D-Link DFL-600 User Manual
  1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-600
  6. User manual
D-Link DFL-600 User Manual

D-Link DFL-600 User Manual

Firewall/vpn router
Hide thumbs Also See for DFL-600:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Manual
D-Link DFL-600
Firewall/VPN
Manual
Rev. 4.0
Building Networks for People

Advertisement

Table of Contents
loading

Related Manuals for D-Link DFL-600

Summary of Contents for D-Link DFL-600

  • Page 1 D-Link DFL-600 Firewall/VPN Manual Rev. 4.0 Building Networks for People...

  • Page 2: Table Of Contents

    WAN Settings ... 21 LAN Settings... 27 DHCP Settings ... 29 NAT... 33 DMZ... 34 Advanced Settings... 49 Connecting PCs to the DFL-600 Router... 111 Networking Basics ... 114 Contacting Technical Support ... 128 Limited Warranty and Registration ... 129...

  • Page 3: Package Contents

    Package Contents Contents of Package: • D-Link DFL-600 Firewall/VPN Router • Manual • Quick Installation Guide • Power Adapter, 5V DC, 2.5A* • CAT-5 UTP Cable If any of the above items are missing, please contact your reseller. *Using a power supply with a different voltage rating will damage the product and void the warranty.

  • Page 4: Introduction

    “connected” environment. Connect the WAN port on the DFL-600 to the Ethernet port on your Cable/DSL modem using an Ethernet cable. Your entire LAN can now access the Internet using just one Internet account. The DFL-600 has 3 LAN ports, one DMZ port, and one WAN port.

  • Page 5: Led Indicators

    LED Indicators (Green) Link/Act. WAN 10/100 (Green) (Green) Link/Act. DMZ 10/100 (Green) LAN (1-3) (Green) Link/Act. LAN (1-3) (Green) 10/100 Power (Green) Green LED will LIGHT when a good link is established. Green LED will BLINK when packet is transmitting or receiving (Act.). Green LED will LIGHT when a 100 Mbps Link is established.
  • Page 6 The DFL-600 can connect any Cable or DSL modem to the network. DHCP The DFL-600 is a DHCP-capable router. It automatically assigns unique IP Addresses to each network users that is connected to the DFL-600, for the price of one Internet account.
  • Page 7 Upgradeable New Features Allows new features to be added in the future High Performance 64 bit RISC CPU Engine With the most advanced 64 bit RISC CPU Engine, DFL-600 guarantees full compatibility with future DSL/Cable technologies. IPSec Security (DES, 3DES, MD5, SHA-1)

  • Page 8: Ip Address Settings And Computer Settings

    It is recommended that you allow your PC’s IP settings be automatically assigned by a DHCP server. By default, your new DFL-600 VPN Firewall functions as a DHCP server, and it will give your PC the necessary IP settings, every time you boot your...

  • Page 9: Introduction And Overview

    IP address range between 192.168.0.2 to 192.168.0.254. So computers and other devices connected to these three ports either allow the DFL-600’s DHCP server to assign them IP addresses from this range, or you can manually assign devices connected to these ports an IP address from this range.
  • Page 10 Internet and any other devices on your LAN (such as a printer or scanner). The network information (including the IP address) required by the WAN side of the DFL-600 is either obtained automatically from your ISP (or other network device on the WAN side) or is entered manually. The DFL-600 allows three methods for this information to be obtained, as follows: Dynamic −...
  • Page 11 (on the same subnet) as the three LAN ports, or you will not be able to access the DFL-600 from your LAN. The many other features of the DFL-600 are described in subsequent sections.

  • Page 12: Using The Configuration Utility

    Note: Please make sure that the computer you will use to connect to and configure the DFL-600 is assigned an IP address that is in the same range as the DFL-600. The IP address of the DFL-600 is 192.168.0.1. All computers on your network must be within that range, for instance, the computer IP address could be any IP address from the range 192.168.0.2 to 192.168.0.254,...
  • Page 13 The Setup Wizard will guide you the most basic setup tasks, such as setting an administrative password, selecting the type of WAN connection you have, entering your computer’s host name (if required by your ISP), saving the configuration and restarting the router. All other setup tasks can be accomplished using the configuration utility from your web browser.

