- DL manuals
- D-Link
- Firewall
- DFL-500
- User Manual
D-Link DFL-500 User Manual
Summary of DFL-500
Page 1
Dfl-500 soho firewall user ’ s manual rev. 02 (march, 2002) d-link systems, inc. Dfl-500 user’s manual 1.
Page 2
© copyright 2002 d-link systems, inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior w...
Page 3: Table of Contents
Table of contents introducing the dfl-500 ................................................................................ 9 firewall............................................................................................................................................................ 9 network ...
Page 4
Adding policies.......................................................................................................................................... 24 editing policies..................................................................................................................................
Page 5
Adding an ipsec vpn policy .................................................................................................................... 49 configuring the ipsec vpn client............................................................................................................. 50 manual k...
Page 6
Medium level virus protection for incoming connections .......................................................................... 74 low level virus protection for incoming connections ................................................................................ 75 worm protection...................
Page 7
Restoring system settings to factory defaults ........................................................................................... 90 restarting the dfl-500 ............................................................................................................................ 92 shutting...
Page 8
Dfl-500 user’s manual 8.
Page 9: Introducing The Dfl-500
Introducing the dfl-500 the dfl-500 is one of a series of new generation all-layer security products that provide comprehensive protection for your internal network. These products, application security gateways, combine key security technologies into a dedicated platform designed for high performan...
Page 10: Vpn
Transparent mode transparent mode provides even quicker and easier installation when the requirement is to provide firewall protection to a pre-existing network with public addresses. The internal and external network interfaces of the dfl-500 can be in the same network; therefore, the dfl-500 can b...
Page 11: Virus and Worm Protection
• ipsec and pptp vpn pass through so that computers or subnets on your internal network can connect to a vpn gateway on the internet virus and worm protection d-link's dfl-500 secure gateway solution adds anti-virus and anti-worm functionality to conventional vpn and firewall security. Virus and wor...
Page 12
Secure installation, configuration, and management installation is quick and simple. All that is required to get the dfl-500 up and running and protecting your network is to connect to the web-based manager and use the firewall setup wizard. You can also do the basic configuration from the dfl-500 c...
Page 13: About This Document
• report traffic that was denied by firewall policies • report configuration changes logs can be sent to a remote syslog server. About this document this user manual describes how to install and configure the dfl-500. This document contains the following information: • installing the dfl-500 • firew...
Page 14: Installing The Dfl-500
Installing the dfl-500 this chapter describes how to install the dfl-500 firewall between your network and the internet. After you have completed the procedures in this chapter, your dfl-500 will be up and running and protecting your internal network. This chapter includes: before you start • unpack...
Page 15
Pppoe user name password 4. Dns server in the space below, record the ip addresses of the primary and secondary dns servers provided by your isp. Primary secondary 5. Dhcp server (optional) if you plan to use the dfl-500 as a dhcp server to assign ip addresses to the computers on your internal netwo...
Page 16: Unpacking The Dfl-500
Primary secondary unpacking the dfl-500 the dfl-500 package contains the following items: • the dfl-500 firewall • a blue cross-over ethernet cable • a gray regular ethernet cable • a null-modem cable • the dfl-500 quick start guide • a cd containing this dfl-500 user manual • a ac adapter dfl-500 p...
Page 17: Powering On The Dfl-500
Environmental specifications • operating temperature: 32 to 104 °f (0 to 40 °c) • storage temperature: -13 to 158 °f (-25 to 70 °c) • humidity: 5 to 95% non-condensing powering on the dfl-500 to power on the dfl-500: • connect the power cord to the power connection at the back of the dfl-500. • conn...
Page 18
Dfl-500 login page starting the firewall setup wizard to start the firewall setup wizard: click the wizard button at the upper right of the web-based manager. • select the operating mode: network address translation (nat) or transparent. • if you selected network address translation (nat), use the i...
