D-link DFL-CP310 User Guide
D-Link NetDefend firewall
Security VPN Firewall
NetDefend secured by Check Point
User Guide
Version 1.0
Revised: 01/17/2006
COPYRIGHT & TRADEMARKS
Copyright © 2005 SofaWare, All Rights Reserved. No part of this
document may be reproduced in any form or by any means with out
written permission from SofaWare.
Information in this document is subject to change without notice and
does not represent a commitment on part of SofaWare Technologies
Ltd.
SofaWare, Safe@Home and Safe@Office are trademarks, service
marks, or registered trademarks of SofaWare Technologies Ltd.
Check Point, the Check Point logo, FireWall-1, FireWall-1
SecureServer, FireWall-1 SmallOffice, FloodGate-1, INSPECT, IQ
Engine, Meta IP, MultiGate, Open Security Extension, OPSEC,
Provider-1, SecureKnowledge, SecureUpdate, SiteManager-1, SVN,
UAM, User-to-Address Mapping, UserAuthority, Visual Policy
Editor, VPN-1, VPN-1 Accelerator Card, VPN-1 Gateway, VPN-1
SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, and VPN-1
Edge are trademarks, service marks, or registe red tra dem arks of Chec k
Point Software Technologies Ltd. or its affiliates.
All other product names mentioned herein are trademarks or registered
trademarks of their respective owners.
The products described in th is document are protected by U.S. Patent
No. 5,606,668 and 5,835,726 and may be protected by other U.S.
Patents, foreign patents, or pending applications.
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright © 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not all ow ed.
PREAMBLE
The licenses for most software are designed to take aw ay your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change
free software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors
commit to using it. (Some other Free Software Foundation software is
covered by the GNU Library General Public License instead.) You
can apply it to your program s, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it if
you want it, that you can change the software or use pieces of it in new
free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid anyone
to deny you these rights or to ask you to surrender the rights. These
restrictions translate to certain responsibilities for you if you distribute
copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that you
have. You must make sure that they, too, receive or can get the source
code. And you must show them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on,
we want its recipients to know that what they have is not the original,
so that any problems introd uced by others will not reflec t on the
original authors' reputations.
Finally, any free program is threatened constantly by software patents.
We wish to avoid the danger that r e distributors of a free program will
individually obtain patent licenses, in effect making the program
proprietary. To prevent this, we have made it clear that any pate nt
must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS
FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which
contains a notice placed by the copyright holder saying it may be
distributed under the terms of this General Public License. The
"Program", below, refers to any such program or work, and a "work
based on the Program" means either the Program or any derivative
work under copyright law: that is to say, a work containing the
Program or a portion of it, either verbatim or with modifications
and/or translated into another language. (Hereinafter, translation is
included without limitation in the term "modification".) Each licensee
is addressed as "you".
Activities other than copy ing, distribution and modification are not
covered by this License; they are outside its scope. The act of running
the Program is not restricted, and the output from the Program is
covered only if its contents constitute a work based on the Program
(independent of having been made by running the Program). Whether
that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an ap propriate
copyright notice and disclaimer of warranty; keep intact all the notices
that refer to this License and to the absence of any warranty; and give
any other recipients of the Program a copy of this License along with
the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a
fee.
2. You may modify your copy or copies of the Program or any
portion of it, thus form ing a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent
notices stating that you changed the files and the date of
any change.
b) You must cause any work that you distribute or publish,
that in whole or in part contains or is derived from the
Program or any part thereof, to be licensed as a whole at
no charge to all third partie s under the terms of this
License.
c) If the modified program normally reads commands
interactively when run, you must cause it, when started
running for such interactive use in the most ordinary way,
to print or display an announcement including an
appropriate copyright notice and a notice that there is no
warranty (or else, saying that you provide a warranty) and
that users may redistribute the program under these
conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work
based on the Program is not requ ired to print an
announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribu te them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote
it.
Thus, it is not the intent of this section to claim rights or contest your
rights to work written entirely by you; rather, the intent is to exercise
the right to control the distribution of derivative or collective works
based on the Program.
