D-LINK IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHERMORE, D-LINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES. D-LINK WILL IN NO EVENT BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT D-LINK RECEIVED FROM THE END-USER FOR THE...
Table of Contents 1. Product Overview ....................6 1.1. The DFL-160 Solution ................6 1.2. Ethernet Interfaces ................... 8 1.3. The LED Indicators ................10 2. Initial Setup .....................12 2.1. Unpacking ....................12 2.2. Web Browser Connection ................14 2.3. Browser Connection Troubleshooting ............19 2.4.
User Manual B. Windows XP IP Setup ..................121 C. Windows Vista IP Setup .................. 123 D. Windows 7 IP Setup ..................125 E. Apple Mac IP Setup ..................127 Alphabetical Index ..................... 129...
The DFL-160 and the NetDefendOS Software The term DFL-160 refers to the physical hardware that is provided with the NetDefend SOHO UTM product. The operating system software that drives the hardware is a purpose built networking operating system called D-Link NetDefendOS.
DMZ traffic"). Note: No inbound traffic is initially allowed When a DFL-160 is started for the first time, no inbound traffic is allowed so the administrator should decide what inbound traffic will be allowed as one of the first setup steps.
1.2. Ethernet Interfaces Physical Interface Arrangement The DFL-160 has a number of physical Ethernet interfaces which can be used to plug into other Ethernet networks. The image below shows these interfaces at the back of the hardware unit. Interface Network Connections The illustration below shows the typical usage of network connections to the DFL-160 interfaces.
DFL-160. Interfaces LAN1 to LAN4 are connected together via a switch fabric in the DFL-160 which means that traffic travelling between them will not be subject to the control of NetDefendOS.
Ethernet Ports On the right hand side of the front of the DFL-160 there is a line of LED lights that show the status of the different Ethernet interfaces by showing a flashing or solid light in orange or green. The image below shows these LED status indicators.
1.3. The LED Indicators Chapter 1. Product Overview...
A CD ROM containing essential product documents and useful software utilities. Location of the Hardware The DFL-160 unit is designed for table mounting only. The product can be mounted on any appropriate stable, flat, level surface that can safely support the weight of the unit and its attached...
Power Consumption Under 20 Watts Heat Flow Considerations The DFL-160 is a low power device that generates a modest amount of heat output during operation. The following precautions should be taken to allow this heat to dissipate: • Do not install the DFL-160 in an environment where the operating ambient temperature might come close to or go beyond the recommended operating temperature range (as stated in the table above, the operating range is from 0°C to +50°C).
Once power is connected, NetDefendOS will take a couple of seconds to boot up. When this process is complete, the Status front panel light is lit and the DFL-160 is ready to be managed through a web browser.
2.2. Web Browser Connection Chapter 2. Initial Setup 4. Connect to the DFL-160 by Surfing to the IP address 192.168.10.1 Using a web browser (Internet Explorer or Firefox is recommended), surf to the IP address 192.168.10.1. This can be done using either HTTP or the more secure HTTPS protocol in the URL.
Now login with the username admin and the password admin. The full web interface will now appear as shown below and you are ready to begin setting up the initial DFL-160 configuration. This initial web interface page after login always displays the System option in the Status menu, as shown above.
Connecting to the Internet In the typical DFL-160 installation the next step is to connect to the public Internet. To do this the WAN interface should be connected to your Internet Service Provider (ISP). This is usually done through other equipment such as a broadband modem.
2.2. Web Browser Connection Chapter 2. Initial Setup features of the product and bring into use those which meet the needs of a particular installation. It is recommended that administrators familiarize themselves with the web interface by clicking on the main menu options and exploring the individual options available with each. The later part of this manual has a structure which reflects the naming and order of these menu options.
If the Input counters in the hardware section of the output are not increasing then the error is likely to be in the cabling. However, it may simply be that the packets are not getting to the DFL-160 in the first place. This can be confirmed with a packet sniffer if it is available.