  • Page 14: Setup Wizard

    Setup Wizard The Setup Wizard will guide you through the most basic setup tasks for the DFL-600. All other configuration tasks can be accomplished through the web-based manager. The Home menu contains a Run Setup Wizard link. Click on this button to run the Setup Wizard.
  • Page 15 Enter a password in the Password field, and again in the Verify Password field. This will become the logon password for the DFL-600. This password is case-sensitive, so remember to use capital letters when logging on to the DFL-600’s web-based manager − if you enter a password with capital letters here.
  • Page 16 (and is therefore, a dynamic IP address). DHCP is referred to as Dynamic IP address on the DFL-600. The Setup Wizard will open a page with the appropriate fields for the entry of your ISP contact information, depending upon which of the three options you choose.
  • Page 17 Some ISPs require you to use an assigned host name for your Internet connection. If your ISP requires this, you can enter the assigned host name in the Host Name field. If you selected Static IP Address on the Select Internet Connection Type (WAN) wizard screen above, the following screen will open: This screen will allow you to enter the static IP address information, if your ISP has assigned a static IP address to your Internet account.
  • Page 18 This screen will allow you to enter the PPPoE information, if your ISP uses the PPPoE protocol for your Internet account. Your ISP must provide this information. Click Next to continue.
  • Page 19 You have completed the basic setup Wizard. The configuration now needs to be entered into the DFL-600’s non-volatile RAM. Clicking Restart will save the configuration to non-volatile RAM and restart the router.

  • Page 20: Home

    Home The Home menu contains links to all of the setup menus for the DFL-600. Click on the WAN button:...

  • Page 21: Wan Settings

    WAN network settings. The settings listed under WAN Settings are the network settings currently in use by the DFL-600. The fields where you will enter the WAN Settings will change depending upon the choice you make in the IP Settings Mode drop-...
  • Page 22 The page shown above is in Dynamic mode. Dynamic allows the DFL-600 to get its IP address information from your ISP using the Dynamic Host Configuration Protocol (DHCP). Use this setting if your ISP instructs you to use DHCP or to automatically obtain an IP address.
  • Page 23 Internet account. The DFL-600 offers a MAC cloning feature where the DFL-600 will read the MAC address of the NIC card in the PC that the cable modem uses to identify the user. The DFL-600 will then use this...
  • Page 24 MAC address when connecting to the cable modem. Clicking on the Clone button will enable this function. Remember to click the Apply button and then to save the changes using Tools, System, and the Save button.
  • Page 25 Static IP Address − If your ISP has assigned you an IP address that will never change, choose this option. When this option is chosen, the following fields appear to allow you to enter the network address information:...
  • Page 26 PPPoE − If your ISP uses Point-to-Point Protocol over Ethernet (PPPoE), choose this option. When this option is chosen, the following fields appear to allow you to enter the network address information: Connect on Demand − allows the PPPoE WAN connection to be active only when a computer on your LAN makes a connection request.

  • Page 27: Lan Settings

    DFL-600 here. If you choose this option, you will have to reboot the PCs on the LAN side of the DFL-600 in order for them to get their new IP address settings (or you can enter the “C:\>ipconfig /renew”...
  • Page 28 DFL-600, that you configure the DFL-600’s DHCP server with the appropriate IP address range and subnet mask first, and then assign an IP address from the same range to the DFL-600. That way, a computer on the LAN side of your network can always get the proper network addressing...

  • Page 29: Dhcp Settings

    DHCP (Dynamic Host Configuration Protocol) is a method of automatically assigning IP addresses, subnet masks, default gateway and DNS server IP address to computers on the LAN side of the DFL-600. The DFL-600 can be a DHCP server for your LAN, assigning IP addresses, etc. to computers on your network from a range of addresses you specify below.
  • Page 30 IP address assigned to the DFL-600 be contained in the range of IP addresses available for the DFL-600 to assign. In this case, the IP address of the DFL-600 is 192.168.0.1, so the first IP address in the range is 192.168.0.2.
  • Page 31 DHCP Static Map The DFL-600 allows you to identify PCs on your LAN by their MAC addresses, and then to specify what IP address (from the range of IP addresses established for your LAN) will be assigned to these PCs. In this way, you can always have a given PCs on your LAN assigned a given IP address.
  • Page 32 MAC Address This is the MAC address of the PC you want to assign the IP address specified below using DHCP. IP Address This is the IP address you want to assign the PC identified by its MAC address above, using DHCP.

