D-Link D DFL-500 DFL-500 Manual - Setting The Date and Time
DFL-500 User Manual
21
The CLI lists the Management IP address and netmask.
Configure the Transparent mode default gateway
• Login to the CLI if you are not already logged in.
• Set the default route to the Default Gateway that you recorded in
Transparent mode settings
. Enter:
set system route number
Example
set system route number 1 gateway 204.23.1.2
You have now completed the initial configuration of the DFL-500 NPG and you can proceed to the next
section.
Setting the date and time
For effective scheduling and logging, the DFL-500 NPG date and time should be accurate. You can either
manually set the time or you can configure the DFL-500 NPG to automatically keep its time correct by
synchronizing with a Network Time Protocol (NTP) server.
To set the DFL-500 NPG date and time, see
Setting system date and time
.
Connecting to your network
When you have completed the initial configuration, you can connect the DFL-500 NPG between your internal
network and the Internet.
There are two 10/100 BaseTX connectors on the DFL-500 NPG:
• Internal for connecting to your internal network,
• External for connecting to the Internet.
To connect the DFL-500 NPG:
• Connect the Internal interface to the hub or switch connected to your internal network.
• Connect the External interface to the Internet.
Connect to the public switch or router provided by your Internet Service Provider.
Summary of D DFL-500 DFL-500
Page 1
Dfl-500 user manual 1 d-link dfl-500 network security firewall manual building networks for people.
Page 2
Dfl-500 user manual 2 © copyright 2003 d-link systems, inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any pu...
Page 3: Table of Contents
Dfl-500 user manual 3 table of contents introduction .................................................................................................... 8 nat/route mode and transparent mode....................................................................................................... 8 nat...
Page 4
Dfl-500 user manual 4 firewall configuration .................................................................................. 23 nat/route mode and transparent mode..................................................................................................... 24 nat/route mode .................
Page 5
Dfl-500 user manual 5 configuring user groups................................................................................................................................ 46 adding user groups............................................................................................................
Page 6
Dfl-500 user manual 6 changing the url block message ........................................................................................................... 74 downloading the url block list ............................................................................................................
Page 7
Dfl-500 user manual 7 system configuration .................................................................................................................................... 96 setting system date and time ...............................................................................................
Page 8: Introduction
Dfl-500 user manual 8 introduction the dfl-500 network protection gateway (npg) is an easy-to-deploy and easy-to-administer solution that delivers exceptional value and performance for small office and home office (soho) applications. Your dfl-500 is a dedicated easily managed security device that d...
Page 9: For More Information
Dfl-500 user manual 9 • administration describes dfl-500 management and administrative tasks. • the glossary defines many of the terms used in this document. For more information in addition to the dfl-500 user manual , you have access to the following dfl-500 documentation: • dfl-500 quickstart gui...
Page 10: Getting Started
Dfl-500 user manual 10 getting started this chapter describes unpacking, setting up, and powering on your dfl-500 npg. When you have completed the procedures in this chapter, you can proceed to one of the following: • if you are going to run your dfl-500 npg in nat/route mode, go to nat/route mode i...
Page 11: Powering On
Dfl-500 user manual 11 dimensions • 8.63 x 6.13 x 1.38 in. (21.9 x 15.6 x 3.5 cm) weight • 1.5 lb. (0.68 kg) power requirements • dc input voltage: 5 v • dc input current: 3 a environmental specifications • operating temperature: 32 to 104°f (0 to 40°c) • storage temperature: -13 to 158°f (-25 to 70...
Page 12: Initial Configuration
Dfl-500 user manual 12 front and back view of the dfl-500 npg initial configuration when the dfl-500 npg is first powered on, it is running in nat/route mode and has the basic configuration listed in dfl-500 npg initial power on settings . Dfl-500 npg initial power on settings operating mode: nat/ro...
Page 13
Dfl-500 user manual 13 • using the crossover cable or the ethernet hub and cables, connect the internal interface of the dfl- 500 npg to the computer ethernet connection. • start internet explorer and browse to the address https://192.168.1.99 . The dfl-500 login appears. • type admin in the name fi...