Chapter 2. Initial Setup 2.4. Console Port Connection Initial setup of the DFL-160 can be done using only the web interface but DFL-160 also provides a Command Line Interface (CLI) which can be used for certain administrative tasks. This is accessed through a console connected directly to the unit's RS232 COM port, which is shown below.
This buffer limit means that a single large volume of console output may be truncated. This happens rarely and only with certain commands. The DFL-160 USB Port Next to the RS232 port is a USB port. This port is not used with the current version of NetDefendOS.
2.4. Console Port Connection Chapter 2. Initial Setup...
The sections that follow describe the options in this menu in the order they appear. 3.1. Administration The options on this page deal with administrator access to the DFL-160 through one of the Ethernet interfaces. The page is divided into 3 sections: A.
By default, the administrator username admin with a password admin exists when a brand new DFL-160 is started for the first time. It is recommended, at a minimum, to change the password of this user as one of the first steps during initial setup.
Management Through the Serial Console Some administration tasks can be carried out through a console device attached directly to the serial port of the DFL-160 which is described in Section 2.4, “Console Port Connection”. There are two administration options when using the console port: •...
D. PPTP Connection A. DHCP Setup The DHCP protocol is a means for a network device, such as the DFL-160, to retrieve all required IP addresses automatically from a DHCP server. In this case, the ISP provides the IP addresses from its DHCP server, provided that the Ethernet connection to the ISP is functioning.
3.2. Internet Connection Chapter 3. The System Menu The Idle Timeout is the length of time with inactivity that passes before PPPoE disconnection occurs if the Dial-on-Demand is selected. DNS servers are set automatically after connection with PPPoE. D. PPTP Connection With this option, the username and password supplied by your ISP for PPTP connection should be entered.
Section 1.2, “Ethernet Interfaces”, these are connected together by a switch fabric in the DFL-160 so they act as a single logical interface called LAN. This manual, therefore, refers only to the LAN logical interface and the rules applied to LAN apply to all four physical interfaces but not the traffic flowing between them.
• Transparent Mode This mode is used if the DFL-160 is to be placed between the LAN and WAN interface in a transparent way. This means that no IP addresses need to be changed in either network, but the traffic flowing between the interfaces is still subject to the rules and controls imposed by NetDefendOS.
3.3. LAN Settings Chapter 3. The System Menu With this option enabled, a range of IP addresses can be allocated which can then be allocated out to hosts on the network that need them. The presentation of the DHCP server options in the web interface is shown below.
Chapter 3. The System Menu 3.4. DMZ Settings The settings in this part of the management web interface determine how the DFL-160's DMZ interface operates. These settings are very similar to the corresponding page for the LAN interface (see Section 3.3, “LAN Settings”).
• Transparent Mode This mode is used if the DFL-160 is to be placed between the DMZ and WAN interface in a transparent way. This means that no IP addresses need to be changed in either network, but the traffic flowing between the interfaces is still subject to the rules and controls imposed by NetDefendOS.
3.4. DMZ Settings Chapter 3. The System Menu clicked to delete the entry. This feature allows the same IP address to be always allocated to a particular DHCP client. Transparent Mode and the Interface IP Address There are some considerations that should be noted with the DMZ IP address when transparent mode is enabled: •...
NetDefendOS or on an external SysLog server. A list of all event messages can be found in the DFL-160 Log Reference Guide. That guide also describes the design of event messages, the meaning of severity levels and the various attributes available.
3.5. Logging Chapter 3. The System Menu messages generated by NetDefendOS. By enabling this option, these log messages will be included. C. Email Alerts NetDefendOS can be configured to send emails to up to three email addresses when log messages are generated that are equal to or exceed a defined threshold.
A variety of NetDefendOS functions depend on the system date and time being set correctly for the DFL-160. It is therefore recommended to set the correct time and date as soon as possible. There are three time and date options: A.