Page 19
Configuring the dfl-500 from the cli to connect to the dfl-500 command line interface (cli) you require: • a computer with an available communications port • a null modem cable with a 9-pin connector to connect to the communications port on the back panel of the dfl-500 • terminal emulation software...
Page 20
Set system interface internal ip 192.168.1.1 255.255.255.0 • set the ip address and netmask of the external interface to the external ip address and netmask that you recorded in nat mode configuration information . To set the manual ip address and netmask, enter: set system interface external manual...
Page 21
Configuring the transparent mode management ip address • login to the cli if you are not already logged in. • set the ip address and netmask of the management ip to the ip address and netmask that you recorded in transparent mode configuration information . Enter: set system manageip ip example set ...
Page 22: Completing The Configuration
Dfl-500 network connections: configuring your internal network if you are running the dfl-500 in nat mode, your internal network must be configured to route all internet traffic to the address of the internal interface of the dfl-500. This means changing the default gateway address of all computers ...
Page 23: Firewall Configuration
Firewall configuration this chapter describes how to use firewall policies to establish and control connectivity through the dfl-500 firewall. This chapter contains the following sections: • policies • controlling connections from the internet • controlling connections to the internet • addresses • ...
Page 24
Policy information policies direct the firewall to perform actions when a connection request matches the identifying information. A policy can specify that the firewall accepts, denies, or requests authentication for the connection. A policy can also trigger traffic log messages when the policy proc...
Page 25
To add a policy: go to firewall > policy . Click the tab corresponding to the type of policy to add. Before adding incoming policies in nat mode, you must configure virtual ip mapping. For more information about incoming policies, see virtual ips . Click new to add a policy. You can also click inser...
Page 26
Editing policies to edit a policy: • go to firewall > policy . • click the tab corresponding to the type of policy to edit. • choose a policy to edit and click edit . • edit the policy settings as required. You can change any of the policy settings. • click ok to save your changes. Policy matching f...
Page 27
Accepting incoming connections in nat mode running the dfl-500 in nat mode hides the actual addresses of the computers on your internal network from the internet. To provide internet access to a server on your internal network, you must add a virtual ip that creates an association between the intern...
Page 28
Since policy matching works on a first-match principle, you must add the deny policy above the accept policy in the policy list. For more information, see policy matching and arranging policies in the policy list . Adding an incoming policy to deny connections • add the schedule for denying access. ...
Page 29
• to addresses on the internet (see adding addresses ) • to services (see services ) • according to a one-time or recurring schedule (see schedules ) since policy matching works on a first-match principle, you must add deny policies above the default policy. You must also add deny policies above mat...
Page 30
For example, if a policy denies connections to a subnet, you can add a policy that accepts connections from one of the computers on the subnet. Policies that accept connections in this way must be added to the policy list above the connections that they are exceptions to. • delete the default policy...
Page 31: Addresses
Addresses all dfl-500 policies require source and destination ip addresses. By default the dfl-500 includes two addresses that cannot be edited or deleted: • internal_all on the internal address list which represents the ip addresses of all of the computers on your internal network • external_all on...
Page 32: Services
Example internal address: editing addresses • go to firewall > address . Click the tab corresponding to the type of address you want to edit. • choose an address to edit and click edit . • make the required changes and click ok to save your changes. Services use services to control the types of comm...
Page 33
Imap imap email protocol for reading email from an imap server. Tcp 1-65535 143 irc internet relay chat for connecting to chat groups. Tcp 1-65535 6660-6669 111 tcp 1-65535 2049 111 nfs network file services for sharing files. Udp 1-65535 2049 nntp protocol for transmitting usenet news. Tcp 1-65535 ...
Page 34
• specify a port number range for the service by adding the low and high port numbers. If the service uses one port number, add this number to both the low and high fields. • if the service has more than one port range, click add to specify additional protocols and port ranges. If you mistakenly add...
Page 35: Schedules
Adding a service group: schedules use scheduling to control when policies are active or inactive. You can create one-time schedules and recurring schedules. You can use one-time schedules to create policies that are effective once only for the period of time specified in the schedule. Recurring sche...
