D-Link DFL-160 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of D-Link DFL-160, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of D-Link DFL-160 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of D-Link DFL-160. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of D-Link DFL-160 should contain:
- informations concerning technical data of D-Link DFL-160
- name of the manufacturer and a year of construction of the D-Link DFL-160 item
- rules of operation, control and maintenance of the D-Link DFL-160 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of D-Link DFL-160 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of D-Link DFL-160, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the D-Link service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of D-Link DFL-160.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the D-Link DFL-160 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    User Manu al DFL-160 V er 1.00 Network Security Sol ution http://www .dlink.com.tw Security Security SOHO UTM F irewall[...]

  • Page 2

    User Manual D-Link DFL-160 Firewall NetDefendOS Version 2.25 D-Link Corporation No. 289, Sinhu 3rd Rd, Neihu District, Taipei City 114, Taiwan R.O.C. http://www.DLink.com Published 2009-05-14 Copyright © 2009[...]

  • Page 3

    User Manual D-Link DFL-160 Firewall NetDefendOS Version 2.25 Published 2009-05-14 Copyright © 2009 Copyright Notice This publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this manual, nor any of the material contained herein, may be reproduced with[...]

  • Page 4

    Table of Contents 1. Product Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. The DFL-160 Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 5

    C. Apple Mac IP Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 D. D-Link Worldwide Offices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 6

    Chapter 1. Product Overview • The DFL-160 Solution, page 5 • Ethernet Interfaces, page 7 • The LED Indicators, page 9 1.1. The DFL-160 Solution The NetDefend SOHO UTM product is a D-Link hardware/software solution designed for situations where a conventional IP router connected to the public Internet in a small organization or home environmen[...]

  • Page 7

    "Inside" and "Outside" Networks The NetDefendOS provides the administrator with the ability to control and manage the traffic that flows between the trusted "inside" networks and the much more threatening public Internet that lies "outside". The "outside" Internet network is connected to the DFL-160[...]

  • Page 8

    1.2. Ethernet Interfaces Physical Interface Arrangement The DFL-160 has a number of physical Ethernet interfaces which can be used to plug into other Ethernet networks. The image below shows these interfaces at the back of the hardware unit. Interface Network Connections The illustration below shows the typical usage of network connections to the D[...]

  • Page 9

    are intended for connection to local, internal networks which will be protected from the outside internet by the highest security available from the DFL-160. Interfaces LAN1 to LAN4 are connected together via a switch fabric in the DFL-160 which means that traffic travelling between them will not be subject to the control of NetDefendOS. All four a[...]

  • Page 10

    1.3. The LED Indicators On the front portion of the DFL-160 casing are a set of indicator lights which show system status and Ethernet port activity. Power and Status The power light is illuminated when power is applied and the status light is illuminated after NetDefendOS has completed start up or if the boot menu has been entered prior to complet[...]

  • Page 11

    1.3. The LED Indicators Chapter 1. Product Overview 10[...]

  • Page 12

    Chapter 2. Initial Setup • Unpacking, page 11 • Web Browser Connection, page 13 • Browser Connection Troubleshooting, page 18 • Console Port Connection, page 19 2.1. Unpacking Package Contents Carefully open the product packaging and inside you will find the following: • The DFL-160 hardware unit. • The DFL-160 Quick Installation Guide.[...]

  • Page 13

    Environmental and Operating Parameters The following table lists the key environmental and operatíng parameters for the DFL-160 hardware. Parameter DFL-160 Value AC Input 100-240 VAC, 50/60 Hz, External supply Operating Temperature Range 0°C to +50°C Storage Temperature Range -40°C to +70°C Operational Humidity Range 10% to 90% RH Storage Humi[...]

  • Page 14

    2.2. Web Browser Connection This section describes the steps for accessing a DFL-160 for the first time through a web browser. The user interface accessed in this way is known as the NetDefendOS Web Interface (or WebUI ). 1. Connect the Cables The DFL-160 and a management workstation (typically a Windows PC) running a web browser should be physical[...]

  • Page 15

    4. Connect to the DFL-160 by Surfing to the IP address 192.168.10.1 Using a web browser (Internet Explorer or Firefox is recommended), surf to the IP address 192.168.10.1 . This can be done using either HTTP or the more secure HTTPS protocol in the URL. These two alternatives are discussed next. A. Using HTTP Enter the address http://192.168.10.1 i[...]

  • Page 16

    The available management web interface language options are selectable at the bottom of this dialog. This defaults to the language set for the browser if NetDefendOS supports that language. Now login with the username admin and the password admin . The full web interface will now appear as shown below and you are ready to begin setting up the initi[...]

