is reserved. The
DFL-600 is assigned 192.168.0.1 − on the LAN side − and is configured
from a computer (again, on the LAN side of your network) using a web
browser. To connect to the DFL-600’s web-based management utility, type
the IP address https://192.168.0.1 into the Address field of your web browser.
The https specifies the secure version of http.
The 192.168.1.0 network
and rear panel − is, by default, assigned the IP address range between
192.168.1.2 to 192.168.1.254 − with a subnet mask of 255.255.255.0. So
computers and other devices connected to this port must be assigned IP
addresses from this range. The DHCP server on the DFL-600 only services
the LAN ports, so you must manually assign a computer connected to the
DMZ port an IP address from this range.
You can use this default IP addressing scheme, or you can configure your
own. It is important to note that the three LAN ports and the DMZ port must
be on different subnets (different ranges of IP addresses) and that the
computers that are connected to these ports must have IP addresses in the
appropriate range.
−
LAN. The three Ethernet ports labeled − Local
−
DMZ. The port labeled − DMZ on both the front
The DMZ port is used to allow computers and devices connected to this port
to have more direct access to the Internet. This is useful for certain
applications that may conflict with the firewall and Network Address
Translation (NAT) features of the DFL-600. Computers and devices
connected to the DMZ port will not have the level of protection that the LAN
ports can provide, however. It is recommended that computers and devices
connected to the DFL-600’s DMZ port have some type of firewall software
installed and running to provide these devices with at least some level of
protection from unwanted intrusions from the Internet.
The Wide Area Network (WAN) side of the DFL-600 is anything connected
to the WAN port. This is normally an Ethernet connection to a Cable or DSL
modem that, in turn, provides a connection to the Internet. There are three
different methods for your ISP to provide the necessary network address
information to your DFL-600.
It can be useful when configuring your DFL-600 Firewall/VPN Router to
think of the LAN side (all computers or devices connected to the three LAN
ports or the DMZ port) and the WAN side (all computers or devices
connected to the WAN port – the Internet). The WAN side of the router is
connected to some device that ultimately allows a connection to the Internet,
while the LAN side is connected to your computers or other network devices
(such as a switch or hub) that ultimately allows users access to the both the
Internet and any other devices on your LAN (such as a printer or scanner).
The network information (including the IP address) required by the WAN
side of the DFL-600 is either obtained automatically from your ISP (or other
network device on the WAN side) or is entered manually. The DFL-600
allows three methods for this information to be obtained, as follows:
Dynamic − your ISP uses the Dynamic Host Configuration Protocol (DHCP)
to provide the network information. Some ISP’s may require you to enter an
assigned Host Name, as well.
Static IP Address− your ISP assigns you an IP address that never changes.
This is more common in businesses that lease dedicated connections. If your
ISP uses this type of connection, you must manually enter the assigned IP
address, subnet mask, default gateway address, and primary and (optional)
secondary DNS addresses. This information will be provided by your ISP.
Point-to-Point Protocol over Ethernet (PPPoE)− this protocol requires the
use of a Username and Password to gain access to the network. In addition,
you can specify a Connect on Demand connection that will connect to the
Internet only when a computer or device on your LAN makes a request, or
when the DFL-600 is rebooted.
If you do not know the appropriate method of obtaining the WAN side
network address information, contact your ISP or network administrator.
The Device IP Settings dialog box allows you to specify the IP address that
computers on your LAN will use to access the DFL-600’s web-based
configuration utility. The default is 192.168.0.1 with a subnet mask of
255.255.255.0. If it becomes necessary to change this IP address, be sure to
use an address that is in the same range (on the same subnet) as the three
LAN ports, or you will not be able to access the DFL-600 from your LAN.
The many other features of the DFL-600 are described in subsequent sections.
Using the Configuration Utility
Launch your web browser and type the device IP address (https://
192.168.0.1) in the browser’s address box. This is the default IP address of
your DFL-600. Press Enter.
