D-Link DFL-80 Dokumentacja

ManualBuilding Networks for PeopleD-Link DFL-80Ethernet VPN Firewall

10Adding a new Sub Administrator:Step 1. In the Administration window, click the New Sub Admin buttonto create a new Sub Administrator.Step 2. In t

100Removing a Mapped IP:Step 1. In the Mapped IP table, locate the Mapped IP desired to be removed and click its corresponding Remove op

101Adding a Virtual Server:Step 1. Click an available virtual server from Virtual Server in the VirtualServer menu bar to enter the virtual server co

102When Disable appears in the drop-down list, no Virtual Server can be added.

103Modifying a Virtual Server IP Address:Step 1. Click the virtual server to be modified Virtual Server under the Virtual Server menu ba

104Removing a Virtual Server:Step 1. Click the virtual server to be removed in the corresponding Virtual Server option under the Virtu

105! External Service Port: Select the service from the pull down listthat will be provided by the Virtual Server.Note: The services in the drop-dow

106Modifying the Virtual Server configurations:Step 1. In the Virtual Server window’s service table, locate the name of theservice desired to be mod

107Removing the Virtual Server service:Step 1. In the Virtual Server window’s service table, locate the name of the service desired to be removed

108How to use the LogThe Administrator can use the log data to monitor and manage the DFL-80and the networks. The Administrator can view the logged

109Traffic Log:The table in the Traffic Log window displays current System statuses:! Time: The start time of the connection.! Source: IP address of

11Administration (continued)Changing the Sub-Administrator’s Password:Step 1. In the Administration window, locate the Administrator name you

110Clearing the Traffic Logs:The Administrator may clear on-line logs to keep just the most updated logson the screen.Step 1. In the Traffic Log win

111Event LogWhen the DFL-80 Firewall detects events, the Administrator can get the details,such as time and description of the events from the Event L

112Downloading the Event Logs:Step 1. In the Event Log window, click the Download Logs button at thebottom of the screen.Step 2. Follow the File Do

113Log ReportThe Log ReportStep 1. Click Log > Log Report.! Enable Log Mail Configuration::::: When the Log Mail filesaccumulated up to 300Kbyte

114Enable Log Mail Support & Syslog MessageLog Mail Configuration /Enable Log Mail SupportStep 1. First, go to Admin –Select Enable E-mail Alert N

115AlarmIn this chapter, the Administrator can view traffic alarms and event alarms thatoccur and the firewall has logged.Firewall has two alarms: Tra

116Traffic AlarmEntering the Traffic Alarm window:Click the Traffic Alarm option below Alarm menu to enter the Traffic Alarmwindow.The table in the Tr

117Clearing the Traffic Alarm Logs:Step 1. In the Traffic Alarm window, click the Clear Logs button at thebottom of the screen.Step 2. In the Clea

118Event AlarmEntering the Event Alarm window:Click the Event Alarm option in the Alarm menu to enter the Event Alarmwindow.The table in the Event Ala

119Clearing Event Alarm Logs:The Administrator may clear on-line logs to keep the most updated logs onthe screen.Step 1. In the Event Alarm window,

12SettingsThe Administrator may use this function to backup firewall configurations andexport (save) them to an “Administrator” computer or anywhere o

120StatisticsIn this chapter, the Administrator queries the DFL-80 VPN Firewall for statisticsof packets and data which passes across the Firewall. T

121StatusIn this section, the DFL-80 displays the status information about the Firewall.Status will display the network information from the Configura

122ARP TableEntering the ARP Table window:Click on Status in the menu bar, then click ARP Table below it. A window willappear displaying a table with

123DHCP ClientsEntering the DHCP Clients window:Click on Status in the menu bar, then click on DHCP Clients below it. Awindow will appear displaying

124Glossary DHCP (Dynamic Host Configuration Protocol)When a computer with no fixed IP address starts up, it asks the DHCPserver for a temporary IP a

125 Subnet MaskSubnet Mask is used to segment a network into 2, 4, 8, etc sub-networks.For example, take a Class B network with network number 172.16.