  • Page 17

    of time is fixed. After automatic logout occurs, the next interaction with the management web interface will take the browser to the login page. Connecting to the Internet In the typical DFL-160 installation the next step is to connect to the public Internet. To do this the WAN interface should be connected to your Internet Service Provider (ISP). [...]

  • Page 18

    features of the product and bring into use those which meet the needs of a particular installation. It is recommended that adminstrators familiarize themselves with the web interface by clicking on the main menu options and exploring the individual options available with each. The later part of this manual has a structure which reflects the naming [...]

  • Page 19

    2.3. Browser Connection Troubleshooting If the management interface does not respond after the DFL-160 has powered up and NetDefendOS has started, there are a number of simple steps to trouble shoot basic connection problems: 1. Check that the LAN interface is being used The most obvious problem is that the wrong DFL-160 interface has been used for[...]

  • Page 20

    2.4. Console Port Connection Initial setup of the DFL-160 can be done using only the web interface but DFL-160 also provides a Command Line Interface (CLI) which can be used for certain administrative tasks. This is accessed through a console connected directly to the unit's RS232 COM port, which is shown below. All CLI commands are listed in [...]

  • Page 21

    buffer allocated for output. This buffer limit means that a single large volume of console output may be truncated. This happens rarely and only with certain commands. The DFL-160 USB Port Next to the RS232 port is a USB port. This port is not used with the current version of NetDefendOS. The port is intended for use with features planned for futur[...]

  • Page 22

    2.4. Console Port Connection Chapter 2. Initial Setup 21[...]

  • Page 23

    Chapter 3. The System Menu • Administration, page 22 • Internet Connection, page 25 • LAN Settings, page 27 • DMZ Settings, page 30 • Logging, page 33 • Date and Time, page 35 • Dynamic DNS Settings, page 37 The System menu options allow the administrator to control and manage essential operating settings of the DFL-160. The sections [...]

  • Page 24

    The recommendation is to restrict the interfaces which allow management access and to always use the HTTPS protocol to ensure that management communication is encrypted. The only advantage in using HTTP for management access is to avoid the issue with certificates. NetDefendOS sends an unsigned certificate to the browser when using HTTPS and this m[...]

  • Page 25

    For instance, if HTTPS is used for management access and HTTPS inbound traffic is enabled (this is done in Section 4.3, “Inbound Traffic Options”) then both will use the port number 443 and there will be a problem. The port number for management traffic and normal HTTPS traffic must be unique. The solution is to change the HTTPS port for admini[...]

  • Page 26

    3.2. Internet Connection The options on this page allow the administrator to specify the communications protocol with which the WAN interface is connected to the public Internet via an Internet Service Provider (ISP). Your ISP will provide details of their connection. The first task is to make a physical Ethernet connection between the DFL-160&apos[...]

  • Page 27

    The Idle Timeout is the length of time with inactivity that passes before PPPoE disconnection occurs if the Dial-on-Demand is selected. DNS servers are set automatically after connection with PPPoE. D. PPTP Connection With this option, the username and password supplied by your ISP for PPTP connection should be entered. If DHCP is to be used with t[...]

  • Page 28

    3.3. LAN Settings The settings in this part of the management web interface determine how the DFL-160's LAN interface operates. These settings are very similar to the corresponding page for the DMZ interface (see Section 3.4, “DMZ Settings”). The Logical LAN Interface There are four physical interfaces in the DFL-160 hardware which are lab[...]

  • Page 29

    • NAT Mode This mode enables Dynamic Network Address Translation (NAT) use between the LAN and WAN interfaces. This means that the individual IP addresses of hosts on the LAN interface will be hidden from the public internet. All traffic coming from the public Internet to LAN hosts will be directed to the public IP address of the WAN interface an[...]

  • Page 30

    with a particular MAC address. When a request for a DHCP lease is received on the interface, NetDefendOS checks the MAC address of the requesting DHCP client against the list. If a match is found, the IP address that has been associated with the MAC address is the one that is handed out. The screenshot below shows how this option appears in the web[...]

  • Page 31

    3.4. DMZ Settings The settings in this part of the management web interface determine how the DFL-160's DMZ interface operates. These settings are very similar to the corresponding page for the LAN interface (see Section 3.3, “LAN Settings”). DMZ Interface Options There are three sections on this page of the web interface: A. DMZ Interface[...]

  • Page 32

    • Router Mode This is the mode used if NAT is not used. It means that each the individual hosts and users on the DMZ network need their own public IP addresses if they are to communicate with the public Internet. Although not recommended when WAN is connected to the public internet, there may be situations where NAT cannot be applied and the indi[...]

