D-Link DFL-200 User Manual
  1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-200 - Security Appliance
  6. User manual

D-Link DFL-200 User Manual

Network security firewall
Hide thumbs Also See for DFL-200:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual, Manual
D-Link DFL-200
TM
Network Security Firewall
Manual
Building Networks for People
(10/28/2004)

Advertisement

Table of Contents
loading

Related Manuals for D-Link DFL-200

Summary of Contents for D-Link DFL-200

  • Page 1 D-Link DFL-200 Network Security Firewall Manual Building Networks for People (10/28/2004)

  • Page 2: Table Of Contents

    Introduction to Local Area Networking ... 7 LEDs ... 8 Physical Connections... 8 Package Contents ... 9 System Requirements ... 9 Managing D-Link DFL-200 ... 10 Resetting the DFL-200...10 Administration Settings... 11 Administrative Access ...11 Add ping access to an interface...12 Add Admin access to an interface...12...
  • Page 3 Add a new mapping ...31 Delete mapping ...32 Administrative user... 33 Change Administrative User Password...33 Users... 34 The DFL-200 RADIUS Support...34 Enable User Authentication via HTTP / HTTPS...35 Enable RADIUS Support...35 Add User ...36 Change User Password ...36 Delete User ...37 Schedules ...
  • Page 4 Ping ... 57 Ping Example ...57 Dynamic DNS... 58 Add Dynamic DNS Settings ...58 Backup ... 59 Exporting the DFL-200’s Configuration...59 Restoring the DFL-200’s Configuration...59 Restart/Reset ... 60 Restoring system settings to factory defaults ...60 Upgrade ... 62 Upgrade Firmware ...62 Upgrade IDS Signature-database...62...
  • Page 5 USAGE events ... 68 DROP events ... 68 CONN events ... 68 Appendixes... 70 Appendix A: ICMP Types and Codes ... 70 Appendix B: Common IP Protocol Numbers ... 72 Appendix C: Multiple Public IP addresses... 73 Appendix D: HTTP Content Filtering ... 81 Warranty...

  • Page 6: Introduction

    The DFL-200 provides six 10/100Mbps Auto MDI/MDIX Ethernet network interface ports, which are (4) Internal/LAN, (1) External/WAN, and (1) DMZ port. In addition the DFL-200 also provides a user-friendly Web UI that allows users to set system parameters or monitor network activities using a Web browser supporting Java.

  • Page 7: Introduction To Local Area Networking

    Introduction to Local Area Networking Local Area Networking (LAN) is the term used when connecting several computers together over a small area such as a building or group of buildings. LANs can be connected over large areas. A collection of LANs connected over a large area is called a Wide Area Network (WAN).

  • Page 8: Leds

    WAN Port: Use this port to connect to an external network, such as a WAN or a modem provided by an ISP. Reset: Use this switch to reset the DFL-200 to factory default settings. Refer to page 63 for further instructions.

  • Page 9: Package Contents

    Straight-through CAT-5 cable Note: Using a power supply with a different voltage rating than the one included with the DFL-200 will cause irreparable electrical damage and void the warranty for this product. If any of the above items are missing, please contact your reseller.

  • Page 10: Managing D-Link Dfl-200

    To reset the DFL-200 to factory default settings you must power down the firewall. Press and hold the reset button down while powering up the DFL-200. Continue to hold for at least 15 seconds after powering on the unit. You will first hear one beep, which will indicate that the firmware is being restored.

  • Page 11: Administration Settings

    Ping – If enabled, it specifies who can ping the IP interface of the DFL-200. Enabling Default allows anyone to ping the interface IP. Admin – If enabled, it allows all users with admin access to connect to the DFL-200 and change configuration; this can be HTTPS or HTTP and HTTPS.

  • Page 12: Add Ping Access To An Interface

    192.168.1.0/24 for a whole class C network or 172.16.0.1 – 172.16.0.10 for a range of IP addresses. Step 4. Specify protocol to be used to access the DFL-200 via the dropdown menu. Select HTTP and HTTPS (Secure HTTP) or HTTPS only.

  • Page 13: Add Read-Only Access To An Interface

    192.168.1.0/24 for a whole class C network or 172.16.0.1 – 172.16.0.10 for a range of IP addresses. Step 4. Specify protocol to be used to access the DFL-200 via the dropdown menu. Select HTTP and HTTPS (Secure HTTP) or HTTPS only.

