D-Link NetDefend SOHO DFL-160 User Manual page 7

1.1. The DFL-160 Solution
"Inside" and "Outside" Networks
The NetDefendOS provides the administrator with the ability to control and manage the traffic that
flows between the trusted "inside" networks and the much more threatening public Internet that lies
"outside".
The "outside" Internet network is connected to the DFL-160's WAN interface and the trusted
"inside" network is connected to the LAN interface. As explained later, there are, in fact, four LAN
interfaces connected together through an internal switch.
The network connected to the DMZ interface can be considered to also be "inside" but it is designed
for a network where servers are situated which are accessed by external hosts and users on the
public Internet. The DMZ therefore represents a place where threats such as server viruses can be
isolated and kept separate from the more sensitive LAN network. For this reason, connections
initiated from hosts and users on the DMZ network to the LAN network are never allowed.
Firewalling and UTM
NetDefendOS provides the NetDefend SOHO UTM product with the following important features
to protect against external threats coming from the Internet:
• Extensive Firewalling Capabilities
NetDefendOS can block traffic which does not comply with security policies defined by the
user. These policies can target traffic according to which protocol (such as HTTP or FTP) is
arriving and leaving, and by which interface, as well as optionally determining when such traffic
is allowed according to a time schedule.
There are three sets of basic traffic flow policies that can be defined:
1. Traffic initiated by internal networks ("outbound traffic")
2. Traffic initiated by external networks to hosts and users on the LAN network ("inbound
LAN traffic").
3. Traffic initiated by external networks to hosts and users on the DMZ network ("inbound
DMZ traffic").
• Unified Threat Management (UTM)
UTM is performed by NetDefendOS through the following features:
1. An Anti-Virus option to scan file downloads for viruses.
2. Intrusion Detection and Prevention to scan all traffic connecting to internal servers.
3. Web Content Filtering to implement policies on the types of web sites that can be accessed.
Note: No inbound traffic is initially allowed
When a DFL-160 is started for the first time, no inbound traffic is allowed so the
administrator should decide what inbound traffic will be allowed as one of the first
setup steps.
7
Chapter 1. Product Overview