Page 36
• specify the stop date and time for the schedule. One-time schedules use the 24-hour clock. • click ok to add the one-time schedule. Sample one-time schedule: creating recurring schedules you can create a recurring schedule that activates or deactivates policies at specified times of the day or on ...
Page 37: Users and Authentication
Sample recurring schedule: applying a schedule to a policy once you have created schedules you can add them to policies to schedule when the policies are active. • go to firewall > policy . • click the tab corresponding to the type of policy to add. • click new to add a policy. • configure the polic...
Page 38
Requiring passwords is not supported in transparent mode. You can add authentication to int to ext policies, but not to incoming policies. Users can only enter passwords using http, ftp, or telnet. If users are required to enter a user name and password to access the internet, they must connect to t...
Page 39: Virtual Ips
• click the tab corresponding to the type of policy to add. • you can add authentication to int to ext policies. • click new to add a policy or click edit to edit a policy to add authentication. • configure the policy as required. • set action to auth. • click ok to save the policy • arrange the pol...
Page 40: Ip/mac Binding
Adding a virtual ip: ip/mac binding ip/mac binding provides added security against ip spoofing attacks. Ip spoofing attempts to use the ip address of a trusted computer to access the dfl-500 from a different computer. The ip address of a computer can easily be changed to a trusted address, but mac a...
Page 41: Traffic Shaping
• click apply to save your changes. Traffic shaping you can use traffic shaping to guarantee the amount of bandwidth available through the firewall for a policy. Guarantee bandwidth to make sure that there is enough bandwidth available for a hi-priority service. You can also use traffic shaping to l...
Page 42: Ipsec Vpns
Ipsec vpns using dfl-500 ipsec virtual private networking (vpn), you can join two or more widely separated private networks together through the internet. For example, a company that has two offices in different cities, each with its own private network, can use vpn to create a secure tunnel between...
Page 43
Example vpn between two internal networks: autokey ipsec vpn between two networks use the following procedures to configure a vpn that provides a direct communication link between users and computers on two different networks. Example vpn between two internal networks shows an example vpn between th...
Page 44
Creating the vpn tunnel a vpn tunnel consists of a name for the tunnel, the ip address of the vpn gateway at the opposite end of the tunnel, the keylife for the tunnel, and the authentication key to be used to start the tunnel. You must create complementary vpn tunnels on each of the vpn gateways. O...
Page 45
• click ok to save the autokey ike vpn tunnel. Example main office autokey ike vpn tunnel: adding internal and external addresses the next step in configuring the vpn is to add the addresses of the networks that are to be connected using the vpn tunnel. On each vpn gateway you must add two addresses...
Page 46
Complete the following procedure on both vpn gateways to add the internal and external ip addresses: • go to firewall > address > internal . • click new to add a new internal address. • enter the address name and the ip address and netmask of the internal network that can connect to the vpn. Example...
Page 47
Example main office vpn policy: autokey ipsec vpn for remote clients use the following procedures to configure a vpn that allows remote vpn clients to connect to users and computers on a main office internal network ( see example vpn between an internal network and remote clients ). A remote vpn cli...
Page 48
Use the following procedures to configure an ipsec autokey ike vpn that allows vpn clients to connect to an internal network: • configuring the vpn tunnel for the client vpn • adding internal and external addresses • adding an ipsec vpn policy • configuring the ipsec vpn client configuring the vpn t...
Page 49
Adding internal and external addresses the next step in configuring the vpn is to add the addresses of the vpn clients and the address of the internal network to the vpn gateway. You do not have to add addresses for remote clients with dynamic ip addresses. Example vpn gateway ip addresses shows the...
Page 50
Address vpn tunnel name the name of the vpn tunnel to be created between the vpn gateway and the vpn client ( see example vpn tunnel configuration ). Client_vpn complete the following procedure on the vpn gateway to add the vpn policy: • go to vpn > ipsec > policy . • click new to add a new ipsec vp...
