D-Link DFL-2500 Networks Cards > Downloads Drivers, Manual and Firmware

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Firmware

Operating System

Firmware

Version

2.26.00.06

Size Driver

4.3MB

File Name

dfl-2500_fw_v2.26.00.06.zip

Observations

Content:
Revision History and System Requirement: ............................................................ 2
Upgrading Instructions:....................................................................................... 2
Upgrading by using CLI via SCP protocol ........................................................ 2
Upgrading by using Web-UI .......................................................................... 2
New Features: ................................................................................................... 2
Changes of MIB & D-View Module: ........................................................................ 4
Problems Fixed: ................................................................................................. 4
Known Issues: ................................................................................................. 17
Related Documentation: .................................................................................... 20

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Firmware

Operating System

Firmware

Version

2.20.03.08

Size Driver

4.1MB

File Name

dfl-2500_fw_v2.20.03.08.zip

Observations

D-Link NetDefendOS Release Notes
Version: 2.20.03
Platform Compatibility: DFL-210/260/800/860/1600/2500
Hardware Version: A1 (for all models), A2/A3/A4 (for DFL-210/800/1600/2500)
Date: Oct 21, 2008
Important Note:
For DFL-210/260/800/860, both LAN and DMZ ports cannot support to manually configure
interface speed, since IXP4NPE driver only allows auto/auto configuration. If users try to configure
the interface speed manually, the configuration will revert back to auto/auto on Web GUI as a
dummy-proof mechanism in the firmware v2.20.03.
New Features and Enhancements
1. No new features were introduced in the 2.20.03 release.
Problems Resolved
1. Fixed issue with DHCP NAK reception during initial phase of reconfiguration.
2. Fixed issue in OSPF where an LSA could be incorrectly deleted after being re-originated.
3. The interface listings for Marvell Yukon interfaces showed incorrect IRQ values.
It affects in DFL-1600 and DFL-2500 only.
4. The amount of memory used by the IDP engine was too high. The memory consumption has
now been reduced.
5. E-mails from e-mail addresses in the whitelist were blocked if they were classified as spam
messages. Now all e-mails sent from whitelisted addresses will be let through, even if they are
classified as spam.
6. Fixed leap year problem where leap year day was added to January instead of February.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Bandwidth Management

Information

Manual

Operating System

Manual

Size Driver

1.3MB

File Name

dfl-800_1600_2500-bandwidth_management.pdf

Observations

Overview
In this document, the notation Objects->Address book means that in the tree on the left
side of the screen Objects first should be clicked (expanded) and then Address Book.
Most of the examples in this document are adapted for the DFL-800. The same settings can
easily be used for all other models in the series. The only difference is the names of the
interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan
interfaces are named lan1, lan2 and lan3 not just lan.
The screenshots in this document is from firmware version 2.04.00. If you are using a later
version of the firmware, the screenshots may not be identical to what you see on your
browser.
To prevent existing settings to interfere with the settings in these guides, reset the
firewall to factory defaults before starting.
How to configure Bandwidth Management
Details for this scenario:
- The WAN1 and WAN2 are using static IP with different ISP xDSL circuits. Both
circuits bandwidth are 1Mbps (in this case, assume 1Mb=1000Kb).
- From LAN to WAN1 HTTP, HTTPS, POP3 and other services connect to
Internet.

- WAN1: For inbound and outbound HTTP and HTTPS, the maximum bandwidth is 500Kb.
- WAN1: For inbound and outbound POP3, the guaranteed bandwidth is 300Kb (maximum
bandwidth is 1000Kb).
- WAN1: For other inbound and outbound service, the maximum bandwidth is 200Kb.
- From LAN to WAN2 SMTP, FTP and VoIP services connect to Internet.
- WAN2: For inbound and outbound SMTP, the guaranteed bandwidth is 500Kb (the
maximum bandwidth is 1000Kb)
- WAN2: For inbound and outbound FTP, the maximum bandwidth is 250Kb.
- WAN2: For inbound and outbound VoIP, the guaranteed bandwidth is 250Kb.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Transparent mode in DHCP environment

Information

Manual

Operating System

Manual

Size Driver

188KB

File Name

dfl-800_1600_2500-transparent_mode_in_dhcp_network_environment.pdf

Observations

Overview
In this document, the notation Objects->Address book means that in the tree on the left
side of the screen Objects first should be clicked (expanded) and then Address Book.
Most of the examples in this document are adapted for the DFL-800. The same settings can
easily be used for all other models in the series. The only difference is the names of the
interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan
interfaces are named lan1, lan2 and lan3 not just lan.
The screenshots in this document is from firmware version 2.04.00. If you are using a later
version of the firmware, the screenshots may not be identical to what you see on your
browser.
To prevent existing settings to interfere with the settings in these guides, reset the
firewall to factory defaults before starting.
How to configure transparent mode
This scenario shows how a firewall in Transparent Mode can be placed into an
existing network between an Internet access router and LAN, without the need
to reconfigure clients in LAN.
The WAN and LAN interfaces of the firewall will be configured to operate in Transparent
Mode. It is preferred to configure IP addresses on the WAN and LAN interfaces, as this can
improve performance during automatic discovering of hosts.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise User Authentication of Web Access

