ManualBuilding Networks for PeopleD-Link DFL-80Ethernet VPN Firewall
10Adding a new Sub Administrator:Step 1. In the Administration window, click the New Sub Admin buttonto create a new Sub Administrator.Step 2. In t
100Removing a Mapped IP:Step 1. In the Mapped IP table, locate the Mapped IP desired to be removed and click its corresponding Remove op
101Adding a Virtual Server:Step 1. Click an available virtual server from Virtual Server in the VirtualServer menu bar to enter the virtual server co
102When Disable appears in the drop-down list, no Virtual Server can be added.
103Modifying a Virtual Server IP Address:Step 1. Click the virtual server to be modified Virtual Server under the Virtual Server menu ba
104Removing a Virtual Server:Step 1. Click the virtual server to be removed in the corresponding Virtual Server option under the Virtu
105! External Service Port: Select the service from the pull down listthat will be provided by the Virtual Server.Note: The services in the drop-dow
106Modifying the Virtual Server configurations:Step 1. In the Virtual Server window’s service table, locate the name of theservice desired to be mod
107Removing the Virtual Server service:Step 1. In the Virtual Server window’s service table, locate the name of the service desired to be removed
108How to use the LogThe Administrator can use the log data to monitor and manage the DFL-80and the networks. The Administrator can view the logged
109Traffic Log:The table in the Traffic Log window displays current System statuses:! Time: The start time of the connection.! Source: IP address of
11Administration (continued)Changing the Sub-Administrator’s Password:Step 1. In the Administration window, locate the Administrator name you
110Clearing the Traffic Logs:The Administrator may clear on-line logs to keep just the most updated logson the screen.Step 1. In the Traffic Log win
111Event LogWhen the DFL-80 Firewall detects events, the Administrator can get the details,such as time and description of the events from the Event L
112Downloading the Event Logs:Step 1. In the Event Log window, click the Download Logs button at thebottom of the screen.Step 2. Follow the File Do
113Log ReportThe Log ReportStep 1. Click Log > Log Report.! Enable Log Mail Configuration::::: When the Log Mail filesaccumulated up to 300Kbyte
114Enable Log Mail Support & Syslog MessageLog Mail Configuration /Enable Log Mail SupportStep 1. First, go to Admin –Select Enable E-mail Alert N
115AlarmIn this chapter, the Administrator can view traffic alarms and event alarms thatoccur and the firewall has logged.Firewall has two alarms: Tra
116Traffic AlarmEntering the Traffic Alarm window:Click the Traffic Alarm option below Alarm menu to enter the Traffic Alarmwindow.The table in the Tr
117Clearing the Traffic Alarm Logs:Step 1. In the Traffic Alarm window, click the Clear Logs button at thebottom of the screen.Step 2. In the Clea
118Event AlarmEntering the Event Alarm window:Click the Event Alarm option in the Alarm menu to enter the Event Alarmwindow.The table in the Event Ala
119Clearing Event Alarm Logs:The Administrator may clear on-line logs to keep the most updated logs onthe screen.Step 1. In the Event Alarm window,
12SettingsThe Administrator may use this function to backup firewall configurations andexport (save) them to an “Administrator” computer or anywhere o
120StatisticsIn this chapter, the Administrator queries the DFL-80 VPN Firewall for statisticsof packets and data which passes across the Firewall. T
121StatusIn this section, the DFL-80 displays the status information about the Firewall.Status will display the network information from the Configura
122ARP TableEntering the ARP Table window:Click on Status in the menu bar, then click ARP Table below it. A window willappear displaying a table with
123DHCP ClientsEntering the DHCP Clients window:Click on Status in the menu bar, then click on DHCP Clients below it. Awindow will appear displaying
124Glossary DHCP (Dynamic Host Configuration Protocol)When a computer with no fixed IP address starts up, it asks the DHCPserver for a temporary IP a
125 Subnet MaskSubnet Mask is used to segment a network into 2, 4, 8, etc sub-networks.For example, take a Class B network with network number 172.16.