The following dialog-box will appear to prompt you to enter the DFL-600’s
default User Name and Password. The DFL-600’s default User Name is
admin and the default Password is also admin− all lower case.
Click OK to open the Home menu.
Note: Please make sure that the computer you will use to connect to and
configure the DFL-600 is assigned an IP address that is in the same range as
the DFL-600. The IP address of the DFL-600 is 192.168.0.1. All computers
on your network must be within that range, for instance, the computer IP
address could be any IP address from the range 192.168.0.2 to 192.168.0.254,
with a subnet mask of 255.255.255.0.
The Setup Wizard will guide you the most basic setup tasks, such as setting
an administrative password, selecting the type of WAN connection you have,
entering your computer’s host name (if required by your ISP), saving the
configuration and restarting the router.
All other setup tasks can be accomplished using the configuration utility from
your web browser.
To use the Setup Wizard, click on the Run Setup Wizard link. This will
start the Setup Wizard.
Setup Wizard
The Setup Wizard will guide you through the most basic setup tasks for the
DFL-600. All other configuration tasks can be accomplished through the
web-based manager.
The Home menu contains a Run Setup Wizard link. Click on this button to
run the Setup Wizard.
Click Next to continue.
Enter a password in the Password field, and again in the Verify Password
field. This will become the logon password for the DFL-600. This password
is case-sensitive, so remember to use capital letters when logging on to the
DFL-600’s web-based manager − if you enter a password with capital letters
here. The user name, admin, will not be changed here.
Note: If you choose to input a password, please remember it. If you lose your
password, you will have to manually reset the unit (using the reset button on
the rear panel of the unit). Resetting the DFL-600 will return all
configuration parameters to their factory default values, so all of your
settings will be lost and will need to be entered again. The default Username
is admin with a password that is also admin.
Click Next to continue.
This menu allows you to select the type of connection your ISP provides.
Many ISPs use the PPPoE (Point-to-Point Protocol over Ethernet) for DSL
connections, while many Cable ISPs use DHCP (Dynamic Host
Configuration Protocol). DHCP assigns an IP address for your Internet
connection each time you log on (and is therefore, a dynamic IP address).
DHCP is referred to as Dynamic IP address on the DFL-600. The Setup
Wizard will open a page with the appropriate fields for the entry of your ISP
contact information, depending upon which of the three options you choose.
The Static IP address click-box is used to enter a permanent IP address that
is assigned by your ISP. If your ISP assigns you a permanent IP address,
choose this option.
Click Next to continue.
Some ISPs require you to use an assigned host name for your Internet
connection. If your ISP requires this, you can enter the assigned host name in
the Host Name field.
If you selected Static IP Address on the Select Internet Connection Type (WAN) wizard screen above, the following screen will open:
This screen will allow you to enter the static IP address information, if your
ISP has assigned a static IP address to your Internet account. Your ISP must
provide this information.
If you selected PPPoE (Point-to-Point Protocol over Ethernet) on the Select Internet Connection Type (WAN) screen above, the following window will
open:
This screen will allow you to enter the PPPoE information, if your ISP uses
the PPPoE protocol for your Internet account. Your ISP must provide this
information.
Click Next to continue.
You have completed the basic setup Wizard. The configuration now needs to
be entered into the DFL-600’s non-volatile RAM. Clicking Restart will save
the configuration to non-volatile RAM and restart the router.
Home
The Home menu contains links to all of the setup menus for the DFL-600.
Click on the WAN button:
WAN Settings
The WAN Settings menu allows you to view the current configuration for
your DFL-600, and to choose the protocol by which your DFL-600 will
receive its WAN network settings.
The settings listed under WAN Settings are the network settings currently in
use by the DFL-600. The fields where you will enter the WAN Settings will
change depending upon the choice you make in the IP Settings Mode dropdown menu. These settings are described below.