  • Page 33

    This feature allows the same IP address to be always allocated to a particular DHCP client. Transparent Mode and the Interface IP Address There are some considerations that should be noted with the DMZ IP address when transparent mode is enabled: • In transparent mode, the DMZ interface will take on the same IP address as the WAN interface. • I[...]

  • Page 34

    3.5. Logging NetDefendOS Log Messages During NetDefendOS operation, log messages are routinely generated to indicate when certain events occur. These messages form an important audit trail that show what has occurred during system operation and can dealt with in various ways. There are dozens of events for which event messages can be generated. The[...]

  • Page 35

    messages generated by NetDefendOS. By enabling this option, these log messages will be included. C. Email Alerts NetDefendOS can be configured to send emails to up to three email addresses when log messages are generated that are equal to or exceed a defined threshold. This threshold is referred to as the sensitivity . The sensitivity settings tran[...]

  • Page 36

    3.6. Date and Time A variety of NetDefendOS functions depend on the system date and time being set correctly for the DFL-160. It is therefore recommended to set the correct time and date as soon as possible. There are three time and date options: A. General B. Time zone and daylight saving time settings C. Automatic time synchronization A. General [...]

  • Page 37

    When usage of time servers is enabled, NetDefendOS will poll them on a regular basis and then adjust the DFL-160 system clock with the exact time. If the time server and the current time differ by more than one hour (60 minutes) then the time server is ignored. 3.6. Date and Time Chapter 3. The System Menu 36[...]

  • Page 38

    3.7. Dynamic DNS Settings A DNS feature offered by NetDefendOS is the ability to explicitly inform DNS servers when the external IP address of the DFL-160 has changed. This is sometimes referred to as Dynamic DNS (DDNS) and is useful where the DFL-160 has an external IP address that can change. By enabling this option, NetDefendOS acts as a dynamic[...]

  • Page 39

    3.7. Dynamic DNS Settings Chapter 3. The System Menu 38[...]

  • Page 40

    Chapter 4. The Firewall Menu • Outbound LAN Traffic Options, page 40 • Outbound DMZ Traffic Options, page 42 • Inbound Traffic Options, page 44 • VPN Options, page 46 • VPN Users, page 51 • Web Content Filtering, page 52 • Anti-Virus, page 61 • IDP Options, page 64 • Schedules, page 67 The options in the Firewall menu allow the ad[...]

  • Page 41

    against internal resources. • Time schedules can be set up which can be then used to specify the times when security policies are applied. • Lists of users that are allowed to access protected resources can be specified. The sections that follow describe the options in this menu in the order they appear. 4.1. Outbound LAN Traffic Options The Me[...]

  • Page 42

    For a custom protocol it is necessary to specify if the protocol uses TCP or UDP connections or both and to specify the port number the protocol will try and connect to at the other end of the connection. Specifying a Schedule A named Schedule can be defined through the Firewall > Schedules menu option and this can then be used with any individu[...]

  • Page 43

    4.2. Outbound DMZ Traffic Options The Meaning of Outbound These options determine what types of traffic can pass between the DMZ network and the WAN interface when the connection is initiated by a client or host on the DMZ network. For instance, the retrieval of data from a web server on the public Internet is still considered part of outbound traf[...]

  • Page 44

    Specifying a Schedule A named Schedule can be defined through the Firewall > Schedules menu option and this can then be used with any individual protocol allowed for outgoing traffic from the LAN interface. Schedules specify a period of time when a particular selection is valid. For example, the administrator might decide to not allow web surfin[...]

  • Page 45

    4.3. Inbound Traffic Options This set of NetDefendOS options deals using firewalling to protect against inbound traffic. The term inbound refers to connections that are initiated from the public Internet on the WAN interface. These connections are typically made to access some resource that sits behind the DFL-160, such as an HTTP server that is si[...]

  • Page 46

    C. Custom Traffic If a particular protocol does not appear in the standard list of protocols then a Custom Traffic "rule" can be created which allows incoming TCP or UDP traffic through on a specified port. As explained above, the custom rule must have a destination IP address specified which either an internal IP address if NAT is being [...]

  • Page 47

    4.4. VPN Options VPN Usage The Internet is increasingly used as a means to connect together computers since it offers efficient and inexpensive communication. The requirement therefore exists for data to traverse the Internet to its intended recipient without another party being able to read or alter it. VPN allows the setting up of a tunnel betwee[...]

  • Page 48

    In summary, a VPN allows the public Internet to be used for setting up secure communications or tunnels between DFL-160s or between a DFL-160 and other security gateway devices or clients. VPN with the DFL-160 NetDefendOS supports setting up tunnels using the following types of tunnel protocols for secure communication: • IPsec tunnels. • L2TP [...]