126 User Datagram Protocol (UDP Protocol)User Datagram Protocol is a transport layer protocol in the TCP/IP protocolstack. UDP uses application prog
127FirewallThe firewall has three basic functions:1. Restrict data to enter at a control point.2. Restrict data to flow out at a control point.3. Keep
128 IP SpoofingData packets sent is from a fake source address. If the firewall’s policy doesnot restrict these packets from passing through, they co
129 Address GroupThe usual way to setup different packet IP filters for the same policy is to createone policy for each filter. If there are 10 IP add
13Exporting DFL-80 Firewall settings:Step 1. Under Firewall Configuration, click on the Download button next to Export System Settings to Client.Ste
130 Load BalancingLoad Balancing is a function that Virtual Servers provide. It allows a VirtualServer to be mapped to more than one physical server,
131Mapped IPBoth Mapped IP and Virtual Server use IP mapping mechanism to allow outsideusers access internal servers through the firewall. They are d
132ScheduleSchedule is used to set up different time intervals conveying different policies.A policy only works in specified time interval, and is aut
133Virtual ServerThe Firewall separates an enterprise’s Intranet and Internet into internal networksand external networks respectively. Generally spea
134Trouble-ShootingQ : How to upgrade the DFL-80’s software? A : The DFL-80’s software and system parameters are all stored in theFlash Memory. The Fl
135Q : What is the difference in privileges of admin and sub admin? A : The DFL-80 sets the system administrator’s name and password toadmin. When the
136 restart the computer to activate new IP address. Run Browserand enter http://192.168.1.1 in URL field to access FirewallWebUI.Step 2: Brows
137Q : Can Admin modify the internal and external interface IP addressesanytime? A : No, because the names in the address table are set according to t
138Setup ExamplesExample 1: Allow the Internal network to be able to access the InternetExample 2: The Internal network can only access Yahoo.com
139Example 2: The Internal network can only access Yahoo.comwebsite.Step 1. Enter the External window under the Address menu.Step 2. Click the New Ent
14Restoring Factory Default Settings:Step 1. Select Reset Factory Settings under Firewall Configuration.Step 2. Click OK at the bottom-right of th
140Example 3: Outside users can access the internal FTP serverthrough Virtual ServersStep 1. Enter Virtual Server 1 under the Virtual Server menu.Ste
141Example 4: Install a server inside the Internal network and have theInternet (External) users access the server through IPMappingStep 1. Enter th
142Technical SpecificationsStandardsIEEE 802.3 10Base-T EthernetIEEE 802.3u 100Base-TX Fast EthernetIEEE 802.3x Fl
143Technical SpecificationsPhysical Dimensions:L = 9.25 inches (233 mm)W = 6.5 inches (165 mm)H = 1.38 inches (35 mm)Modulation Techniques:IP SecIP Au
144You can find the most recent software and user documentation on the D-Link website.D-Link provides free technical support for customers within the
145Subject to the terms and conditions set forth herein, D-Link Systems, Inc. (“D-Link”) provides this Limitedwarranty for its product only to the per
146Limitation of Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS NOT LIABLEUNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER LEGA
147Governing Law: This Limited Warranty shall be governed by the laws of the State of California. Somestates do not allow exclusion or limitation of
15To-Firewall Packets LogOnce this function is enabled, every packet passing through the Firewall willbe recorded for the administrator to trace.Firew
16Date/TimeAdmins can configure the Firewall’s date and time by either syncing to anInternet Network Time Server (NTP) or by syncing to your computer’
17Software UpdateUnder Software Update, the admin may update the DFL-80’s software witha newer software. The admin can visit http://support.dlink.com
18InterfaceIn this section, the Administrator can set up the IP addresses for home oroffice network. The Administrator may configure the IP addresses
19If the new Internal IP Address is not 192.168.1.1, the Administrator needs toset the IP Address on the computer to be on the same subnet as the Fire
2ContentsPackage Contents ...3Introduction...