Page 51
• configure the vpn tunnel. Vpn tunnel name enter a name for the tunnel. The name can contain numbers (0-9) and upper and lower case letters (a-z, a-z), and the special characters - and _. Spaces and the @ character are not allowed. If you are configuring a vpn between two dfl-500 gateways, it is re...
Page 52
Adding an ipsec vpn policy use the procedure adding an ipsec vpn policy to configure the outgoing policy that connects from the local internal network through the vpn tunnel to the remote internal network. Manual key exchange ipsec vpn for remote clients use the following procedures to configure a v...
Page 53: Testing A Vpn
Testing a vpn to confirm that a vpn between two networks has been configured correctly, use the ping command from one internal network to connect to a computer on the other internal network. The ipsec vpn tunnel starts automatically when the first data packet destined for the vpn is intercepted by t...
Page 54
Are forwarded to the destination ipsec vpn gateway with a source address of the external interface of the dfl-500 firewall. Ipsec client connecting to a vpn in the internet using vpn pass through: ipsec network to network vpn pass through use the following procedure to create the configuration shown...
Page 55
Ipsec network to network vpn pass through: when a computer on the internal ipsec vpn network connects to the internal network behind the destination ipsec vpn gateway, the dfl-500 firewall accepts ipsec vpn connections from the internal network and performs network address translation on them. The v...
Page 56: Pptp And L2Tp Vpns
Pptp and l2tp vpns using dfl-500 pptp and l2tp virtual private networking (vpn), you can create a secure connection between a client computer running windows and an internal network protected by a dfl-500. Pptp is a microsoft windows vpn standard. You can use pptp to connect computers running micros...
Page 57
Make sure that your isp supports pptp connections. Pptp vpn between a windows client and the dfl-500: this section describes: • configuring the dfl-500 as a pptp server • configuring a windows 98 client for pptp • configuring a windows 2000 client for pptp • configuring a windows xp client to connec...
Page 58
To turn on radius support, see radius authentication for pptp and l2tp vpns . • click apply to enable pptp through the dfl-500. Sample pptp range configuration: configuring a windows 98 client for pptp use the following procedure to configure a client machine running windows 98 so that it can connec...
Page 59
• click on tcp/ip settings. • turn off use ip header compression. • turn off use default gateway on remote network. • click ok twice. Connecting to the pptp vpn • start the dial-up connection that you configured in the previous procedure. • enter your pptp vpn user name and password. • click connect...
Page 60: Pptp Vpn Pass Through
• name the connection and click next. • if the public network dialog box appears, choose the appropriate initial connection and click next. • in the vpn server selection dialog, enter the external ip address or hostname of the dfl-500 to connect to and click next. • click finish. Configure the vpn c...
Page 61
• a subnet on your internal network, protected by a vpn gateway, can connect through your dfl-500 to a vpn on the internet no special vpn configuration is required for the client or vpn gateway on your internal network. The vpn tunnel configuration of the vpn gateway on the internet must be changed ...
Page 62: L2Tp Vpn Configuration
Vpn packets are forwarded to the pptp vpn gateway with a source address of the external interface of the dfl-500 firewall. L2tp vpn configuration this section describes how to configure the dfl-500 as an l2tp vpn server. This section also describes how to configure windows 2000 and windows xp client...
Page 63
A client can connect to the l2tp vpn with this user name and password. • click ok. • repeat steps go to vpn > l2tp > l2tp user. To click ok. To add more l2tp user names and passwords as required. • go to vpn > l2tp > l2tp range . • click enable l2tp. • specify the l2tp address range. The l2tp addres...
Page 64
• set vpn server type to layer-2 tunneling protocol (l2tp). • save your changes and continue with the following procedure. Disabling ipsec • click the networking tab. • click internet protocol (tcp/ip) properties. • double-click the advanced tab. • go to the options tab and click ip security propert...