Page 14: Next Steps
Dfl-500 user manual 14 data bits 8 parity none stop bits 1 flow control none • press enter to connect to the dfl-500 cli. The following prompt appears: dfl-500 login: • type admin and press enter. The following prompt appears: type ? For a list of commands. For information on how to use the cli, see...
Page 15: Nat/route Mode Installation
Dfl-500 user manual 15 nat/route mode installation this chapter describes how to install your dfl-500 npg in nat/route mode. If you want to install the dfl- 500 npg in transparent mode, see transparent mode installation . This chapter includes: • preparing to configure nat/route mode • using the set...
Page 16: Using The Setup Wizard
Dfl-500 user manual 16 ending ip: _____._____._____._____ netmask: _____._____._____._____ default route: _____._____._____._____ dns ip: _____._____._____._____ the dfl-500 npg contains a dhcp server that you can configure to automatically set the addresses of the computers on your internal network...
Page 17: Connecting to Your Networks
Dfl-500 user manual 17 • set the ip address and netmask of the external interface to the external ip address and netmask that you recorded in nat/route mode settings . To set the manual ip address and netmask, enter: set system interface external static ip example set system interface external stati...
Page 18: Completing The Configuration
Dfl-500 user manual 18 dfl-500 npg network connections configuring your internal network if you are running the dfl-500 npg in nat/route mode, your internal network must be configured to route all internet traffic to the address of the internal interface of the dfl-500 npg. This means changing the d...
Page 19: Using The Setup Wizard
Dfl-500 user manual 19 transparent mode installation this chapter describes how to install your dfl-500 npg in transparent mode. If you want to install the dfl- 500 npg in nat/route mode, see nat/route mode installation . This chapter includes: • preparing to configure transparent mode • using the s...
Page 20
Dfl-500 user manual 20 starting the setup wizard • select easy setup wizard (the button in the upper right corner of the web-based manager). • use the information that you gathered in transparent mode settings to fill in the wizard fields. Select the next button to step through the wizard pages. • c...
Page 21: Setting The Date and Time
Dfl-500 user manual 21 the cli lists the management ip address and netmask. Configure the transparent mode default gateway • login to the cli if you are not already logged in. • set the default route to the default gateway that you recorded in transparent mode settings . Enter: set system route numb...
Page 22
Dfl-500 user manual 22 dfl-500 network connections.
Page 23: Firewall Configuration
Dfl-500 user manual 23 firewall configuration by default, the users on your internal network can connect through the dfl-500 npg to the internet. The firewall blocks all other connections. The firewall is configured with a default policy that matches any connection request received from the internal...
Page 24
Dfl-500 user manual 24 nat/route mode and transparent mode the first step in configuring firewall policies is to configure the mode for the firewall. The firewall can run in nat/route mode or transparent mode. Nat/route mode run the dfl-500 npg in nat/route mode to protect a private network from a p...
Page 25
Dfl-500 user manual 25 you can also select insert policy before on a policy in the list to add the new policy above a specific policy. • configure the policy: source select an address or address group that matches the source address of the packet. Before you can add this address to a policy, you mus...
Page 26
Dfl-500 user manual 26 telnet, or ftp. For users to be able to authenticate you must add an http, telnet, or ftp policy that is configured for authentication. When users attempt to connect through the firewall using this policy they are prompted to enter a firewall username and password. If you want...
Page 27
Dfl-500 user manual 27 adding a nat/route int -> ext policy adding transparent mode policies add transparent mode policies to control the network traffic that is allowed to pass through the firewall when you are running the it in transparent mode. • go to firewall > policy . • select a policy list t...
Page 28
Dfl-500 user manual 28 action select how the firewall should respond when the policy matches a connection attempt. You can configure the policy to direct the firewall to accept the connection or deny the connection. If you select accept, you can also configure authentication for the policy. Log traf...
Page 29: Configuring Policy Lists
Dfl-500 user manual 29 adding a transparent mode int -> ext policy configuring policy lists the firewall matches policies by searching for a match starting at the top of the policy list and moving down until it finds the first match. You must arrange policies in the policy list from more specific to...