  • Page 49

    • IKE negotiates how IKE should be protected. • IKE negotiates how IPsec should be protected. • An IPsec tunnel is established which is used to securely transport data. The following sections are used in the web interface for IPsec setup: A. General B. Authentication C. Tunnel Type A. General Here, a textual Name for the tunnel is specified. [...]

  • Page 50

    Currently established IPsec tunnels can be listed and their usage examined through the IPsec option in the Status menu (see Section 6.8, “IPsec Status”). 4.4.2. L2TP/PPTP Client This option allows a tunnel to be set up where the DFL-160 acts as a L2TP or PPTP client. In this mode, a tunnel is set up where the DFL-160 connects to an L2TP or PPTP[...]

  • Page 51

    The Idle Timeout is the length of time with inactivity that passes before tunnel disconnection occurs. 4.4.3. L2TP/PPTP Server This option allows VPN tunnels to be set up based on the L2TP protocol, where the DFL-160 acts as a L2TP or PPTP server, receiving connection requests from external clients. Such clients are sometimes called roaming clients[...]

  • Page 52

    4.5. VPN Users The User Database This page in the web interface allows the administrator to enter the details of new users into the NetDefendOS user database and to also administer these users by making deletions or changes. There is no limit on the database size. The NetDefendOS user authentication database is used only with VPN. When external cli[...]

  • Page 53

    4.6. Web Content Filtering 4.6.1. Options The Web Content Filtering (WCF) options allow control over the types of web surfing allowed by clients on the LAN or DMZ . When web browsers try to access a URL on the public Internet through the WAN interface, NetDefendOS checks the URL against a D-Link URL database to find out what category it is. For ins[...]

  • Page 54

    B. Web Content Filter The option here is to enable or disable web content filtering. Note that HTTP and HTTPS traffic (or all traffic) should be allowed in the outgoing traffic options for the LAN or DMZ interfaces for clients on those networks to able to reach the public Internet. C. Categories The administrator adds the categories that are to be [...]

  • Page 55

    It is possible to explicitly allow or explicitly block certain URLs by adding one or more Static URL Filters . This is also referred to as whitelisting and blacklisting and the URLs specified in such filters are not looked up by the WCF subsystem. When defining a URL filter it is important to note that wildcarding can be used when specifying the UR[...]

  • Page 56

    online news publications and technology or trade journals. This does not include financial quotes, refer to the Investment Sites category (11), or sports, refer to the Sports category (16). Examples might be: • www.newsunlimited.com • www.dailyscoop.com Category 3: Job Search A web site may be classified under the Job Search category if its con[...]

  • Page 57

    form of entertainment that is not specifically covered by another category. Some examples of this are music sites, movies, hobbies, special interest, and fan clubs. This category also includes personal web pages such as those provided by ISPs. The following categories more specifically cover various entertainment content types, Pornography / Sex (1[...]

  • Page 58

    A web site may be classified under the E-Banking category if its content includes electronic banking information or services. This category does not include Investment related content; refer to the Investment Sites category (11). Examples might be: • www.nateast.co.uk • www.borganfanley.com Category 13: Crime / Terrorism A web site may be class[...]

  • Page 59

    Category 18: Violence / Undesirable A web site may be classified under the Violence / Undesirable category if its contents are extremely violent or horrific in nature. This includes the promotion, description or depiction of violent acts, as well as web sites that have undesirable content and may not be classified elsewhere. Examples might be: • [...]

  • Page 60

    A web site may be classified under the Music Downloads category if it provides online music downloading, uploading and sharing facilities as well as high bandwidth audio streaming. Examples might be: • www.onlymp3s.com • www.mp3space.com Category 24: Business Oriented A web site may be classified under the Business Oriented category if its cont[...]

  • Page 61

    Category 29: Computing/IT A web site may be classified under the Computing/IT category if its content includes computing related information or services. Examples might be: • www.purplehat.com • www.gnu.org Category 30: Swimsuit/Lingerie/Models A web site may be categorized under the Swimsuit/Lingerie/Models category if its content includes inf[...]

  • Page 62

    4.7. Anti-Virus Overview The NetDefendOS Anti-Virus module protects against malicious code carried in file downloads. Files may be downloaded as part of a web-page in an HTTP transfer or in an FTP download or perhaps as an attachment to an email delivered through SMTP. Malicious code in such downloads can have different intents ranging from program[...]

  • Page 63

    leader in the field of virus detection. The database provides protection against virtually all known virus threats including trojans, worms, backdoor exploits and others. The database is also thoroughly tested to provide near zero false positives. NetDefendOS Anti-Virus scanning is a subscription based service and yearly subscriptions can be purcha[...]

