D-Link DFL-900 User Manual - Chapter 1

Other manuals for DFL-900: User Manual

Manual is about: D-Link DFL-900; DFL-1500 VPN/Firewall Router

Page of 115

Download

Print this page

Bookmark us

Quick Start

DFL-900 User Manual

Chapter 1 Quick Start

This chapter introduces how to quick setup the DFL-900.

DFL-900 is an integrated all-in-one solution that can facilitate the maximum security and the best resource utilization for

the enterprises. It contains a high-performance stateful packet inspection (SPI) Firewall (400Mbps at 3000 rules),

policy-based NAT, wire-speed VPN (simultaneous 2000 tunnels), upgradeable Intrusion Detection System, Dynamic

Routing, Content Filtering, Bandwidth Management, WAN Load Balancer, and other solutions in a single box. It is

one of the most cost-effective all-in-one solutions for enterprises.

1.1 Before

You

Begin

Prepare a computer with an Ethernet adapter for configuring the DFL-900. The default IP address for the DFL-900 is

192.168.1.254 (LAN1, Port 2) with a Subnet Mask of 255.255.255.0. You will need to assign your computer a Static IP

address within the same range as the DFL-900’s IP address, say 192.168.1.2, to configure the DFL-900.

1.2 Check

Your

Package

Contents

These are the items included with your DFL-900 purchase as Figure 1-1. They are the following items

1. DFL-900 Device * 1

2. Ethernet cable (RJ-45) * 1

3. RS-232 console * 1

4. CD (include User's manual and Quick Guide) * 1

5. Power code * 1

Figure 1-1 All items in the DFL-900 package

1.3 Device default value

You should have an Internet account already set up and have been given most of the following information as Table 1-1.

Fill out this table when you edit the web configuration of DFL-900.

If any of the items are

missing, please contact your

reseller.

« ‹ Prev 4 5 6 7 8 9 10 Next › »