  • Page 33: Nat

    NAT is automatically applied between the IP addresses assigned to the DFL- 600’s WAN port (the IP address or addresses assigned to you by your ISP) and the IP addresses assigned to the DFL-600’s LAN ports (the 192.168.0.x subnet). NAT is not used between the WAN port and the DMZ port.

  • Page 34: Dmz

    NAT and the firewall features of your DFL-600 may conflict with certain interactive applications such as video conferencing or playing Internet video games. For these applications, a bypass can be set up using the DMZ port and a corresponding DMZ IP address. The DMZ IP address is “visible” to the Internet (or WAN) and does not benefit from the full protection of the NAT function.
  • Page 35 The DMZ Settings screen allows you to Enable and Disable the DMZ port on the DFL-600 and to specify the IP address and Subnet Mask that the DMZ port will use. The default DMZ IP address is 192.168.1.1 with a subnet mask of 255.255.255.0.
  • Page 36 DMZ computer. You will need to manually configure the IP address settings for each computer you connect to the DFL-600's DMZ port. It must be from the same IP address range as you assigned to the DMZ port. The DFL-600's default IP address range...
  • Page 37 The DFL-600 can be set to obtain and distribute the correct time to computers on your LAN using the Simple Network Time Protocol (SNTP). Click on the Time button to open the following page: System Date Time Displays the current system date and time.
  • Page 38 Set Type This drop-down menu allows you to select either the IP address of an SNTP server, or the Domain Name (URL) of an SNTP server that the DFL- 600 will contact to obtain the correct date and time. IP address Enter the IP address of an SNTP server here.
  • Page 39 Clicking the Enable click box, opposite the User Control table entry, will open the rest of the User Management page, including the Bandwidth control and Management Type table entries.
  • Page 40 This allows you to enable or disable the bandwidth control feature of your DFL-600. Use the drop-down menu to set the maximum data rate that the DFL-600 will allow between PCs on your LAN and the WAN (the Internet). Management Type...
  • Page 41 ISP’s facility. Choosing POP3 will allow the DFL-600 to connect PCs on your LAN to the POP3 e-mail server on the WAN to view and retrieve e-mail.
  • Page 42 RADIUS server on the WAN and PCs on your LAN. Choosing RADIUS will allow the DFL-600 to connect PCs on your LAN to a RADIUS server on the WAN. If RADIUS user authentication...
  • Page 43 IP Address and IP (subnet) Mask entered on the 802.1x Device Configuration page will be allowed to access the WAN (Internet) by the DFL-600 without any RADIUS user authentication, effectively bypassing the RADIUS user authentication step.
  • Page 44 RADIUS server on the WAN and PCs on your LAN. Choosing RADIUS will allow the DFL-600 to connect PCs on your LAN to a RADIUS server on the WAN. 802.1X 802.1x is a standard for passing the Extensible...
  • Page 45 Clicking the 802.1x Enable click-box, and then Edit link will open the following page: 802.1x is a standard for passing the Extensible Authentication Protocol (EAP) packets over a LAN. You should enable this if there are any 802.1x devices between the DFL-600 and the RADIUS server on the WAN.
  • Page 46 Clicking on the Edit link (which appears when you enable 802.1x) will open the 802.1x Device Configuration page, as shown below. If you have PCs on your LAN that do not require RADIUS user authentication to access the Internet (or other networks through your ISP), you can use Enable 802.1x, and then click the Edit link.
  • Page 47 802.1x is a standard for passing the Extensible Authentication Protocol (EAP) over a LAN. You should enable this only if there are 802.1x devices between the DFL-600 and the RADIUS server on the WAN. Clicking on the Edit link (which appears when you enable 802.1x) will open the 802.1x Device Configuration page, as...
  • Page 48 LDAP Server IP Enter the IP address of your LDAP server here. Your ISP should provide you with this address. Server Port This is the TCP port number that the LDAP server will use to communicate with PCs on your LAN.