In addition, mere aggregation of another work not based on the
Program with the Program (or with a work based on the Program) on a
volume of a storage or distribution medium does not bring the other
work under the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding
machine-readable source code, which must be distributed
under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least
three years, to give any third party, for a charge no more
than your cost of physically performing source
distribution, a complete machine-readable copy of the
corresponding source code, to be distributed under the
terms of Sections 1 and 2 above on a medium customarily
used for software interchange; or,
c) Accompany it with the information you received as to
the offer to distribute corresponding source code. (This
alternative is allowed only for noncommercial distribution
and only if you received the program in object code or
executable form with such an offer, in accord with
Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to control
compilation and installation of the executable. However, as a special
exception, the source code distributed need not include anything that
is normally distributed (in either source or binary form) w ith the major
components (compiler, ker nel, and so on) of the operating system on
which the executable runs, unless that component itself accompanies
the executable.
If distribution of executable or object code is made by offering access
to copy from a designated place, then offering equivalent access to
copy the source code from the same place counts as distribution of the
source code, even though third parties are not compelled to copy the
source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying the
Program or works based on it.
6. Each time you redistribute the Program (or any work based on
the Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein. You
are not responsible for enforcing compliance by third parties to this
License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence
you may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, t hen
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any such
claims; this section has the sole purpose of protecting the integrity of
the free software distribution system, which is implem ented by public
license practices. Many people have made generous contributions to
the wide range of software distributed through that system in reliance
on consistent application of that system; it is up to the author/donor to
decide if he or she is willing to distribute software through any other
system and a licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfa ces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that dis tribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates the
limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new
versions of the General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may differ
in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the Program does not specify a
version number of this License, you may choose any version ever
published by the Free Software Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the
author to ask for permission. For software which is copyrighted by the
Free Software Foundation, write to the Free Software Foundation; we
sometimes make exceptions for this. Our decision will be guided by
the two goals of preserving the free status of all derivatives of our free
software and of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF
CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO
THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT
WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE
PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD
THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST
OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE
LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT
HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED
ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING
ANY GENERAL, SPECIAL, INCIDENTAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT
LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE
WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR
OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
To receive the SofaWare GPL licensed code, contact
info@sofaware.com.
SAFETY PRECAUTIONS
Carefully read the Safety Instructions the Installation and Operating
Procedures provided in this User's Guide before at tempting to install
or operate the appliance. Failure to follow these instructions may
result in damage to equipm e nt and/or personal injuries.
Before cleaning the appliance, unplug the power cord. Use
only a soft cloth dampened with water for cleaning.
When installing the appliance, ensure that the vents are not
blocked.
Do not place this product on an unstable surface or support.
The product may fall, causing serious injury to a child or adult,
as well as serious damage to the product.
Do not use the appliance outdoors.
Do not expose the appliance to liquid or moisture.
Do not expose the appliance to e xtreme high or low
temperatures.
Do not disassemble or open the appliance. Failure to comply
will void the warranty.
Do not use any accessories other than those approved by
Check Point. Failure to do so may result in loss of
performance, damage to the product, fire, electric shock or
injury, and will void the warranty.
Route power supply cords where they are not likely to be
walked on or pinched by items placed on or against them. Pay
particular attention to cords where they are attached to plugs
and convenience receptacles, and examine the point where
they exit the unit.
Do not connect or disconnect power supply cables and data
transmission lines during thunderstorms.
Do not overload wall outlets or extension cords, as this can
result in a risk of fire or electric shock. Overloaded AC outlets,
extension cords, frayed power cords, damaged or cracked wire
insulation, and broken plugs are dangerous. They may result in
a shock or fire hazard. Periodically examine the cord, and if its
appearance indicates damage or deteriorated insulation, have it
replaced by your service technician.
If the unit or any part of it is damaged, disconnect the power
plug and inform the responsible service personnel. Nonobservance may result in damage to the router.
POWER ADAPTER
Operate this product only from the type of power source
indicated on the product’s marking label. If you are not sure of
the type of power supplied to your home, consult your dealer
or local power company.
Use only the power supply provided with your product. Check
whether the device’s set supply voltage is the same as the local
supply voltage.
To reduce risk of damage to the unit, remove it from the outlet
by holding the power adapter rather than the cord.
SECURITY DISCLAIMER
The appliance provides your office network with the highest level of
security. However, no single security product can provide you with
absolute protection against a determined effort to break into your
system. We recommend using additional security measures to secure
highly valuable or sensitive information.