Information

Manual

Operating System

Manual

Size Driver

828KB

File Name

dfl-800_1600_2500-user_authentication_for_web_access.pdf

Observations

Overview
In this document, the notation Objects->Address book means that in the tree on the left
side of the screen Objects first should be clicked (expanded) and then Address Book.
Most of the examples in this document are adapted for the DFL-800. The same settings can
easily be used for all other models in the series. The only difference is the names of the
interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan
interfaces are named lan1, lan2 and lan3 not just lan.
The screenshots in this document is from firmware version 2.11.02. If you are using an
earlier version of the firmware, the screenshots may not be identical to what you see on
your browser.
To prevent existing settings to interfere with the settings in these guides, reset the
firewall to factory defaults before starting.
Require user authentication for web access......................................................... 3
Require user authentication for web access
This scenario shows how to configure the firewall to require user authentication before
local users can browse the Internet. The user will automatically be redirected to the
login page if not already authenticated. In the end of this guide there is also an
explanation of an alternative set up - how to configure the firewall to use
authentication without the automatic redirection.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Datasheet

Information

Manual

Operating System

Manual

Size Driver

2.1MB

File Name

dfl-2500.pdf

Observations

D-Link’s NetDefend Firewall Series packs an
impressive set of features including high-speed
processors, extensive signature databases,
and the power to handle up to a million
concurrent sessions. Enclosed in an industrial
chassis, these firewalls include multiple
user-configurable interfaces, including highspeed
Gigabit ports for flexible, scalable and
bottleneck-free network deployment.
NetDefend makes use of component-based
signatures3 which are built to recognize
and protect against all varieties of known
and unknown attacks. The IPS system can
address all critical aspects of an attack or
potential attack including the payload, NO P
sled, infection, and any exploits. The IPS
database includes attack information and data
from a global attack sensor-grid and exploits
collected from public sites such as the National
Vulnerability Database and Bugtrax.
The D-Link constantly updates its Auto-
Signature Sensor System in order to deliver
high-quality, optimized, IPS signatures. Without
overloading existing security appliances, these
signatures ensure a high ratio of detection
accuracy and the lowest ratio of false positives3.
D-Link NetDefend firewalls can be remotely
managed via a web-based interface or through
a dedicated VPN connection. They include
flexible features to monitor and maintain a
healthy and secure network, such as e-mail
alerts, system log and real-time statistics.
To minimize the impact of any event on an
entire network, D-Link NetDefend firewalls
include a special feature called ZoneDefense
- a mechanism that operates seamlessly with
D-Link xStack switches to perform proactive
network security. ZoneDefense automatically
quarantines infected computers and prevents
them from flooding the network with malicious
traffic.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Example on how to setup WAN Failover no PBR no Load Sharing

Information

Manual

Operating System

Manual

Size Driver

566KB

File Name

dfl-800_1600_2500-wan_failover.pdf

Observations

WAN Failover
What is WAN Failover?
There are two WAN ports on this firewall.
You can use WAN Failover if you need redundancy to your Internet connection or
any other network.
How does is work?
You need to assign one WAN connection as the primary, which will route all traffic
when both links works.
If WAN1 connection drops, all traffic will be re-routed through the WAN2 port.
If WAN2 connection drops, all traffic will be re-routed through the WAN1 port.
The methods this firewall uses to detect a dropping connection are
- If link goes down (e.g. ethernet cable unplugged or gateway power failure)
- ARP Lookup
Setup
This example is a DFL-800 with two NAT routers, DSL-504T setup on two different
ADSL lines. It can be implemented on DFL-1600 and DFL-2500 as well, with various
different WAN connections.
We assume the routers are setup for Internet and that DHCP is enabled.
We assign WAN1 to be the primary connection; WAN2 should only be used if
WAN1 connection dropped.
Customize
Please note that the WAN ports can be setup as Static or PPPoE instead.
You can still use these setup instructions, after you setup your WAN ports for you
specific connections.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Log Reference Guide v1.03