Summary of DFL-900

Page 1
D-link dfl-900 firewall/vpn router user manual d-link building networks for people.
Page 2
Ii © copyright 2003 d-link systems, inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prio...
Page 3: Table of Contents
I table of contents part i basic configuration.............................................................................................................................. 2 chapter 1 quick start ..........................................................................................................
Page 4
Ii 7.1 demands .................................................................................................................................................................. 39 7.2 objectives ...........................................................................................................
Page 5
Iii 13.3 methods .................................................................................................................................................................... 77 13.4 steps for smtp filters ..........................................................................................
Page 6
D-link part i 2 part i basic configuration.
Page 7: Chapter 1
Quick start dfl-900 user manual 3 chapter 1 quick start this chapter introduces how to quick setup the dfl-900. Dfl-900 is an integrated all-in-one solution that can facilitate the maximum security and the best resource utilization for the enterprises. It contains a high-performance stateful packet ...
Page 8
D-link part i 4 items default value new value password: admin ip address ____.____.____.____ subnet mask ____.____.____.____ gateway ip ____.____.____.____ primary dns ____.____.____.____ secondary dns ____.____.____.____ pppoe username wan1 (port 1) pppoe password not initialized ip address 192.168...
Page 9
Quick start dfl-900 user manual 5 figure 1-3 front end of the dfl-900 1.5 default architecture of dfl-900 figure 1-4 the default settings of dfl-900 d. Dmz1 port for connecting computers that act as servers for internet users to access. Console port for managing the dfl-900 with cli commands. B. Wan...
Page 10
D-link part i 6 the factory default settings for the dfl-900 are in the figure 1-4 and table 1-1. You can configure the dfl-900 by connecting to the lan1_ip (192.168.1.254) from the pc1_1 (192.168.1.1). The following section will teach you how to quickly setup the dfl-900 based on figure 1-4. 1.6 us...
Page 11
Quick start dfl-900 user manual 7 step 4 － wan connectivity choose the type of ip address assignment provided by your isp to access the internet. Here we have four types to select. This will determine how the ip address of wan1 is obtained. Click next to proceed. Basic setup > wizard > next step 4.A...
Page 12
D-link part i 8 step 4.C — pppoe client if ppp over ethernet is selected, enter the isp-given user name, password and the optional service name . Click next to proceed. Basic setup > wizard > next > pppoe step 5 － system status here we select pppoe method in wan1 port. Then the dfl-900 provides a sh...
Page 13
Quick start dfl-900 user manual 9 step 1 － device ip address setup the ip address and ip subnet mask for the dfl-900. Step 2 － client ip range enable the dhcp server if you want to use dfl-900 to assign ip addresses to the computers under lan1. Specify the pool starting address , pool size, primary ...
Page 14
D-link part i 10 step 1 － device ip address setup the ip address and ip subnet mask for the dfl-900 of the dmz1 interface. Step 2 － client ip range enable the dhcp server if you want to use dfl-900 to assign ip addresses to the computers under dmz1. Here we do not want to make the dhcp feature enabl...
Page 15
Quick start dfl-900 user manual 11 step 7 － setup server rules insert a virtual server rule by clicking the insert button. Advanced settings > nat > virtual servers step 8 － customize the rule customize the rule name as the ftpserver. For any packets with its destination ip equaling to the wan1 ip (...
Page 17: Chapter 2
System overview dfl-900 user manual 13 chapter 2 system overview in this chapter, we will introduce the network topology for use with later chapters. 2.1 topology in this chapter, we introduce a typical network topology for the dfl-900. In figure 2-1, the left half side is a dfl-900 with one lan, on...
Page 18
D-link part i 14 and then logout the system. That will clean up the zombie left in the system so you will be able to login to the dfl-900 from the lan1 side after your computer’s ip is changed into the new subnet. We provide two normal ways to configure the lan1 ip address. One is to configure the l...
Page 19: Chapter 3
Basic setup dfl-900 user manual 15 chapter 3 basic setup in this chapter, we will introduce how to setup network settings for each port separately 3.1 demand 1. For the external network, suppose your company uses dsl to connect internet via pppoe. By this way, you should setup wan port of the dfl-90...
Page 20