  • Page 14: System

    System Interfaces Click on System in the menu bar, and then click interfaces below it. Change IP of the LAN or DMZ interface Follow these steps to change the IP of the LAN or DMZ interface. Step 1. Choose which interface to view or change under the Available interfaces list. Step 2.

  • Page 15: Wan Interface Settings - Using Static Ip

    WAN Interface Settings – Using Static IP If you are using Static IP, you have to fill in the IP address information provided to you by your ISP. All fields are required except the Secondary DNS Server. Note: Do not use the numbers displayed in these fields, they are only used as an example.

  • Page 16: Wan Interface Settings - Using Pppoe

    WAN Interface Settings – Using PPPoE following procedure configure DFL-200 interface to use PPPoE (Point-to-Point Protocol over Ethernet). configuration is required if your ISP uses PPPoE to assign the IP address of the external interface. You will have to fill in the username and password provided to you by your ISP.

  • Page 17: Wan Interface Settings - Using Pptp

    • PPTP Server IP – The IP of the PPTP server that the DFL-200 will connect to. Before PPTP can be used to connect to your ISP, the physical (WAN) interface parameters must be input. You can use either DHCP or Static IP, depending on the type of ISP used.

  • Page 18: Wan Interface Settings - Using Bigpond

    Ideally, you want this MTU to be the same as the smallest MTU of all the networks between the DFL-200 and the Internet. If the packets the DFL-200 sends are larger, they get broken up or fragmented, which could slow down transmission speeds.

  • Page 19: Routing

    Click on System in the menu bar, and then click Routing below it; this will provide a list of all configured routes, and it will look something like this: The Routes configuration section describes the firewall’s routing table. The DFL-200 uses a slightly different method of describing routes compared to most other systems. However, we believe that this method of describing routes is easier to understand, making it less likely for users to cause errors or breaches in security.

  • Page 20: Add A New Static Route

    Add a new Static Route Follow these steps to add a new route. Step 1. Go to System and Routing. Step 2. Click on Add new in the bottom of the routing table. Step 3. Choose the interface that the route should be sent trough from the dropdown menu.

  • Page 21: Logging

    All logging is done to SYSLog recipients. The log format used for SYSLog logging is suitable for automated processing and searching. The D-Link DFL-200 specifies a number of events that can be logged. Some of these events, such as startup and shutdown, are mandatory and will always generate log entries. Other events, for instance when allowed connections are opened and closed, are configurable.

  • Page 22: Enable Logging

    Step 2. Choose the sensitivity level. Step 3. In the SMTP Server field, fill in the SMTP server to which the DFL-200 will send the e-mail alerts. Step 4. Specify up to three valid email addresses to receive the e-mail alerts.

  • Page 23: Time

    Time Click on System in the menu bar, and then click Time below it. This will give you the option to either set the system time by syncing to an Internet Network Time Server (NTP) or by entering the system time manually.

  • Page 24: Changing Time Zone

    Changing time zone Follow these steps to change the time zone. Step 1. Choose the correct time zone in the drop down menu. Step 2. Specify the dates to begin and end daylight saving time or choose no daylight saving time by checking the correct box. Click the Apply button below to apply the settings or click Cancel to discard changes.

  • Page 25: Firewall

    The first step in configuring security policies is to configure the mode for the firewall. The firewall can run in NAT or No NAT (Route) mode. Select NAT mode to use DFL-200 network address translation to protect private networks from public networks. In NAT mode, you can connect a private network to the internal interface, a DMZ network to the DMZ interface, and a public network, such as the Internet, to the external interface.

  • Page 26: Service Filter

    In response to an attack, the IDS will protect the networks behind the DFL-200 by dropping the traffic. To notify responsible parties of the malicious attack, the IDS will send e-mails to the system administrators if e-mail alerting is...
  • Page 27 Inspection Only or Prevention. Inspection Only will only inspect the traffic, and if the DFL-200 detects anything it will log, e-mail an alert (if configured), and pass on the traffic. If Prevention is used the traffic will be dropped and...

  • Page 28: Add A New Policy

    Add a new policy Follow these steps to add a new outgoing policy. Step 1. Choose the LAN->WAN policy list from the available policy lists. Step 2. Click on the Add new link. Step 3. Fill in the following values: Name: Specifies a symbolic name for the rule.

  • Page 29: Change Order Of Policy

    Change order of policy Follow these steps to change the order of a policy. Step 1. Choose the policy list for which you would like to change the order from the available policy lists. Step 2. Click on the Edit link corresponding to the rule you want to move. Step 3.