Information

Manual

Operating System

Manual

Size Driver

2.3MB

File Name

dfl_log_reference_guide_v1.03.pdf

Observations

Preface ...............................................................................................................27
1. Introduction .....................................................................................................29
1.1. Log Message Structure ............................................................................29
1.2. Context Parameters .................................................................................31
1.3. Statistics (usage) ....................................................................................35
1.4. Severity levels .......................................................................................36
2. Log Message Reference .....................................................................................38
2.1. ALG ....................................................................................................39
2.1.1. alg_session_open (ID: 00200001) ...................................................39
2.1.2. alg_session_closed (ID: 00200002) .................................................40
2.1.3. max_line_length_exceeded (ID: 00200003) ......................................40
2.1.4. alg_session_allocation_failure (ID: 00200009) ..................................40
2.1.5. invalid_client_http_header_received (ID: 00200100) ..........................41
2.1.6. invalid_url_format (ID: 00200101) .................................................41
2.1.7. unknown_client_data_received (ID: 00200105) .................................41
2.1.8. suspicious_data_received (ID: 00200106) .........................................42
2.1.9. invalid_chunked_encoding (ID: 00200107) .......................................42
2.1.10. invalid_server_http_header_received (ID: 00200108) ........................43
2.1.11. compressed_data_received (ID: 00200109) .....................................43
2.1.12. max_http_sessions_reached (ID: 00200110) ....................................43
2.1.13. failed_create_new_session (ID: 00200111) .....................................44
2.1.14. failure_connect_http_server (ID: 00200112) ....................................44
2.1.15. content_type_mismatch (ID: 00200113) .........................................44
2.1.16. wcf_override_full (ID: 00200114) .................................................45
2.1.17. content_filtering_disabled (ID: 00200115) ......................................45
2.1.18. max_download_size_reached (ID: 00200116) ..................................45
2.1.19. blocked_filetype (ID: 00200117) ...................................................46
2.1.20. out_of_memory (ID: 00200118) ....................................................46
2.1.21. wcf_servers_unreachable (ID: 00200119) .......................................46
2.1.22. wcf_srv_connection_error (ID: 00200120) ......................................47
2.1.23. wcf_server_unreachable (ID: 00200121) ........................................47
2.1.24. wcf_connecting (ID: 00200122) ....................................................48
2.1.25. wcf_server_connected (ID: 00200123) ...........................................48
2.1.26. wcf_primary_fallback (ID: 00200124) ...........................................48
2.1.27. request_url (ID: 00200125) ..........................................................48
2.1.28. request_url (ID: 00200126) ..........................................................49
2.1.29. request_url (ID: 00200129) ..........................................................49
2.1.30. out_of_memory (ID: 00200130) ....................................................50
2.1.31. restricted_site_notice (ID: 00200132) ............................................50
2.1.32. url_reclassification_request (ID: 00200133) ....................................50
2.1.33. max_smtp_sessions_reached (ID: 00200150) ..................................51
2.1.34. maximum_email_per_minute_reached (ID: 00200151) ......................51
2.1.35. failed_create_new_session (ID: 00200152) .....................................52
2.1.36. failed_connect_smtp_server (ID: 00200153) ...................................52
2.1.37. invalid_server_response (ID: 00200155) .........................................52
2.1.38. sender_email_id_mismatched (ID: 00200157) .................................53
2.1.39. sender_email_id_is_in_blacklist (ID: 00200158) ..............................53
2.1.40. recipient_email_id_in_blacklist (ID: 00200159) ...............................53
2.1.41. some_recipient_email_ids_are_in_blocklist (ID: 00200160) ...............54
2.1.42. base64_decode_failed (ID: 00200164) ...........................................54
2.1.43. base64_decode_failed (ID: 00200165) ...........................................55
2.1.44. blocked_filetype (ID: 00200166) ...................................................55

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise How to configure DNS Relay

Information

Manual

Operating System

Manual

Size Driver

167KB

File Name

dfl-800_1600_2500-how_to_configure_dns_relay.pdf

Observations

How to configure DNS Relay
This example describes about firewalls support to relay DNS query packets from LAN to
Internet for domain name resolving. All DFL firewalls (DFL-210/800/1600/2500) support
this feature from firmware v2.04 and later.
Note: About this feature, it performs relay/forward DNS packets only since D-Link DFL
firewalls don’t built-in DNS server in system kernel. Therefore, it can not instead of real
DNS server to provide domain name resolving and related functionality.
Details:
- LAN IP on firewall: 192.168.1.1 (with the function of DNS relay)
- Lannet on firewall: 192.168.1.0/24
- DNS Server on Internet: 12.0.0.1
1. Addresses
Go to Objects -> Address book -> InterfaceAddresses
Create an IP Address called dns_server with address 12.0.0.1
Click Ok.
2. Create IP Rules to redirect DNS packets to Internet
Go to Rules -> IP Rules
Create a new IP Rule with SAT action.
In the General tab:

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Quick Installation Guide

Information

Quick Installation Guide

Operating System

Manual

Size Driver

4MB

File Name

dfl-2500_a1_qig_1-00.pdf

Observations

1.Before You Begin
1.1 Check Your Package Contents....................................................................1
2.Indentifying Components
2.1 Front View................................................................................................2
2.2 LCD Panel.................................................................................................3
2.3 LED Indicators...........................................................................................5
2.4 Default interface attribute definition..........................................................5
3.Connecting the DFL-2500
3.1 Setting up Firewall to your Network........................................................6
4.Configure DFL-2500
4.1 Configure your Computer’s IP..................................................................7
4.2 Using the Setup Wizard.............................................................................8
5.Appendix
5.1 How to Configure Static IP Manually on Microsoft Windows XP..............16
5.2 How to Configure Static IP Manually on Apple MAC OS X...........................17

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise IPS Pattern List

Information

Software

Operating System

Manual

Version

1.00

Size Driver

73KB

File Name

dfl-200_700_800_1100_1600_2500_a1_ips_pattern_list_2005_0622.pdf

Observations

D-Link Corporation
DFL-200/700/800/1100/1600/2500
Network Security Firewall
IPS Pattern List

DFL-200/700/800/1100/1600/2500 Pattern List Revision History
Version Revised Date Author Description
1.0 2005/8/2 Merlin Shao Initial DFL-800/1600/2500 IPS Pattern List.