Page 30: Addresses
Dfl-500 user manual 30 policies that require authentication must be added to the policy list above matching policies that do not; otherwise, the policy that does not require authentication is selected first. Changing the order of policies in a policy list • go to firewall > policy . • select the tab...
Page 31
Dfl-500 user manual 31 adding addresses • go to firewall > address . • select the interface to which to add the address. The list of addresses added to that interface is displayed. • select new to add a new address to the selected interface. • enter an address name to identify the address. The name ...
Page 32: Services
Dfl-500 user manual 32 organizing addresses into address groups you can organize related addresses into address groups to make it easier to add policies. For example, if you add three addresses, and then add them to an address group, you only have to add one policy for the address group rather than ...
Page 33
Dfl-500 user manual 33 • predefined services • providing access to custom services • grouping services predefined services to view the list of predefined services, go to firewall > service > pre-defined . You can add predefined services to any policy. Providing access to custom services add a custom...
Page 34: Schedules
Dfl-500 user manual 34 adding a service group • to add services to the service group, select a service from the available services list and select the right arrow to copy it to the members list. • to remove services from the service group, select a service from the members list and select the left a...
Page 35: Virtual Ips
Dfl-500 user manual 35 • set the start date and time for the schedule. Set start and stop times to 00 for the schedule to cover the entire day. • set the stop date and time for the schedule. One-time schedules use the 24-hour clock. • select ok to add the one-time schedule. Creating recurring schedu...
Page 36
Dfl-500 user manual 36 create an external address for the web server on the internet. You must then add a virtual ip to the firewall that maps the external ip address of the web server to the actual address of the web server on your internal network. To allow connections from the internet to the web...
Page 37
Dfl-500 user manual 37 adding a static nat virtual ip • in the map to ip field, enter the real ip address on the more secure network, for example, the ip address of a web server on your internal network. The firewall translates the source address of outbound packets from the host with the map to ip ...
Page 38
Dfl-500 user manual 38 adding a port forwarding virtual ip • enter the external service port number for which to configure port forwarding. The external service port number must match the destination port of the packets to be forwarded. For example, if the virtual ip provides access from the interne...
Page 39: Ip Pools
Dfl-500 user manual 39 destination select the virtual ip. Schedule select a schedule as required. Service select the service that matches the map to service that you selected for the port-forwarding virtual ip. Action set action to accept to accept connections to the internal server. You can also se...
Page 40: Ip/mac Binding
Dfl-500 user manual 40 adding an ip pool ip/mac binding ip/mac binding protects the dfl-500 npg and your network from ip spoofing attacks. Ip spoofing attempts to use the ip address of a trusted computer to connect to or through the firewall from a different computer. The ip address of a computer ca...
Page 41
Dfl-500 user manual 41 all packets that would normally be matched with policies to be able to go through the firewall are first compared with the entries in the ip/mac binding list. If a match is found, then the firewall attempts to match the packet with a policy. For example, if the ip/mac pair ip ...
Page 42
Dfl-500 user manual 42 viewing the dynamic ip/mac list • go to firewall > ip/mac binding > dynamic ip/mac . Enabling ip/mac binding • go to firewall > ip/mac binding > setting . • select enable ip/mac binding going through the firewall to turn on ip/mac binding for packets that could be matched by p...
Page 43: Users and Authentication
Dfl-500 user manual 43 users and authentication dfl-500 npgs support user authentication to the dfl-500 user database or to a radius server. You can add user names to the dfl-500 user database and then add a password to allow the user to authenticate using the internal database. You can also add the...
Page 44
Dfl-500 user manual 44 • select new to add a new user name. Adding a user name • enter the user name. The user name can contain numbers (0-9) and uppercase and lowercase letters (a-z, a-z), and the special characters - and _. Other special characters and spaces are not allowed. • select one of the f...
Page 45: Configuring Radius Support
Dfl-500 user manual 45 deleting the user name deletes the authentication configured for the user. Configuring radius support if you have configured radius support and a user is required to authenticate using a radius server, the dfl-500 npg contacts the radius server for authentication. When using a...
