DFL-1660.pdf
(
2672 KB
)
Pobierz
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
Security
|
DFL-260E/860E/1660/2560(G)
1
DFL-260E/860E/1660/2560(G)
NetDefend UTM Firewall Series
Integrated Firewall/VPN
•
Powerful Firewall Engine
•
Virtual Private Network (VPN) Security
•
Granular Bandwidth Management
•
802.1Q VLAN Tagging and port-based VLAN
•
D-Link End-to-End Security Solutions (E2ES)
Integration with ZoneDefense
Today’s continuously shifting security
environment presents a challenge for
small/home oice networks with limited IT
capabilities. Fortunately, the D-Link
NetDefend Uniied Threat Management
(UTM) irewalls provide a powerful security
solution to protect business networks from
a wide variety of threats. UTM Firewalls ofer
a comprehensive defense against virus
attacks, unauthorised intrusions and harmful
content, successfully enhancing fundamental
capabilities for managing, monitoring and
maintaining a healthy network.
Powerful VPN Performance
NetDefend UTM Firewalls ofer an integrated
VPN Client and Server. This allows remote
oices to securely connect to a head oice
or a trusted partner network. Mobile users
working from home or remote locations can
also safely connect to the oice network to
access company data and e-mail. NetDefend
UTM Firewalls have hardware-based VPN
engines to support and manage a large
number of VPN conigurations. They support
IPSec, PPTP, and L2TP protocols in Client
Server mode and can handle pass- through
traic as well. Advanced VPN coniguration
options include: DES/3DES/AES/Twoish/
Blowish/ CAST-128 encryption, Manual or
IKE/ISAKMP key management, Quick/Main/
Aggressive Negotiation modes, and VPN
authentication support using either an external
RADIUS server or a large user database.
Advanced Functions
•
Stateful Packet Inspection (SPI)
•
Detect/Drop Intruding Packets
•
Server Load Balancing
•
Policy-Based Routing
Uniied Threat Management
•
Intrusion Prevention System (IPS)
•
Antivirus (AV) Protection
•
Web Content Filtering (WCF)
•
Optional Service Subscriptions
Enterprise-Class Firewall Security
NetDefend UTM Firewalls provide complete
advanced security features to manage,
monitor, and maintain a healthy and secure
network. Network management features
include: Remote Management, Bandwidth
Control Policies URL Black/White Lists,
Access Policies, and SNMP. For network
monitoring, these irewalls support e-mail
alerts, system logs, consistency checks and
real-time statistics.
Virtual Private Network
•
IPSec NAT Traversal
•
VPN Hub and Spoke
•
IPSec, PPTP, L2TP
•
DES, 3DES, AES, Twoish, Blowish,
CAST- 128 Encryption
•
Automated Key Management via
IKE/ISAKMP
•
Aggressive/Main/Quick Negotiation
UTM Services
Maintaining an efective defense against the
various threats originating from the Internet,
requires that all three databases used by the
NetDefend UTM Firewalls are kept up-to-date.
In order to provide a robust defense, D-Link
ofers optional NetDefend Firewall UTM
Service subscriptions which include updates
for each aspect of defense: Intrusion
Prevention Systems (IPS), Antivirus and Web
Content Filtering (WCF). NetDefend UTM
Subscriptions ensure that each of the
irewall’s service databases are complete
and efective.
Uniied Threat Management
NetDefend UTM Firewalls integrate an
intrusion detection and prevention system,
gateway antivirus and content iltering for
superior Layer 7 content inspection protection.
An acceleration engine increases throughput,
while the real-time update service keeps the
IPS information, antivirus signatures, and
URL databases current. Combined, these
enhancements help to protect the oice
network from application exploits, network
worms, malicious code attacks and provide
everything a business needs to safely
manage employee Internet access.
Enhanced Network Services
•
DHCP Server/Client/Relay
•
IGMP V3
•
H.323 NAT Traversal
•
Robust Application Security for ALGs
•
OSPF Dynamic Routing Protocol
•
Run-Time Web-Based Authentication
Performance Optimisation
•
UTM Acceleration Engine
•
Multiple WAN Interfaces for
Traic Load Sharing
Security
|
DFL-260E/860E/1660/2560(G)
2
DFL-260E/860E/1660/2560(G)
NetDefend UTM Firewall Series
Robust Intrusion Prevention
The NetDefend UTM Firewalls employ
component- based signatures. A unique IPS
technology which recognises and protects
against all varieties of known and unknown
attacks. This system can address all critical
aspects of an attack or potential attack
including payload, NOP sled, infection, and
exploits. In terms of signature coverage,
the IPS database includes attack information
and data from a global attack sensor-grid
and exploits collected data from public sites.