IPS Pattern List
No. Pattern Name
1 SHELLCODE sparc setuid 0
2 SHELLCODE x86 setgid 0
3 SHELLCODE x86 setuid 0
4 SHELLCODE SGI NOOP
5 SHELLCODE SGI NOOP
6 SHELLCODE AIX NOOP
7 SHELLCODE Digital UNIX NOOP
8 SHELLCODE HP-UX NOOP
9 SHELLCODE HP-UX NOOP
10 SHELLCODE sparc NOOP
11 SHELLCODE sparc NOOP
12 SHELLCODE sparc NOOP
13 SHELLCODE x86 NOOP
14 SHELLCODE x86 stealth NOOP
15 SHELLCODE x86 unicode NOOP
16 SHELLCODE Linux shellcode
17 SHELLCODE x86 inc ebx NOOP
18 SHELLCODE x86 NOOP
19 SHELLCODE x86 EB OC NOOP
20 ATTACK-RESPONSES Windows directory listing
21 ATTACK-RESPONSES successful gobbles sshutuptheo exploit
22 ATTACK-RESPONSES successful gobbles sshutuptheo exploit
23 ATTACK-RESPONSES command completed
24 ATTACK-RESPONSES command error
25 ATTACK-RESPONSES index of /cgi-bin/ response
26 ATTACK-RESPONSES Microsoft cmd.exe banner
27 EXPLOIT ssh CRC32 overflow /bin/sh
28 EXPLOIT ssh CRC32 overflow NOOP
29 EXPLOIT Netscape 4.7 client overflow
30 EXPLOIT nlps x86 Solaris overflow
31 EXPLOIT LPRng overflow
32 EXPLOIT Redhat 7.0 lprd overflow

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise How to configure VLAN

Information

Manual

Operating System

Manual

Size Driver

269KB

File Name

dfl-800_1600_2500-how_to_configure_vlan.pdf

Observations

How to Configure VLAN
This example requires a DFL-1600 or 2500 to be fully implemented. Most settings can
however also be used on a DFL-210 or DFL-800.
Two tag based VLANs will be created on lan3, that connect to switch port with VLAN tag.
Details:
- From lan1, lan2 and lan3: HTTP, HTTPS and DNS connect to Internet via wan2.
- All internal nets can also access the Mail server in dmz.
- Only VLAN2 can access the FTP server in dmz.

1. Addresses
Go to Objects -> Address book -> InterfaceAddresses
Make sure the configured addresses match the following list, and add the objects that not
already exist. To add new objects, select IP address from the add dropdown, enter name and
address and click ok.
2. Ethernet interfaces
Go to Interfaces -> Ethernet.
Edit the wan1 interface to use the following settings.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise How to configure WAN load sharing and failover for two ISPs

Information

Manual

Operating System

Manual

Size Driver

426KB

File Name

dfl-800_1600_2500-how_to_configure_wan_load_sharing_and_failover_for_two_isps.pdf

Observations

Overview
In this document, the notation Objects->Address book means that in the tree on the left
side of the screen Objects first should be clicked (expanded) and then Address Book.
Most of the examples in this document are adapted for the DFL-800. The same settings can
easily be used for all other models in the series. The only difference is the names of the
interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan
interfaces are named lan1, lan2 and lan3 not just lan.
The screenshots in this document is from firmware version 2.11.02. If you are using an
earlier version of the firmware, the screenshots may not be identical to what you see on
your browser.
To prevent existing settings to interfere with the settings in these guides, reset the
firewall to factory defaults before starting.
How to configure WAN loading sharing and failover for two ISPs
using policy based routing
Details for this scenario:
- WAN1 is using dynamic IP with PPPoE
- WAN2 is using a static IP
- From LAN to WAN direction on WAN1 interface, HTTP, HTTPS and FTP services are
allowed to connect to Internet.
- From LAN to WAN direction on WAN2 interface, SMTP, POP3 and Ping services are
allowed to connect to Internet.
WAN1 and WAN2 interface serve for different Internet services at the same time;
meanwhile if any WAN circuit fails, all services will be redirected to the other WAN
interface. When the failed circuit returns to normal, these services will come back to
original WAN circuit.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise VPN Setup LAN to Multi-LAN

Information

Manual

Operating System

Manual

Size Driver

1.2MB

File Name

dfl-800_1600_2500-vpn_lan_to_multi_lan.pdf

Observations

Overview
In this document, the notation Objects->Address book means that in the tree on the left
side of the screen Objects first should be clicked (expanded) and then Address Book.
Most of the examples in this document are adapted for the DFL-800. The same settings can
easily be used for all other models in the series. The only difference is the names of the
interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan
interfaces are named lan1, lan2 and lan3 not just lan.
The screenshots in this document is from firmware version 2.04.00. If you are using a later
version of the firmware, the screenshots may not be identical to what you see on your
browser.
To prevent existing settings to interfere with the settings in these guides, reset the
firewall to factory defaults before starting.
Configure lan-to-lan tunnels between a main office and two
remote offices (sometimes called Hub and Spoke).
This guide shows how to configure tunnels between three firewalls. First create
one tunnel from firewall A to firewall B and then a second tunnel from firewall A
to firewall C. Users behind firewall B should be able to reach resources behind
firewall C (and the other way around).