D-link part i 16 3.4.1 setup wan1 ip step 1 － setup wan1 port here we select ppp over ethernet method in wan1 port. Fill in the isp-given user name and password and the optional service name. And then check the needed field. Click apply to finish this setting. Basic setup > wan settings > wan1 ip > ...
Page 21
Basic setup dfl-900 user manual 17 step 2 － show the warning message note that if you have already enabled bandwidth management (advanced settings>bandwidth mgt>enable bandwidth management) and then select pppoe in basic setup>wan settings>wan1 ip>pppoe as your internet connection, it will show you ...
Page 22
D-link part i 18 step 2 － setup lan port here we are going to configure the lan1 settings. Setup ip address and ip subnet mask, and determine if you would like to enable the dhcp server. And then select routing protocol. Click apply to finish this setting. Basic setup > lan settings > lan1 status fi...
Page 23
Basic setup dfl-900 user manual 19 netmask the netmask of the ip alias 255.255.255.248 table 3-4 add a ip alias record step 2 － edit, delete ip alias record you can easily add, edit, or delete ip alias records by the add, edit, or delete button. Basic setup > wan settings > ip alias.
Page 25: Chapter 4
System tools dfl-900 user manual 21 chapter 4 system tools this chapter introduces system management and explains how to implement it. 4.1 demand 1. Basic configurations for domain name, password, system time, and management timeout. 2. Ddns: suppose the dfl-900’s wan uses dynamic ip but needs a fix...
Page 26
D-link part i 22 figure 4-1 ddns mechanism chart 3. Dns proxy: after activating the dns proxy mode, the client can set its dns server to the dfl-900 (that is, send the dns requests to the dfl-900). The dfl-900 will then make the enquiry to the dns server and return the result to the client. Besides,...
Page 27
System tools dfl-900 user manual 23 figure 4-3 dhcp relay mechanism chart 4.4 steps step 1 － general setup enter the host name as dfl-1, domain name as the domain name of your company click apply . System tools > admin settings > general field description example host name the host name of the dfl-9...
Page 28
D-link part i 24 step 3 － setup time/date select the time zone where you are located. Enter the nearest ntp time server in the ntp time server address . Note that your dns must be set if the entered address requires domain name lookup. You can also enter an ip address instead. Check the continuously...
Page 29
System tools dfl-900 user manual 25 step 5 － setup ddns if the ip address of dfl-900 wan port is dynamic allocated. You may want to have the dynamic dns mechanism to make your partner always use the same domain name (like xxx.Com) to connect to you. Select a wan interface to update the ddns record. ...
Page 30
D-link part i 26 step 7 － setup dhcp relay check the enable dhcp relay. Enter the ip address of your dhcp server. Check the relay domain of dfl-900 that needs to be relayed. Namely, check the one where the dhcp server resides and the one where dhcp clients are located. Click the apply button. System...
Page 31: Chapter 5
Remote management dfl-900 user manual 27 chapter 5 remote management this chapter introduces remote management and explains how to implement it. 5.1 demands administrators may want to manage the dfl-900 remotely from any pc in lan1 with http at port 8080, and from wan_pc with telnet. In addition, th...
Page 32
D-link part i 28 5.3 steps setup telnet check the wan1 checkbox, click the selected, and enter the ip address (140.2.5.1) that will telnet to the dfl-900. And click the apply. System tools > remote mgt. > telnet setup www check the lan1 checkbox, and enter the new server port 8080 that will be acces...
Page 34
D-link part ii 30 part ii nat & firewall.
Page 35: Chapter 6
Nat dfl-900 user manual 31 chapter 6 nat this chapter introduces nat and explains how to implement it in dfl-900. To facilitate the explanation on how dfl-900 implements nat and how to use it, we zoom in the left part of figure 1-4 into figure 6-1. 6.1 demands 1. The number of public ip address allo...
Page 36
D-link part ii 32 6.3 methods 1. Assign private ip addresses to the pc1_1~pc1_5. Setup nat at dfl-900 to map those assigned private hosts under lan1 to the public ip address wan_ip at the wan1 side. 2. Assign a private ip address to the ftpserver1. Setup virtual server at dfl-900 to redirect “any co...
Page 37
Nat dfl-900 user manual 33 step 3 － switch the nat mode select the full feature from the list of network address translation mode . Click apply . After applying the setting, the page will highlight a warning saying that the rules are no more automatically maintained by the dfl-900. If you change the...
Page 38
D-link part ii 34 type many-to-one map a pool of private ip addresses to a single public ip address chosen from the wan ports. Many-to-many map a pool of private ip addresses to a pool of public ip addresses chosen from the wan ports. One-to-one map a single private ip address to a single public ip ...
Page 39
Nat dfl-900 user manual 35 step 5.D — insert a one-to-one (bidirectional) rule the above three modes allow lan/dmz-to-wan sessions establishment but do not allow wan-to-lan/dmz sessions. Wan-to-lan/dmz sessions are allowed by virtual server rules. You can make the one-to-one nat in the above to inco...