Contents
Contents
About This Guide.................................................................................................................................xi
Introduction...........................................................................................................................................1
About Your D-Link NetDefend firewall.............................................................................................1
NetDefend Secured by Check Point Product Family..........................................................................2
NetDefend Features and Compatibility...............................................................................................2
Connectivity....................................................................................................................................2
Firewall...........................................................................................................................................3
VPN ................................................................................................................................................4
Management....................................................................................................................................4
Optional Security Services..............................................................................................................5
Power Pack Features.......................................................................................................................5
Package Contents............................................................................................................................6
Network Requirements ...................................................................................................................7
Getting to Know Your NetDefend firewall.........................................................................................8
Rear Panel.......................................................................................................................................8
Front Panel....................................................................................................................................10
Getting to Know Your NetDefend firewall.......................................................................................11
Rear Panel.....................................................................................................................................11
Front Panel....................................................................................................................................13
Contacting Technical Support...........................................................................................................14
Installing and Setting up the NetDefend firewall.............................................................................15
Before You Install the NetDefend firewall .......................................................................................15
Windows 2000/XP........................................................................................................................16
Windows 98/Millennium ..............................................................................................................21
Mac OS.........................................................................................................................................26
Mac OS-X.....................................................................................................................................28
Contents i
Contents
Wall Mounting the Appliance...........................................................................................................30
Securing the Appliance against Theft...............................................................................................32
Network Installation..........................................................................................................................35
Setting Up the NetDefend firewall....................................................................................................36
Getting Started....................................................................................................................................39
Initial Login to the NetDefend Portal................................................................................................39
Logging on to the NetDefend Portal.................................................................................................42
Accessing the NetDefend Portal Remotely Using HTTPS...............................................................44
Using the NetDefend Portal..............................................................................................................46
Main Menu....................................................................................................................................47
Main Frame...................................................................................................................................48
Status Bar......................................................................................................................................48
Logging off .......................................................................................................................................51
Configuring the Internet Connection................................................................................................53
Overview...........................................................................................................................................53
Using the Internet Wizard.................................................................................................................54
Using a Direct LAN Connection...................................................................................................56
Using a Cable Modem Connection...............................................................................................58
Using a PPTP or PPPoE Dialer Connection..................................................................................59
Using PPPoE.................................................................................................................................60
Using PPTP...................................................................................................................................61
Using Internet Setup..........................................................................................................................63
Using a LAN Connection..............................................................................................................65
Using a Cable Modem Connection...............................................................................................67
Using a PPPoE Connection...........................................................................................................69
Using a PPTP Connection.............................................................................................................71
Using a Telstra (BPA) Connection ...............................................................................................73
ii D-Link NetDefend firewall User Guide
Contents
Using a Dialup Connection...........................................................................................................75
Using No Connection....................................................................................................................77
Setting Up a Dialup Modem .............................................................................................................84
Viewing Internet Connection Information........................................................................................87
Enabling/Disabling the Internet Connection.....................................................................................88
Using Quick Internet Connection/Disconnection..............................................................................90
Configuring a Backup Internet Connection.......................................................................................90
Setting Up a LAN or Broadband Backup Connection..................................................................91
Setting Up a Dialup Backup Connection ......................................................................................92
Managing Your Network....................................................................................................................93
Configuring Network Settings ..........................................................................................................93
Configuring a DHCP Server.........................................................................................................94
Changing IP Addresses...............................................................................................................105
Enabling/Disabling Hide NAT....................................................................................................107
Configuring a DMZ Network......................................................................................................108
Configuring the OfficeMode Network........................................................................................110
Configuring VLANs ...................................................................................................................111
Configuring High Availability........................................................................................................119
Configuring High Availability on a Gateway.............................................................................122
Sample Implementation on Two Gateways.................................................................................126
Adding and Editing Network Objects.........................................................................................130
Viewing and Deleting Network Objects.....................................................................................138
Using Static Routes.........................................................................................................................139
Adding and Editing Static Routes...............................................................................................139
Viewing and Deleting Static Routes...........................................................................................144
Managing Ports...............................................................................................................................145