Page 46: Configuring User Groups
Dfl-500 user manual 46 configuring user groups use the following information to add user groups to your dfl-500 configuration. You can add user names and radius servers to user groups. You can then add user groups to: • policies that require authentication ( adding nat/route mode policies , and addi...
Page 47
Dfl-500 user manual 47 adding a user group • to remove users or radius servers from the user group, select a user or radius server from the members list and select the left arrow to remove the name or radius server from the group. • select ok. Deleting user groups you cannot delete user groups that ...
Page 48: Ipsec Vpns
Dfl-500 user manual 48 ipsec vpns using ipsec virtual private networking (vpn), you can securely join two or more widely separated private networks or computers together through the internet. For example, if you are away from home, you can use a vpn to securely connect through your dfl-500 npg to yo...
Page 49
Dfl-500 user manual 49 • esp security in tunnel mode • des and 3des (tripledes) encryption • diffie-hellman groups 1, 2, and 5 • hmac md5 authentication/data integrity or hmac sha1 authentication/data integrity • aggressive and main mode • nat traversal • replay detection • ipsec redundancy • perfec...
Page 50: Configuring Dialup Vpn
Dfl-500 user manual 50 see adding an encrypt policy . Configuring manual key ipsec vpn a manual key vpn configuration consists of a manual key vpn tunnel, the source and destination addresses for both ends of the tunnel, and an encrypt policy to control access to the vpn tunnel. To create a manual k...
Page 51
Dfl-500 user manual 51 configuring the vpn concentrator on the vpn concentrator network, you must create one vpn tunnel for each of the prospective vpn concentrator members and then add these tunnels to a vpn concentrator. You can add both autoike and manual key vpn tunnels to a vpn concentrator. En...
Page 52: Configuring Ipsec Redundancy
Dfl-500 user manual 52 see adding an autoike key vpn tunnel . Or, add a manual key vpn tunnel. See adding a manual key vpn tunnel . • add one encrypt policy between the member vpn and the vpn concentrator. Use the following configuration: source member vpn address. Destination vpn concentrator addre...
Page 53: Adding A Remote Gateway
Dfl-500 user manual 53 the source and destination of both policies must be the same. Add a different autoike key tunnel to each policy. See adding an encrypt policy . Adding a remote gateway add a remote gateway configuration to define the parameters that the dfl-500 npg uses to connect to and estab...
Page 54
Dfl-500 user manual 54 mode. Enter the ip address of the dialup user or the domain name of the dialup user (for example, domain.Com). If you do not add a local id, the dfl-500 external interface automatically becomes the local id. For information about the local id, see about dialup vpn authenticati...
Page 55
Dfl-500 user manual 55 for each variation, the remote gateway field of the dialup server remote gateway configuration must be set to dialup user and all of the clients must have their remote gateway or equivalent set to the static ip address of the remote gateway server. The following sections descr...
Page 56
Dfl-500 user manual 56 aggressive mode with no user group field server clients user group none n/a mode aggressive aggressive authentication key the server and the clients must have the same authentication key. Local id empty empty aggressive mode with a user group selected in this configuration, th...
Page 57
Dfl-500 user manual 57 about nat traversal nat (network address translation) converts private ip addresses into routable public ip addresses. The dfl-500 npg uses napt (network address port translation), in which both ip addresses and ports are mapped. Mapping both components allows multiple private...
Page 58
Dfl-500 user manual 58 autokey keep alive enable autokey keep alive to keep the vpn tunnel running even if no data is being processed. Concentrator select a concentrator if you want the tunnel to be part of a hub and spoke vpn configuration. If you use the procedure, adding a vpn concentrator to add...
Page 59
Dfl-500 user manual 59 the dfl-500 npg sends an alert email when replay detection detects a replay packet. To receive the alert email, you must configure alert email and select "enable alert email for critical firewall/vpn events or violations". For information about alert email, see configuring ale...
Page 60: Adding A Vpn Concentrator
Dfl-500 user manual 60 for all 3des encryption algorithms, enter three hexadecimal numbers of up to 16 digits each. Use the same encryption key at both ends of the tunnel. Required for encryption algorithms that include md5 or sha1 authentication. For md5 authentication, enter two hexadecimal number...