The NetDefend UTM Firewalls constantly
create and optimise NetDefend signatures
via the D-Link Auto-Signature Sensor System
without overloading existing security
appliances. These signatures ensure a high
ratio of detection accuracy and a low ratio
of false positives.
use granular policies and explicit black/
white lists to control access to certain types
of websites for any combination of users,
interfaces and IP networks. The irewall can
actively handle Internet content by stripping
potential malicious objects, such as Java
Applets, JavaScripts/VBScripts, ActiveX
objects, and cookies.
NetDefend UTM Subscription
The standard NetDefend UTM Subscription
provides your irewall with UTM service
updates for 12 months* starting from the
day you activate or extend your service.
The NetDefend UTM Subscription can be
renewed regularly to provide your irewalls
with the most up-to-date security service
available from D-Link.
NetDefend Center: http://www.netdefend.eu
*Actual service package may vary depending on region.
Stream-Based Virus Scanning
The NetDefend UTM Firewalls examine iles
of any size, using a stream-based virus
scanning technology which eliminates the
need to cache incoming iles. This zero-cache
scanning method not only increases inspection
performance, but also reduces network
bottlenecks. NetDefend UTM irewalls use
virus signatures from Kaspersky Labs to
provide systems with reliable and accurate
antivirus protection, as well as prompt signature
updates. Consequentially, viruses and malware
can be blocked before they reach the
desktops or mobile devices.
Powerful VPN Engine
Hardware-based data encryption and
authentication for IPSec, PPTP, and L2TP
in Client/Server mode enable fast and
safe handling of VPN traic. The Professional
Intrusion Prevention System (IPS) automatically
updates from a comprehensive IPS signature
database focus on attack payloads to protect
the network against zero-day attacks. The Real-
Time Antivirus Inspection engine scans using
the most complete, most up-to-date antivirus
signature database. Streaming-based pattern
matching provides the effective protection
against viruses.
Web Content Filtering
Web Content Filtering helps administrators
monitor, manage and control employee
Internet usage. The NetDefend UTM Firewalls
implement multiple global index servers with
millions of URLs and real-time website data
to enhance performance capacity and
maximize service availability. These irewalls
Security
|
DFL-260E/860E/1660/2560(G)
3
DFL-260E/860E/1660/2560(G)
NetDefend UTM Firewall Series
DFL-260E
•
Firewall Throughput: 150 Mbps
•
VPN Performance: 45 Mbps (3DES/AES)
•
1 10/100/1000 Ethernet WAN Ports
•
5 10/100/1000 Ethernet LAN Ports
•
1 10/100/1000 Ethernet DMZ Port
Fast, Eicient Web Content Filtering
Multiple index server implementation,
granular policies, black lists and active
content handlingenhance performance
and efectiveness of web suring control.
D-Link Green Certiied
The D-Link Green certiied DFL-1660 and
DFL-2560(G) are built with an 80 PLUS
internal power supply. 80 PLUS certiied
power supplies ofer increased reliability due
to greater eiciency, and provide a reduced
cost of ownership through longer equipment
life. Additionally, 80 PLUS power supplies
help prevent pollution by limiting energy
consumption, and run at a lower temperature
to reduce cooling costs.
Acceleration Engine for Uniied
Threat Management
A powerful processor allows the irewall
to carry out IPS and Antivirus scanning
simultaneously without performance
degradation.
DFL-860E
•
Firewall Throughput: 200 Mbps
•
VPN Performance: 60 Mbps (3DES/AES)
•
2 10/100/1000 Ethernet WAN Ports
•
8 10/100/1000 Ethernet LAN Ports
•
1 10/100/1000 Ethernet DMZ Port
The DFL-260E and DFL-860E save energy
automatically through cable length and link
status detection. By detecting the length of
cables connected to a port, the amount of
power used for the port can be adjusted,
only using as much as is needed. The DFL-
260E/860E can also detect if a port is not in
use, such as when a connected computer
is shut down or if nothing is connected to
the port, and can automatically reduce the
power used for that port, cutting energy
used for it by a substantial amount.
Licensed for Unlimited Users
Optional subscription services for IPS,
Antivirus Scanning and Web Content Filtering
are priced per irewall rather than per user,
thus reducing the total cost of ownership for
licensing.
DFL-1660
•
Firewall Throughput: 1.2 Gbps
•
VPN Performance: 350 Mbps (3DES/AES)
•
6 Conigurable Gigabit Ethernet Ports
DFL-2560(G)
•
Firewall Throughput: 2 Gbps
•
VPN Performance: 1 Gbps (3DES/AES)
•
10 Conigurable Gigabit Ethernet Ports
•
4 SFP Ports (DFL-2560G)
WAN Link Load-Balancing and
Fault-Tolerance
Multiple WAN ports support traic load
balancing and failover, guaranteeing Internet
availability and bandwidth.