Viewing Port Statuses.................................................................................................................146
Contents iii
Contents
Modifying Port Assignments......................................................................................................147
Modifying Link Configurations..................................................................................................149
Resetting Ports to Defaults..........................................................................................................150
Using Traffic Shaper.........................................................................................................................151
Overview.........................................................................................................................................151
Setting Up Traffic Shaper...............................................................................................................153
Predefined QoS Classes..................................................................................................................154
Adding and Editing Classes............................................................................................................155
Deleting Classes..............................................................................................................................159
Restoring Traffic Shaper Defaults...................................................................................................160
Configuring a Wireless Network .....................................................................................................161
Overview.........................................................................................................................................161
About the Wireless Hardware in Your NetDefend firewall............................................................162
Wireless Security Protocols ............................................................................................................163
Manually Configuring a WLAN.....................................................................................................165
Using the Wireless Configuration Wizard......................................................................................176
WPA-PSK...................................................................................................................................178
WEP............................................................................................................................................180
No Security .................................................................................................................................181
Preparing the Wireless Stations.......................................................................................................182
Troubleshooting Wireless Connectivity..........................................................................................183
Viewing Reports................................................................................................................................187
Viewing the Event Log...................................................................................................................187
Using the Traffic Monitor...............................................................................................................191
Viewing Traffic Reports .............................................................................................................191
Configuring Traffic Monitor Settings.........................................................................................193
Exporting General Traffic Reports..............................................................................................194
iv D-Link NetDefend firewall User Guide
Contents
Viewing Computers ........................................................................................................................194
Viewing Connections......................................................................................................................197
Viewing Wireless Statistics.............................................................................................................198
Setting Your Security Policy............................................................................................................203
Default Security Policy...................................................................................................................203
Setting the Firewall Security Level.................................................................................................204
Configuring Servers........................................................................................................................207
Using Rules.....................................................................................................................................209
Adding and Editing Rules...........................................................................................................213
Enabling/Disabling Rules ...........................................................................................................218
Changing Rules' Priority.............................................................................................................219
Deleting Rules.............................................................................................................................219
Using SmartDefense .......................................................................................................................220
Configuring SmartDefense..........................................................................................................221
SmartDefense Categories............................................................................................................224
Using Secure HotSpot.....................................................................................................................256
Setting Up Secure HotSpot.........................................................................................................257
Enabling/Disabling Secure HotSpot............................................................................................258
Customizing Secure HotSpot......................................................................................................259
Defining an Exposed Host ..............................................................................................................261
Using VStream Antivirus .................................................................................................................263
Overview.........................................................................................................................................263
Enabling/Disabling VStream Antivirus...........................................................................................265
Viewing VStream Signature Database Information........................................................................266
Configuring VStream Antivirus......................................................................................................267
Configuring the VStream Antivirus Policy.................................................................................267
Configuring VStream Advanced Settings...................................................................................275
Contents v
Contents
Updating VStream Antivirus...........................................................................................................279
Using Subscription Services.............................................................................................................281
Connecting to a Service Center.......................................................................................................281
Viewing Services Information ........................................................................................................287
Refreshing Your Service Center Connection..................................................................................288
Configuring Your Account .............................................................................................................288
Disconnecting from Your Service Center.......................................................................................289
Web Filtering ..................................................................................................................................290
Enabling/Disabling Web Filtering ..............................................................................................290
Selecting Categories for Blocking ..............................................................................................291
Temporarily Disabling Web Filtering.........................................................................................292
Automatic and Manual Updates......................................................................................................294
Checking for Software Updates when Remotely Managed........................................................294
Checking for Software Updates when Locally Managed............................................................295
Working With VPNs.........................................................................................................................297
Overview.........................................................................................................................................297
Site-to-Site VPNs........................................................................................................................298
Remote Access VPNs.................................................................................................................301
Internal VPN Server....................................................................................................................302
Setting Up Your NetDefend firewall as a VPN Server...................................................................303
Configuring the Remote Access VPN Server.............................................................................305
Configuring the Internal VPN Server..........................................................................................306
Installing SecuRemote ................................................................................................................307