When usage of time servers is enabled, NetDefendOS will poll them on a regular basis and then adjust the DFL-160 system clock with the exact time. If the time server and the current time differ by more than one hour (60 minutes) then the time...
A DNS feature offered by NetDefendOS is the ability to explicitly inform DNS servers when the external IP address of the DFL-160 has changed. This is sometimes referred to as Dynamic DNS (DDNS) and is useful where the DFL-160 has an external IP address that can change.
3.7. Dynamic DNS Settings Chapter 3. The System Menu...
The options in the Firewall menu allow the administrator to control and manage the features of the DFL-160 that are specific to a firewall. A firewall, as the name suggests, is a capability that provides a protective barrier against a range of potential threats that can be transported by the public Internet towards sensitive internal networks.
The Meaning of Outbound These options determine what types of traffic can pass between the LAN network on the protected "inside" of the DFL-160 and the WAN interface when the connection is initiated by a client or host on the LAN network.
4.1. Outbound LAN Traffic Options Chapter 4. The Firewall Menu By clicking the Custom Traffic tab and then selecting Add > Custom Traffic it is possible to allow through a protocol not specified in the pre-defined list. For a custom protocol it is necessary to specify if the protocol uses TCP or UDP connections or both and to specify the port number the protocol will try and connect to at the other end of the connection.
4.2. Outbound DMZ Traffic Options Chapter 4. The Firewall Menu 4.2. Outbound DMZ Traffic Options The Meaning of Outbound These options determine what types of traffic can pass between the DMZ network and the WAN interface when the connection is initiated by a client or host on the DMZ network. For instance, the retrieval of data from a web server on the public Internet is still considered part of outbound traffic if the retrieval request is initiated by a web surfer sitting on the DMZ network.
4.2. Outbound DMZ Traffic Options Chapter 4. The Firewall Menu Specifying a Schedule A named Schedule can be defined through the Firewall > Schedules menu option and this can then be used with any individual protocol allowed for outgoing traffic from the LAN interface. Schedules specify a period of time when a particular selection is valid.
Internet on the WAN interface. These connections are typically made to access some resource that sits behind the DFL-160, such as an HTTP server that is sitting on the DMZ network. By default, NO SUCH CONNECTIONS ARE ALLOWED and the administrator must explicitly allow individual protocols by ticking one or more of the checkboxes on this page of the web interface.
4.3. Inbound Traffic Options Chapter 4. The Firewall Menu application that typically makes use of multicast data transfers. C. Custom Traffic If a particular protocol does not appear in the standard list of protocols then a Custom Traffic "rule" can be created which allows incoming TCP or UDP traffic through on a specified port. As explained above, the custom rule must have a destination IP address specified which either an internal IP address if NAT is being used of a public IP if NAT is not being used.
There are two common scenarios where VPNs are used: LAN to LAN connection - Where two internal networks need to be connected together over the internet. In this case, each network is protected by an individual DFL-160 and the VPN tunnel is set up between them.
Chapter 4. The Firewall Menu In summary, a VPN allows the public Internet to be used for setting up secure communications or tunnels between DFL-160s or between a DFL-160 and other security gateway devices or clients. VPN with the DFL-160...
A PSK can be any alphanumeric character string. Security using digital certificates is not possible with the DFL-160 but is possible with higher-end D-Link NetDefend products.
Advanced The advanced options provide a way to customize some of the parameters used by IPsec. This may be necessary in certain scenarios where the DFL-160 must communicate with an IPsec peer that expects certain conventions to be used. The advanced options are as follows: A.
4.4.1. IPsec Chapter 4. The Firewall Menu another phase-2 negotiation. There is no need to do another phase-1 negotiation until the IKE lifetime has expired. It is recommended that the lifetimes not be shorter than the following: • IKE lifetime - 600 seconds (10 minutes) •...