Page 40
D-link part ii 36 step 4 － check nat status the default setting of nat is in basic mode. After applying the step 3, the nat is automatically configured with two rules to let all private-ip lan1/dmz1-to-wan1 requests to be translated with the public ip assigned by the isp. Advanced settings > nat > s...
Page 41
Nat dfl-900 user manual 37 step 8 － customize the rule customize the rule name as the ftpserver. For any packets with its destination ip equaling to the wan1 ip (61.2.1.1) and destination port equaling to 44444, ask dfl-900 to translate the packet’s destination ip/port into 10.1.1.5/21. Check the pa...
Page 42
D-link part ii 38 step 9 － view the result now any request towards the dfl-900’s wan1 ip (61.2.1.1) with port 44444 will be translated into a request towards 10.1.1.5 with port 21, and then be forwarded to the 10.1.1.5. The ftp server listening at port 21 in 10.1.1.5 will pick up the request. Advanc...
Page 43: Chapter 7
Firewall dfl-900 user manual 39 chapter 7 firewall this chapter introduces firewall and explains how to implement it. 7.1 demands 1. Administrators detect that pc1_1 in lan1 is doing something that may hurt our company and should instantly block his traffic towards the internet. 2. A dmz server was ...
Page 44
D-link part ii 40 7.4 steps 7.4.1 block internal pc session (lan wan) step 1 － setup nat check the enable stateful inspection firewall checkbox, and click the apply. Advanced settings > firewall > status step 2 － add a firewall rule select lan1 to wan1 traffic direction. The default action of this d...
Page 45
Firewall dfl-900 user manual 41 service verified the service of packet is belong to each tcp、udp、 icmp. Any forward / block the matched packet if packet is matched the rule condition, forward or block this matched packet? Block action don’t log / log the matched packet if packet is matched the rule ...
Page 46
D-link part ii 42 one minute high this is the rate of new half –open sessions that causes the firewall to start deleting half open sessions. When the rate of new connection attempts rises above this number, the dfl-900 deletes half-open sessions as required to accommodate new connection attempts. 10...
Page 48
D-link part iii 44 part iii virtual private network.
Page 49: Chapter 8
Vpn technical introduction dfl-900 user manual 45 chapter 8 vpn technical introduction this chapter introduces vpn related technology 8.1 terminology explanation 8.1.1 vpn a vpn (virtual private network) logically provides secure communications between sites without the expense of leased site-to-sit...
Page 50
D-link part iii 46 in phase 2 you must： choose which protocol to use (esp or ah) for the ike key exchange choose an encryption algorithm choose an authentication algorithm choose whether to enable perfect forward security (pfs) using diffie-hellman public-key cryptography choose tunnel mode or trans...
Page 51
Vpn technical introduction dfl-900 user manual 47 with the use of ah as the security protocol, protection is extended forward into the ip header to verify the integrity of the entire packet by use of portions of the original ip header in the hashing process. Tunnel mode tunnel mode encapsulates the ...
Page 53: Chapter 9
Virtual private network – ipsec dfl-900 user manual 49 chapter 9 virtual private network – ipsec this chapter introduces ipsec vpn and explains how to implement it. As described in the figure 2-1, we will extend to explain how to make a vpn tunnel between lan_1 and lan_2 in this chapter. The followi...
Page 54
D-link part iii 50 difference the “pre-shared key” must be the same at both dfl-900s. The types and keys of “encryption” and “authenticate” must be set the same on both dfl-900s. However, the “outgoing spi” at dfl-1 must equal to “incoming spi” at dfl-2, and the “outgoing spi” at dfl-2 must equal to...
Page 55
Virtual private network – ipsec dfl-900 user manual 51 step 3 － customize the rule check the active checkbox. Enter a name for this rule like ikerule. Enter the local ip address (192.168.40.0/255.255.255.0) and the remote ip address (192.168.88.0/255.255.255.0). Enter the my ip address as the public...
Page 56
D-link part iii 52 esp algorithm select the encryption and authentication algorithm combination. Encrypt and authenticate (des、md5) ah algorithm select authentication algorithm (md5 or sha1) authenticate (md5) pre-shared key the key which is pre-shared with remote side. 1234567890 table 9-2 related ...
Page 57
Virtual private network – ipsec dfl-900 user manual 53 encryption algorithm choose an encryption and authentication algorithm. Encrypt and authenticate (des、md5) sa life time set the ike sa lifetime. A value of 0 means ike sa negotiation never times out. See chapter 8 for details. 28800 sec key grou...
Page 58
D-link part iii 54 step 7 － customize the firewall rule check the activate this rule. Enter the rule name as allowvpnikerule, source ip as 192.168.88.0 , and dest. Ip as 192.168.40.0 . Click apply to store this rule. Advanced settings > firewall > edit rules > insert step 8 － view the result here we...