Adding and Editing VPN Sites .......................................................................................................308
Configuring a Remote Access VPN Site.....................................................................................311
Configuring a Site-to-Site VPN Gateway...................................................................................324
Deleting a VPN Site........................................................................................................................340
vi D-Link NetDefend firewall User Guide
Contents
Enabling/Disabling a VPN Site.......................................................................................................340
Logging on to a Remote Access VPN Site......................................................................................341
Logging on through the NetDefend Portal..................................................................................342
Logging on through the my.vpn page.........................................................................................343
Logging off a Remote Access VPN Site.........................................................................................345
Installing a Certificate.....................................................................................................................345
Generating a Self-Signed Certificate...........................................................................................346
Importing a Certificate................................................................................................................350
Uninstalling a Certificate ................................................................................................................352
Viewing VPN Tunnels....................................................................................................................353
Viewing IKE Traces for VPN Connections....................................................................................356
Managing Users.................................................................................................................................359
Changing Your Password................................................................................................................359
Adding and Editing Users...............................................................................................................361
Adding Quick Guest HotSpot Users...............................................................................................365
Viewing and Deleting Users...........................................................................................................367
Setting Up Remote VPN Access for Users.....................................................................................367
Using RADIUS Authentication.......................................................................................................368
Configuring the RADIUS Vendor-Specific Attribute.....................................................................372
Maintenance......................................................................................................................................375
Viewing Firmware Status................................................................................................................375
Updating the Firmware ...................................................................................................................377
Upgrading Your Software Product..................................................................................................379
Registering Your NetDefend firewall.............................................................................................383
Configuring Syslog Logging...........................................................................................................384
Controlling the Appliance via the Command Line..........................................................................386
Using the NetDefend Portal..................................................................................................... ...386
Contents vii
Contents
Using the Serial Console.............................................................................................................388
Configuring HTTPS........................................................................................................................390
Configuring SSH.............................................................................................................................392
Configuring SNMP.........................................................................................................................394
Setting the Time on the Appliance..................................................................................................397
Using Diagnostic Tools...................................................................................................................401
Using IP Tools ............................................................................................................................402
Using Packet Sniffer...................................................................................................................404
Filter String Syntax.....................................................................................................................407
Backing Up the NetDefend firewall Configuration.........................................................................415
Exporting the NetDefend firewall Configuration........................................................................415
Importing the NetDefend firewall Configuration........................................................................416
Resetting the NetDefend firewall to Defaults.................................................................................418
Running Diagnostics.......................................................................................................................421
Rebooting the NetDefend firewall..................................................................................................422
Using Network Printers....................................................................................................................423
Overview.........................................................................................................................................423
Setting Up Network Printers...........................................................................................................424
Configuring Computers to Use Network Printers...........................................................................425
Windows 2000/XP......................................................................................................................425
MAC OS-X.................................................................................................................................431
Viewing Network Printers...............................................................................................................435
Changing Network Printer Ports.....................................................................................................435
Resetting Network Printers.............................................................................................................436
Troubleshooting................................................................................................................................437
Connectivity....................................................................................................................................438
Service Center and Upgrades..........................................................................................................442
viii D-Link NetDefend firewall User Guide
Contents
Other Problems ...............................................................................................................................443
Specifications.....................................................................................................................................445
Technical Specifications .................................................................................................................445
CE Declaration of Conformity........................................................................................................449
Federal Communications Commission Radio Frequency Interference Statement..........................451
Glossary of Terms.............................................................................................................................453
Index...................................................................................................................................................461
Contents ix
About Your D-Link NetDefend firewall
About This Guide
To make finding information in this manual easier, some types of information are
marked with special symbols or formatting.
Boldface type is used for command and button names.
Note: Notes are denoted by indented text and preceded by the Note icon.
Warning: Warnings are denoted by indented text and preceded by the Warning icon.
Each task is marked with an ic
on indicating the NetDefend product required to
perform the task, as follows:
If this icon appears... You can perform the task using these products...
DFL-CP310 or DFL-CPG310, with or without the Power Pack
DFL-CPG310
DFL-CP310 or DFL-CPG310, with the Power Pack
only, with or without the Power Pack
only
Chapter 1: About This Guide xi
About Your D-Link NetDefend firewall
Chapter 1
Introduction
This chapter introduces the D-Link NetDefend firewall and this guide.
This chapter includes the following topics:
About Your D-Link NetDefend firewall ......................................................1
NetDefend Secured by Check Point Product Fami l y....................................2
NetDefend Features and Compatibility ........................................................2
Getting to Know Your NetDefend firewall..................................................8
Getting to Know Your NetDefend firewall................................................11
Contacting Technical Support....................................................................14
About Your D-Link NetDefend firewall
The D-Link NetDefend firewall is a unified threat management (UTM) appliance
that enables secure high-speed Internet access from the office. Incorporating
software by SofaWare Technologies, an affiliate of Check Point Software
Technologies, the worldwide leader in securing the Internet, the NetDefend
Secured by Check Point Product Family includes both wired and wireless models.