  • Page 30: Configure Intrusion Prevention

    Configure Intrusion Prevention Follow these steps to configure IDP on a policy. Step 1. Choose the policy you would like have IDP on. Step 2. Click on the Edit link corresponding to the rule you want to configure. Step 3. Enable the Intrusion Detection / Prevention checkbox. Step 4.

  • Page 31: Port Mapping / Virtual Servers

    Port mapping / Virtual Servers The Port mapping / Virtual Servers configuration section is where you can configure virtual servers like Web servers on the DMZ or similar servers. It is also possible to regulate how bandwidth management, traffic shaping, is applied to traffic flowing through the WAN interface of the firewall.

  • Page 32: Delete Mapping

    Delete mapping Follow these steps to delete a mapping. Step 1. Choose the mapping list (WAN, LAN, or DMZ) you would like do delete the mapping from. Step 2. Click on the Edit link corresponding to the rule you want to delete. Step 3.

  • Page 33: Administrative User

    Administrative users Click on Firewall in the menu bar, and then click Users below it. This will display all the users. The first section links to the administrative user. The password for the admin account may be changed at any time, however the username admin cannot.

  • Page 34: Users

    Before any traffic is allowed to pass through any policies configured with username or groups, the user must first authenticate him/her-self. The DFL-200 can either verify the user against a local database or pass along the user information to an external authentication server, which verifies the user and the given password, and transmits the result back to the firewall.

  • Page 35: Enable User Authentication Via Http / Https

    Enable User Authentication via HTTP / HTTPS Follow these steps to enable User Authentication. Step 1. Enable the checkbox for User Authentication. Step 2. Specify if HTTP and HTTPS or only HTTPS should be used for the login. Step 3. Specify the idle-timeout, the time a user can be idle before being logged out by the firewall.

  • Page 36: Add User

    Add User Follow these steps to add a new user. Step 1. Click on add corresponding to the type of user you would like to add, Admin or Read-only. Step 2. Fill in User name; make sure you are not trying to add one that already exists.

  • Page 37: Delete User

    Delete User To delete a user click on the user name and you will see the following screen. Follow these steps to delete a user. Step 1. Click on the user you would like to delete. Step 2. Enable the Delete user checkbox.

  • Page 38: Schedules

    The DFL-200 can be configured to have a start time and stop time, as well as 2 different time periods in a day. For example, an organization may...

  • Page 39: Add New One-Time Schedule

    Add new one-time schedule Follow these steps to create and add a new one-time schedule. Step 1. Go to Firewall and Schedules and choose Add new. Step 2. Choose the starting and ending date and hour when the schedule should be active. Step 3.

  • Page 40: Services

    Services A service is basically a definition of a specific IP protocol with corresponding parameters. The service http, for instance, is defined as using the TCP protocol with destination port 80. Services are simplistic, in that they cannot carry out any action in the firewall on their own. Thus, a service definition does not include any information whether the service should be allowed through the firewall or not.

  • Page 41: Adding Ip Protocol

    Adding IP Protocol When the type of the service is IP Protocol, an IP protocol number may be specified in the text field. To have the service match the GRE protocol, for example, the IP protocol should be specified as 47. A list of some defined IP protocols can be found in the appendix named “IP Protocol Numbers.”...

  • Page 42: Protocol-Independent Settings

    It is generally not a good idea to allow any inbound ICMP message to be able to have those error messages forwarded. To solve this problem, the DFL-200 can be instructed to pass an ICMP error message only if it is related to an existing connection. Check this option to enable this feature for connections using this service.

  • Page 43: Vpn

    IPSec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering Task Force, to provide IP security at the network layer. An IPSec based VPN, such as DFL-200 VPN, is made up by two parts: •...

  • Page 44: Ipsec Vpn Between Two Networks

    PSK, make sure both firewalls use exactly the same PSK. Step 5. For Tunnel Type, choose LAN-to-LAN tunnel and specify the network behind the other DFL-200 as Remote Net. Also specify the external IP of the other DFL-200, either an IP or a DNS name.

  • Page 45: Ipsec Vpn Between Client And An Internal Network

    Internet. Communication between the client and the internal network takes place in an encrypted VPN tunnel that connects the DFL-200 and the roaming users across the Internet. The example shows a VPN between a roaming VPN client and the internal network, but you can also create a VPN tunnel that uses the DMZ network.