  • Page 64

    the exclusion list such a file might not be scanned. To avoid this situation, NetDefendOS always performs MIME checking where it looks inside the file to determine what the true filetype of the data is. Only if the filetype determined by MIME checking is on the exclude list is virus scanning skipped. 4.7. Anti-Virus Chapter 4. The Firewall Menu 63[...]

  • Page 65

    4.8. IDP Options The Intrusion Threat Computer servers can sometimes have vulnerabilities which leave them exposed to attacks carried by network traffic. Worms, trojans and backdoor exploits are examples of such attacks which, if successful, can potentially compromise or take control of a server. A generic term that can be used to describe these se[...]

  • Page 66

    Enabling IDP for a Protocol The IDP page of the NetDefendOS web interface lists a set of protocols which can be scanned by the IDP subsystem. Selecting any of the protocols switches on IDP scanning. Dropping Connections or Only Logging When IDP is enabled, the administrator has two options for how detected intrusions are dealt with: • Log only. ?[...]

  • Page 67

    This category is similar to Scanners in that it is not protocol specific but provides an additional "catch all" protection against intrusion attempts that are not specific to a particular protocol. With both Worms and Malware and Scanners , it is important to use them with caution since they will use more processing resources by increasin[...]

  • Page 68

    4.9. Schedules Schedules are used to determine when certain features in NetDefendOS are enabled. For instance, it may be decided to allow web surfing from clients on the LAN interface only at certain times of the day. In this case, we would create a schedule that contained the times when surfing is allowed and then associate the schedule with the e[...]

  • Page 69

    The comments field allows some text explanation to be added to the schedule. It serves only as a reminder to the administrator what the schedule was intended for. 4.9. Schedules Chapter 4. The Firewall Menu 68[...]

  • Page 70

    4.9. Schedules Chapter 4. The Firewall Menu 69[...]

  • Page 71

    Chapter 5. The Tools Menu • Ping, page 70 The Tools menu provide access to features which can be helpful in overall system operation. The sections that follow describe the options in this menu in the order they appear. 5.1. Ping The ICMP ping protocol provides a simple query/response tool to determine if a particular network component is alive. A[...]

  • Page 72

    5.1. Ping Chapter 5. The Tools Menu 71[...]

  • Page 73

    Chapter 6. The Status Menu • System Status, page 73 • Logging Status, page 75 • Anti-Virus Status, page 76 • Web Content Filtering Status, page 77 • IDP Status, page 78 • Connections Status, page 79 • Interfaces Status, page 80 • IPsec Status, page 82 • User Authentication Status, page 83 • Routes, page 84 • DHCP Server Status[...]

  • Page 74

    6.1. System Status The System Status page is the default page that is shown when the web interface opens after logging in to NetDefendOS as administrator. The status display is divided into three parts: A. System Resources B. UTM Statistics C. Log History A. System Resources Various graphical displays and numerical values show the current status of[...]

  • Page 75

    Clicking the More... link in the display will take you to the Logging option in the System menu for a more complete list of recent events and the filters to analyze them. The details of NetDefendOS logging can be found in Section 3.5, “Logging”. 6.1. System Status Chapter 6. The Status Menu 74[...]

  • Page 76

    6.2. Logging Status Various events that occur in NetDefendOS cause log messages to created. All possible log messages generated are documented in the accompanying DFL-160 Log Message Reference Guide . An external SysLog server can be configured to receive these events, as described in Section 3.5, “Logging”. That section also describes setting [...]

  • Page 77

    6.3. Anti-Virus Status This page of the web interface provides the ability to view and filter out the last 500 log messages generated by just the Anti-Virus subsystem. These same messages can also appear mixed in with other messages in the Logging page in the Status menu (described in Section 6.2, “Logging Status”). Log messages are visible in [...]

  • Page 78

    6.4. Web Content Filtering Status This page of the web interface provides the ability to view and filter out the last 500 log messages generated by just the Web Content Filtering (WCF) subsystem. These same messages can also appear mixed in with other messages in the Logging page in the Status menu (described in Section 6.2, “Logging Status”). [...]

  • Page 79

    6.5. IDP Status This page of the web interface provides the ability to view and filter out the last 500 log messages generated by just the IDP subsystem. These same messages can also appear mixed in with other messages in the Logging page in the Status menu (described in Section 6.2, “Logging Status”). Log messages are visible in 100 message bl[...]

  • Page 80

    6.6. Connections Status A connection in NetDefendOS refers to either a normal TCP/IP connection set up to perform a transfer of data or a UDP packet based "connection", where a stream of packets is being sent from a sender to a receiver (such as in a streaming video transfer). This page of the web interface shows the currently established[...]

  • Page 81

    6.7. Interfaces Status This option can show the current status for each of the DFL-160 interfaces. When one of the interfaces is selected from a drop-down box in this page, information about the interface's status is displayed, both in numerical and graphical form. The sections displayed for the chosen interface are: A. Interface Status B. Dri[...]