The D-Link firewall, based on the world-leading Check Point Embedded NGX
Stateful Inspection technology, inspects and filters all incoming and outgoing
traffic, blocking all unauthorized traffic.
The NetDefend firewall also allows sharing your Internet connection among
several PCs or other network devices, enabling advanced office networking and
saving the cost of purchasing static IP addresses.
With the NetDefend firewall, you can subscribe to additional security services
available from select service providers, including firewall security and software
updates, Antivirus, Web Filtering, reporting, and VPN management. By supporting
integrated VPN capabilities, the NetDefend firewall allows teleworkers and road
warriors to securely connect to the office network, and enables secure
interconnection of branch offices.
Chapter 1: Introduction 1
NetDefend Secured by Check Point Product Family
NetDefend Secured by Check Point Product Family
The NetDefend series includes the following hardware models:
• DFL-CP310 Security VPN Firewall
• DFL-CPG310 Wireless Security VPN Firewall
You can upgrade your NetDefend firewall to include additional features without
replacing the hardware by installing the DFL-CP310 Power Pack, and you can
increase the number of licensed users by installing node upgrades. Contact your
reseller for more details.
NetDefend Features and Compatibility
Connectivity
The NetDefend series includes the following features:
• LAN ports: 4-ports 10/100 Mbps Fast Ethernet switch
• WAN port: 10/100 Mbps Fast Ethernet
• DMZ/WAN2 Port: 10/100 Mbps Fast Ethernet
• Serial (RS232) port for console access and dialup modem connection
• Supported Internet connection methods: Static IP, DHCP Client, Cable
Modem, PPTP Client, PPPoE Client, Telstra BPA login, Dialup
• Concurrent firewall connections: 8,000
• DHCP server, client, and relay
• MAC cloning
2 D-Link NetDefend firewall User Guide
NetDefend Features and Compatibility
• Static NAT
• Static routes and source routes
• Ethernet cable type recognition
• Backup Internet connection
• Dead Internet Connection Detection (DCD)
• Traffic Monitoring
• Traffic Shaping
• VLAN Support (requires Power Pack)
• Dynamic Routing (requires Power Pack)
The NetDefend DFL-CPG310 firewall includes the following additional features:
• Wireless LAN interface with dual diversity antennas supporting up to 108
Mbps (Super G) and Extended Range (XR)
• Integrated USB print server
• Wireless QoS (WMM)
Firewall
The NetDefend series includes the following features:
• Check Point Firewall-1 Embedded NGX firewall with Application
Intelligence
• Intrusion Detection and Prevention using Check Point SmartDefense
• Network Address Translation (NAT)
• Three preset security policies
• Anti-spoofing
• Voice over IP (H.323) support
• Instant messenger blocking/monitoring
Chapter 1: Introduction 3
NetDefend Features and Compatibility
• P2P file sharing blocking/monitoring
VPN
The NetDefend series includes the following features:
• Remote Access VPN Server with OfficeMode and RADIUS support
• Remote Access VPN Client
• Site to Site VPN Gateway
• IPSEC VPN pass-through
• Algorithms: AES/3DES/DES, SHA1/MD5
• Hardware Based Secure RNG (Random Number Generator)
• IPSec NAT traversal (NAT-T)
• Route-based VPN
• Backup VPN gateways
Management
The NetDefend series includes the following features:
• Management via HTTP, HTTPS, SSH, SNMP, Serial CLI
• Central Management: SMP
• NTP automatic time setting
• TFTP Rapid Deployment
• Local diagnostics tools: Ping, WHOIS, Packet Sniffer, VPN Tunnel
Monitor, Connection Table Monitor, Wireless Monitor, Active Computers
Display, Local Logs
4 D-Link NetDefend firewall User Guide
NetDefend Features and Compatibility
Optional Security Services
The following subscription security services are available to NetDefend owners by
connecting to a Service Center:
• Firewall Security and Software Updates
• Web Filtering
• Email Antivirus and Antispam Protection
• VStream Embedded Antivirus Updates
• VPN Management
• Security Reporting
• Vulnerability Scanning Service
Power Pack Features
The table below describes the differences between the standard DFL-CP310 and
DFL-CPG310 with the Power Pack installed.