  • Page 49: Advanced Settings

    Virtual Servers Virtual Servers allow remote users to access services on your LAN such as FTP for file transfers or SMTP and POP3 for e-mail. The DFL-600 will accept remote requests for these services at a Global IP Address you specify,...
  • Page 50 Private IP This is the IP address of the server on your LAN that will provide the service to remote users. You can select the transport protocol (TCP or Transport Type UDP) that the application on the virtual server will use for its connections. The choice of this protocol is dependent on the application that is providing the service.
  • Page 51 These applications often conflict with NAT, and therefore require special handling. The Special Applications page allows you to configure your DFL-600 to allow computers on your LAN to access servers on the WAN that require multiple TCP or UDP connections.
  • Page 52 TCP/UDP packet. When a TCP or UDP packet is received by the DFL-600, the IP address in this packet will be translated between the WAN and LAN side of the DFL-600, if this option is enabled. This drop-down menu allows you to specify...

  • Page 53: Static Routing

    Static Routing Your DFL-600 can automatically discover routes to destinations on both your LAN and the WAN (Internet). In addition, you can add entries to the DFL- 600’s routing table that will be saved to flash RAM. These routes will not...

  • Page 54: Dynamic Routing

    DFL-600 and servers on the remote network. Dynamic Routing Your DFL-600 can automatically discover routes to destinations on both your LAN and the WAN (Internet). You can choose either RIP1, RIP2 or None. RIP2 (Routing Information Protocol version 2) adds support for variable- length subnet masks, and is generally the best choice.
  • Page 55 Rip Version Your DFL-600 can automatically discover routes to destinations on both your LAN and the WAN (Internet). You can choose either RIP1, RIP2 or None. RIP2 (Routing Information Protocol version 2) adds support for variable-length subnet masks, and is generally the best choice.
  • Page 56 120 seconds. Routing Information Your DFL-600 can automatically discover routes to destinations on both your LAN and the WAN (Internet), and you can also enter routing information statically. To display the Routing Information table, click on the Routing Information link.
  • Page 57 In the case shown above, the DFL-600’s WAN port was connected to a 10.0.0.0 network − with a subnet mask of 255.0.0.0. The LAN ports used the default 192.168.0.0 network addresses, and the DMZ port used the default 192.168.1.0 network addresses − both with a subnet mask of 255.255.255.0.
  • Page 58 Policy (Firewall) Configuration Some Examples Your DFL-600 allows you to make policy rules and then group these rules into a policy that will limit the types of access PCs on your LAN can have to the WAN (Internet). In addition, you can create a Schedule that will determine at what times and days of the week these policies are enforced.
  • Page 59 Apply button to enter this schedule into the Schedule Table. You can enter up to 15 Schedules, but two default schedules are automatically maintained by the DFL-600 − Always and None. You can make changes to the None Schedule, but the Always Schedule is intended for policies that should always be enforced.
  • Page 60 Schedule Name, and allow you to make changes. Setting the Policy Rules Now you need to configure the DFL-600 to block PCs on your LAN from accessing Web-pages on the WAN (Internet). To do this, click on the Policy button to open the Policy Rules page, as shown below.
  • Page 61 range to PCs that you want the Policy Rule to apply to, and leave PCs with IP addresses outside the range free to access web-pages on the WAN (Internet). For simplicity in this example, we are going to specify Any in both the Source IP Range and Destination IP Range fields.
  • Page 62 Now that the Policy Rule − Block Web − is configured, we want to add this Policy Rule to a Policy group. Click on the Policies link to open the Policy Add page, as shown below.
  • Page 63 Enter a name for the Policy group in the Policy Name field. This name will be used to reference this Policy group. In this case, we have named this Policy group StudyTime. The schedule we created previously will appear in the Assign to Schedule drop-down menu and is selected as the times and days of the weed this Policy will be enforced.
  • Page 64 Under the Rule Filter heading, click Enabled, and then click the “Outbound Firewall Rule” link. This will open a page that contains all of the Policy Rules that apply to Outbound packets, as shown below.
  • Page 65 Click the box under the Add heading to add the BlockWeb Policy Rule to the StudyTime Policy group. Click the Apply button to make the entry current. Click the Back button to return to the Policy Add page. Setting the Policy Global Status Now we need to configure the Global Policy Status.
  • Page 66 Outbound Port Filter to Enabled − by clicking the Enabled click- box − and to select the Allow all except policy settings option. When Allow all except policy settings is selected, the DFL-600 will drop (filter) packets that meet the criteria established in the Policy Rules (in this case, HTTP packets).