  • Page 82

    Secondly, the statistics for received (incoming) traffic are shown over the last 24 hours. An example is shown below (the image is also truncated on the right side). 6.7. Interfaces Status Chapter 6. The Status Menu 81[...]

  • Page 83

    6.8. IPsec Status List VPN Interfaces This option (the default) shows all the currently established VPN tunnels (also known as VPN interfaces ). An example of this display is shown below. List all active IKE SAs An IKE Security Association (SA) is an entity that defines the encryption methods and other parameters that will be used for data flowing [...]

  • Page 84

    6.9. User Authentication Status This page of the web interface displays the users who have been authenticated and are using a VPN tunnel. An example of the user authentication display is shown below. The Forcibly Logout Option For each user, the administrator has the option to force a logout of a user with this option. This can be useful if suspici[...]

  • Page 85

    6.10. Routes A Brief Overview of Routing A list of all routes are maintained by NetDefendOS in its internal routing table . The routing table indicates which networks can be found on which interface. When traffic arrives at the DFL-160 on one interface, the routing table is consulted by NetDefendOS to determine on which interface the traffic should[...]

  • Page 86

    6.11. DHCP Server Status As explained in Section 3.3, “LAN Settings” and Section 3.4, “DMZ Settings”, the LAN and DMZ interfaces can be configured to act as DHCP servers, allocating IP addresses from a predefined IP range to any users or hosts that require them. This option in the Status menu allows the administrator to see which DHCP serve[...]

  • Page 87

    6.11. DHCP Server Status Chapter 6. The Status Menu 86[...]

  • Page 88

    Chapter 7. The Maintenance Menu • The Update Center, page 87 • Licenses, page 89 • Backups, page 91 • Reset to Factory Defaults, page 92 • Upgrades, page 93 • Technical Support, page 94 The Maintenance menu options deal with routine administrative tasks such as backups and software upgrades. The sections that follow describe the options[...]

  • Page 89

    The default interval is Daily and this is recommended to keep the databases updated with the latest releases. It is not often that the databases are updated more than once in a day. C. History This tab shows the history of recent database updates and can also indicate if there were problems with server access or downloading. 7.1. The Update Center [...]

  • Page 90

    7.2. Licenses The license page shows information about the current license installed in the DFL-160. When the DFL-160 is initially delivered it comes with a standard license preinstalled which determines the capabilities of the system. Add On Services It is possible to expand the capabilities of the DFL-160 by purchasing a license for any of the fo[...]

  • Page 91

    • PPP Tunnels The maximum number of PPP tunnels which terminate at the WAN interface that can be created. To expand the capabilities of the standard product license, consult with your local D-Link representative. 7.2. Licenses Chapter 7. The Maintenance Menu 90[...]

  • Page 92

    7.3. Backups The administrator has the ability to take a snapshot of a NetDefendOS system at a given point in time and restore it when necessary. The snapshot can be of two types: • A configuration backup which does not include the installed NetDefendOS version. This is a recommended precaution to allow the configuration at a given point in time [...]

  • Page 93

    7.4. Reset to Factory Defaults Reset Through Software A restore to factory defaults can be applied so that it is possible to return to the original hardware state that existed when the DFL-160 was shipped by D-Link. When a restore is applied in this way, all configuration data is lost and the IDP and Ant-Virus databases are lost which means they mu[...]

  • Page 94

    7.5. Upgrades New releases of NetDefendOS are routinely made available by NetDefendOS. These releases are available as a single file which can be uploaded to the DFL-160 through this page in the web interface. NetDefendOS upgrades can be downloaded for free from your local D-Link site or from the D-Link NetDefend Center at http://security.dlink.com[...]

  • Page 95

    7.6. Technical Support This section of the web interface allows the user to easily download a file of useful troubleshooting information that can be emailed to technical support personnel. After clicking on the button Download support file , a file is automatically generated by the NetDefendOS and downloaded to the web interface and can be saved to[...]

  • Page 96

    7.6. Technical Support Chapter 7. The Maintenance Menu 95[...]

  • Page 97

    Chapter 8. The Console Boot Menu The NetDefendOS loader is the base software on top of which NetDefendOS runs and the administrator's direct interface to this is called the console boot menu (also known simply as the boot menu ). This section discusses the boot menu options. Accessing the Console Boot Menu The boot menu is only accessible thro[...]

  • Page 98

    A password should be set for console access. If a password is not set, anyone can use the console. After it is set, the console will prompt for the password before access is allowed to either the boot menu or the command line interface (CLI) (more on the CLI can be found in Appendix A, CLI Reference ). Initial Options with a Console Password Set If[...]