Page 61: Adding An Encrypt Policy
Dfl-500 user manual 61 • select ok to add the vpn concentrator. Adding a vpn concentrator adding an encrypt policy add encrypt policies to connect users on your internal network to a vpn tunnel. Encrypt policies are always int -> ext policies. The source of the encrypt policy must be an address on y...
Page 62
Dfl-500 user manual 62 the destination address is the ip address of the remote network behind the remote vpn gateway. The destination address is the ip address of the remote network behind the remote vpn gateway. If you are adding an encrypt policy for a vpn with a remote vpn client connected to the...
Page 63: Viewing Vpn Tunnel Status
Dfl-500 user manual 63 allow outbound select allow outbound to enable outbound users to connect to the destination address. Inbound nat the dfl-500 npg translates the source address of incoming packets to the ip address of the dfl-500 interface connected to the source address network. Outbound nat t...
Page 64: Testing A Vpn
Dfl-500 user manual 64 autoike key tunnel status viewing dialup vpn connection status you can use the dialup monitor to view the status of dialup vpns. The dialup monitor lists the remote gateways and the active vpn tunnels for each gateway. The monitor also lists the tunnel lifetime, timeout, proxy...
Page 65
Dfl-500 user manual 65 to confirm that a vpn between a network and one or more clients has been configured correctly, start a vpn client and use the ping command to connect to a computer on the internal network. The vpn tunnel initializes automatically when the client makes a connection attempt. You...
Page 66: Pptp And L2Tp Vpns
Dfl-500 user manual 66 pptp and l2tp vpns using pptp and l2tp virtual private networking (vpn), you can create a secure connection between a client computer running microsoft windows and your internal network. Pptp is a windows vpn standard. You can use pptp to connect computers running windows to a...
Page 67
Dfl-500 user manual 67 pptp vpn between a windows client and the dfl-500 npg configuring the dfl-500 npg as a pptp gateway • create a user group for your pptp users. See users and authentication . • go to vpn > pptp > pptp range . • select enable pptp. • enter the starting ip and the ending ip for t...
Page 68
Dfl-500 user manual 68 example pptp range configuration when using a radius server for user authentication, pptp and l2tp encryption is not supported and you should not select require data encryption when configuring windows clients for pptp or l2tp. • add the addresses from the pptp address range t...
Page 69: L2Tp Vpn Configuration
Dfl-500 user manual 69 l2tp vpn configuration l2tp clients must be able to authenticate with the dfl-500 npg to start a l2tp session. To support l2tp authentication, you must add a user group to the dfl-500 npg configuration. This user group can contain users added to the dfl-500 npg user database, ...
Page 70
Dfl-500 user manual 70 • select enable l2tp. • enter the starting ip and the ending ip for the l2tp address range. • select the user group that you added in step create a user group for your l2tp users. . • select apply to enable l2tp through the dfl-500 npg. Sample l2tp address range configuration ...
Page 71: Web Content Filtering
Dfl-500 user manual 71 web content filtering use dfl-500 web content filtering for: • enabling web content filtering • blocking web pages that contain unwanted content • blocking access to urls • removing scripts from web pages • exempting urls from content or url blocking enabling web content filte...
Page 72
Dfl-500 user manual 72 the dfl-500 npg is now configured to block web pages containing words and phrases added to the banned word list. • select new to add a word or phrase to the banned word list. • choose a language or character set for the banned word or phrase. You can choose western, chinese si...
Page 73: Blocking Access to Urls
Dfl-500 user manual 73 • select backup banned word list . The dfl-500 npg downloads the banned word list to a text file on the management computer. You can specify a location to which to download the text file as well as a name for the text file. You can make changes to the text file and upload it f...
Page 74
Dfl-500 user manual 74 url blocking does not block access to other services that users can access with a web browser. For example, url blocking does not block access to ftp://ftp.Badsite.Com . Instead, you can use firewall policies to deny ftp connections. • select enable to block the url. • select ...