The Idle Timeout is the length of time with inactivity that passes before tunnel disconnection occurs. 4.4.3. L2TP/PPTP Server This option allows VPN tunnels to be set up based on the L2TP protocol, where the DFL-160 acts as a L2TP or PPTP server, receiving connection requests from external clients. Such clients are sometimes called roaming clients since they might not have a fixed IP address and might connect through temporary connection to a remote network.
DFL-160 using this tunnel. Relaying of DNS queries means that URL resolution requests are relayed to a DNS server. This will require that the DFL-160 to have at least one DNS server defined. C. Authentication This section specifies how authentication is done with connecting clients.
The NetDefendOS user authentication database is used only with VPN. When external clients connect through a VPN link to resources protected by the DFL-160, they can be required to provide a unique combination of a userid and a password (access without any authentication is also possible).
WCF is a subscription based service and a one year subscription can be purchased as a license add-on from your D-Link agent. The buy license link here will open a D-Link window in your browser so that you can find your local agent. Alternatively you can click the link here:...
4.6.1. Options Chapter 4. The Firewall Menu B. Web Content Filter The option here is to enable or disable web content filtering. Note that HTTP and HTTPS traffic (or all traffic) should be allowed in the outgoing traffic options for the LAN or DMZ interfaces for clients on those networks to able to reach the public Internet.
4.6.2. The Content Categories Chapter 4. The Firewall Menu It is possible to explicitly allow or explicitly block certain URLs by adding one or more Static URL Filters. This is also referred to as whitelisting and blacklisting and the URLs specified in such filters are not looked up by the WCF subsystem.
4.6.2. The Content Categories Chapter 4. The Firewall Menu online news publications and technology or trade journals. This does not include financial quotes, refer to the Investment Sites category (11), or sports, refer to the Sports category (16). Examples might be: •...
4.6.2. The Content Categories Chapter 4. The Firewall Menu form of entertainment that is not specifically covered by another category. Some examples of this are music sites, movies, hobbies, special interest, and fan clubs. This category also includes personal web pages such as those provided by ISPs. The following categories more specifically cover various entertainment content types, Pornography / Sex (1), Gambling (4), Chatrooms (8), Game Sites (10), Sports (16), Clubs and Societies (22) and Music Downloads (23).
4.6.2. The Content Categories Chapter 4. The Firewall Menu A web site may be classified under the E-Banking category if its content includes electronic banking information or services. This category does not include Investment related content; refer to the Investment Sites category (11). Examples might be: •...
4.6.2. The Content Categories Chapter 4. The Firewall Menu Category 18: Violence / Undesirable A web site may be classified under the Violence / Undesirable category if its contents are extremely violent or horrific in nature. This includes the promotion, description or depiction of violent acts, as well as web sites that have undesirable content and may not be classified elsewhere.
4.6.2. The Content Categories Chapter 4. The Firewall Menu A web site may be classified under the Music Downloads category if it provides online music downloading, uploading and sharing facilities as well as high bandwidth audio streaming. Examples might be: •...
4.6.2. The Content Categories Chapter 4. The Firewall Menu Category 29: Computing/IT A web site may be classified under the Computing/IT category if its content includes computing related information or services. Examples might be: • www.purplehat.com • www.gnu.org Category 30: Swimsuit/Lingerie/Models A web site may be categorized under the Swimsuit/Lingerie/Models category if its content includes information pertaining to, or images of swimsuit, lingerie or general fashion models.
DFL-160. Once a virus is recognized in the contents of a file, the download can be terminated before it completes.
NetDefendOS Anti-Virus scanning is a subscription based service and yearly subscriptions can be purchased from your local D-Link agent. After purchase, you will receive a code which is then used for activating IDP.
4.7. Anti-Virus Chapter 4. The Firewall Menu the exclusion list such a file might not be scanned. To avoid this situation, NetDefendOS always performs MIME checking where it looks inside the file to determine what the true filetype of the data is.