  • Page 67: Policy Rules

    Example 2 − Limiting Access to Internet Domains Policy Rules The DFL-600 allows you to specify rules that it will use to limit access (filter packets) to and from PCs on your LAN. A policy rule on the DFL-600 establishes what information packets must contain before an action is taken by the router.
  • Page 68 Enter a name for the policy rule you want to configure in the Rule Name field. This name will appear in the Service Rules table, along with all of the parameters you specify for the rule, and is used to identify and reference the rule on subsequent web pages, as described below.
  • Page 69 Global Policy Status Once you have configured the Policy Rules, you need to determine how the DFL-600 will apply these rules to the packets that cross between your LAN and the Internet (WAN). The Global Policy Status page enables you to specify this.
  • Page 70 Policies − Policy Add Once you have defined what type of packets you want the DFL-600 to look for, you need to assign those rules to a policy. Clicking on the Policies link...
  • Page 71 Finally, you can choose to Allow or Deny access. Blocking Internet Domains The DFL-600 will allow you to make a list of Domain names for which packets will be filtered. Clicking on the Domain Add link on the Policy Rules page will open the...
  • Page 72 Clicking on the Keywords Add link on the Policy Rules page will open the following page. Enter a key word you want the DFL-600 to examine packets for in the Key Word field. Click the Apply button to enter this key word into the list.

  • Page 73: Blocking Mac Addresses

    Blocking MAC Addresses The DFL-600 will allow you to make a list of MAC addresses for which packets will be filtered. MAC (Media Access Control) addresses are the physical addresses that are assigned to networking devices by their respective manufacturers. These addresses are 12 hexadecimal digits long and are in the form 01-23-45-67-89-AB −...