Page 75
Dfl-500 user manual 75 you can add a url list created by a third-party url block or blacklist service. For example, you can download the squidguard blacklists, available at http://www.Squidguard.Org/blacklist/ as a starting point for creating your own url block list. Three times a week, the squidgua...
Page 76
Dfl-500 user manual 76 • clearing the exempt url list • downloading the exempt url list • uploading an exempt url list adding urls to the exempt url list • go to web filter > exempt url . • select new to add an entry to the exempt url list. • type the url to exempt. Enter a complete url, including p...
Page 77
Dfl-500 user manual 77 uploading an exempt url list you can create an exempt url list in a text editor and then upload the text file to the dfl-500 npg. Add one url to each line of the text file. You can follow the url with a space and then a 1 to enable or a zero (0) to disable the url. If you do n...
Page 78: Logging and Reporting
Dfl-500 user manual 78 logging and reporting you can configure the dfl-500 npg to record 3 types of logs: • traffic logs record all traffic that attempts to connect through the dfl-500 npg. • event logs record management and activity events. You can also use log & report to configure the dfl-500 npg...
Page 79: Configuring Alert Email
Dfl-500 user manual 79 example log settings selecting what to log use the following procedure to configure the type of information recorded in dfl-500 logs. • go to log&report > log setting . • select log all internal traffic to firewall to record all connections to the internal interface. This sett...
Page 80
Dfl-500 user manual 80 configuring alert email • go to system > network > dns . • if they have not already been added, add the primary and secondary dns server addresses provided to you by your isp. Because the dfl-500 npg uses the smtp server name to connect to the mail server, it must be able to l...
Page 81: Administration
Dfl-500 user manual 81 administration this chapter describes how to use the web-based manager to administer and maintain the dfl-500 npg. It contains the following sections: • system status • upgrading the dfl-500 npg firmware • displaying the dfl-500 npg serial number • backing up system settings •...
Page 82
Dfl-500 user manual 82 • shutting down the dfl-500 npg if you log into the web-based manager with any other administrator account, you can go to system > status to view the system settings including: • displaying the dfl-500 npg serial number all administrative users can also go to system > status >...
Page 83
Dfl-500 user manual 83 • enter the following command to restart the dfl-500 npg: > execute reboot as the dfl-500 npg reboots, messages similar to the following appear: bios version 2.2 serial number: fgt-502801021075 sdram initialization. Scanning pci bus...Done. Total ram: 256m enabling cache...Don...
Page 84
Dfl-500 user manual 84 when the interface addresses are changed, you can access the dfl-500 from the web-based manager and restore your configuration files and content and url filtering lists. Displaying the dfl-500 npg serial number • go to system > status . The serial number is displayed in the st...
Page 85
Dfl-500 user manual 85 this procedure deletes the changes that you have made to the dfl-500 npg configuration and reverts the system to its original configuration, including resetting interface addresses. • go to system > status . • select restore factory defaults. • select ok to confirm. The dfl-50...
Page 86
Dfl-500 user manual 86 the dfl-500 npg changes operation mode. • to reconnect to the web-based manager, browse to the interface that you have configured for management access using https:// followed by the ip address of the interface. Restarting the dfl-500 npg use the following procedure to restart...
Page 87: Network Configuration
Dfl-500 user manual 87 system status monitor at the top of the display, the system status monitor shows: cpu usage the current cpu usage statistics of the dfl-500 npg. Memory usage the percentage of available memory being used by the dfl-500 npg. Up time the number of days, hours, and minutes since ...
Page 88
Dfl-500 user manual 88 configuring the internal interface to configure the internal interface: • go to system > network > interface . • for the internal interface, select modify . • change the ip address and netmask as required. • select the management access methods for the internal interface. Http...
Page 89
Dfl-500 user manual 89 • controlling management access to the external interface • changing the external interface mtu size to improve network performance configuring the external interface with a static ip address • go to system > network > interface . • for the external interface, select modify . ...
Page 90
Dfl-500 user manual 90 configuring the external interface configuring the external interface for pppoe use the following procedure to configure the external interface to use pppoe. This configuration is required if your isp uses pppoe to assign the ip address of the external interface. • go to syste...