D-Link Green certiied devices comply with
RoHS (Restriction of Hazardous Substances)
and WEEE (Waste Electrical and Electronic
Equipment) directives. RoHS directives
restrict the use of speciic hazardous
materials during manufacturing, while
WEEE implements standards for proper
recycling and disposal. Together, these
considerations make D-Link Green irewall
products the environmentally responsible
choice.
D-Link End-to-End Security (E2ES)
Solutions*
The ZoneDefense mechanism operating in
conjunction with D-Link xStack switches
automatically quarantines infected
workstations and prevents them from
looding the internal network with
malicious traic.
*For DFL-860E, DFL-1660, and DFL-2560(G) only
dlink
Security
|
DFL-260E/860E/1660/2560(G)
4
Technical Speciications
DFL-260E
DFL-860E
DFL-1660
DFL-2560(G)
Interfaces
1 10/100/1000 WAN
1 10/100/1000 DMZ
(conigurable)
5 10/100/1000 LAN
2 10/100/1000 WAN
1 10/100/1000 DMZ
(conigurable)
8 10/100/1000 LAN
6 conigurable
10/100/1000
10 conigurable
10/100/1000
Ethernet
4 SFP ports (DFL-
2560G only)
7
SFP
2 USB ports
(reserved)
2 USB ports
(reserved)
2 USB ports
(reserved)
2 USB ports
(reserved)
USB
Console
RJ-45
RJ-45
1 DB-9 RS-232
1 DB-9 RS-232
System
Performance
1
Firewall Throughput
2
150 Mbps
200 Mbps
1.2 Gbps
2 Gbps
VPN Throughput
3
45 Mbps
60 Mbps
350 Mbps
1 Gbps
IPS Throughput
4
60 Mbps
80 Mbps
400 Mbps
600 Mbps
Antivirus Through-
put
4
35 Mbps
50 Mbps
225 Mbps
450 Mbps
Concurrent Sessions
25,000
5
40,000
5
600,000
1,500,000
New Sessions
(per second)
2,000
4,000
15,000
20,000
Policies
500
1,000
4,000
6,000
Firewall System
Transparent Mode
√
√
√
√
NAT, PAT
√
√
√
√
Dynamic Routing
Protocol
OSPF
H.323 NAT Traversal
√
√
√
√
Time-Scheduled
Policies
√
√
√
√
Application Layer
Gateway
√
√
√
√
Proactive End-Point
Security
ZoneDefense
Networking
DHCP Server/Client
√
√
√
√
DHCP Relay
√
√
√
√
Policy-Based Routing
√
√
√
√
IEEE 802.1q VLAN
8
16
1024
2048
Port-based VLAN
√
√
√
√
IP Multicast
IGMP v3
Security
|
DFL-260E/860E/1660/2560(G)
5
Technical Speciications
DFL-260E
DFL-860E
DFL-1660
DFL-2560(G)
Virtual Private
Network (VPN)
Encryption Methods
(DES/ 3DES/ AES/ Twoish/
Blowish/ CAST-128)
√
√
√
√
Dedicated VPN
Tunnels
100
300
5
2,500
5,000
PPTP/L2TP Server
√
√
√
√
Hub and Spoke
√
√
√
√
IPSec NAT Traversal
√
√
√
√
SSL VPN
Available in future update
Trafic Load
Balancing
Outbound Load
Balancing
√
√
√
√
Server Load
Balancing
√
√
√
Outbound Load
Balance Algorithms
Round-robin, Weight-based Round-robin, Destination-based, Spill-over
Traic Redirect at
Fail-Over
√
√
√
√
Bandwidth
Management
Policy-Based Traic
Shaping
√
√
√
√
Guaranteed
Bandwidth
√
√
√
√
Maximum
Bandwidth
√
√
√
√
Priority Bandwidth
√
√
√
√
Dynamic Bandwidth
Balancing
√
√
√
√
High Availability
(HA)
WAN Fail-Over
√
√
√
√
Active-Passive Mode
√
√
Device Failure
Detection
√
√
Link Failure
Detection
√
√
FW/VPN Session SYN
√
√
Intrusion
Detection &
Prevention
System
(IDP/IPS)
Automatic Pattern
Update
√
√
√
√
DoS, DDoS
Protection
√
√
√
√
Attack Alarm via
E-mail
√
√
√
√
Advanced IDP/IPS
Subscription
√
√
√
√
IP Blacklist by
Threshold or IDP/IPS
√
√
√
Plik z chomika:
jimasek
Inne pliki z tego folderu:
DCS-32-4.pdf
(546 KB)
DCS-3410.pdf
(452 KB)
DCS-3710.pdf
(561 KB)
DCS-45.pdf
(442 KB)
DAP-1522_Rev02.pdf
(1245 KB)
Inne foldery tego chomika:
DI-206
DI-524
DI-524UP
DI-624
DIR-100
Zgłoś jeśli
naruszono regulamin