  • Page 99

    Chapter 9. Troubleshooting When the DFL-160 does not behave as expected, the following CLI tools are available to troubleshoot problems. The stat CLI Command If a serious NetDefendOS problem is suspected then the first step should be to use the console command: > stat The stat command will indicate the date and time of the last system shutdown a[...]

  • Page 100

    ' ' Although dconsole output may be difficult to interpret by the administrator, it can be emailed to D-Link support representatives for further investigation. The dconsole command supersedes the crashdump command found in earlier versions of NetDefendOS. Restarting If a system is in a non-functional "frozen" state then system r[...]

  • Page 101

    Appendix A. CLI Reference This section summarizes in alphabetical order the command set that can be entered through a console connected to the RS232 console port on the DFL-160. Details of how to connect up a console device to the console COM port on the DFL-160 can be found in Section 2.4, “Console Port Connection”. Once the connection is made[...]

  • Page 102

    Example: DFL-160:/> arpsnoop all ARP snooping active on interfaces: lan wan dmz ARP on wan: gw-world requesting wan_ip ARP on lan: 192.168.123.5 requesting lan_ip Buffers This command can be useful for troubleshooting. For example, if an unexpectedly large number of packets begin queuing or when traffic does not seem to be flowing for an unknown[...]

  • Page 103

    Shows the contents of the most recently used buffer. Example: DFL-160:/> buff . Decode of buffer number 1059 lan: Enet 0050:dadf:7bbf > 0003:325c:cc00 type 0x0800 len 1058 IP 192.168.123.10 -> 193.13.79.1 IHL:20 DataLen:1024 TTL:254 Proto:ICMP ICMP Echo reply ID:6666 Seq:0 CfgLog Shows the results of the most recent reconfiguration or star[...]

  • Page 104

    Displays the contents of the file crashdump.dmp stored by NetDefendOS. The file contains critical diagnostic information which can help determine the reason for a critical system event. Syntax: crashdump Dconsole Displays a list of event information that is useful in pinpointing the occurrence of critical system errors. Syntax: dconsole DHCP Syntax[...]

  • Page 105

    Syntax: dns Options: -list - List pending DNS queries. -query=<domain-name> - Resolve domain name. -remove - Remove all pending DNS queries. Example: DFL-160:/> dns DNS client is initialized. Using servers: DNS Server 0 : 10.5.0.19 DNS Server 1 : Not set DNS Server 2 : Not set Frags Shows the 20 most recent fragment reassembly attempts. Th[...]

  • Page 106

    HTTPPoster_URL3: Host : "" Port : 0 Path : "" Post : "" User : "" Pass : "" Status: (not configured) IfStat Syntax: ifstat Shows a list of the interfaces installed. Example: DFL-160:/> ifstat Configured interfaces: Iface IP Address PBR membership Interface type ----- ---------- -------------- ---[...]

  • Page 107

    The Dropped counter in the software section states the number of packets discarded as the result of structural integrity tests or rule set drops. The IP Input Errs counter in the software section specifies the number of packets discarded due to checksum errors or IP headers broken beyond recognition. The latter is most likely the result of local ne[...]

  • Page 108

    Killsa Kills all IPsec and IKE SAs for the specified IP-address. Syntax: killsa <ipaddr> Example: DFL-160:/> killsa 192.168.0.2 Destroying all IPsec & IKE SAs for remote peer 192.168.0.2 License Shows the content of the license-file. Syntax: license Lockdown Sets local lockdown on or off. During local lockdown, only traffic from admin [...]

  • Page 109

    using PBR table "main". Echo reply from 192.168.12.1 seq=0 time= 10 ms TTL=255 DFL-160:/> ping 192.168.12.1 -v Sending 1 ping to 192.168.12.1 from 192.168.14.19 using PBR table "main". ... using route "192.168.12.0/22 via wan, no gw" in PBR table "main" Echo reply from 192.168.12.1 seq=0 time=<10 ms TTL[...]

  • Page 110

    Proxy ARP on : Local IP : (use iface IP in ARP queries) Metric : 0 Flags : Rules Shows the contents of the Rules configuration section. Syntax: rules [<options>] [<range>] Options: -schedule - Filter out rules that are not currently allowed by selected schedules. -type - Type of rules to display. -verbose - show all parameters of the ru[...]

  • Page 111

    ARPExpireUnknown : 15 ARPMulticast : DropLog ARPBroadcast : DropLog ARPCacheSize : 4096 ARPHashSize : 512 ARPHashSizeVLAN : 64 Shutdown Instructs NetDefendOS to perform a shutdown in a given number of seconds. It is not necessary to perform a shutdown before the system is powered off. Syntax: shutdown <seconds> If the <seconds> paramete[...]