IP Settings Mode
IP Address
Subnet Mask
This drop-down menu determines how the DFL600 will obtain its IP address information. The
fields where you will enter the information will
change, as appropriate, to reflect the mode you
have selected. The page shown above is in
Dynamic mode.
Dynamic allows the DFL-600 to get its IP
address information from your ISP using the
Dynamic Host Configuration Protocol (DHCP).
Use this setting if your ISP instructs you to use
DHCP or to automatically obtain an IP address.
A server on your ISP’s network will then
automatically send the necessary IP address
information to your DFL-600.
Static allows you to manually enter the
necessary IP address information. Use this
setting if your ISP has permanently assigned an
IP address to your connection.
PPPoE allows you to enter a Username and
Password for a Point-to-Point Protocol over
Ethernet (PPPoE) internet connection. Use this
setting if your ISP has provided you with an
ADSL modem that operates in Bridge mode.
This is the current IP address used to identify
your ‘location’ on the Internet. It is assigned by
your ISP, or entered statically by you. IP
addresses work in combination with a subnet
mask, described below.
A subnet mask is a number, in the same form as
an IP address, that is used to mathematically
separate a range of IP addresses into a Network
portion and a Node portion. The Node portion
identifies a specific device on the Network − in
this case, the DFL-600.
Default Gateway
This is the IP address of a device at your ISP’s
office where packets destined for the Internet −
from your home network − are sent, before being
forwarded to their final destination. For the
DFL-600, the Default Gateway address is
provided by your ISP. For computers on your
home network, their Default Gateway is the IP
address of your DFL-600.
Primary DNS Server
This is the IP address of a computer on the
Internet that provides the service of changing
text URLs into IP address for sites on the
Internet. The IP address of this device is
provided by your ISP.
Secondary DNS
Server
This is the IP address of a second DNS server, to
be used in case there is a problem with the
Primary DNS Server. A secondary DNS server
IP address is optional.
The ISP Settings page allows you to modify the way that the DFL-600
obtains its network settings from your Internet Service Provider (ISP). The
entry fields on the page will change depending upon which of the following
options you choose: Dynamic IP Address, Static IP Address, and PPPoE.
Dynamic IP Address− If your ISP uses the Dynamic Host Configuration
Protocol (DHCP) to assign an IP address, subnet mask, default gateway and
Domain Name Server (DNS) addresses, choose this option. Some ISPs
require the use of an assigned Host Name for the device that will make the
WAN connection. You can enter this name into the Host Name field.
This is the type of IP address assignment protocol most commonly used by
cable ISPs. In addition, many cable modems use the MAC address of the
first computer to link to the modem as a way of identifying the user and the
corresponding Internet account. The DFL-600 offers a MAC cloning feature
where the DFL-600 will read the MAC address of the NIC card in the PC that
the cable modem uses to identify the user. The DFL-600 will then use this
MAC address when connecting to the cable modem. Clicking on the Clone
button will enable this function.
Remember to click the Apply button and then to save the changes using
Tools, System, and the Save button.
Static IP Address − If your ISP has assigned you an IP address that will
never change, choose this option. When this option is chosen, the following
fields appear to allow you to enter the network address information:
PPPoE − If your ISP uses Point-to-Point Protocol over Ethernet (PPPoE),
choose this option. When this option is chosen, the following fields appear to
allow you to enter the network address information:
Connect on Demand− allows the PPPoE WAN connection to be active only
when a computer on your LAN makes a connection request. This is similar
to the way a dial-up modem initiates a connection.
LAN Settings
The LAN Settings allows you to view the current IP address and subnet
mask assigned to the DFL-600. It also allows you to change these settings.
If it is necessary to change the IP Address or Subnet Mask assigned to the
DFL-600, enter the new values in the appropriate fields, and press Apply to
make the changes current.