Page 91
Dfl-500 user manual 91 • for the external interface, select modify . • select the management access methods for the external interface. Https to allow secure https connections to the web-based manager through the external interface. Ping if you want the external interface to respond to pings. Use th...
Page 92: Configuring Routing
Dfl-500 user manual 92 configuring the management interface (transparent mode) in transparent mode, you can configure the management interface for management access to the dfl-500 npg. • go to system > network > management . • change the management ip and mask as required. These must be valid addres...
Page 93
Dfl-500 user manual 93 if you select dead gateway detection you can also configure ping target, detection interval, and fail- over detection for the routing gateway. • set ping target to the ip address that the dfl-500 npg should ping to test connectivity with the gateway. The ping target could be t...
Page 94
Dfl-500 user manual 94 • select ok to save the new route. Arrange routes in the routing table from more specific to more general. To arrange routes in the routing table, see configuring the routing table . Configuring the routing table as you add routes, they appear on the routing table. The routing...
Page 95
Dfl-500 user manual 95 • repeat these steps to add more routes as required. Providing dhcp services to your internal network if the dfl-500 npg is operating in nat/route mode, you can configure it to be the dhcp server for your internal network: • go to system > network > dhcp . • select enable dhcp...
Page 96: System Configuration
Dfl-500 user manual 96 sample dhcp settings viewing the dynamic ip list if you have configured your dfl-500 npg as a dhcp server, you can view a list of ip addresses that the dhcp server has added, their corresponding mac addresses and the expiry time and date for these addresses. The dfl-500 npg ad...
Page 97
Dfl-500 user manual 97 • setting system date and time • changing web-based manager options • adding and editing administrator accounts • configuring snmp setting system date and time for effective scheduling and logging, the dfl-500 npg time should be accurate. You can either manually set the dfl-50...
Page 98
Dfl-500 user manual 98 • specify how often the dfl-500 npg should synchronize its time with the ntp server. A typical syn interval would be 1440 minutes for the dfl-500 npg to synchronize its time once a day. • select apply. Changing web-based manager options you can change the web-based manager idl...
Page 99
Dfl-500 user manual 99 • select new to add an administrator account. • type a login name for the administrator account. The login name must be at least 6 characters long and can contain numbers (0-9), and upper case and lowercase letters (a-z, a-z), and the special characters - and _. Other special ...
Page 100
Dfl-500 user manual 100 system location describe the physical location of the dfl-500 npg. The system location description can be up to 31 characters long and can contain spaces, numbers (0-9), uppercase and lowercase letters (a-z, a-z), and the special characters - and _. The \ [ ] ` $ % & characte...
Page 101: Glossary
Dfl-500 user manual 101 glossary connection : a link between machines, applications, processes, and so on that can be logical, physical, or both. Dns, domain name service : a service that converts symbolic node names to ip addresses. Ethernet : a local-area network (lan) architecture that uses a bus...
Page 102
Dfl-500 user manual 102 netmask : also called subnet mask. A set of rules for omitting parts of a complete ip address to reach a target destination without using a broadcast message. It can indicate a subnetwork portion of a larger network in tcp/ip. Sometimes referred to as an address mask. Ntp , n...
Page 103
Dfl-500 user manual 103 vpn, virtual private network : a network that links private networks over the internet. Vpns use encryption and other security mechanisms to ensure that only authorized users can access the network and that data cannot be intercepted. Virus : a computer program that attaches ...
Page 104: Index
Dfl-500 user manual 104 index a action policy option activex removing from web pages address adding editing group ip/mac binding virtual ip address group example address name admin administrator account administrator account adding admin editing netmask trusted host aggressive mode remote gateway al...
Page 105
Dfl-500 user manual 105 c clear communication sessions cli configuring ip addresses connecting to concentrator adding vpn hub and spoke configuration hub and spoke vpn connecting to your network web-based manager contact information snmp content blocking content filtering configuring enabling cookie...