With the DFL-160, servers that are accessed from the public Internet are typically situated on the network connected to the DMZ interface. This provides one form of defense against intrusions by isolating any server infection away from the most sensitive "inside"...
It is recommended to scan the minimum number of protocols required. For example, if there is only an SMTP server in the DMZ network, then enabling the SMTP checkbox only is recommended. IDP scanning can consume the processing resources of the DFL-160 and it is therefore best to keep the scanning requested to a minimum.
Both can be particularly useful when used for periods of time in log only mode to determine if IDP is indicating that a DFL-160 installation is being targeted by external intrusions.
4.9. Traffic Shaping Chapter 4. The Firewall Menu 4.9. Traffic Shaping Traffic Shaping allows the administrator to control the level of flows for different types of traffic between the public Internet connected to the WAN interface and hosts on the LAN and DMZ networks.
4.9. Traffic Shaping Chapter 4. The Firewall Menu Specifying Rules Each rule is given a name for display purposes and then the Service associated with the rule can be specified. The Service corresponds to a protocol such as FTP. The predefined services are shown below.
4.9. Traffic Shaping Chapter 4. The Firewall Menu • Guarantee - Specify the guaranteed bandwidth only. • Max and Guarantee - Specify both the maximum and guaranteed bandwidth. The entry fields for the bandwidth are enabled in the interface according to the option chosen. The term Upstream means traffic leaving the WAN interface going towards the public Internet.
4.10. Schedules Chapter 4. The Firewall Menu 4.10. Schedules Schedules are used to determine when certain features in NetDefendOS are enabled. For instance, it may be decided to allow web surfing from clients on the LAN interface only at certain times of the day. In this case, we would create a schedule that contained the times when surfing is allowed and then associate the schedule with the enabled HTTP option of Outbound LAN Traffic in the Firewall menu options.
4.10. Schedules Chapter 4. The Firewall Menu The comments field allows some text explanation to be added to the schedule. It serves only as a reminder to the administrator what the schedule was intended for.
4.10. Schedules Chapter 4. The Firewall Menu...
Chapter 5. The Tools Menu • Ping, page 77 The Tools menu provides access to features which can be helpful in overall system operation. The sections that follow describe the options in this menu in the order they appear. 5.1. Ping The ICMP ping protocol provides a simple query/response tool to determine if a particular network component is alive.
• User Authentication Status, page 90 • Routes, page 91 • DHCP Server Status, page 92 The Status menu of the DFL-160 web interface provides various views of the current status, performance and loading of the various subsystems that make up NetDefendOS. Filtering Output...
B. UTM Statistics C. Log History A. System Resources Various graphical displays and numerical values show the current status of the DFL-160 system and how its resources are being used. B. UTM Statistics Unified Threat Management (UTM) consists of the 3 components: Anti-Virus, IDP and Web Content Filtering.
6.1. System Status Chapter 6. The Status Menu Clicking the More... link in the display will take you to the Logging option in the System menu for a more complete list of recent events and the filters to analyze them. The details of NetDefendOS logging can be found in Section 3.5, “Logging”.
Various events that occur in NetDefendOS cause log messages to created. All possible log messages generated are documented in the accompanying DFL-160 Log Reference Guide. An external SysLog server can be configured to receive these events, as described in Section 3.5, “Logging”. That section also describes setting up email alerts for certain events.
6.3. Anti-Virus Status Chapter 6. The Status Menu 6.3. Anti-Virus Status This page of the web interface provides the ability to view and filter out the last 500 log messages generated by just the Anti-Virus subsystem. These same messages can also appear mixed in with other messages in the Logging page in the Status menu (described in Section 6.2, “Logging Status”).
