D-Link DFL-1660 User Manual page 18

1.1. Features
VPN
TLS Termination
Anti-Virus Scanning
Intrusion Detection and
Prevention
Web Content Filtering
Traffic Management
Operations and Maintenance
NetDefendOS supports a range of Virtual Private Network
(VPN) solutions. Support exists for IPsec, L2TP and PPTP as
well as SSL VPN with security policies definable for
individual VPN connections. This topic is covered in
Chapter 9, VPN.
NetDefendOS supports TLS termination so that the
NetDefend Firewall can act as the end point for connections
by HTTP web-browser clients (this feature is sometimes
called SSL termination). For detailed information, see
Section 6.2.10, "The TLS ALG".
NetDefendOS features integrated anti-virus functionality.
Traffic passing through the NetDefend Firewall can be
subjected to in-depth scanning for viruses, and virus sending
hosts can be black-listed and blocked. For details of this
feature, seeSection 6.4, "Anti-Virus Scanning".
To mitigate application-layer attacks towards vulnerabilities
in services and applications, NetDefendOS provides a
powerful Intrusion Detection and Prevention (IDP) engine.
The IDP engine is policy-based and is able to perform
high-performance scanning and detection of attacks and can
perform blocking and optional black-listing of attacking
hosts. More information about the IDP capabilities of
NetDefendOS can be found in Section 6.5, "Intrusion
Detection and Prevention".
Note
Full IDP is available on all D-Link NetDefend
product models as a subscription service. On
some models, a simplified IDP subsystem is
provided as standard.
NetDefendOS provides various mechanisms for filtering web
content that is deemed inappropriate according to a web usage
policy. With Web Content Filtering (WCF) web content can
be blocked based on category (Dynamic WCF), malicious
objects can be removed from web pages and web sites can be
whitelisted or blacklisted. More information about this topic
can be found in Section 6.3, "Web Content Filtering".
NetDefendOS provides broad traffic management capabilities
through Traffic Shaping, Threshold Rules (certain models
only) and Server Load Balancing.
Traffic Shaping enables limiting and balancing of bandwidth;
Threshold Rules allow specification of thresholds for sending
alarms and/or limiting network traffic; Server Load Balancing
enables a device running NetDefendOS to distribute network
load to multiple hosts. These features are discussed in detail
in Chapter 10, Traffic Management.
Note
Threshold Rules are only available on certain
D-Link NetDefend product models.
Administrator management of NetDefendOS is possible
through either a Web-based User Interface (the WebUI) or via
a Command Line Interface (the CLI). NetDefendOS also
18
Chapter 1. NetDefendOS Overview