Feature DFL-CP310/CPG310
High Availability —
Traffic Shaper Basic Advanced
DiffServ Tagging —
Dynamic Routing —
Firewall/VPN Throughput
(Mbps)
Secure Hotspot —
Chapter 1: Introduction 5
100/20 150/30
DFL-CP310/CPG310 with
Power Pack
NetDefend Features and Compatibility
Feature DFL-CP310/CPG310
VLAN (Port/Tag-based) —
VPN Throughput 20 Mbps 30 Mbps
Site-to-Site VPN 2 tunnels 15 tunnels
Site-to-Site VPN
(Managed) *
Included VPN-1
SecuRemote client
Licenses
10 tunnels 100 tunnels
5 users 25 users
DFL-CP310/CPG310 with
Power Pack
* When managed by SofaWare Security Management Portal (SMP).
Package Contents
The NetDefend series package includes the following:
• D-Link NetDefend firewall VPN Firewall
• Power adapter
• CAT5 Straight-through Ethernet cable
• Getting Started Guide
• This User Guide
6 D-Link NetDefend firewall User Guide
NetDefend Features and Compatibility
The DFL-CPG310 also includes:
• Two antennas
• Wall mounting kit, including two plastic conical anchors and two cross-
head screws
• USB extension cable
Network Requirements
• A broadband Internet connection via cable or DSL modem with Ethernet
interface (RJ-45)
• 10BaseT or 100BaseT Network Interface Card installed on each computer
• TCP/IP network protocol installed on each computer
• Internet Explorer 5.0 or higher, or Netscape Navigator 4.7 and higher
• CAT 5 STP (Category 5 Shielded Twisted Pair) Straight Through Ethernet
cable for each attached device
Note: The NetDefend firewall automatically detects cable types, so you can use
either a straight-through or crossed cable, when cascading an additional hub or
switch to the NetDefend firewall.
Note: For optimal results, it is highly recommended to use either Microsoft Internet
Explorer 5.5 or higher, or Mozilla Firefox 1.0 or higher.
• When using the DFL-CPG310, an 802.11b, 802.11g or 802.11 Super G
wireless card installed on each wireless station
Chapter 1: Introduction 7
Getting to Know Your NetDefend firewall
Getting to Know Your NetDefend firewall
Rear Panel
All physical connections (network and power) to the NetDefend firewall are made
via the rear panel of your NetDefend firewall.
Figure 1: NetDefend firewall Rear Panel Items
Figure 2: NetDefend firewall Rear Panel Items
The following table lists the NetDefend firewall 's rear panel elements.
Table 1: NetDefend firewall Rear Panel Elements
Label Description
PWR A power jack used for supplying power to the unit. Connect the supplied power
adapter to this jack.
8 D-Link NetDefend firewall User Guide
Getting to Know Your NetDefend firewall
Label Description
RESET A button used for rebooting the NetDefend firewall or resetting the NetDefend
firewall to its factory defaults. You need to use a pointed object to press this
button.
Short press. Reboots the NetDefend firewall
•
•
Long press (7 seconds). Resets the NetDefend firewall to its factory
defaults, and resets your firmware to the version that shipped with the
NetDefend firewall. This results in the loss of all security services and
passwords and reverting to the factory default firmware. You will have
to re-configure your NetDefend firewall.
Do not reset the unit without consulting your system administrator.
RS-232 /
Serial
A serial port used for connecting computers in order to access the NetDefend CLI
(Command Line Interface), or for connecting an external dialup modem
WAN Wide Area Network: An Ethernet port (RJ-45) used for connecting your cable or
xDSL modem, or for connecting a hub when setting up more than one Internet
connection
DMZ/
WAN2
A dedicated Ethernet port (RJ-45) used to connect a DMZ (Demilitarized Zone)
computer or network. Alternatively, can serve as a secondary WAN port, or as a
VLAN trunk.
LAN 1-4 Local Area Network switch: Four Ethernet ports (RJ-45) used for connecting
computers or other network devices
Chapter 1: Introduction 9
Getting to Know Your NetDefend firewall
Front Panel
The NetDefend firewall includes several status LEDs that enable you to monitor
the appliance’s operation.