  • Page 46: Vpn - Advanced Settings

    VPN – Advanced Settings Advanced settings for a VPN tunnel is used when the user needs to change some characteristics of the tunnel to, for example, try to connect to a third party VPN Gateway. The different settings per tunnel are: Limit MTU With this setting it is possible to limit the MTU (Max Transferable Unit) of the VPN tunnel.

  • Page 47: Proposal Lists

    Proposal Lists To agree on the VPN connection parameters, a negotiation process is performed. As the result of the negotiations, the IKE and IPSec security associations (SA) are established. As the name implies, a proposal is the starting point for the negotiation. A proposal defines encryption parameters, for instance encryption algorithm, life times etc, that the VPN gateway supports.

  • Page 48: Certificates

    Web interface to provide HTTPS access. Note: The certificate named Admin can only be replaced by another certificate. It cannot be deleted or renamed. This is used for HTTPS access to the DFL-200. Certificates of remote peers This is a list of all certificates of individual remote peers.

  • Page 49: Certificate Authorities

    Certificate Authorities This is a list of all CA certificates. To add a new Certificate Authority certificate, click Add new. The following pages will allow you to specify a name for the CA certificate and upload the certificate file. This certificate can be selected in the Certificates field on the VPN page. Note: If the uploaded certificate is a CA certificate, it will automatically be placed in the Certificate Authorities list, even if Add New was clicked in the Remote Peers list.

  • Page 50: Content Filtering

    Content Filtering DFL-200 HTTP content filtering can be configured to scan all HTTP content protocol streams for URLs or for potentially dangerous Web page content. If a match is found between the requested URL and the URL Blacklist the DFL-200 will block the Web page.

  • Page 51: Edit The Url Global Blacklist

    Edit the URL Global Blacklist Follow these steps to add or remove a URL. Step 1. Navigate to Firewall Content Filtering and choose Edit global Blacklist. Step 2. Add or edit a URL that should be filtered and blocked. File extensions may also be defined to block download of specified file types.

  • Page 52: Active Content Handling

    Active content handling Active content handling can be enabled or disabled by checking the checkbox before each type you would like to strip. For example to strip ActiveX and Flash, enable the checkbox named Strip ActiveX objects. It is possible to strip ActiveX, Flash, Java, JavaScript, and VBScript.

  • Page 53: Servers

    The DFL-200 also includes a DHCP Relay function. A DHCP Relay allows the DFL-200 to receive DHCP requests and forward those requests to a specified DHCP server. The relay function allows the use of existing DHCP servers in conjunction with the DFL-200 to ensure all users on all interfaces receive IP addresses when requested.

  • Page 54: Enable Dhcp Server

    Enable DHCP Server To enable the DHCP Server on an interface, click on Servers in the menu bar, and then click DHCP Server below it. Follow these steps to enable the DHCP Server on the LAN interface. Step 1. Choose the LAN interface from the Available interfaces list. Step 2.

  • Page 55: Dns Relayer Settings

    DNS Relayer Settings Click on Servers in the menu bar, and then click DNS Relay below it. The DFL-200 contains a DNS Relayer that can be configured to relay DNS queries from the internal LAN to the DNS servers used by the firewall itself.

  • Page 56: Disable Dns Relayer

    Disable DNS Relayer Follow these steps to disable the DNS Relayer. Step 1. Disable by un-checking the Enable DNS Relayer box. Click the Apply button below to apply the settings or click Cancel to discard changes.

  • Page 57: Tools

    Tools Ping Click on Tools in the menu bar, and then click Ping below it. This tool is used to send a specified number of ICMP Echo Request packets to a given destination. All packets are sent in immediate succession rather than one per second. This method is the best suited for diagnosing connectivity problems.

  • Page 58: Dynamic Dns

    Dynamic DNS The Dynamic DNS (requires Dynamic DNS Service) allows you to alias a dynamic IP address to a static hostname, allowing your device to be more easily accessed by a specific name. When this function is enabled, the IP address in Dynamic DNS Server will be automatically updated with the new IP address provided by ISP.

  • Page 59: Backup

    System Administrators can restore the firewall’s configuration file with the one stored on disc. Exporting the DFL-200’s Configuration Follow these steps to export the configuration. Step 1. Under the Tools menu and the Backup section, click on the Download configuration button.

  • Page 60: Restart/Reset

    Use the following procedure to restore system settings to the factory defaults. This procedure will possibly change the DFL-200 firmware version to a lower version if it has been upgraded. Make sure you have the current firmware file available for upload to the device in the case...
  • Page 61 (i.e. LAN IP is 192.168.1.1, WAN type is Dynamic). You can restore your system settings by uploading a previously generated system configuration file to the DFL-200 if a backup of the device has been downloaded to your Local Machine.