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise CLI Reference Manual v1.03

Information

Manual

Operating System

Manual

Size Driver

1.1MB

File Name

dfl_cli_reference_guide_v1.03.pdf

Observations

Preface ................................................................................................................ 9
1. Introduction .....................................................................................................11
1.1. Running a command ...............................................................................11
1.2. Help ....................................................................................................12
1.2.1. Help for commands ......................................................................12
1.2.2. Help for object types ....................................................................12
1.3. Function keys ........................................................................................13
1.4. Command line history .............................................................................14
1.5. Tab completion ......................................................................................15
1.5.1. Inline help ..................................................................................15
1.5.2. Autocompleting Current and Default value .......................................15
1.5.3. Configuration object type categories ................................................16
1.6. User roles .............................................................................................17
2. Command Reference .........................................................................................19
2.1. Configuration ........................................................................................19
2.1.1. activate ......................................................................................19
2.1.2. add ............................................................................................19
2.1.3. cancel ........................................................................................20
2.1.4. cc .............................................................................................21
2.1.5. commit ......................................................................................22
2.1.6. delete ........................................................................................22
2.1.7. pskgen .......................................................................................23
2.1.8. reject .........................................................................................23
2.1.9. reset ..........................................................................................25
2.1.10. set ...........................................................................................25
2.1.11. show ........................................................................................26
2.1.12. undelete ...................................................................................28
2.2. Runtime ...............................................................................................30
2.2.1. about .........................................................................................30
2.2.2. alarm .........................................................................................30
2.2.3. arp ............................................................................................30
2.2.4. arpsnoop ....................................................................................31
2.2.5. ats .............................................................................................32
2.2.6. bigpond .....................................................................................32
2.2.7. blacklist .....................................................................................33
2.2.8. buffers .......................................................................................34
2.2.9. cam ...........................................................................................35
2.2.10. certcache ..................................................................................35
2.2.11. cfglog ......................................................................................35
2.2.12. connections ...............................................................................36
2.2.13. cpuid .......................................................................................36
2.2.14. crashdump ................................................................................37
2.2.15. dconsole ...................................................................................37
2.2.16. dhcp ........................................................................................38
2.2.17. dhcprelay ..................................................................................38
2.2.18. dhcpserver ................................................................................39
2.2.19. dns ..........................................................................................40
2.2.20. dnsbl .......................................................................................40
2.2.21. dynroute ...................................................................................41
2.2.22. frags ........................................................................................41
2.2.23. ha ............................................................................................42
2.2.24. hostmon ...................................................................................42
2.2.25. httpposter .................................................................................43

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise VPN Setup LAN to LAN using PPTP/L2TP

Information

Manual

Operating System

Manual

Size Driver

1.1MB

File Name

dfl-800_1600_2500-vpn_using_a_pptp_l2tp_lan-to-lan_tunnel.pdf

Observations

Overview
In this document, the notation Objects->Address book means that in the tree on the left
side of the screen Objects first should be clicked (expanded) and then Address Book.
Most of the examples in this document are adapted for the DFL-800. The same settings can
easily be used for all other models in the series. The only difference is the names of the
interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan
interfaces are named lan1, lan2 and lan3 not just lan.
The screenshots in this document is from firmware version 2.04.00. If you are using a later
version of the firmware, the screenshots may not be identical to what you see on your
browser.
To prevent existing settings to interfere with the settings in these guides, reset the
firewall to factory defaults before starting.
Virtual private network using a PPTP (or L2TP) lan-tolan
tunnel
Crea
Fire
te one lan-to-lan PPTP VPN tunnel between firewall A and B.
wall B is the server and firewall A the client.
If a L2TP tunnel is going to be used, instead of PPTP, follow the steps
in this guide but change tunnel protocol from PPTP to L2TP in step 2 and 6. The other
settings are same in both cases.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Portforwarding for incoming SMTP connections on a WAN interface

Information

Manual

Operating System

Manual

Size Driver

1.2MB

File Name

dfl-800_1600_2500-portforwarding_smtp.pdf

Observations

Log into the DFL-800 web management and select the 'IP Rules' menu.
Create a new IP Rule Folder by clicking on the 'Add' button and selecting 'IP Rule Folder'.
Give the folder a meaningful name.
(you will not yet have any rules in your new folder )
Click on the newly created folder and create a new rule by clicking on the 'Add' button and selecting
'IP Rule'.
On the 'General' tab, enter a name of your choice into the 'Name' field.
Select 'SAT' from the 'Action' drop down menu.
Select 'SMTP-IN' from the 'Service' drop down menu.
Change the 'Schedule' option as needed (Selecting 'None' will ensure this rule is always applicable)
Under the 'Address Filter' section select the following options as in the screen shot below:
Source Interface: WAN 1
Source Network: all-nets
Destination Interface: core
Destination Network: wan1_ip (the address of the DFL-800's WAN interface)
Click on the 'SAT' tab.
Select 'Destination IP Address'
In the 'New IP Address:' box enter the name of your SMTP-server
(this should have been created previously in the 'Address Book' under the 'Objects' menu)
Click on 'OK'
Create a new rule by clicking on the 'Add' button and selecting 'IP Rule'.
On the 'General' tab, enter a name of your choice into the 'Name' field.
Select 'Allow' from the 'Action' drop down menu.
Select 'SMTP-IN' from the 'Service' drop down menu.
Change the 'Schedule' option as needed (Selecting 'None' will ensure this rule is always applicable)
Under the 'Address Filter' section select the following options as in the screen shot below:
Source Interface: wan 1
Source Network: all-nets
Destination Interface: core
Destination Network: wan1_ip (the address of the DFL-800's WAN interface)
Click on 'OK'.
You should now have two rules in your folder as in the screen shot below
Click on 'Configuration' menu item and select the 'Save and Activate' option.
After a short wait while the rules are applied, the Firewall should pass SMTP traffic through to your
SMTP server.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise ZoneDefense Setup with D-Link DES-3226S