126 User Datagram Protocol (UDP Protocol)User Datagram Protocol is a transport layer protocol in the TCP/IP protocolstack. UDP uses application prog

127FirewallThe firewall has three basic functions:1. Restrict data to enter at a control point.2. Restrict data to flow out at a control point.3. Keep

128 IP SpoofingData packets sent is from a fake source address. If the firewall’s policy doesnot restrict these packets from passing through, they co

129 Address GroupThe usual way to setup different packet IP filters for the same policy is to createone policy for each filter. If there are 10 IP add

13Exporting DFL-80 Firewall settings:Step 1. Under Firewall Configuration, click on the Download button next to Export System Settings to Client.Ste

130 Load BalancingLoad Balancing is a function that Virtual Servers provide. It allows a VirtualServer to be mapped to more than one physical server,

131Mapped IPBoth Mapped IP and Virtual Server use IP mapping mechanism to allow outsideusers access internal servers through the firewall. They are d

132ScheduleSchedule is used to set up different time intervals conveying different policies.A policy only works in specified time interval, and is aut

133Virtual ServerThe Firewall separates an enterprise’s Intranet and Internet into internal networksand external networks respectively. Generally spea

134Trouble-ShootingQ : How to upgrade the DFL-80’s software? A : The DFL-80’s software and system parameters are all stored in theFlash Memory. The Fl

135Q : What is the difference in privileges of admin and sub admin? A : The DFL-80 sets the system administrator’s name and password toadmin. When the

136 restart the computer to activate new IP address. Run Browserand enter http://192.168.1.1 in URL field to access FirewallWebUI.Step 2: Brows

137Q : Can Admin modify the internal and external interface IP addressesanytime? A : No, because the names in the address table are set according to t

138Setup ExamplesExample 1: Allow the Internal network to be able to access the InternetExample 2: The Internal network can only access Yahoo.com

139Example 2: The Internal network can only access Yahoo.comwebsite.Step 1. Enter the External window under the Address menu.Step 2. Click the New Ent

14Restoring Factory Default Settings:Step 1. Select Reset Factory Settings under Firewall Configuration.Step 2. Click OK at the bottom-right of th

140Example 3: Outside users can access the internal FTP serverthrough Virtual ServersStep 1. Enter Virtual Server 1 under the Virtual Server menu.Ste

141Example 4: Install a server inside the Internal network and have theInternet (External) users access the server through IPMappingStep 1. Enter th

142Technical SpecificationsStandardsIEEE 802.3 10Base-T EthernetIEEE 802.3u 100Base-TX Fast EthernetIEEE 802.3x Fl

143Technical SpecificationsPhysical Dimensions:L = 9.25 inches (233 mm)W = 6.5 inches (165 mm)H = 1.38 inches (35 mm)Modulation Techniques:IP SecIP Au

144You can find the most recent software and user documentation on the D-Link website.D-Link provides free technical support for customers within the

145Subject to the terms and conditions set forth herein, D-Link Systems, Inc. (“D-Link”) provides this Limitedwarranty for its product only to the per

146Limitation of Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS NOT LIABLEUNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER LEGA

147Governing Law: This Limited Warranty shall be governed by the laws of the State of California. Somestates do not allow exclusion or limitation of

15To-Firewall Packets LogOnce this function is enabled, every packet passing through the Firewall willbe recorded for the administrator to trace.Firew

16Date/TimeAdmins can configure the Firewall’s date and time by either syncing to anInternet Network Time Server (NTP) or by syncing to your computer’

17Software UpdateUnder Software Update, the admin may update the DFL-80’s software witha newer software. The admin can visit http://support.dlink.com

18InterfaceIn this section, the Administrator can set up the IP addresses for home oroffice network. The Administrator may configure the IP addresses

19If the new Internal IP Address is not 192.168.1.1, the Administrator needs toset the IP Address on the computer to be on the same subnet as the Fire

2ContentsPackage Contents ...3Introduction...