20Ping: Select this to allow the external network to ping the IP Address ofthe Firewall. This will allow people from the Internet to be able to pingt
21 Ping: Select this to allow the external network to ping the IP Address ofthe Firewall. This will allow people from the Internet to be able to ping
22Multiple NATMultiple NAT allows the local port to set multiple subnetworks and connectwith the internet through different external IP Addresses. For
23Multiple NAT settingsClick Multiple NAT in the Configuration menu to enter Multiple NAT window.Multiple NATGlobal port interface IP Address: Global
24Add Multiple NATStep 1. Click Multiple NAT in the Configuration menu to enter Multiple NAT window.Step 2. Click the Add button be
25Modify Multiple NATStep 1. Click Multiple NAT in the Configuration menu to enter Multiple NAT window.Step 2. Find the IP Address y
26Hacker AlertThe Administrator can enable the DFL-80’s intruder alert functions in this section.When abnormal conditions occur, the Firewall will sen
27! Detect UDP Flood: Select this option to detect UDP flood attacks. A UDP flood attack is similar to an ICMP flood attack. After enablin
28Route TableIn this section, the Administrator can add static routes for the networks.Entering the Route Table screen:Click Configuration on the left
29Adding a new Static Route:Step 1. In the Route Table window, click the New Entry button.Step 2. In the Add New Static Route window, enter new st
3Contents of Package:D-Link DFL-80 FirewallManual and Warranty on CDQuick Installation GuidePackage ContentsIf any of the above items are missing, ple
30Modifying a Static Route:Step 1. In the Route Table menu, find the route to edit and click the corresponding Modify option in the C
31DHCPIn the section, the Administrator can configure DHCP (Dynamic HostConfiguration Protocol) settings for the Internal (LAN) network.Entering the D
32Enabling DHCP Support:Step 1. In the Dynamic IP Address window, click Enable DHCP Support.Step 2. Domain Name: The Administrator may enter th
33Entering the DNS Proxy window:Click on Configuration in the menu bar, then click on DNS Proxy below it.The DNS Proxy window will appear.Below is the
34Modifying a DNS Proxy:Step 1: In the DNS Proxy window, find the policy to be modified and click the corresponding Modify option in
35Dynamic DNSThe Dynamic DNS (require Dynamic DNS Service) allows you to alias adynamic IP address to a static hostname, allowing your device to bemor
36Add Dynamic DNS settingsStep 1: Click Dynamic DNS in the Configuration menu to enter Dynamic DNS window.Step 2: Click Add button.
37Modify Dynamic DNSStep 1: Click Dynamic DNS in the Configuration menu to enter Dynamic DNS window.Step 2: Find the item you want
38AddressThe DFL-80 Firewall allows the Administrator to set Interface addresses of theInternal network, Internal network group, External network, Ext
39Adding a new Internal Address:Step 1. In the Internal window, click the New Entry button.Step 2. In the Add New Address window, enter the settin
4IntroductionThe DFL-80 provides six 10/100Mbit Ethernet network interface ports whichare (4) Internal/LAN, (1) External/WAN, and (1) DMZ port. It als
40Removing an Internal Address:Step 1. In the Internal window, locate the name of the network to be removed. Click the Remove option
41Adding an Internal Group:Step 1. In the Internal Group window, click the New Entry button to enter theAdd New Address Group window.Step 2. In the
42Modifying an Internal Group:Step 1. In the Internal Group window, locate the network group desired to be modified and click its co
43Removing an Internal Group:Step 1. In the Internal Group window, locate the group to be removed and click its corresponding Remove o
44Adding a new External Address:Step 1. In the External window, click the New Entry button.Step 2. In the Add New Address window, enter the settings
45External GroupEntering the External Group window:Click the External Group under the Address menu bar to enter the Externalwindow. The current settin
46Adding an External Group:Step 1. In the External Group window, click the New Entry button andthe Add New Address Group window will appear.Step 2.