Information

Manual

Operating System

Manual

Size Driver

296KB

File Name

dfl-800_1600_2500-zonedefense_for_d-link_switch_model_des-3226s.pdf

Observations

Overview
In this document, the notation Objects->Address book means that in the tree on the left side of the screen Objects first should be clicked (expanded) and then Address Book.
Most of the examples in this document are adapted for the DFL-800. The same settings can easily be used for all other models in the series. The only difference is the names of the interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan interfaces are named lan1, lan2 and lan3 not just lan.
The screenshots in this document is from firmware version 2.11.02. If you are using an earlier version of the firmware, the screenshots may not be identical to what you see on your browser.
To prevent existing settings to interfere with the settings in these guides, reset the firewall to factory defaults before starting.
How to Configure ZoneDefense for D-Link switch model DES-3226S
This example will show how to configure the firewall to use ZoneDefense.
Details:
The local network contains a D-Link DES-3226S switch. This example shows how to define a Microsoft-DS Threshold (TCP port 445) of 10 connections/second (eg, the work SASSER.A will send out a large amount of TCP SYN on port 445). If the number of connections exceeds this limitation, the firewall will block the specific hosts port on the switch (host 192.168.2.10 in this scenario). The switch port connected to the firewall should be configured to use 192.168.1.250 and the community string MyCompany.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise VPN Setup LAN to LAN using IPsec

Information

Manual

Operating System

Manual

Size Driver

1.7MB

File Name

dfl-800_1600_2500-vpn_using_an_ipsec_lan-to-lan_tunnel.pdf

Observations

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Transparent mode

Information

Manual

Operating System

Manual

Size Driver

1MB

File Name

dfl-800_1600_2500-transparent_mode.pdf

Observations

Overview
In this document, the notation Objects->Address book means that in the tree on the left
side of the screen Objects first should be clicked (expanded) and then Address Book.
Most of the examples in this document are adapted for the DFL-800. The same settings can
easily be used for all other models in the series. The only difference is the names of the
interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan
interfaces are named lan1, lan2 and lan3 not just lan.
The screenshots in this document is from firmware version 2.04.00. If you are using a later
version of the firmware, the screenshots may not be identical to what you see on your
browser.
To prevent existing settings to interfere with the settings in these guides, reset the
firewall to factory defaults before starting.
How to configure transparent mode
This scenario shows how a firewall in Transparent Mode can be placed into an
existing network between an Internet access router and LAN, without the need
to reconfigure clients in LAN.
The WAN and LAN interfaces of the firewall will be configured to operate in Transparent
Mode. It is preferred to configure IP addresses on the WAN and LAN interfaces, as this can
improve performance during automatic discovering of hosts.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Example on VPN connection from roaming NetDefend clients DS-601 or DS-605 to the DFL-2500

Information

Manual

Operating System

Manual

Size Driver

461KB

File Name

dfl-800_1600_2500-vpn_ipsec_server_for_netdefend.pdf

Observations

1. Create the pre-shared key first.
2. IPSec tunnel setting (general page): this is for remote clients to dial in
3. select the pre-shared key you created.
4. Enable the option shown below.
5. Choose the IKE and PFS at your will.
6. Disable this option shown below. This isn’t necessary for remote dial in clients.
7. Combine the ipsec and lan interface
8. create the necessary rule.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Example on VPN connection from roaming PPTP clients to the DFL-2500

Information

Manual

Operating System

Manual

Size Driver

1.1MB

File Name

dfl-800_1600_2500-vpn_pptp_server_for_remote_access.pdf

Observations

The user dial-up to firewall by Windows PPTP client software .
Dial-up user communicate with LAN1 of firewall
The logic of configuration
Create object for PPTP server IP address and IP address range
Create Authenticating database
Configure PPTP server
Create the IP rule for PPTP tunnel

Create object for PPTP server IP address and IP address range
•Click “Address” in Objects
•Key in the correspond IP address

Create Local Database for PPTP authentication
•Click “Local User Databases ” in User Authentication
•Key in the correct Username and Password

Create PPTP tunnel
•Click “PPTP/L2TP Servers ” in Interface
•Choose the correspond configuration

Create User Authentication Rules for PPTP tunnel
•Click “User Authentication Rules ” in User Authentication
•Choose the correspond configuration
•Enable Log setting and choose local user database

Create IP Rules for PPTP tunnel
•Click “IP Rules ” in Rules
•Choose the correspond configuration
•Enable Log setting

After all configuration, Click “configuration” on main menu bar
• Click “Save and Activate”

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Portmapping a public IP

Information

Manual

Operating System

Manual

Size Driver

164KB

File Name

dfl-800_1600_2500-portmapping_a_public_ip.pdf

Observations

Portmapping a public IP
How to forward a public IP to a server behind the firewall using virtual IP on the server.
Add the objects of both public and virtual IP addresses for FTP server.
*Click “Address Book” under Objects
• Click “ARP Table” under “Interfaces”
• Apply objects with the FTP IP address
Click “IP Rule” under “Rules”
• Choose the correct Action,Service,Interface,SAT setting and Network for the rule
Click “IP Rule” under “Rules”
• Choose the correct Action,Service,Interface and Network for the rule
fter all configuration , Click “configuration” in main bar
A
• Click “Save and Active”