Page 106
Dfl-500 user manual 106 dhcp dynamic ip list viewing dynamic ip/mac list e email alert testing enabling a policy encryption adding ipsec firewall policy algorithm encryption algorithm manual key ipsec vpn encryption key manual key ipsec vpn ending ip dhcp l2tp pptp environmental specifications event...
Page 107
Dfl-500 user manual 107 first trap receiver ip address snmp fixed port policy option from ip system status from port system status g gateway adding remote gateway ipsec vpn remote gateway name routing get community snmp group address grouping services h http enabling web content filtering https hub ...
Page 108
Dfl-500 user manual 108 ipsec ipsec vpn adding firewall policy autoike key autoike key remote gateway autoike key vpn tunnel compatibility with ipsec vpn products concentrator configuring remote gateway definition dialup vpn features hub and spoke manual key manual key exchange vpn tunnel remote gat...
Page 109
Dfl-500 user manual 109 user groups l2tp gateway configuring language web-based manager lease duration dhcp local id ipsec vpn remote gateway local spi ipsec vpn manual key log traffic policy option logging log all events log all external traffic to firewall log all internal traffic to firewall log ...
Page 110
Dfl-500 user manual 110 ip addresses policy policy, adding nat traversal about nat/route mode nat-traversal ipsec vpn remote gateway netmask administrator account network address translation introduction network configuration changing ntp setting system date and time o one-time schedule creating ope...
Page 111
Dfl-500 user manual 111 external interface pptp adding firewall policy configuring configuring gateway definition enabling ending ip network configuration starting ip user groups vpn configuration pptp gateway configuring pre-defined services protocol system status r radius adding server address exa...
Page 112
Dfl-500 user manual 112 rip routing gateway adding routing table adding a default route adding routes adding routes (transparent mode) configuring s schedule applying to a policy creating one-time creating recurring policy option script filter scripts removing from web pages security parameter index...
Page 113
Dfl-500 user manual 113 ipsec vpn tunnel viewing dialup connection status viewing vpn tunnel status subnet subnet address switching operating mode system configuration system date and time setting system location snmp system name snmp system settings backing up restoring restoring to factory default...
Page 114
Dfl-500 user manual 114 url block list clearing downloading uploading url block message changing url blocking configuring urls blocking access exempting from blocking user group ipsec vpn remote gateway user groups deleting user name and password adding user names adding user-defined services v view...
Page 115
Dfl-500 user manual 115 name viewing status w web content filtering activex cookies enabling java applets web filter policy option web pages content blocking web-based manager changing options connecting to language timeout webtrends recording logs on a webtrends server whitelist, url wizard firewal...
Page 116: Technical Support
Dfl-500 user manual 116 technical support offices australia d-link australia unit 16, 390 eastern valley way, roseville, nsw 2069, australia tel: 61-2-9417-7100 fax: 61-2-9417-1077 toll free: 1800-177-100 (australia), 0800-900900 (new zealand) e-mail: support@dlink.Com.Au, info@dlink.Com.Au url: www...
Page 117
Dfl-500 user manual 117 registration card print, type or use block letters. Your name: mr./ms _____________________________________________________________________________ organization: ________________________________________________ dept. ____________________________ your title at organization: __...
Page 118
Dfl-500 user manual 118.
Page 119: Limited Warranty
Dfl-500 user manual 119 limited warranty d-link systems, inc. (“d-link”) provides this 1-year warranty for its product only to the person or entity who originally purchased the product from: • d-link or its authorized reseller or distributor. • products purchased and delivered with the fifty united ...
Page 120
Dfl-500 user manual 120 submitting a claim. Any claim under this limited warranty must be submitted in writing before the end of the warranty period to an authorized d-link service office. • the customer must submit as part of the claim a written description of the hardware defect or software noncon...
Page 121
Dfl-500 user manual 121 governing law: this 1-year warranty shall be governed by the laws of the state of california. Some states do not allow exclusion or limitation of incidental or consequential damages, or limitations on how long an implied warranty lasts, so the foregoing limitations and exclus...
Page 122: Registration
Dfl-500 user manual 122 registration register the d-link dfl-500 office firewall online at http://www.Dlink.Com/sales/reg.