  • Page 74: Ipsec Settings

    The IPSec Passthrough mode allows the IPSec packets to be forwarded to a PC on the LAN side of the DFL-600. This PC should then have the appropriate software running on it to establish and maintain the IPSec connection.
  • Page 75 Click Enable to allow IPSec packets to pass IPSec Pass-through through the router to the destination computer on your LAN. When IPSec Pass-through is enabled, the DFL-600 will allow IPSec packets to reach their destination computer on your LAN. IPSec Status Click Enable to make the IPSec settings active.
  • Page 76 s to maintain the IPSec connection. An IKE VPN i s generally considered more secure than a Manual Key because IKE can generate new keys and SPIs randomly during the negotiation phase. o configure a Manual Key VPN, click the Manual Key link to open the page shown below.
  • Page 77 The encryption key that should be entered Shared Key exactly the same way on both endpoints in order to establish Phase 1 negotiation. Refers to the SPI of your DFL-600 when Local SPI establishing a VPN tunnel. Remote SPI Refers to the SPI of the remo...
  • Page 78 ESP Transform This drop-down menu allows you to select t encryption algorithm that will be used w ESP is selected in the IPSec Operation d down menu above. You can choose between Null − no encrypt DES − using DES encryption, and 3DES − using triple DES encryption.
  • Page 79 Authentication key on both ends of a VPN tunnel. AH Transform This drop-down menu allows you to select the authentication method that will be used when AH is selected in the IPSec Operation drop- down menu above. You can choose between MD5 − usi message digest authentication, and SHA −...
  • Page 80 The difference between Ma nual Key and IKE is how the encryption keys a SPI are determined. The Tu nnel Settings page on the DFL-600 allows you configure IKE for an IPSec VPN tunnel. The differences between M anual Key and IKE can be summarized as: •...
  • Page 81 The following fields will identify the VPN Add/New Tunnel tunnel on the DFL-600. Tunnel Name Enter a name by which this IPSec VPN tunnel configuration can be referrenced. Peer Tunnel Type You can choose the type of remote peer that...
  • Page 82 Domain Name allows you to specify the domain name of the remote end of the VPN tunnel. This requires that the designated DNS server for the DFL-600 be specified domain name in Dynamic IP address the remote end of the VPN tunnel is assigned an IP address using DHCP.
  • Page 83 Sting(FQDN) − Thi e “fully-qualified domain name” of the remote end of the IPSec VPN tunnel will be used to identify and authenticate the remote host. mail(UFQDN) − This allows you to specify that the E-mail address of the remote end o IPSec VPN tunnel will be used to identify an authenticate the remote host.
  • Page 84 addresses of computers on the remote LAN that will be allowed to access the VPN. In this case, the entire subnet of IP addresses from 192.168.2.1 to 192.168.2.254 will be allowed access the VPN. ote that the IP addresses192.168.2.0 and 192.168.2.255 are reserved for use on the remote network.
  • Page 85 IPSec VPN tunn ggressive mode, there is no encryption in the Phase 1 negotiation. DH Group The DH algorithm allows the DFL-600 to generate secret ke Phase 1 negotiation. Group 1 generates a 768- bit key and Group 2 generates The same DH Group must be used on both ends of an IPSec VPN tunnel.
  • Page 86 encryption algorithm that will be used to encrypt the messages passed between the VPN tunnel endpoints during the Phase 1 negotia You can choose between DES and 3DES encryption methods. The key length for 3DES algorithm is three times as long as the DES key, and is theref secure.
  • Page 87 mode that will be used for IPSec Perfect Forward Security (PFS). The choices are Disabled, Group 1, and Group 2. Group 1 uses 768-bit encryption, and Group 2 uses 1024-bit encryption. You must use exactly th same PFS encryption mode on both ends of th VPN tunnel.
  • Page 88 ESP Transform This drop-down menu allows you to selec encryption algorithm that will be used whe ESP is selected in the IPSec Operation drop down menu above. You can choose between Null − no encryption, DES − using D using triple DES encryption. You must select the exact same ESP transform (encryption algori tunnel.
  • Page 89 The Point-to-Point Tunneli ng Protocol (PPTP) is another method of establishing a secure tunne l between the DFL-600 and a remote gateway. The PPTP Settings page allows you to enable or disable PPTP on the DFL- 600. PPTP Pass Through...
  • Page 90 The PPTP Account settings page allows you to enter a username and password for a PPTP account. A combined maximum of 64 PPTP and L2T user accounts can be configured on the DFL-600. Username Enter the appropriate username for your PPTP account here.
  • Page 91 The Layer 2 Tunneling Protocol (L2TP) is another method of establish secure tunnel between your DFL-600 and a remote gateway. The L2TP Status page allows you to enable or disable L2TP o L2TP Pass Through Click Enable to allow L2TP packets to pass through the router to the destination computer o your LAN.

  • Page 92: L2Tp Status

    Re-enter your L2TP account password here to verify it has been entered correctly. L2TP Status lick on the L2TP Statu s li nk to display the current status of an L2T n the DFL-600, as sho below. ts can be P tunnel...
  • Page 93 The DFL-600 can be configured to use Dynamic DNS (DDNS). If you choose to use DDNS you must fist setup a user account with either Dynamic DNS Network Services (www.dyndns.org) or PeanutHull(China) − a service available in China. Please visit their respective websites for more formation.
  • Page 94 The Admin Settings page allows you to add or edit the Username and Password list to control access to the configuration of the DFL-600. A default user account is configured with the username admin, and a assword of admin. You can change the password at any time.