20Ping: Select this to allow the external network to ping the IP Address ofthe Firewall. This will allow people from the Internet to be able to pingt

21 Ping: Select this to allow the external network to ping the IP Address ofthe Firewall. This will allow people from the Internet to be able to ping

22Multiple NATMultiple NAT allows the local port to set multiple subnetworks and connectwith the internet through different external IP Addresses. For

23Multiple NAT settingsClick Multiple NAT in the Configuration menu to enter Multiple NAT window.Multiple NATGlobal port interface IP Address: Global

24Add Multiple NATStep 1. Click Multiple NAT in the Configuration menu to enter Multiple NAT window.Step 2. Click the Add button be

25Modify Multiple NATStep 1. Click Multiple NAT in the Configuration menu to enter Multiple NAT window.Step 2. Find the IP Address y

26Hacker AlertThe Administrator can enable the DFL-80’s intruder alert functions in this section.When abnormal conditions occur, the Firewall will sen

27! Detect UDP Flood: Select this option to detect UDP flood attacks. A UDP flood attack is similar to an ICMP flood attack. After enablin

28Route TableIn this section, the Administrator can add static routes for the networks.Entering the Route Table screen:Click Configuration on the left

29Adding a new Static Route:Step 1. In the Route Table window, click the New Entry button.Step 2. In the Add New Static Route window, enter new st

3Contents of Package:D-Link DFL-80 FirewallManual and Warranty on CDQuick Installation GuidePackage ContentsIf any of the above items are missing, ple

30Modifying a Static Route:Step 1. In the Route Table menu, find the route to edit and click the corresponding Modify option in the C

31DHCPIn the section, the Administrator can configure DHCP (Dynamic HostConfiguration Protocol) settings for the Internal (LAN) network.Entering the D

32Enabling DHCP Support:Step 1. In the Dynamic IP Address window, click Enable DHCP Support.Step 2. Domain Name: The Administrator may enter th

33Entering the DNS Proxy window:Click on Configuration in the menu bar, then click on DNS Proxy below it.The DNS Proxy window will appear.Below is the

34Modifying a DNS Proxy:Step 1: In the DNS Proxy window, find the policy to be modified and click the corresponding Modify option in

35Dynamic DNSThe Dynamic DNS (require Dynamic DNS Service) allows you to alias adynamic IP address to a static hostname, allowing your device to bemor

36Add Dynamic DNS settingsStep 1: Click Dynamic DNS in the Configuration menu to enter Dynamic DNS window.Step 2: Click Add button.

37Modify Dynamic DNSStep 1: Click Dynamic DNS in the Configuration menu to enter Dynamic DNS window.Step 2: Find the item you want

38AddressThe DFL-80 Firewall allows the Administrator to set Interface addresses of theInternal network, Internal network group, External network, Ext

39Adding a new Internal Address:Step 1. In the Internal window, click the New Entry button.Step 2. In the Add New Address window, enter the settin

4IntroductionThe DFL-80 provides six 10/100Mbit Ethernet network interface ports whichare (4) Internal/LAN, (1) External/WAN, and (1) DMZ port. It als

40Removing an Internal Address:Step 1. In the Internal window, locate the name of the network to be removed. Click the Remove option

41Adding an Internal Group:Step 1. In the Internal Group window, click the New Entry button to enter theAdd New Address Group window.Step 2. In the

42Modifying an Internal Group:Step 1. In the Internal Group window, locate the network group desired to be modified and click its co

43Removing an Internal Group:Step 1. In the Internal Group window, locate the group to be removed and click its corresponding Remove o

44Adding a new External Address:Step 1. In the External window, click the New Entry button.Step 2. In the Add New Address window, enter the settings

45External GroupEntering the External Group window:Click the External Group under the Address menu bar to enter the Externalwindow. The current settin

46Adding an External Group:Step 1. In the External Group window, click the New Entry button andthe Add New Address Group window will appear.Step 2.