Figure 3: NetDefend firewall Front Panel
For an explanation of the NetDefend firewall’s status LEDs, see the table below.
Table 2: NetDefend firewall Status LEDs
LED State Explanation
PWR/SEC Off Power off
LAN 1-4/
WAN/
DMZ/WAN2
10 D-Link NetDefend firewall User Guide
Flashing quickly (Green) System boot-up
Flashing slowly (Green) Establishing Internet connection
On (Green) Normal operation
Flashing (Red) Hacker attack blocked
On (Red) Error
LINK/ACT Off, 100 Off
LINK/ACT On, 100 Off
Link is down
10 Mbps link established for the
corresponding port
Getting to Know Your NetDefend firewall
LED State Explanation
VPN Flashing (Green) VPN port in use
Serial Flashing (Green) Serial port in use
LINK/ACT On, 100 On
LNK/ACT Flashing
100 Mbps link established for the
corresponding port
Data is being transmitted/received
Getting to Know Your NetDefend firewall
R
ear Panel
All physical connections (network and power)
via the rear panel of your NetDefend firewall.
to the NetDefend firewall are made
Figure 4: NetDefend firewall Rear Panel Items
The following table lists the NetDefend firewall appliance's rear panel elements.
Table 3: NetDefend firewall Rear Panel Elements
Label Description
PWR r supplying power to the unit. Connect the supplied power
Chapter 1: Introduction 11
A power jack used fo
adapter to this jack.
Getting to Know Your NetDefend firewall
Label Description
RESET A button used for rebooting the NetDefend firewall or resetting the NetDefend
firewall to its factory defaults. You need to use a pointed object to press this
button.
Short press. Reboots the NetDefend firewall
•
•
Long press (7 seconds). Resets the NetDefend firewall to its factory
default, and resets your firmware to the version that shipped with the
NetDefend firewall. This results in the loss of all security services and
passwords and reverting to the factory default firmware. You will have
to re-configure your NetDefend firewall.
Do not reset the unit without consulting your system administrator.
USB Two USB 2.0 ports used for connecting USB-based printers
RS232 A serial (RS-232) port used for connecting computers in order to access the
NetDefend CLI (Command Line Interface), or for connecting an external dialup
modem
WAN Wide Area Network: An Ethernet port (RJ-45) used for connecting your cable or
xDSL modem, or for connecting a hub when setting up more than one Internet
connection
DMZ/
WAN2
A dedicated Ethernet port (RJ-45) used to connect a DMZ (Demilitarized Zone)
computer or network. Alternatively, can serve as a secondary WAN port , or as a
VLAN trunk.
LAN 1-4 Local Area Network switch: Four Ethernet ports (RJ-45) used for connecting
computers or other network devices
ANT 1/
Antenna connectors, used to connect the supplied wireless antennas
ANT 2
12 D-Link NetDefend firewall User Guide
Getting to Know Your NetDefend firewall
Front Panel
The NetDefend firewall appliance includes several status LEDs that enable you to
monitor the appliance’s operation.
Figure 5: NetDefend firewall Front Panel
For an explanation of the NetDefend firewall appliance’s status LEDs, see the table
below.
Table 4: NetDefend firewall Status LEDs
LED State Explanation
PWR/SEC Off Power off
LAN 1-4/
WAN/
DMZ/WAN2
Chapter 1: Introduction 13
Flashing quickly (Green) System boot-up
Flashing slowly (Green) Establishing Internet connection
On (Green) Normal operation
Flashing (Red) Hacker attack blocked
On (Red) Error
Flashing (Orange) Software update in progress
LINK/ACT Off, 100 Off
LINK/ACT On, 100 Off
Link is down
10 Mbps link established for the
corresponding port
Contacting Technical Support
LED State Explanation
VPN Flashing (Green) VPN port in use
Serial Flashing (Green) Serial port in use
USB Flashing (Green) USB port in use
WLAN Flashing (Green) WLAN in use
LINK/ACT On, 100 On
LNK/ACT Flashing
100 Mbps link established for the
corresponding port
Data is being transmitted/received
Contacting Technical Support
If there is a problem with your NetDefend firewall, see http://support.dlink.com/.
You can also download the latest version of this guide from the site.
14 D-Link NetDefend firewall User Guide
Loading...