  • Page 62: Upgrade

    Upgrade IDS Signature-database To upgrade the signature-database first download the newest IDS signatures from D-Link. After downloading the newest version of the software, connect to the firewall’s Web-based configuration GUI, enter Upgrade on the Tools menu, click Browse in the Upgrade Unit’s...

  • Page 63: Status

    Status In this section, the DFL-200 displays the status information about the Firewall. Administrator may use Status to check the System Status, Interface statistics, VPN, connections, and DHCP Servers. System Click on Status in the menu bar, and then click System below it. A window will appear providing some information about the DFL-200.

  • Page 64: Interfaces

    Click on Status in the menu bar, and then click Interfaces below it. A window will appear providing information about the interfaces on the DFL-200. By default, information about the LAN interface will be displayed. To see another one, click on that interface (WAN or DMZ).

  • Page 65: Vpn

    Click on Status in the menu bar, and then click Interfaces below it. A window will appear providing information about the VPN connections on the DFL-200. By default information about the first VPN tunnel will be displayed. To see another one, click on that VPN tunnels name.

  • Page 66: Connections

    Connections Click on Status in the menu bar, and then click Connections below it. A window will appear providing information about the content of the state table. The state table shows the last 100 connections opened through firewall. Connections are created when traffic is permitted to pass via the policies.

  • Page 67: Dhcp Server

    DHCP Server Click on Status in the menu bar, and then click DHCP Server below it. A window will appear providing information about the configured DHCP Servers. By default, information about the LAN interface will be displayed. another one, click on that interface.

  • Page 68: How To Read The Logs

    Oct 20 2003 09:45:23 gateway This is followed by the text the sender has chosen to send. All log entries from the DFL-200 are prefaced with "EFW:" and a category, e.g. "DROP:" Oct 20 2003 09:45:23 gateway EFW: DROP: Subsequent text is dependent on the event that has occurred.
  • Page 69 Open Example: 2003 09:47:56 connipproto=TCP connrecvif=lan connsrcip=192.168.0.10 connsrcport=3179 conndestif=wan conndestip=64.7.210.132 conndestport=80 In this line, traffic from 192.168.0.10 on the LAN interface is connecting to 64.7.210.132 on port 80 on the WAN side of the firewall (internet). Another event is generated when the connection is closed. The information included in the event is the same as in the event sent when the connection was opened, with the exception that statistics regarding sent and received traffic is also included.

  • Page 70: Appendixes

    Appendixes Appendix A: ICMP Types and Codes The Internet Control Message Protocol (ICMP) has many messages that are identified by a “type” field; many of these ICMP types have a "code" field. Here we list the types with their assigned code fields. Type Name Echo Reply...
  • Page 71 Echo Router Advertisement Router Selection Time Exceeded Parameter Problem Timestamp Timestamp Reply Information Request Information Reply Address Mask Request Address Mask Reply Traceroute Datagram Conversion Error Photuris Source: http://www.iana.org/assignments/icmp-parameters Network (or subnet) Redirect Datagram for the Host Redirect Datagram for the Type of Service and Network Redirect Datagram for the Type of Service and Host...

  • Page 72: Appendix B: Common Ip Protocol Numbers

    Appendix B: Common IP Protocol Numbers These are some of the more common IP Protocols. For a list of all protocols, follow the link after the table. Decimal Keyword ICMP IGMP IPComp VRRP L2TP Source: http://www.iana.org/assignments/protocol-numbers Description Internet Control Message Internet Group Management Gateway-to-Gateway IP in IP (encapsulation)