Page 59
Virtual private network – ipsec dfl-900 user manual 55 step 2 － add an ike rule click the ike hyperlink and click add to add a new ipsec vpn tunnel endpoint. Advanced settings > vpn settings > ipsec > ike step 3 － customize the rule check the active checkbox. Enter a name for this rule like ikerule....
Page 60
D-link part iii 56 step 5 － customize the firewall rule check the activate this rule. Enter the rule name as allowvpnikerule, source ip as 192.168.40.0 , and dest. Ip as 192.168.88.0 . Click apply to store this rule. Advanced settings > firewall > edit rules > insert step 6 － view the result now we ...
Page 61
Virtual private network – ipsec dfl-900 user manual 57 step 2 － add a manual key rule click the manual key hyperlink and click add to add a new ipsec vpn tunnel endpoint. Advanced settings > vpn settings > ipsec > manual key step 3 － customize the rule same as those in ike. But there is no pre-share...
Page 62
D-link part iii 58 remote address type determine the method to connect to the local side of vpn by using the remote subnet or the remote single host. Subnet address ip address the remote ip address 192.168.88.0 prefix len/subnet mask the remote ip netmask 255.255.255.0 my ip address the ip address o...
Page 63
Virtual private network – ipsec dfl-900 user manual 59 action enable replay detection whether is the “replay detection” enabled？ yes table 9-5 setup advanced feature in the ipsec manual key rule step 5 － add a firewall rule same as that in ike method, refer to the 9.4.1. Advanced settings > firewall...
Page 64
D-link part iii 60 step 3 － customize the rule similar to those in dfl-1, except that you should interchange the local ip address with the remote ip address , the my ip address with the security gateway addr., and the outgoing spi with the incoming spi. Advanced settings > vpn settings > ipsec > man...
Page 65: Chapter 10
Virtual private network – pptp dfl-900 user manual 61 chapter 10 virtual private network – pptp this chapter introduces pptp and explains how to implement it. 10.1 demands one employee in our company may sometimes want to connect back to our coporate network to work on something. His pc is pc1_1 in ...
Page 66
D-link part iii 62 10.4 steps step 1 – enable pptp check the enable pptp checkbox, enter the lan1_ip of the dfl-1(192.168.40.254) in the local ip , and enter the ip range that will be assigned to the pptp clients in the start ip and the end ip fields. Enter the username and password that will be use...
Page 67
Virtual private network – pptp dfl-900 user manual 63 customize the vpn connection 1. Right-click the icon that you have created. 2. Select properties > security > advanced > settings. 3. Select no encryption from the data encryption and click apply. 4. Select the properties > networking tab. 5. Sel...
Page 69: Chapter 11
Virtual private network – l2tp dfl-900 user manual 65 chapter 11 virtual private network – l2tp this chapter introduces l2tp and explains how to implement it. 11.1 demands 1. One employee in our company may sometimes want to connect back to our coporate network to work on something. His pc is pc1_1 ...
Page 70
D-link part iii 66 2. Setup the dfl-900 as the l2tp client (lac: l2tp access concentrator). Let all the client pcs behind the dfl-900. They can connect to the network behind l2tp server by passing through dfl-900. It sounds like no internet exists but can connect with each other. 11.4 steps 11.4.1 s...
Page 71
Virtual private network – l2tp dfl-900 user manual 67 configuring a l2tp dial-up connection 1. Configuring a l2tp dial-up connection 2. Go to start > control panel > network and internet connections > make new connection . 3. Select create a connection to the network of your workplace and select nex...
Page 72
D-link part iii 68 connecting to the l2tp vpn 1. Connect to your isp. 2. Start the dial-up connection configured in the previous procedure. 3. Enter your l2tp vpn user name and password. 4. Select connect. 11.4.2 setup l2tp network client step 1 – enable l2tp lac fill in the ip address of lns server...
Page 74
D-link part iv 70 part iv content filters.
Page 75: Chapter 12
Content filtering – web filters dfl-900 user manual 71 chapter 12 content filtering – web filters this chapter introduces web content filters and explains how to implement it. 12.1 demands 1. Someone (pc1_1) is browsing the web pages at the webserver3. The contents of the web pages may include cooki...
Page 76
D-link part iv 72 12.4 steps step 1 － enable web filter check the enable web filter checkbox and click the apply right on the right side. Advanced settings > content filters > web filter step 2 － warning of firewall this is a warning saying that if you block any web traffic from lan-to-wan in firewa...
Page 77
Content filtering – web filters dfl-900 user manual 73 step 4 － customize categories with the built-in url database, dfl-900 can block web sessions towards several pre-defined categories of urls. Check the items that you want to block or log. Simply click the block all categories will apply all cate...
Page 78