Note: if you assign an IP address and subnet mask to the DFL-600 that is
different from the IP address range assigned to the computers connected to
the LAN ports, you will no longer be able to connect to the DFL-600 from
any of these computers. In order to re-establish the connection between a
computer on the LAN side and the DFL-600, you will need to assign at least
one computer on the LAN side an IP address from the same range as the IP
address you assign to the DFL-600. As an alternative, you can configure the
DFL-600’s DHCP server to give IP addresses from the new IP address range
that you will give the DFL-600 here. If you choose this option, you will have
to reboot the PCs on the LAN side of the DFL-600 in order for them to get
their new IP address settings (or you can enter the “C:\>ipconfig /renew”
command in the Command Prompt window, without rebooting your
computer).
As an example, if your LAN network is to be a 192.168.0.x network with a
subnet mask of 255.255.255.0, you might assign the DFL-600 an IP address
of 192.168.0.1 and configure the DFL-600’s DHCP server to assign
addresses in the range between 192.168.0.2 to 192.168.0.100. The default
gateway setting for computers on the LAN side will be the DFL-600’s IP
address − in this case, 192.168.0.1.
Saving all of this information to the DFL-600’s flash RAM and restarting the
router will make this IP addressing scheme current. When you enable DHCP
(in Windows, “obtain an IP address automatically”) and restart the
computers connected to the LAN side of the DFL-600, they will
automatically be assigned IP addresses from the range 192.168.0.2 to
192.168.0.100.
As an alternative, you could disable the DHCP server on the DFL-600 and
manually update the IP address, subnet mask and default gateway
information for each computer on the LAN side of the DFL-600.
It is recommended that if you need to change the IP addressing scheme for
the DFL-600, that you configure the DFL-600’s DHCP server with the
appropriate IP address range and subnet mask first, and then assign an IP
address from the same range to the DFL-600. That way, a computer on the
LAN side of your network can always get the proper network addressing
information by DHCP from the DFL-600 simply by being restarted.
DHCP Settings
g
DHCP (Dynamic Host Configuration Protocol) is a method of automatically
assigning IP addresses, subnet masks, default gateway and DNS server IP
address to computers on the LAN side of the DFL-600. The DFL-600 can be
a DHCP server for your LAN, assigning IP addresses, etc. to computers on
your network from a range of addresses you specify below.
DHCP Server Status
Starting IP Address
This allows you to Enable or Disable the DHCP
Server feature on the DFL-600. The default is
Enabled.
This is the first IP address in a range that the
DFL-600 will assign to a computer on your
network. This IP address can not be the same as
the IP address assi
ned to the DFL-600, nor can
Ending IP Address
Lease Time
Auto Configuration
the IP address assigned to the DFL-600 be
contained in the range of IP addresses available
for the DFL-600 to assign. In this case, the IP
address of the DFL-600 is 192.168.0.1, so the
first IP address in the range is 192.168.0.2.
IP addresses can range from 0.0.0.0 to
255.255.255.255, but in the DFL-600’s default
IP addressing scheme, the range is from
192.168.0.0 to 192.168.0.255. Please note that
the addresses ending in 0 and 255 are reserved
for other uses, so the effective IP address range
is 192.168.0.1 to 192.168.0.254. The DFL-600’s
default IP address is 192.168.0.1.
This is the last IP address in a range that the
DFL-600 will assign to a computer on your
network. In this case, the range of IP addresses
between 192.168.0.2 to 192.168.0.100 gives 99
different IP addresses that the DFL-600 can
assign to the computers on your network.
This is the length of time any computer on you
network that is assigned network settings by the
DFL-600 − through the DHCP protocol − can
keep its network settings. If the lease expires
while a computer is logged on to your network,
that computer will request a new set of network
settings. The default is 3600 seconds.
This field allows you to specify whether or not
the DFL-600 will assign the following network
settings to the computers on your network. If
you choose to Enable Auto Configuration, the
following network settings will be obtained
automatically from your ISP by the DFL-600,
and will then be assigned to computers on your
network. If you choose to Disable Auto
Configuration, the network settings you enter in
the fields below will be assigned to computers
on your network.
Loading...
+ 101 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.