Ips firewalls, Utm firewalls – D-Link DAS-3324G User Manual

D-Link Product Guide 2008



D-Link Product Guide 2008



iPS FiREwallS

The IPS (Intrusion Prevention Service) firewalls provide an all-in-one business-class security solution with integrated functions including

firewall, load balance, fault tolerance, content filtering, user authentication, Denial of Service (DoS) protection, Virtual Private Network

(VPN) remote connection and malicious internal traffic prevention. These firewalls come with multiple user-configurable interfaces,

including high-speed Gigabit ports, for flexible, bottleneck-free network deployments linking different workgroups and enterprises

together.

D-Link NetDefend firewalls adopt a unique IPS technology - component-based signatures, which are built to recognize and protect

against all varieties of known and unknown attacks, and which can address all critical aspects of an attack or potential attack including

payload, NOP sled, infection, and exploits. In terms of signature coverage, the IPS database includes attack information and data from

a global attack sensor-grid and exploits collected from public sites such as the National Vulnerability Database and Bugtrax. These

firewalls deliver high quality IPS signatures by constantly creating and optimizing NetDefend signatures via the D-Link Auto-Signature

Sensor System. Without overloading existing security appliances, these signatures ensure a high ratio of detection accuracy and the

lowest ratio of false positives.

To minimize any impact of a disaster on an entire network, D-Link NetDefend firewalls include a special feature called ZoneDefense - a

mechanism that operates seamlessly with D-Link xStack switches to perform proactive network security. ZoneDefense automatically

quarantines infected computers on the network and prevents them from flooding the network with malicious traffic.

D-Link NetDefend firewalls can be remotely managed via a web-based interface or through a dedicated VPN connection. They include
flexible features to monitor and maintain a healthy and secure network, such as e-mail alerts, system log and real-time statistics.

Function/Feature

6 User-Configurable

Gigabit Ports

8 User-Configurable

Gigabit Ports

1 Ethernet WAN

1 Ethernet DMZ

4 Ethernet LANs

2 Ethernet WANs

1 Ethernet DMZ

7 Ethernet LANs

320Mbps

120Mbps

400,000

2,500

600Mbps

300Mbps

1,000,000

4,000

50Mbps

10Mbps

3,000

500

150Mbps

60Mbps

25,000

1,000

Proxy Arp

80

DES/3DES/AES Only

3 Types

3 Types

3 Types

All Methods

300

All Methods

1 200

,

All Methods

2,500

IGMP v3

IGMP v3

IGMP v3

OSPF

OSPF

OSPF

IPS Firewall

DFL-800

For Small

Business

DFL-1600

For Medium-Sized

Business

ZoneDefense

ZoneDefense

ZoneDefense

1 Ethernet WAN

1 Ethernet DMZ

(User-Configurable)

4 Ethernet LANs

80Mbps

25Mbps

12,000

500

IGMP v3

All Methods

100

When DMZ Configured as WAN 2

2 Types (Without Stickiness)

DFL-2500

For Enterprise

DFL-200

For SOHO

***

***

***

***

DFL-210

For Workgroup &

Branch Office

Interface

IM/P2P Blocking

Ethernet: 10/100BASE-TX Ports
Gigabit: 10/100/1000BASE-T Ports

Firewall Throughput
VPN Throughput
Concurrent Sessions
Policies

System

Performance

Transparent Mode
NAT, PAT
Dynamic Routing Protocol
H.323 NAT Traversal
Application Layer Gateway (ALG)
Proactive Network Security

Firewall System

Networking

VPN

Traffic

Load Balance

Bandwidth

Management

DHCP Server/Client
DHCP Relay
Policy-Based Routing
802.1q VLAN
IP Multicast *
Encryption Methods
(DES/3DES/AES/Twofish/Blowfish/CAST-128)
Dedicated VPN Tunnels **
PPTP/L2TP Server
Hub and Spoke
IPSec NAT Traversal
Outbound Load Balancing *
Server Load Balancing
Load balance Algorithms
Traffic Redirect When Fail-Over
Policy-Based Traffic Shaping
Guaranteed Bandwidth
Maximum Bandwidth
Priority Bandwidth
Dynamic Bandwidth Limit Balancing

NIDS Pattern
Automatic Pattern Update
DoS/DDoS Protection
Attack Alarm Via Email
Advanced IPS/IDP Subscription

Intrusion Detection

& Prevention

(IPS/IDP)

IM/P2P Application Support

* Function available in future firmware upgrade.