47Editing an External Group:Step 1. In the External Group window, locate the network group to be modified and click its corresponding
48DMZEntering the DMZ window:Click DMZ under the Address menu to enter the DMZ window. The currentsetting information such as the name of the internal
49Adding a new DMZ Address:Step 1. In the DMZ window, click the New Entry button.Step 2. In the Add New Address window, enter the settings for a new
5DMZ Port: Use this port to connect to the company’s server(s), whichneeds direct connection to the Internet (FTP, SNMP, HTTP, DNS).External Port (WA
50Removing a DMZ Address:Step 1. In the DMZ window, locate the name of the network to be removedand click the Remove option in its corresponding Conf
51Adding a DMZ Group:Step 1. In the DMZ Group window, click the New Entry button.Step 2. In the Add New Address Group window: ! Available Address:
52Modifying a DMZ Group:Step 1. In the DMZ Group window, locate the DMZ group to be modifiedand click its corresponding Modify button in the Configur
53Removing a DMZ Group:Step 1. In the DMZ Group window, locate the group to be removed andclick its corresponding Remove option in the Configure fiel
54ServiceIn this section, network services are defined and new network services can beadded. There are three sub menus under Service which are: Pre-
55Pre-definedEntering the Pre-defined window:Click Service on the menu bar on the left side of the window. Click Pre-defined under it. A window will
56Adding a new Service:Step 1: In the Custom window, click the New Entry button and a new service table appears.Step 2:In the new service table:!
57Modifying Custom Services:Step 1. In the Custom table, locate the name of the service to bemodified. Click its corresponding Modify option in th
58GroupAccessing the Group window:Click Service in the menu bar on the left hand side of the window. Click Groupunder it. A window will appear with a
59Adding Service Groups:Step 1. In the Group window, click the New Entry button. In the Add Service Group window, the following fields will appe
6Software ManagementDFL-80 management tool: Web User InterfaceThe main menu functions are located on the left-hand side of the screen, andthe display
60Modifying Service Groups:Step 1. In the Group window, locate the service group to be edited.Click its corresponding Modify option in the Configure
61Removing Service Groups:Step 1. In the Group window, locate the service group to be removedand click its corresponding Remove option in the Configu
62ScheduleThe DFL-80 Office Firewall allows the Administrator to configure a schedulefor policies to take affect. By creating a schedule, the Adminis
63Adding a new Schedule:Step 1: Click on the New Entry button and the Add New Schedule window will appear.Step 2: Schedule Name: F
64Removing a Schedule:Step 1: In the Schedule window, find the policy to be removed and click thecorresponding Remove option in the Configure field.S
65PolicyThis section provides the Administrator with facilities to set control policiesfor packets with different source IP addresses, source ports, d
66OutgoingThis section describes steps to create policies for packets and services fromthe Internal (LAN) network to the External (WAN) network.Enteri
67Adding a new Outgoing Policy:Step 1: Click on the New Entry button and the Add New Policy window will appear.Step 2:Source Address: Select the na
68Modifying an Outgoing policy:Step 1: In the Outgoing policy section, locate the name of the policy desired to be modified and click its cor
69Removing the Outgoing Policy:Step 1. In the Outgoing policy section, locate the name of the policy desiredto be removed and click its corresponding
7Logging InConnect the Administrator’s PC to the Internal (LAN) port of the DFL-80 Firewall.Make sure there is a link light for the connection. The D
70Alarm: If Logging is enabled in the outgoing policy, the DFL-80 will log the trafficalarms and event alarms passing through the Firewall. The Admin
71IncomingThis chapter describes steps to create policies for packets and services fromthe External (WAN) network to the Internal (LAN) network includ
72Adding an Incoming Policy:Step 1: Under Incoming of the Policy menu, click the New Entry button.Step 2:Source Address: Select names of the external