  • Page 95: Remote Access

    WAN side of the DFL-600 (no computer from the Internet) will b e allowed to ccess the DFL-600’s configuration utility. roxy Redirect The DFL-600 allows you to specify a proxy server for your LAN. Enter the IP address and the port number in the fields provided.
  • Page 96 If you choose the Restore Factory Default Settings option, all of the configuration settings you have entered will be erased and the DFL-600 will be restored to the same configuration it had when it left the factory.
  • Page 97 In addition, you can choose to load the DFL-600’s current VPN or Firewall settings to a hard dr ive on a local computer. Clicking on the OK button will initiate a download of either the VPN settings (as a text file named DFL600_vpn.txt) or the Firewall settings (as a text file named...
  • Page 98 Update File Enter the full DOS path and f firmware file on your lo exam your C drive, enter C: OK button to begin the f Browse If you are unsure about the location of the new firmware file on your local Browse button to open a W window to look for this file.
  • Page 100 DHCP (Dynamic Host Configuration Protocol − setting on the WAN Settings page under the Ho LAN Status MAC Address This is the MAC address of the DFL-600 on the LAN. IP Address This is the DFL-600’s current IP address on the LAN.
  • Page 101 This displays the current connection type Connection Type between the DFL-600 and your ISP. IP Address This is the IP address of the DFL-600 on the WAN. Subnet Mask This is the subnet mask address above, that is currently in u DFL-600 on the WAN.

  • Page 102: Intrusion Log

    Certain sessions between computers on your LAN and the WAN have the potential to cause a disruption in the function of your com blocked by the DFL-600’s firewall. Some of these session types are pre- defined by the factory, and are commonly used intrusion m...

  • Page 103: Blocking Log

    Certain sessions between computer potential to cause a disruption in the function of your com blocked by the DFL-600’s firewall. Some of these se by you under on the Port Filter Policy page, under Advanced Settings tab. Events blocked (attempt...

  • Page 104: Session Log

    Session Log Session events (when a computer on your LAN accesses an application of service on the WAN), are logged by the DFL-600 and are displayed on the Session Log, as shown below: otocol used to make the connection...

  • Page 105: Black List

    DFL-600’s Intruder Blacklist. nce the intruder’s information is entered, the DFL-600’s firewall will block packets from this location from crossing the DFL-600 (from the WAN to the LAN, from two computers on the LAN, or from the LAN to the WAN).
  • Page 106 Blacklist, that IP address is blocked from 600. Source IP The IP address of a computer or device that will not be allowed t WAN to the DFL-600 is displayed here. Destination IP The IP intruder has tried to connect to is displayed here. Destination...
  • Page 107 The DFL-600 maintains a table containing statistics concerning the IPSec protoco l connection between the WAN and the LAN. These statistics can be iewed on the IPSEC Statistics table, as shown below: Index This displays the sequence of the IPSec log.
  • Page 108 The DFL-600 can save or transmit Syslog messages to aid in network administration. You must have a Syslog application on one of the computers on your LAN to take advantage of this feature. Clicking on the Sys Log link will open the Sys Log shown below.
  • Page 109 LAN that is running the Sys log application. Sys Log Level This drop-down menu allows you to select level of Sys log information that the DFL-600 will send to the Sys l Mail Alert This allows you to send syslog messages to an e- mail address you specify below.
  • Page 110 Status − Traffic Log our DFL-600 k eeps a log of the total number of bytes received and transmitted on to and from the LAN and WAN. This information can be displayed by clicking on th e Traffic button to display the Tr affic Statistics page, as shown below.

  • Page 111: Connecting Pcs To The Dfl-600 Router

    Connectin g PCs to the DFL-600 Router If you do not wish to set the static IP address on your PC, you will ne ed to configure your PC to request an IP address from the gateway. Click the Start button, s elect Settings then select Control Panel.
  • Page 112 an IP address automatically. After clickin g OK, windows might ask you to restart the PC. Click CONFIRM YOUR PC’ S IP CONFIGURATION There are tw o tools which are great for finding out a com configuration: MAC address and default gateway. •...
  • Page 113 • IPCONFIG (for Windows 2000/NT/XP) In the DOS command prompt type IPCONFIG and press Enter. Your PC IP information will be displayed as sho wn below.