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise VPN Setup with Certification

Information

Manual

Operating System

Manual

Size Driver

2MB

File Name

dfl-800_1600_2500-vpnwithcertification.pdf

Observations

How to Connect to D-Link Firewalls Using VPN Client with
Certification (X.509) ?
This HOW TO document applies to :
Model : DFL-800/1600/2500
Firmware : 2.03 or above
This How To document is intended for providing users a clear guideline to configure
DFL series Firewalls with X.509 certification. In this document, we have used
Microsoft CA (Certification Authority) to generate client and gateway certificates.
Certification Services is a standard component in Windows 2000/2003 server.
Network diagram below provides a concise illustration for the system configuration.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise WAN Setup using DHCP

Information

Manual

Operating System

Manual

Size Driver

52KB

File Name

dfl-800_1600_2500-wan_with_dhcp.pdf

Observations

WAN with DHCP
Click “Ethernet” under “Interfaces”
Enable “DHCP Client”
• Click “Save and Active”

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise WAN Setup using Static IP

Information

Manual

Operating System

Manual

Size Driver

221KB

File Name

dfl-800_1600_2500-wan_with_static_ip.pdf

Observations

WAN with static IP
Click “address book” under “Object
Add an object for IP4 Host/Network
Verify the IP addresses of wan1_ip and wan1net
Click “Ethernet” under “Interfaces”
Add the gateway object for “Default Gateway”
Click “IP rules” under “Rules”
Choose the correct Action,Service,Interface and Network for the rule
Click “Save and Active”

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise User's Manual v1.08

Information

Manual

Operating System

Manual

Size Driver

6.6MB

File Name

dfl_firewall_usermanual_v1.08.pdf

Observations

Preface ...............................................................................................................12
1. NetDefendOS Overview ....................................................................................14
1.1. Features ................................................................................................14
1.2. NetDefendOS Architecture ......................................................................17
1.2.1. State-based Architecture ...............................................................17
1.2.2. NetDefendOS Building Blocks .......................................................17
1.2.3. Basic Packet Flow ........................................................................18
1.3. NetDefendOS State Engine Packet Flow .....................................................20
2. Management and Maintenance ............................................................................25
2.1. Managing NetDefendOS ..........................................................................25
2.1.1. Overview ...................................................................................25
2.1.2. The Default Administrator Account .................................................26
2.1.3. The Web Interface .......................................................................26
2.1.4. The CLI .....................................................................................30
2.1.5. CLI Scripts .................................................................................36
2.1.6. Secure Copy ...............................................................................39
2.1.7. The Console Boot Menu ...............................................................41
2.1.8. Management Advanced Settings .....................................................43
2.1.9. Working with Configurations .........................................................44
2.2. Events and Logging ................................................................................49
2.2.1. Overview ...................................................................................49
2.2.2. Event Messages ...........................................................................49
2.2.3. Event Message Distribution ...........................................................49
2.2.4. Advanced Log Settings .................................................................52
2.3. RADIUS Accounting ..............................................................................54
2.3.1. Overview ...................................................................................54
2.3.2. RADIUS Accounting Messages ......................................................54
2.3.3. Interim Accounting Messages ........................................................56
2.3.4. Activating RADIUS Accounting .....................................................56
2.3.5. RADIUS Accounting Security ........................................................56
2.3.6. RADIUS Accounting and High Availability ......................................56
2.3.7. Handling Unresponsive Servers ......................................................57
2.3.8. Accounting and System Shutdowns .................................................57
2.3.9. Limitations with NAT ...................................................................57
2.3.10. RADIUS Advanced Settings ........................................................57
2.4. SNMP Monitoring ..................................................................................59
2.4.1. SNMP Advanced Settings .............................................................60
2.5. The pcapdump Command ........................................................................62
2.6. Maintenance ..........................................................................................65
2.6.1. Auto-Update Mechanism ...............................................................65
2.6.2. Creating Backup Files ...................................................................65
2.6.3. Configuration Backup and Restore ..................................................66
2.6.4. Restore to Factory Defaults ............................................................67
3. Fundamentals ...................................................................................................70
3.1. The Address Book ..................................................................................70
3.1.1. Overview ...................................................................................70
3.1.2. IP Addresses ...............................................................................70
3.1.3. Ethernet Addresses .......................................................................72
3.1.4. Address Groups ...........................................................................73
3.1.5. Auto-Generated Address Objects ....................................................73
3.1.6. Address Book Folders ...................................................................74
3.2. Services ................................................................................................75
3.2.1. Overview ...................................................................................75

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise VLAN and Route Failover

Information

Manual

Operating System

Manual

Size Driver

938KB

File Name

dfl-800_1600_2500-vlan_and_route_failover.pdf

Observations

How to configure VLAN and route failover
This example requires a DFL-1600 or 2500 to be fully implemented. Most settings can
however also be used on a DFL-210 or DFL-800.
Two tag based VLANs will be created on lan3, that connect to switch port with VLAN tag.
Details:
- From lan1, lan2 and lan3: HTTP, HTTPS and DNS connect to Internet via wan2.
- From dmz: inbound and outbound SMTP services connect to Internet via wan1.
- All internal nets can also access the Mail server in dmz.
- Only VLAN2 can access the FTP server in dmz.
- If anyone of the wan interfaces is disconnected, the traffic from that interface will be
redirected to the other wan interface.