6.4. Web Content Filtering Status Chapter 6. The Status Menu 6.4. Web Content Filtering Status This page of the web interface provides the ability to view and filter out the last 500 log messages generated by just the Web Content Filtering (WCF) subsystem. These same messages can also appear mixed in with other messages in the Logging page in the Status menu (described in Section 6.2, “Logging Status”).
6.5. IDP Status Chapter 6. The Status Menu 6.5. IDP Status This page of the web interface provides the ability to view and filter out the last 500 log messages generated by just the IDP subsystem. These same messages can also appear mixed in with other messages in the Logging page in the Status menu (described in Section 6.2, “Logging Status”).
6.6. Connections Status Chapter 6. The Status Menu 6.6. Connections Status A connection in NetDefendOS refers to either a normal TCP/IP connection set up to perform a transfer of data or a UDP packet based "connection", where a stream of packets is being sent from a sender to a receiver (such as in a streaming video transfer).
Chapter 6. The Status Menu 6.7. Interfaces Status This option can show the current status for each of the DFL-160 interfaces. When one of the interfaces is selected from a drop-down box in this page, information about the interface's status is displayed, both in numerical and graphical form.
6.7. Interfaces Status Chapter 6. The Status Menu Secondly, the statistics for received (incoming) traffic are shown over the last 24 hours. An example is shown below (the image is also truncated on the right side).
6.8. IPsec Status Chapter 6. The Status Menu 6.8. IPsec Status List VPN Interfaces This option (the default) shows all the currently established VPN tunnels (also known as VPN interfaces). An example of this display is shown below. List all active IKE SAs An IKE Security Association (SA) is an entity that defines the encryption methods and other parameters that will be used for data flowing from one end of an IPsec tunnel to the other.
6.9. User Authentication Status Chapter 6. The Status Menu 6.9. User Authentication Status This page of the web interface displays the users who have been authenticated and are using a VPN tunnel. An example of the user authentication display is shown below. The Forcibly Logout Option For each user, the administrator has the option to force a logout of a user with this option.
The traffic forwarding function performed with the help of the routing table is the primary task of any device which is called a router. It is also one of the primary tasks of the DFL-160 and in most cases the routes in the NetDefendOS routing table are created automatically without intervention from the administrator.
6.11. DHCP Server Status Chapter 6. The Status Menu 6.11. DHCP Server Status As explained in Section 3.3, “LAN Settings” and Section 3.4, “DMZ Settings”, the LAN and DMZ interfaces can be configured to act as DHCP servers, allocating IP addresses from a predefined IP range to any users or hosts that require them.
6.11. DHCP Server Status Chapter 6. The Status Menu...
These options allow the frequency of the update interval to be determined. The recommendation is to select a time during a day when there is little user activity through the DFL-160. Typically, this might be in the early hours of the morning.
7.1. The Update Center Chapter 7. The Maintenance Menu The default interval is Daily and this is recommended to keep the databases updated with the latest releases. It is not often that the databases are updated more than once in a day. C.
DFL-160 is initially delivered it comes with a standard license preinstalled which determines the capabilities of the system. Add On Services It is possible to expand the capabilities of the DFL-160 by purchasing a license for any of the following features: •...
7.2. Licenses Chapter 7. The Maintenance Menu • PPP Tunnels The maximum number of PPP tunnels which terminate at the WAN interface that can be created. To expand the capabilities of the standard product license, consult with your local D-Link representative.
NetDefendOS version is upgraded. To restore a backup file, the administrator should upload a backup file to the DFL-160. The name of the file does not really matter since NetDefendOS will read a header in the file to determine what it Backups Do Not Contain Everything Backups include only static information from the NetDefendOS configuration.
Performing a Reset Manually An alternative way to reset the DFL-160 is to push in the reset button at the rear of the unit for 10 to 15 seconds while powering it on. After that, release the reset button and the unit will continue to load and start up in default mode as though it were brand new and had never been configured.