** Include PPTP, L2TP and IPSec tunnels; all included VPN tunnels are licensed.

*** Supported IM/P2P applications include 2 Find MP3, Aimini, AOL instant Messenger, ANts P2P, Ares P2P, Bit Torrent, Direct Connect, eDonkey,

Gnutella, KaZaA, KCeasy, WinMX, iTunes, IRC, MSN Messenger, Yahoo! Messenger (based on Sep. 22, 2006 pattern version).

UTM FiREwallS

The NetDefend UTM firewalls incorporate an Intrusion Prevention System (IPS), gateway Anti-Virus (AV), and Web Content Filtering

(WCF) for superior Layer 7 content inspection protection. These firewalls use a hardware accelerator approach to increase IPS and

AV throughput, and a web surfing control database containing millions of URLs for WCF. IPS, Anti-Virus and URL database real-time

update services protect enterprise networks from application exploits, network worms, malicious code attacks, and provide everything

businesses need to manage employee Internet access behavior. Maintaining an effective defense against the various threats originating

from the Internet requires that all three databases used by the UTM firewalls are kept up-to-date. In order to provide a robust defense,

D-Link offers NetDefend Firewall UTM Services which include distinct NetDefend service updates for each aspect of network defenses:

IPS, Anti-Virus, and WCF. NetDefend Firewall UTM Services ensure that each of the UTM firewall’s service databases is always

accurate and current.
The UTM firewalls feature:

●

Real-time AntiVirus Gateway Inspection (AV)

●

Professional Intrusion Prevention System (IPS)

●

Automatic signature update

●

Zero Day Attack protection

●

Web Content Filtering (WCF)

●

Low-cost licensing using per-firewall service maintenance

The UTM firewalls are shipped with 12 months’ Intrusion Prevention System (IPS) subscription, 12 months’ Anti-Virus (AV) subscription,

and 90 days’ Web Content Filtering (WCF) subscription - free of charge. Upon expiration of these free subscription services, users can
extend their subscriptions by purchasing NetDefend UTM subscriptions for selective services.

* Available in future firmware upgrade

** Include PPTP, L2TP and IPSec tunnels; all included VPN tunnels are licensed.

*** Supported IM/P2P applications include 2 Find MP3, Aimini, AOL instant Messenger, ANts P2P, Ares P2P, Bit Torrent, Direct Connect, eDonkey,

Gnutella, KaZaA, KCeasy, WinMX, iTunes, IRC, MSN Messenger, Yahoo! Messenger (based on Sep. 22, 2006 pattern version).

Function/Feature

150Mbps

60Mbps

25,000

1,000

3 Types

OSPF

ZoneDefense

80Mbps

25Mbps

12,000

500

IGMP v3

100

When DMZ Configured as WAN 2

2 Types (Without Stickiness)

***

UTM Firewall

DFL-260

For Workgroup & Branch Office

DFL-860

For Small Business

1 WAN

1 DMZ (User-Configurable)

4 LAN

2 WAN

1 DMZ

7 LAN

DES, 3DES, AES, Twofish, Blowfish, CAST-128

URL, Keyword

Java, Cookie, ActiveX, VB

Blacklist, Keyword

IGMP v3

300

DES, 3DES, AES, Twofish, Blowfish, CAST-128

Kaspersky

***

URL, Keyword

Java, Cookie, ActiveX, VB

Blacklist, Keyword

Kaspersky

Interface

IM/P2P Blocking

Firewall Throughput

VPN Throughput

Concurrent Sessions
Policies

System

Performance

Firewall System

Networking

VPN

Traffic

Load Balance

Bandwidth

Management

DHCP Server/Client
DHCP Relay
Policy-Based Routing
802.1q VLAN
IP Multicast *

Outbound Load Balancing *
Server Load Balancing
Load balance Algorithms
Traffic Redirect When Fail-Over
Policy-Based Traffic Shaping

Guaranteed Bandwidth
Maximum Bandwidth

Priority Bandwidth
Dynamic Bandwidth Limit Balancing

Intrusion Detection

& Prevention

(IPS/IDP)

10/100BASE-TX Ethernet Ports

Transparent Mode
NAT, PAT
Dynamic Routing Protocol
H.323 NAT Traversal
Application Layer Gateway (ALG)
Proactive Network Security

Encryption Methods
Dedicated VPN Tunnels **
PPTP/L2TP Server
Hub and Spoke
IPSec NAT Traversal

IM/P2P Application Support

NIDS Pattern
Automatic Pattern Update
DoS, DDoS Protection
Customizable Detection Signature
Attack Alarm via Email

Content
Filtering

HTTP Type
Script Type
Email Type*
External Database Content Filtering
Real Time AV Scanning
Unlimited File Size
Scans VPN Tunnels
Supported Compression File
Signature Licensor
Automatic Pattern Update

Anti-Virus