  • Page 114: Networking Basics

    Networking Basics Using the Network Setup Wizard in Windows XP In this section you will learn how to es tablish a network at home or work, using Microsoft Windows XP. Note: Please refer to websites such as http://www.homenethelp.com http://www.microsoft.com/windows2000 for information about networking computers using Windows 2000, ME or 98.
  • Page 115 lease follow all the instructions in this window: Click Next In the following window, select the best description of your com puter. If your computer connects to the Internet through a gateway/router, select the second option as shown.
  • Page 116 Click Next Enter a Computer description and a Computer nam (optional.) Click Next...
  • Page 117 Enter a Workgroup name. All computer s on your network should have the same Workgroup name. Click Next Please wait while the wizard applies the changes.
  • Page 118 When the changes are complete, Click Next. Please wait while the wizard configures the com puter. This may tak e a few minutes.
  • Page 119 In the window below, select the best option. In this exam ple, “Create a Network Setup Disk” has been selected. You will run this disk on each of the computers on your network. Click Next. Insert a disk into the Floppy Disk Drive, in this case drive “A :”...
  • Page 120 ormat the disk if you wish, and Click Next. Please wait while the wizard copies the files. Please read the information under Here’s how in the screen below. After you complete the Network Setup Wizard you will us e the Network Setup Disk to run the Network Setup Wizard once on each of the com puters on your network.
  • Page 121 The new settings will take effect when you restart the computer. Click Yes to start the computer. You have completed configuring this com puter. Next, you will need to run the Network Setup Disk on all the other com puters on your network. After running the Network Setup Disk on all your com puters, your new wireless network will be ready to use.
  • Page 122 Naming your computer is optional. If you would like to nam please follow these directions: In Windows XP: Click START (in the lower left corner of the screen) Right-click on My Computer Select Properties • Select the Computer Name Tab in the System Properties window.
  • Page 123 • In this window, enter the Compu name. • Select Workgro and enter the nam the Workgroup. • All co mputers on your network must have the same Workgroup name. • Click OK...
  • Page 124 ote: Residentia l Gateways/Broadband Routers will autom Addresses to the com puters on the network, using DHCP (Dynam Configuration Protocol) technology. If you are using a DHCP-capable Gateway/Router you will not need If you are not usin g a DHCP capable Gateway/Ro tic IP Address, please follo w these instructions: Go to START...
  • Page 125 Right-click on Local Area Connections. Double-click Pro perties Highlight Internet Protocol (TCP/IP) Click Properties...
  • Page 126 elect Use the following IP address in the Internet Protocol (TCP/IP) roperties window. Input your IP address and subnet m ask. (The IP Addresses on your netw must be within the sam e range. For example, if one com puter has an IP Address of 192.168.0.2, the other computers should have IP Addresses that are sequential, like 192.168.0.3 and...
  • Page 127 You have completed the assignment of a Static IP Address. (You do not need assign a Static IP Address if you have a DHCP-capable Gateway/Router.)

  • Page 128: Contacting Technical Support

    Contacting Technical Support ou can find the most recent software and user documentation on the D-Link ebsite. D-Link provides free technical support for customers within the United States for the duration of the warranty period on this product. U.S. customers can contact D-Link technical support through our web site, or by phone.

  • Page 129: Limited Warranty And Registration

    Software. Except as otherwise agreed by D-Link in writing, the replacement Software is ovided only to the original licensee, and is subject to the terms and conditions of the license granted by D-Link for e Software. The Warranty Period shall extend for an additional ninety (90) days after any replacement Software is livered.
  • Page 130 D-Link Systems Inc., 53 Discovery Drive, Irvine CA 92618. D-Link may reject or return any product that is not packaged and shipped in strict co requirements, or for which an RMA number is not visible from the outside of the package.
  • Page 131 Increase the separation between the equipment and receiver. • Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. • Consult the dealer or an experienced radio/TV technician for help. Register Your D-Link Product Online at http://www.dlink.com/sales/reg...

Table of Contents