47Editing an External Group:Step 1. In the External Group window, locate the network group to be modified and click its corresponding

48DMZEntering the DMZ window:Click DMZ under the Address menu to enter the DMZ window. The currentsetting information such as the name of the internal

49Adding a new DMZ Address:Step 1. In the DMZ window, click the New Entry button.Step 2. In the Add New Address window, enter the settings for a new

5DMZ Port: Use this port to connect to the company’s server(s), whichneeds direct connection to the Internet (FTP, SNMP, HTTP, DNS).External Port (WA

50Removing a DMZ Address:Step 1. In the DMZ window, locate the name of the network to be removedand click the Remove option in its corresponding Conf

51Adding a DMZ Group:Step 1. In the DMZ Group window, click the New Entry button.Step 2. In the Add New Address Group window: ! Available Address:

52Modifying a DMZ Group:Step 1. In the DMZ Group window, locate the DMZ group to be modifiedand click its corresponding Modify button in the Configur

53Removing a DMZ Group:Step 1. In the DMZ Group window, locate the group to be removed andclick its corresponding Remove option in the Configure fiel

54ServiceIn this section, network services are defined and new network services can beadded. There are three sub menus under Service which are: Pre-

55Pre-definedEntering the Pre-defined window:Click Service on the menu bar on the left side of the window. Click Pre-defined under it. A window will

56Adding a new Service:Step 1: In the Custom window, click the New Entry button and a new service table appears.Step 2:In the new service table:!

57Modifying Custom Services:Step 1. In the Custom table, locate the name of the service to bemodified. Click its corresponding Modify option in th

58GroupAccessing the Group window:Click Service in the menu bar on the left hand side of the window. Click Groupunder it. A window will appear with a

59Adding Service Groups:Step 1. In the Group window, click the New Entry button. In the Add Service Group window, the following fields will appe

6Software ManagementDFL-80 management tool: Web User InterfaceThe main menu functions are located on the left-hand side of the screen, andthe display

60Modifying Service Groups:Step 1. In the Group window, locate the service group to be edited.Click its corresponding Modify option in the Configure

61Removing Service Groups:Step 1. In the Group window, locate the service group to be removedand click its corresponding Remove option in the Configu

62ScheduleThe DFL-80 Office Firewall allows the Administrator to configure a schedulefor policies to take affect. By creating a schedule, the Adminis

63Adding a new Schedule:Step 1: Click on the New Entry button and the Add New Schedule window will appear.Step 2: Schedule Name: F

64Removing a Schedule:Step 1: In the Schedule window, find the policy to be removed and click thecorresponding Remove option in the Configure field.S

65PolicyThis section provides the Administrator with facilities to set control policiesfor packets with different source IP addresses, source ports, d

66OutgoingThis section describes steps to create policies for packets and services fromthe Internal (LAN) network to the External (WAN) network.Enteri

67Adding a new Outgoing Policy:Step 1: Click on the New Entry button and the Add New Policy window will appear.Step 2:Source Address: Select the na

68Modifying an Outgoing policy:Step 1: In the Outgoing policy section, locate the name of the policy desired to be modified and click its cor

69Removing the Outgoing Policy:Step 1. In the Outgoing policy section, locate the name of the policy desiredto be removed and click its corresponding

7Logging InConnect the Administrator’s PC to the Internal (LAN) port of the DFL-80 Firewall.Make sure there is a link light for the connection. The D

70Alarm: If Logging is enabled in the outgoing policy, the DFL-80 will log the trafficalarms and event alarms passing through the Firewall. The Admin

71IncomingThis chapter describes steps to create policies for packets and services fromthe External (WAN) network to the Internal (LAN) network includ

72Adding an Incoming Policy:Step 1: Under Incoming of the Policy menu, click the New Entry button.Step 2:Source Address: Select names of the external

73Modifying Incoming Policy:Step 1: In the Incoming window, locate the name of policy desired to be modified and click its corresponding