D-link part iv 74 step 6 － further customize the local zones you can configure to what range the filters will apply to the local zones. By default, the web filters apply to all computers so the “enforce web filter policies for all computers ” is selected, and the range is 0.0.0.0 – 255.255.255.255 ....
Page 79
Content filtering – web filters dfl-900 user manual 75 field description example filter list customization enable filter list customization enable the filter list customization feature of web filter disable all web traffic except for trusted domains except the following specified domain range specif...
Page 81: Chapter 13
Content filtering – mail filters dfl-900 user manual 77 chapter 13 content filtering – mail filters this chapter introduces smtp proxies and explains how to implement it. 13.1 demands sometimes there are malicious scripts like *.Vbs that may be attached in the email. If the users accidentally open s...
Page 82
D-link part iv 78 13.4 steps for smtp filters step 1 – enable smtp filters check the enable smtp proxy checkbox and click apply. Advanced settings > content filters > mail filters > smtp field description example enable smtp proxy enable smtp proxy feature of dfl-900 enabled append ".Bin" to e-mail ...
Page 83
Content filtering – mail filters dfl-900 user manual 79 step 3 – customize the local zones same as in setting web filters. Advanced settings > content filters > mail filters > smtp exempt zone 13.5 steps for pop3 filters step 1 – enable pop3 filters check the enable pop3 proxy checkbox and click app...
Page 84
D-link part iv 80 step 2 – add a pop3 filter select filename extension, enter vbs, and click add to add a rule. This rule will apply to all dmz/wan-to-lan pop3 connections. All such pop3 traffic will be examined to change the filename extension from vbs to vbs.Bin. Advanced settings > content filter...
Page 85: Chapter 14
Content filtering – ftp filtering dfl-900 user manual 81 chapter 14 content filtering – ftp filtering this chapter introduces ftp proxies and explains how to implement it. 14.1 demands 1. Some users in lan1 use ftp to download big mp3 files and cause waste of bandwidth. 14.2 objectives 1. Forbid pc1...
Page 86
D-link part iv 82 14.4 steps step 1 － enable ftp filter check the enable ftp filter checkbox and click the nearby apply button to enable this feature. Click the add button to add a new ftp filter. Advanced settings > content filters > ftp filter > ftp field description example enable ftp filter enab...
Page 87
Content filtering – ftp filtering dfl-900 user manual 83 step 3 － add an exempt zone add a new exempt zone record. It’s ip address range is between 192.168.40.10 to 192.168.40.30. Advanced settings > content filters > ftp filter > ftp exempt zone > add field description example from address exempt z...
Page 88
D-link part v 84 part v intrusion detection system.
Page 89: Chapter 15
Intrusion detection systems dfl-900 user manual 85 chapter 15 intrusion detection systems this chapter introduces intrusion detection system (ids) and explains how to implement it. 15.1 demands although firewall settings are correct, there may still be some crackers intrude our system. Crackers hack...
Page 90
D-link part v 86 15.4 steps step 1 – enable ids check the enable ids checkbox. Enter the dmz ip subnet and the designated http server. The subnets are specified in the types like 192.168.40.0/24 and 10.1.1.1/32. Check all options and click the apply button. Advanced settings > ids > ids status field...
Page 91
Intrusion detection systems dfl-900 user manual 87 normalize telnet negotiation string this option will normalize telnet control protocol characters from the session data. It accepts a list of ports to run on as arguments. It defaults to running on ports 21, 23, 25, and 119. Enabled arp spoof detect...
Page 92
D-link part vi 88 part vi bandwidth management.
Page 93: Chapter 16
Bandwidth management dfl-900 user manual 89 chapter 16 bandwidth management this chapter introduces bandwidth management and explains how to implement it. 16.1 demands 1. Pc1_1 is downloading the mp3 files from the ftp server. This occupies the bandwidth of pc1_2 who is watching the video provided b...
Page 94
D-link part vi 90 16.4 steps 16.4.1 inbound traffic management step 1 － enable bandwidth management check the enable bandwidth management checkbox, click the apply. Advanced settings > bandwidth mgt. > status field description example enable bandwidth management enable bandwidth management feature o...
Page 95
Bandwidth management dfl-900 user manual 91 field description example activate this class enable the bandwidth management class for later using enabled class name bandwidth management class name inftp bandwidth how many percentage does this class occupy higher class? 66 borrow when the bandwidth of ...
Page 96
D-link part vi 92 step 6 － customize the rules enter a rule name such as inftp, enter the source ip as 140.113.179.3 and the netmask as 255.255.255.255. Enter the dest. Ip as 192.168.40.1 and the netmask as 255.255.255.255 . Select the action to be inftp . In this way, all ftp server to pc1_1 packet...