Page 65
• if the public network dialog box appears, choose the appropriate initial connection and click next. • in the vpn server selection dialog, enter the external ip address or hostname of the dfl-500 to connect to and click next. • click finish. Configuring the vpn connection • right click the icon tha...
Page 66
Connecting to the l2tp vpn • connect to your isp. • start the vpn connection that you configured in the previous procedure. • enter your l2tp vpn user name and password. • click connect. • in the connect window, enter the user name and password you use to connect to your dial-up network connection. ...
Page 67
Example radius configuration: turning on radius authentication for pptp radius authentication can be turned on separately for pptp and l2tp. To turn on radius authentication for pptp users: • go to vpn > pptp > pptp range . • click to check enable radius. • click apply. Turning on radius authenticat...
Page 68: Attack Prevention
Intrusion detection system (ids) you can configure the ids to detect and prevent common network attacks and to send an alert email if the ids detects an attack. This chapter describes: attack prevention • alert email • attack prevention with attack prevention configured, the dfl-500 monitors interne...
Page 69
Configuring alert email • in nat mode go to ids > alert email . In transparent mode go to system > config > alert mail . • in the smtp server field, enter the name of the smtp server to which the dfl-500 should send email. The smtp server can be located on the internal network or on the internet. • ...
Page 70: Virus Protection
Virus protection d-link's dfl-500 secure gateway solution adds anti-virus and anti-worm functionality to conventional vpn and firewall technology. Virus and worm protection screens the information found in web traffic (http protocol) and email traffic (smtp, pop3, and imap protocols) for the followi...
Page 71
• high level virus protection for your internal network • medium level virus protection for your internal network • low level virus protection for your internal network to protect your internal network from viruses, you must configure outgoing virus protection. Even though viruses are introduced to ...
Page 72
Example http high level file blocking configuration • click ok and click apply. • go to anti-virus > smtp > outgoing and repeat steps click high to block files from being downloaded from web pages. To click ok and click apply. To configure high level virus protection to block the downloading of emai...
Page 73
Example smtp virus protection settings • click ok and click apply. • go to anti-virus > http > outgoing and repeat steps click medium to virus scan target files in email attachments in smtp traffic. To click ok and click apply. To configure medium level virus protection to virus scan target files do...
Page 74
• smtp, to prevent users on your internal network from sending email attachments that contain viruses to addresses on the internet • pop3, if you allow users on the internet to connect to a pop3 server on your internal network • imap, if you allow users on the internet to connect to an imap server o...
Page 75: Worm Protection
Medium level virus scanning prevents known viruses from passing through the firewall from your internal network to the internet while still allowing virus free http downloads and email attachments to pass through the firewall. To configure medium level virus protection to prevent the distribution of...
Page 76
• worm protection for your internal network • worm protection for incoming connections worm protection for your internal network when configured for worm protection, the virus scanning engine checks http requests by scanning their originating web page for known worm patterns. For example, code red a...
Page 77
This section describes: • manual antivirus database updates • automatic antivirus database updates manual antivirus database updates use the following procedure to update your antivirus database manually. This procedure restarts the dfl-500. If you have configured automatic virus database updates, y...
Page 78
At any time, you can click update now to update your anti-virus database immediately by downloading the latest database from one of the configured update centres. Configuring automatic antivirus database updates displaying virus and worm lists use the following procedure to display the lists of viru...
Page 79: Web Content Filtering
Web content filtering use dfl-500 web content filtering to block web sites containing unwanted content. You can configure the dfl-500 to: • block web pages that contain unwanted content • block access to internet sites • remove scripts from web pages web content filtering is only supported in nat mo...
Page 80
• repeat these steps to add all of the required banned words. You can also add words to the banned word list by entering them into a text file and then uploading the text file to the dfl-500. See creating the banned word list using a text editor . Temporarily disabling the banned word list • go to w...
Page 81
• click download banned word list to download the banned word list to your management computer. The dfl-500 downloads the banned word list to a text file on the management computer. Block access to internet sites to block access to internet sites, enable url blocking and then create a list of urls a...