74External To DMZ & Internal to DMZThis section describes steps to create policies for packets and services fromthe External (WAN) networks to the

75Adding a new External To DMZ Policy:Step 1: Click the New Entry button and the Add New Policy window will appear.Step 2:Source Address: Select nam

76Modifying an External to DMZ policy:Step 1: In the External To DMZ window, locate the name of policy desired to be modified and click its corresp

77DMZ To External & DMZ To InternalThis section describes steps to create policies for packets and services fromDMZ networks to External (WAN) net

78Adding a DMZ To External Policy:Step 1: Click the New Entry button and the Add New Policy window will appear.Step 2:Source Address: Select the name

79Modifying a DMZ To External policy:Step 1: In the DMZ to External window, locate the name of policy desired tobe modified and click its correspond

8AdministrationThe DFL-80 Firewall Administration and monitoring control is set by the SystemAdministrator. The System Administrator can add or modify

80Removing a DMZ To External Policy:Step 1. In the DMZ To External window, locate the name of policy desired to be removed and click its correspond

81Autokey IKEThis chapter describes steps to create a VPN connection using Autokey IKE.Autokey IKE (Internet Key Exchange) provides a standard method

82Adding the Autokey IKE:Step 1. Click the New Entry button and the VPN Auto Keyed Tunnel window will appear.Step 2:! Preshare Key: The I

83Modifying an Autokey IKE:Step 1: In the Autokey IKE window, locate the name of policy desired to bemodified and click its corresponding Modify opti

84Removing Autokey IKE:Step 1. Locate the name of the Autokey IKE desired to be removed and clickits corresponding Delete option in the Configure fie

85PPTP Server- Click Modify to select Enable or Disable.Client IP Range- 192.66.255.1-254 Displays the IP addressrange for PPTP Client connection.User

86Modifying PPTP Server DesignStep 1. Select VPN > PPTP Server.Step 2. Click Modify after the Client IP Range.Step 3. In the Modify Server Design

87Step 3. Click OK to save modifications or click Cancel to cancel modifi cationsAdding PPTP ServerStep 1. Select VPN > PPTP Ser

88Step 1. Select VPN > PPTP Server.Step 2. In the PPTP Server window, find the PPTP server that you want to modify. Click Confi

89Removing PPTP ServerStep 1. Select VPN > PPTP Server.Step 2. In the PPTP Server window, find the PPTP server that you wantto modify. Click Config

9Administration (continued)Firewall Administration setupOn the left hand menu, click on Administration, and then select Admin belowit. The current lis

90PPTP ClientEntering the PPTP Client windowStep 1. Select VPN > PPTP Client.! Server Address: Displays the PPTP Server IP addresses..! User Name

91Adding a PPTP ClientStep 1. Select VPN > PPTP Client.! User name: Specify the PPTP client. This should be unique.! Password: Specify the PPTP cli

92Step 4. Click OK to save modifications or click Cancel to cancel modifi cationsModifying PPTP ClientStep 1. Select VPN > PPTP Cli

93Removing PPTP ClientStep 1. Select VPN > PPTP Client.Step 2. In the PPTP Client window, find the PPTP client that you want tomodify. Click Config

94Content filteringURL BlockingThe Administrator may setup URL Blocking to prevent Internal network usersfrom accessing a specific website on the Inte

95Modifying a URL Blocking policy:Step 1: In the URL Blocking window, find the policy to be modified and click the corresponding Modify

96Blocked URL site:When a user from the Internal network tries to access a blocked URL, theerror below will appear.General BlockingTo let Popups, Acti

97Virtual ServerThe DFL-80 VPN Firewall separates an enterprise’s Intranet and Internet intointernal networks and external networks respectively. Gen

98Mapped IPInternal private IP addresses are translated through NAT (Network AddressTranslation). If a server is located in the internal network, it

99Adding new IP Mapping:Step 1. In the Mapped IP window, click the New Entry button the Add NewMapped IP window will appear.! External IP: select the