7.5. Upgrades New releases of NetDefendOS are routinely made available by NetDefendOS. These releases are available as a single file which can be uploaded to the DFL-160 through this page in the web interface. NetDefendOS upgrades can be downloaded for free from your local D-Link site or from the D-Link...
After clicking on the button Download support file, a file is automatically generated by the NetDefendOS and downloaded to the web interface and can be saved to the local disk. The techsupport CLI Command This file contains the same information that can also be generated on a console with the CLI command: DFL-160:/> techsupport...
7.6. Technical Support Chapter 7. The Maintenance Menu...
DFL-160 (see Section 2.4, “Console Port Connection”). The boot menu can be accessed through the console port after the DFL-160 is powered up and before NetDefendOS is ready. After powering up, there is a 3 second interval before NetDefendOS fully starts up and in that time the message Press any key to abort and load boot menu is displayed, as shown below.
Chapter 8. The Console Boot Menu A password should be set for console access. If a password is not set, anyone can use the console. After it is set, the console will prompt for the password before access is allowed to either the boot menu or the command line interface (CLI) (more on the CLI can be found in Appendix A, CLI Reference).
Chapter 9. Troubleshooting When the DFL-160 does not behave as expected, the following CLI tools are available to troubleshoot problems. The stat CLI Command If a serious NetDefendOS problem is suspected then the first step should be to use the console command: >...
Chapter 9. Troubleshooting Although dconsole output may be difficult to interpret by the administrator, it can be emailed to D-Link support representatives for further investigation. The dconsole command supersedes the crashdump command found in earlier versions of NetDefendOS. Restarting If a system is in a non-functional "frozen" state then system restart can offer a simple way to clear all error conditions.
RS232 console port on the DFL-160. Details of how to connect up a console device to the console COM port on the DFL-160 can be found in Section 2.4, “Console Port Connection”. Once the connection is made and NetDefendOS...
By analyzing the contents of the buffers, it is possible to determine whether such traffic is making it to the DFL-160 at all. Syntax: buffers Brings up a list of most recently freed buffers.
Connections Shows the last 20 connections opened through the DFL-160. Connections are created when traffic is permitted to pass via Allow or NAT rules. Traffic permitted to pass under FwdFast is not included in this list. Each connection has two timeout values, one in each direction. These are updated when the firewall receives packets from each end of the connection.
Options: -renew - Force interface to renew its lease. -release - Force interface to release its lease. Example: DFL-160:/> dhcp -renew wan DHCPServer Show the contents of the DHCP server configuration section and active DHCP leases. Syntax: dhcpserver [options] Options: -rules - Shows dhcp server rules.
Options: -list - List pending DNS queries. -query=<domain-name> - Resolve domain name. -remove - Remove all pending DNS queries. Example: DFL-160:/> dns DNS client is initialized. Using servers: DNS Server 0 : 10.5.0.19 DNS Server 1 : Not set DNS Server 2 : Not set Frags Shows the 20 most recent fragment reassembly attempts.
PPTP tunnel to 192.168.23.1 Syntax: ifstat <interface> Shows hardware and software statistics for the specified NIC. Example: DFL-160:/> ifstat lan Iface lan Builtin e1000 - Intel(R) PRO/1000 T Server Adapter Slot 2/1 IRQ 5 Media : "1000BaseTx" Speed : 1000 Mbps Full Duplex...
Display connected IPsec VPN gateways and remote clients. Syntax: ipsecstats <options> Options: -u - Append SA usage. -num <connection-number> - Show this connection number. Example: DFL-160:/> ipsecstats --- IPsec SAs: Displaying one line per SA-bundle VPN Tunnel Local net Remote net Remote GW...
Appendix A. CLI Reference Killsa Kills all IPsec and IKE SAs for the specified IP-address. Syntax: killsa <ipaddr> Example: DFL-160:/> killsa 192.168.0.2 Destroying all IPsec & IKE SAs for remote peer 192.168.0.2 License Shows the content of the license-file. Syntax: license Lockdown Sets local lockdown on or off.