Page 82
You can also add urls to the url block list by entering them into a text file and then uploading the text file to the dfl-500. See creating the url block list using a text editor . Temporarily disabling the url block list • go to web filter > url block . • uncheck enable url block to disable the url...
Page 83
Remove scripts from web pages use the following procedure to configure the dfl-500 to remove scripts from web pages. You can configure the dfl-500 to block java applets, cookies, malicious scripts and activex. Blocking of any of these items may prevent some web pages from working properly. • go to w...
Page 84: Logging and Reporting
Logging and reporting you can configure the dfl-500 to record 3 types of logs: • traffic logs record all traffic that attempts to connect through the dfl-500 • event logs record changes to the system configuration • attack logs record network events that appear to be attacks on the dfl-500 this chap...
Page 85: Log Message Formats
Example log settings selecting what to log use the following procedure to configure the type of information recorded in dfl-500 logs. When running in transparent mode, the dfl-500 only supports log all internal traffic to firewall, log all external traffic to firewall, and log all events. • go to lo...
Page 86
Traffic log message format traffic logs record each connection made to a dfl-500 interface. Each traffic log message records the date and time at which the connection was made, the source and destination address of the connection, and whether the connection was accepted or denied by the firewall. Tr...
Page 87
Attack log message format attack logs record attacks made on the dfl-500. Each attack log message records the date and time at which the attack was made, a description of the attack, and the ip address of the computer from which the attack originated. When running in transparent mode, the dfl-500 do...
Page 88: Administering The Dfl-500
Administering the dfl-500 this chapter describes how to use the dfl-500 web-based manager to administer and maintain the dfl-500. It contains the following sections: • logging into the web-based manager • system status • network configuration • system configuration logging into the web-based manager...
Page 89: System Status
System status go to system > status to make any of the following changes to the dfl-500 system status: • changing the operating mode • upgrading the dfl-500 firmware • updating your antivirus database • displaying the dfl-500 serial number • backing-up system settings • restoring system settings • r...
Page 90
Displaying the dfl-500 serial number • go to system > status . The serial number does not change with firmware upgrades. Backing-up system settings this procedure does not back-up the web content filtering lists. To back-up these lists see downloading the banned word list and downloading the url blo...
Page 91
You can restore your system settings by uploading a previously downloaded system settings text file to the dfl-500. Default nat mode system configuration when the dfl-500 is first powered up or when it is reset to default, the system has the following standard configuration: • operation mode: networ...
Page 92
Restarting the dfl-500 use the following procedure to restart the dfl-500 from the web-based manager. • go to system > status . • click restart. The dfl-500 restarts. Shutting down the dfl-500 use the following procedure to shutdown the dfl-500 from the web-based manager. • go to system > status . •...
Page 93: Network Configuration
To port the destination port of the connection. Expire the time, in seconds, before the connection expires. Network configuration go to system > network to make any of the following changes to the dfl-500 network settings: • changing ip addresses • configuring the external interface for dhcp • confi...
Page 94
Gateway ip address fields. These fields are colored grey to indicate that the addresses have not been assigned manually. Changing mtu size to improve network performance to improve the performance of your internet connection, you can adjust the maximum transmission unit (mtu) of the packets that the...
Page 95
You can also control the ip addresses from which administrators can access the web-based manager. See adding and editing administrator accounts . Setting management access configuring routing if there are multiple routers installed on your network, you can configure static routes to determine the pa...
Page 96
• click internal interface to enable rip server support from the internal interface. • click external interface to enable rip server support from the external interface. Providing dhcp services to your internal network if it is operating in nat mode, you can configure the dfl-500 to be the dhcp serv...
Page 97: System Configuration
Sample dhcp settings system configuration go to system > config to make any of the following changes to the dfl-500 system configuration: • setting system date and time • changing web-based manager options • adding and editing administrator accounts • configuring snmp setting system date and time fo...