  • Page 112

    (LBlock: 360424 bytes) 2003-04-24 00:03:46 Available KernelPoolMemory: 1048560 bytes (LBlock: 1048560 bytes) 2003-04-24 00:03:46 Available UserPoolMemory: 198868948 bytes 2003-04-24 00:03:46 Drive 0x00 present: (C/H/S/SC/M): (0x50/0x2/0x12/0x24/0xb3f) 2003-04-24 00:03:46 Drive 0x80 present: (C/H/S/SC/M): (0x3f2/0x10/0x33/0x330/0xc935f) 2003-04-24 0[...]

  • Page 113

    Database Version: 2 2006-10-04 10:13:18 HW Support: lc2350a Hardware DB Version: Latest Full:2006-10-04 10:13:18 Patch:N/A Status: Update server available Next update scheduled for: 2008-01-25 05:11:00 Urlcache Displays information related to the URL cache used by the Web Content Filtering function. Syntax: urlcache [options] Options: -v - Verbose [...]

  • Page 114

    LocalUsers 2 DFL-160:/> userdb LocalUsers Contents of user database LocalUsers: Username Groups Static IP Remote Networks --------- ------- --------- --------------- bob sales alice tech DFL-160:/> userdb LocalUsers bob Information for bob in database LocalUsers: Username : bob Groups : sales Networks : Userdb Appendix A. CLI Reference 113[...]

  • Page 115

    Appendix B. Windows IP Setup A Microsoft Windows PC can be used as the management workstation for initial setup of a DFL-160. Usually explicit configuration of the IP address of the PC's chosen Ethernet interface should not be needed since the DFL-160 automatically assigns the workstation's address using DHCP. If DHCP cannot be used, the [...]

  • Page 116

    The assigned IP address 192.168.10.30 could, infact, be another address from the 192.168.10.0/24 network. However, 192.168.10.30 is normally used by D-Link as a convention. Appendix B. Windows IP Setup 115[...]

  • Page 117

    Appendix C. Apple Mac IP Setup An Apple Mac can be used as the management workstation for setup of a DFL-160. Usually configuration of the IP address of the MAC's chosen Ethernet interface should not be needed since the DFL-160 automatically assigns the address using DHCP. If DHCP cannot be used, the workstation IP address should be configured[...]

  • Page 118

    5. Now set the following values: • IP Address: 192.168.10.30 • Subnet Mask: 255.255.255.0 • Router: 192.168.10.1 6. Click Apply to complete the static IP setup. Note Your revision of MacOS may differ slightly from the screenshots shown above but the setup method should be principal. Appendix C. Apple Mac IP Setup 117[...]

  • Page 119

    Appendix D. D-Link Worldwide Offices Below is a complete list of D-Link worldwide sales offices. Please check your own country area's local website for further details regarding support of D-Link products as well as contact details for local support. Australia 1 Giffnock Avenue, North Ryde, NSW 2113, Australia. TEL: 61-2-8899-1800, FAX: 61-2-8[...]

  • Page 120

    Italy Via Nino Bonnet n. 6/b, 20154 – Milano, Italy. TEL: 39-02-2900-0676, FAX: 39-02-2900-1723. Website: www.dlink.it LatinAmerica Isidora Goyeechea 2934, Ofcina 702, Las Condes, Santiago – Chile. TEL: 56-2-232-3185, FAX: 56-2-232-0923. Website: www.dlink.cl Luxemburg Rue des Colonies 11, B-1000 Brussels, Belgium TEL: +32 (0)2 517 7111, FAX: +[...]

  • Page 121

    Alphabetical Index A about CLI command, 100 administration, 22 username, 23 anti-virus, 61 status, 76 apple MAC IP setup, 116 arp CLI command, 100 arpsnoop CLI command, 100 audit username, 23 automatic logout, 15 B backups, 91 boot menu, 19, 96 browser connection, 13 buffers CLI command, 101 C certificate based IPsec, 48 cfglog CLI command, 102 CLI[...]

  • Page 122

    P phishing (see content filtering) ping, 70 ping CLI command, 70, 107 power LED, 9 PPTP client, 49 server, 50 pre-shared key with IPsec, 48 product support, 118 R reconfigure CLI command, 108 reset to factory defaults, 92 restoring a backup, 91 routes, 84 metrics, 84 routes CLI command, 108 rules CLI command, 109 S schedules, 67 with inbound traffi[...]

  • Page 123

    FCC EMI for Class B Statements Battery Caution: VCCI WARNING Statement Appendix: Product Statement FCC Interference Information This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful inter- ference, and (2) This device must accept any interference received, inc[...]