73Modifying Incoming Policy:Step 1: In the Incoming window, locate the name of policy desired to be modified and click its corresponding
74External To DMZ & Internal to DMZThis section describes steps to create policies for packets and services fromthe External (WAN) networks to the
75Adding a new External To DMZ Policy:Step 1: Click the New Entry button and the Add New Policy window will appear.Step 2:Source Address: Select nam
76Modifying an External to DMZ policy:Step 1: In the External To DMZ window, locate the name of policy desired to be modified and click its corresp
77DMZ To External & DMZ To InternalThis section describes steps to create policies for packets and services fromDMZ networks to External (WAN) net
78Adding a DMZ To External Policy:Step 1: Click the New Entry button and the Add New Policy window will appear.Step 2:Source Address: Select the name
79Modifying a DMZ To External policy:Step 1: In the DMZ to External window, locate the name of policy desired tobe modified and click its correspond
8AdministrationThe DFL-80 Firewall Administration and monitoring control is set by the SystemAdministrator. The System Administrator can add or modify
80Removing a DMZ To External Policy:Step 1. In the DMZ To External window, locate the name of policy desired to be removed and click its correspond
81Autokey IKEThis chapter describes steps to create a VPN connection using Autokey IKE.Autokey IKE (Internet Key Exchange) provides a standard method
82Adding the Autokey IKE:Step 1. Click the New Entry button and the VPN Auto Keyed Tunnel window will appear.Step 2:! Preshare Key: The I
83Modifying an Autokey IKE:Step 1: In the Autokey IKE window, locate the name of policy desired to bemodified and click its corresponding Modify opti
84Removing Autokey IKE:Step 1. Locate the name of the Autokey IKE desired to be removed and clickits corresponding Delete option in the Configure fie
85PPTP Server- Click Modify to select Enable or Disable.Client IP Range- 192.66.255.1-254 Displays the IP addressrange for PPTP Client connection.User
86Modifying PPTP Server DesignStep 1. Select VPN > PPTP Server.Step 2. Click Modify after the Client IP Range.Step 3. In the Modify Server Design
87Step 3. Click OK to save modifications or click Cancel to cancel modifi cationsAdding PPTP ServerStep 1. Select VPN > PPTP Ser
88Step 1. Select VPN > PPTP Server.Step 2. In the PPTP Server window, find the PPTP server that you want to modify. Click Confi
89Removing PPTP ServerStep 1. Select VPN > PPTP Server.Step 2. In the PPTP Server window, find the PPTP server that you wantto modify. Click Config
9Administration (continued)Firewall Administration setupOn the left hand menu, click on Administration, and then select Admin belowit. The current lis
90PPTP ClientEntering the PPTP Client windowStep 1. Select VPN > PPTP Client.! Server Address: Displays the PPTP Server IP addresses..! User Name
91Adding a PPTP ClientStep 1. Select VPN > PPTP Client.! User name: Specify the PPTP client. This should be unique.! Password: Specify the PPTP cli
92Step 4. Click OK to save modifications or click Cancel to cancel modifi cationsModifying PPTP ClientStep 1. Select VPN > PPTP Cli
93Removing PPTP ClientStep 1. Select VPN > PPTP Client.Step 2. In the PPTP Client window, find the PPTP client that you want tomodify. Click Config
94Content filteringURL BlockingThe Administrator may setup URL Blocking to prevent Internal network usersfrom accessing a specific website on the Inte
95Modifying a URL Blocking policy:Step 1: In the URL Blocking window, find the policy to be modified and click the corresponding Modify
96Blocked URL site:When a user from the Internal network tries to access a blocked URL, theerror below will appear.General BlockingTo let Popups, Acti
97Virtual ServerThe DFL-80 VPN Firewall separates an enterprise’s Intranet and Internet intointernal networks and external networks respectively. Gen
98Mapped IPInternal private IP addresses are translated through NAT (Network AddressTranslation). If a server is located in the internal network, it
99Adding new IP Mapping:Step 1. In the Mapped IP window, click the New Entry button the Add NewMapped IP window will appear.! External IP: select the
Komentarze do niniejszej Instrukcji