Page 98
• click apply. Example date and time setting changing web-based manager options you can change the web-based manager idle timeout, firewall user authentication timeout and character set used by the web-based manager. • go to system > config > options . • set the web-based manager idle time-out. Set ...
Page 99
• adding new administrator accounts • editing administrator accounts adding new administrator accounts from the admin account, use the following procedure to add new administrator accounts to the dfl-500 and control their permission levels. • go to system > config > admin . • click new to add an adm...
Page 100
Configuring snmp configure snmp for the dfl-500 so that the snmp agent running on the dfl-500 can report system information and send traps. Traps can alert system administrators about problems with the dfl-500. • go to system > config > snmp . • select enable snmp. • configure snmp settings: system ...
Page 101: Using The Dfl-500 Cli
Using the dfl-500 cli the command line interface (cli) is intended as a troubleshooting tool to help diagnose and fix system problems that cannot be solved from the web-based manager. This chapter explains how to connect to the dfl-500 cli and also describes some of the basics of using the cli. You ...
Page 102: Cli Basics
• type the password for this administrator and press enter. The following prompt appears: type ? For a list of commands. Connecting to the dfl-500 cli using ssh ssh provides strong secure authentication and secure communications to the dfl-500 cli over your internal network or the internet. Once the...
Page 103
Recalling commands you can recall commands by using the up and down arrow keys to cycle through commands you have entered. Editing commands use the left and right arrow keys to move the cursor back and forth on the command line. Use the backspace and delete keys to edit the command. You can also use...
Page 104
This procedure deletes all of the changes that you have made to the dfl-500 configuration and reverts the system to its default configuration, including resetting interface addresses. Before installing new firmware make sure you download your configuration file, see backing-up system settings . You ...
Page 105
Total 32768k bytes are unzipped. Do you want to save the image ?[y/n] type y . Programming the boot device now. ................................ Read boot image 548405 bytes. Initializing firewall ... D-link login: the installation can take a few minutes to complete. You must then restore your previ...
Page 106: Glossary
Glossary connection : a link between machines, applications, processes, etc. That can be logical, physical, or both. Dns, domain name service : a service that converts symbolic node names to ip addresses. Ethernet : a local-area network (lan) architecture that uses a bus or star topology and support...
Page 107
Ntp , network time protocol : used to synchronize the time of a computer to an ntp server. Ntp provides accuracies within a tens of milliseconds across the internet relative to coordinated universal time (utc). Packet : a piece of a message transmitted over a packet-switching network. One of the key...
Page 108
Vpn, virtual private network : a network that links private networks over the internet. Vpns use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted. Virus : a computer program that attaches itself to other prog...
Page 109: Troubleshooting Faqs
Troubleshooting faqs the following troubleshooting faqs are available: • general administration • network configuration • firewall policies • schedules • vpn • virus protection • web content filtering • logging general administration q: i am trying to set up some of the firewall options, but it keep...
Page 110: Schedules
Q: my policies are set correctly but i still cannot connect to the internet from one or more of the computers on my internal network. Check the default gateway setting on that particular computer. Its default gateway must match the internal address of the dfl-500. Q: i checked the default gateway an...
Page 111: Virus Protection
Virus protection q: i am worried about viruses so i set the anti-virus options to the highest level. Now people are complaining that some files that they need are blocked. When anti-virus protection for http or any of the email protocols is set to high, all files of potentially dangerous types are b...
Page 112: Technical Support
Technical support offices australia d-link australia unit 16, 390 eastern valley way, roseville, nsw 2069, australia tel: 61-2-9417-7100 fax: 61-2-9417-1077 toll free: 1800-177-100 (australia), 0800-900900 (new zealand) e-mail: support@dlink.Com.Au, info@dlink.Com.Au url: www.Dlink.Com.Au benelux d-...
Page 113
Registration card print, type or use block letters. Your name: mr./ms _____________________________________________________________________________ organization: ________________________________________________ dept. ____________________________ your title at organization: __________________________...
Page 114
Dfl-500 user’s manual 114.