Page 97
Bandwidth management dfl-900 user manual 93 step 7 － view the rules the dfl-900 is configured to direct inftp-matched packets into the inftp queue (1019kbps), invideo-matched packets into the invideo queue (447kbps). The other traffic will be put into the def_class queue (any available bandwidth). A...
Page 98
D-link part vi 94 step 3 － partition into classes create a sub-class named lana-to-lanb from the default class. Enter 65% in the bandwidth field and click apply. Select the default class and click the create sub-class to create another sub-class named others from the default class. Enter 30% in the ...
Page 99
Bandwidth management dfl-900 user manual 95 step 6 － view the rules the dfl-900 is configured to direct outwebdownload-matched packets into the others queue (463kbps), outvpn-matched packets into the lana-to-lanb queue (1003kbps). Here we reserve 65% wan1 bandwidth for the lana-to-lanb vpn data, to ...
Page 100
D-link part vii 96 part vii system maintenance.
Page 101: Chapter 17
Log system dfl-900 user manual 97 chapter 17 log system 17.1 demands 1. The system administrator needs to check the logs of vpn, ids, firewall, and content filter everyday. But he / she feels inconvient to verify the dfl-900 logs. He / she hopes to decrease the checking procedure. 17.2 objectives 1....
Page 102
D-link part vii 98 step 2 － setup mail log method fill in the ip address of the mail server and mail subject. Also fill your e-mail address for receiving logs. Select the preferred log schedule to mail out logs. Click the apply button to finish the settings. Device status > log config > mail logs fi...
Page 103: Chapter 18
System maintenance dfl-900 user manual 99 chapter 18 system maintenance this chapter introduces how to do system maintenance. 18.1 demands 1. Dfl-900 is designed to provide upgradeable firmware and database to meet the upcoming dynamics of the internet. New features, new attack signatures, new forbi...
Page 104
D-link part vii 100 step 4 － check if ok asic ipsec enabled ethernet address 00:80:c8:50:fa:ba, 10/100 mb/s ethernet address 00:80:c8:50:fa:bb, 10/100 mb/s ethernet address 00:80:c8:50:fa:bc, 10/100 mb/s wd0: drive supports pio mode 4 ipsec: initialized security association processing. Current wan1 ...
Page 105
System maintenance dfl-900 user manual 101 18.4 steps for factory reset 18.4.1 steps for normal factory reset step 1 – factory reset enter sys resetconf now to reset the firmware to factory default. Then enter sys reboot now to instantly reboot the system. Netos/i386 (dfl-900) (tty00) login: admin p...
Page 106
D-link part vii 102 step 1 – backup the current configuration in the system tools / system utilities / backup configurations page, click backup button to backup configuration file to local disk. System tools > system utilities > backup configuration step 2 – restore the previous saving configuration...
Page 107: Appendix A
Trouble shooting dfl-900 user manual 103 appendix a trouble shooting 1. If the power led of dfl-900 is off when i turn on the power? Ans： check the connection between the power adapter and dfl-900 power cord. If this problem still exists, contact with your sales vendor. 2. How can i configure the df...
Page 108
D-link part vii 104 figure 18-1 inset a new ipsec policy figure 18-2 insert a new firewall rule in wan to lan 6. When i try to login into the dfl-900, it showed up the following information, as the figure 18-3 indicated, and couldn’t login successfully. Ans： it is because there is someone logining i...
Page 109
Trouble shooting dfl-900 user manual 105 b. You can use supplied console to login into the dfl-900 system and then logout the system. That will clean up the zombie left in the system so you will be able to login to the dfl-900 from the same side. C. The final way is to power off the dfl-900, and the...
Page 111: Appendix B
Glossary of terms dfl-900 user manual 107 appendix b glossary of terms dmz (demilitarized zone) – from the military term for an area between two opponents where fighting is prevented. Dmz ethernets connect networks and computers controlled by different bodies. They may be external or internal. Exter...
Page 113: Appendix C
Customer support dfl-900 user manual 109 appendix c customer support offices australia d-link australia 1 giffnock avenue, north ryde, nsw 2113, sydney, australia tel: 61-2-8899-1800 fax: 61-2-8899-1868 toll free (australia): 1800-177100 url: www.Dlink.Com.Au e-mail: support@dlink.Com.Au & info@dlin...
Page 114
D-link part vii 110 e-mail: info@dlink-france.Fr germany d-link central europe (d-link deutschland gmbh) schwalbacher strasse 74, d-65760 eschborn, germany tel: 49-6196-77990 fax: 49-6196-7799300 url: www.Dlink.De bbs: 49-(0) 6192-971199 (analog) bbs: 49-(0) 6192-971198 (isdn) info: 00800-7250-0000 ...
Page 115
Customer support dfl-900 user manual 111 2f, no. 119 pao-chung road, hsin-tien, taipei, taiwan tel: 886-2-2910-2626 fax: 886-2-2910-1515 url: www.Dlinktw.Com.Tw e-mail: dssqa@tsc.Dlinktw.Com.Tw turkey d-link middle east deniz bilgisayar, buyukdere cad. Naci kasim sk., no. 5 mecidiyekoy, istanbul, tu...