Appendix A. CLI Reference using PBR table "main". Echo reply from 192.168.12.1 seq=0 time= 10 ms TTL=255 DFL-160:/> ping 192.168.12.1 -v Sending 1 ping to 192.168.12.1 from 192.168.14.19 using PBR table "main"..using route "192.168.12.0/22 via wan, no gw" in PBR table "main"...
If the <seconds> parameter is not specified then the default value is 5 seconds. Options: -normal - Perform a normal shutdown (the default). -reboot - A reboot occurs automatically. Example: DFL-160:/> shutdown Shutdown NORMAL. Active in 5 seconds. Shutdown reason: Shutdown due to console command Stats Shows various vital stats and counters.
-servers - show information about autoupdate servers. -debugtestidp - invokes IDP test code (CAUTION: this sometimes may cause the hardware to freeze). Example: DFL-160:/> updatecenter -status Antivirus Signature Database Database Version: 2 2008-01-22 15:02:27 HW Support: lc2350a Hardware DB Version: Latest Full:2008-01-22 15:02:27 Patch:N/A...
Options: -l - Displays a list of all authenticated users. -p - Displays a list of all known privileges (usernames and groups). -r <ip> - Removes an authenticated user (=logout). Example: DFL-160:/> userauth -l Login IP Address Interface Timeouts Privileges...
LocalUsers DFL-160:/> userdb LocalUsers Contents of user database LocalUsers: Username Groups Static IP Remote Networks --------- ------- --------- --------------- sales alice tech DFL-160:/> userdb LocalUsers bob Information for bob in database LocalUsers: Username : bob Groups : sales Networks :...
Traffic must be able to flow between the designated PC Ethernet interface and the DFL-160 LAN interface so they must be on the same IP network. This means the PC's interface should be assigned the following static IP addresses: •...
Appendix B. Windows XP IP Setup The assigned IP address 192.168.10.30 could, in fact, be another address from the 192.168.10.0/24 network. However, 192.168.10.30 is normally used by D-Link as a convention.
Appendix C. Windows Vista IP Setup A Windows Vista based PC can be used as the management workstation for setup of a DFL-160. Usually, configuration of the IP address of the PC's chosen Ethernet interface should not be needed since the DFL-160 automatically assigns the address using DHCP. If DHCP cannot be used, the workstation IP address should be configured manually.
Appendix C. Windows Vista IP Setup Select and display the properties for Internet Protocol Version 4 (TCP/IPv4). In the properties dialog, select the option Use the following IP address and enter the following values: • IP Address: 192.168.10.30 • Subnet mask: 255.255.255.0 •...
Appendix D. Windows 7 IP Setup A Windows 7 based PC can be used as the management workstation for setup of a DFL-160. Usually, configuration of the IP address of the PC's chosen Ethernet interface should not be needed since the DFL-160 automatically assigns the address using DHCP. If DHCP cannot be used, the workstation IP address should be configured manually.
Appendix D. Windows 7 IP Setup Select and display the properties for Internet Protocol Version 4 (TCP/IPv4). In the properties dialog, select the option Use the following IP address and enter the following values: • IP Address: 192.168.10.30 • Subnet mask: 255.255.255.0 •...
Appendix E. Apple Mac IP Setup An Apple Mac can be used as the management workstation for setup of a DFL-160. Usually configuration of the IP address of the MAC's chosen Ethernet interface should not be needed since the DFL-160 automatically assigns the address using DHCP. If DHCP cannot be used, the workstation IP address should be configured manually.
Appendix E. Apple Mac IP Setup Now set the following values: • IP Address: 192.168.10.30 • Subnet Mask: 255.255.255.0 • Router: 192.168.10.1 Click Apply to complete the static IP setup. Note: Different MacOS versions Some versions of MacOS may differ slightly from the screenshots shown above but the setup should be almost the same.