1. Addresses
Go to Objects -> Address book -> InterfaceAddresses
Make sure the configured addresses match the following list, and add the objects that not
already exist. To add new objects, select IP address from the add dropdown, enter name
and address and click ok.
2. Ethernet interfaces
Go to Interfaces -> Ethernet.
Edit the wan1 interface to use the following settings.
In the General tab:

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise Revision A MIB files for firmware

Operating System

Software

Version

2.20

Size Driver

9KB

File Name

dfl-2500_mib_2[1].20.00.zip

Observations

DFL2500-TRAPS-MIB DEFINITIONS ::= BEGIN

IMPORTS
dfl2500MibModules, dfl2500MibConfs, dfl2500MibObjectGroups, dfl2500os
FROM DFL2500-MIB
MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP
FROM SNMPv2-CONF
MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE
FROM SNMPv2-SMI
DisplayString
FROM SNMPv2-TC;

dfl2500TrapsMibModule MODULE-IDENTITY
LAST-UPDATED "200710310000Z"
ORGANIZATION "D-Link Corporation"
CONTACT-INFO
"Postal: D-Link Corporation
No. 289, Sinhu 3rd Road,
Neihu District, Taipei City 114,
Taiwan, R.O.C.
Tel: +886-2-66000123
Fax: +886-2-55509988"
DESCRIPTION
"The MIB module for D-Link DFL-2500 series product."
REVISION "200710310000Z"
DESCRIPTION
"Initial version."
::= { dfl2500MibModules 1 }

dfl2500osTraps OBJECT IDENTIFIER ::= { dfl2500os 1 }
dfl2500osTrap OBJECT IDENTIFIER ::= { dfl2500osTraps 0 }

dfl2500osTrapInfo OBJECT IDENTIFIER ::= { dfl2500osTraps 1 }

dfl2500osTrapVarSeverity OBJECT-TYPE
SYNTAX INTEGER { emergency(0), alert(1), critical(2), error(3),
warning(4), notice(5), info(6), debug(7) }
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Severity"
::= { dfl2500osTrapInfo 1 }

dfl2500osTrapVarCategory OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Category"
::= { dfl2500osTrapInfo 2 }

dfl2500osTrapVarID OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"ID"
::= { dfl2500osTrapInfo 3 }

dfl2500osTrapVarEvent OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Event"
::= { dfl2500osTrapInfo 4 }

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise IDS Pattern file Release notes included

Operating System

Software

Version

660

Size Driver

18KB

File Name

ids-update-6_2005-06-03.zip

Observations

DFL-200/700/1100/800/1600/2500 IDS Pattern Release Note

IDS pattern: 2005_06_03
Pattern number : 660
Date: June 3, 2005

Description :
*Signatures that would always give false-positives have been removed.
Also some really old signatures (from like 1988) for programs that nobody
uses any more where removed. The removal of these old signatures will
increase the performance of the IDS/IDP engine.

* More descriptive log messages have been added to each signature.
The log message will now for example state the probable impact the
attack had.

* Some signatures where modified to cover a large attack surface. This will
result in higher performance of the IDS/IDP engine and the possibility that
signatures will catch new and undiscovered attacks.

* New and more updated attack signatures where added.

Company

D-Link

Categories

Networks Cards

Model

D-Link DFL-2500

Description

NETDEFEND VPN Firewall 2500 Enterprise MIB file

Operating System

Software

Version

1.00

Size Driver

103KB

File Name

rfc1213.mib

Observations

RFC1213-MIB DEFINITIONS ::= BEGIN

IMPORTS
mgmt, NetworkAddress, IpAddress, Counter, Gauge,
TimeTicks
FROM RFC1155-SMI
OBJECT-TYPE
FROM RFC-1212;

-- This MIB module uses the extended OBJECT-TYPE macro as
-- defined in [14];
-- MIB-II (same prefix as MIB-I)

mib-2 OBJECT IDENTIFIER ::= { mgmt 1 }

-- textual conventions

DisplayString ::=
OCTET STRING
-- This data type is used to model textual information taken
-- from the NVT ASCII character set. By convention, objects
-- with this syntax are declared as having
--
-- SIZE (0..255)

PhysAddress ::=
OCTET STRING
-- This data type is used to model media addresses. For many
-- types of media, this will be in a binary representation.
-- For example, an ethernet address would be represented as
-- a string of 6 octets.

Access to Official Website D-Link

Home English Home Spanish Home French Home German Drivers English Drivers Spanish Drivers French Drivers German

Welcome to the HelpDrivers, driver for printers.

Original files: In HelpDrivers, all drivers, manuals, BIOS, etc. are those originally provided by the official manufacturers. Click here to learn more

You can download by either clicking the 'Download' button. From the File Download window, verify that "Save" is selected and click OK.

Do not rename the file you're downloading, it may cause installation problems.

Available 31 files for D-Link DFL-2500

Select Files