  • Page 73: Appendix C: Multiple Public Ip Addresses

    Mapping/Virtual Server rule that forwards specified services to a single LAN or DMZ host to be accessible through a WAN IP not used by the DFL-200; add a static route in the firewall’s routing table indicating the internal interface to which the Public IP should be mapped. For an increased level of protection from Network Intrusions or malicious attacks, isolation of servers accessible to the public from the Private network is recommended.
  • Page 74 To accomplish this we need to create the following firewall settings: Configure two static routes (one for each public IP we wish to forward) Create two port mappings (one for each public IP mapping to each private Server) Routing configuration: Static Route Configuration for a Server on the LAN: Navigate to the SYSTEM tab, then the ROUTING page of the Web-based configuration.
  • Page 75 Static Route Configuration for a Server on the DMZ: Navigate to the SYSTEM tab, then the ROUTING page of the Web-based configuration. Select the Add New link to create the second static route. Select the Interface that the Internal Server is connected to (LAN or DMZ). Specify the Public IP to be forwarded in the Network field.
  • Page 76 Configure Port Mapping/Virtual Server Rules for LAN Server: Virtual Server Configuration for a Server on the LAN: Navigate to the FIREWALL tab, PORT MAPPING page of the Web-based configuration. Click the Add New link to create a new Port Mapping. Input the Public IP address to be forwarded in the Destination IP field.
  • Page 77 Configure Port Mapping/Virtual Server Rules for DMZ Server: Virtual Server Configuration for a Server on the DMZ: Navigate to the FIREWALL tab, PORT MAPPING page of the Web-based configuration. Click the Add New link to create a new Port Mapping. Input the Public IP address to be forwarded in the Destination IP field.
  • Page 78 A new route must be added to inform the firewall on which interface the Public IP will reside. Navigate to SYSTEM > ROUTING in the web-based configuration of the DFL-200. Click on Add New to create a new static route.
  • Page 79 Modify Existing WAN Route: The default WAN route must be modified to enable Proxy ARP. The default route for any interface cannot be deleted or modified other than to enable the Proxy ARP feature. From the SYSTEM > ROUTING page select WAN to edit the default route of the WAN interface.
  • Page 80 Disable NAT on the DMZ Interface: By default the DFL-200 is enabled to perform NAT on both LAN and DMZ interfaces. Disable NAT on the DMZ interface. Navigate to Firewall > Policy in the web-based configuration. Click on DMZ->WAN to modify the behavior of the DMZ interface.

  • Page 81: Appendix D: Http Content Filtering

    Appendix D: HTTP Content Filtering HTTP Content Filtering Global Policy Protection from malicious or improper web content is a must for Business owners and concerned parents alike. There are numerous vehicles for hackers to damage or take control of one’s PC or even Network. Malicious code may be delivered in deviously crafted ActiveX controls, Java Scripts, cookies, or tainted file downloads.
  • Page 82 The Whitelist Items entered in the Whitelist will always be allowed through the firewall, assuming HTTP content filtering is enabled. This section should only be used to allow essential domains and servers, such as Microsoft.com and DLink.com to ensure the ability to locate and download critical updates or firmware is not hindered.
  • Page 83 The Blacklist Blacklist configuration is not limited to domain names. File extensions may be specified to block the download of said file types. Be sure to evaluate the type of files that may be traversing the firewall out of necessity on a regular basis to ensure no loss in productivity due to invalid network configurations or network outages.
  • Page 84 Additional Content Filters The Firewall can also filter Java Applets, Java/VB Script, ActiveX objects, and/or cookies from reaching the PCs behind the NetDefend Firewall. These content categories do not require configuration other than enable or disable. Navigate to the Firewall tab, Content Filtering section of the web-administration. Click the check box next to each filter you would like to enable.
  • Page 85 To disable the default general allow all rule - Navigate to the Firewall tab, Policy section of the web-administration. Select the appropriate policy based on desired effect (LAN->WAN or DMZ->WAN). Click Edit next to the default allow all rule. Check the check box next to delete this rule. Click Apply.
  • Page 86 To configure the HTTP Content Filtering rule - Navigate to the Firewall tab, Policy section of the web-administration. Select the appropriate policy based on desired effect (LAN->WAN or DMZ->WAN). Click Add New at the bottom of the list. Give the rule a friendly name, such as http_cntnt_filtr. Position does not matter, leave blank or choose a position.

  • Page 87: Warranty

    D-Link’s sole obligation shall be to repair or replace the defective Hardware during the Warranty Period at no charge to the original owner or to refund at D-Link’s sole discretion. Such repair or replacement will be rendered by D-Link at an Authorized D-Link Service Office. The replacement Hardware need not be new or have an identical make, model or part.
  • Page 88 RMA number must be prominently marked on the outside of the package. Do not include any manuals or accessories in the shipping package. D-Link will only replace the defective portion of the Product and will not ship back any accessories.
  • Page 89 Limitation of Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS NOT LIABLE UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY LOSS OF USE OF THE PRODUCT, INCONVENIENCE OR DAMAGES OF ANY CHARACTER, WHETHER DIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL (INCLUDING, BUT...

This manual is also suitable for:

Netdefend dfl-200

Table of Contents