D-Link DFL-600 Installation Guide

D-Link DFL-600 Firewall/VPN Manual Rev. 2.0 Building Networks for People

The DMZ port is used to allow computers and devices connected to this port to have more direct access to the Internet. This is useful for certain ap

When the changes are complete, Click Next. Please wait while the wizard configures the computer. This may take a few minutes.

In the window below, select the best option. In this example, “Create a Network Setup Disk” has been selected. You will run this disk on each of th

Format the disk if you wish, and Click Next. Please wait while the wizard copies the files. Please read the information under Here’s how in the sc

The new settings will take effect when you restart the computer. Click Yes to restart the computer. You have completed configuring this compute

Naming your Computer Naming your computer is optional. If you would like to name your computer please follow these directions: In Windows XP: Clic

• In this window, enter the Computer name. • Select Workgroup and enter the name of the Workgroup. • All computers on your network must have

Assigning a Static IP Address Note: Residential Gateways/Broadband Routers will automatically assign IP Addresses to the computers on the network, us

Right-click on Local Area Connections. Double-click Properties Highlight Internet Protocol (TCP/IP) Click Properties

Select Use the following IP address in the Internet Protocol (TCP/IP) Properties window. Input your IP address and subnet mask. (The IP Addresses o

You have completed the assignment of a Static IP Address. (You do not need to assign a Static IP Address if you have a DHCP-capable Gateway/Router.

address, subnet mask, default gateway address, and primary and secondary DNS addresses. This information will be provided by your ISP. Point-to-Poi

Contacting Technical Support You can find the most recent software and user documentation on the D-Link website. D-Link provides free technical supp

Limited Warranty and Registration D-Link Systems, Inc. (“D-Link”) provides this 1-Year warranty for its product only to the person or entity who rig

• After an RMA number is issued, the defective product must be packaged securely in the original or other suitable shipping package to ensure that i

• Increase the separation between the equipment and receiver. • Connect the equipment into an outlet on a circuit different from that to which the r

Using the Configuration Utility Launch your web browser and type the device IP address (https:// 192.168.0.1) in the browser’s address box. This is t

The Setup Wizard will guide you the most basic setup tasks, such as setting an administrative password, selecting the type of WAN connection you hav

Setup Wizard The Setup Wizard will guide you through the most basic setup tasks for the DFL-600. All other configuration tasks can be accomplished th

Enter a password in the Password field, and again in the Verify Password field. This will become the logon password for the DFL-600. This password

This menu allows you to select the type of connection your ISP provides. Many ISPs use the PPPoE (Point-to-Point Protocol over Ethernet) for DSL co

Some ISPs require you to use an assigned host name for your Internet connection. If your ISP requires this, you can enter the assigned host name in t

This screen will allow you to enter the PPPoE information, if your ISP uses the PPPoE protocol for your Internet account. Your ISP must provide thi

You have completed the basic setup Wizard. The configuration now needs to be entered into the DFL-600’s non-volatile RAM. Clicking Restart will sa

Table of Contents Introduction... 4 IP Address Settings and Computer Settings ... 8 Introduc

Home The Home menu contains links to all of the setup menus for the DFL-600. Click on the WAN button:

WAN Settings The WAN Settings menu allows you to view the current configuration for your DFL-600, and to choose the protocol by which your DFL-600 wil

IP Settings Mode This drop-down menu determines how the DFL-600 will obtain its IP address information. The fields where you will enter the informat

Default Gateway This is the IP address of a device at your ISP’s office where packets destined for the Internet − from your home network − are sent,

Static IP Address − If your ISP has assigned you an IP address that will never change, choose this option. When this option is chosen, the followin

PPPoE − If your ISP uses Point-to-Point Protocol over Ethernet (PPPoE), choose this option. When this option is chosen, the following fields appear t

LAN Settings The LAN Settings allows you to view the current IP address and subnet mask assigned to the DFL-600. It also allows you to change these s

gateway setting for computers on the LAN side will be the DFL-600’s IP address − in this case, 192.168.0.1. Saving all of this information to the DF

DHCP Settings DHCP (Dynamic Host Configuration Protocol) is a method of automatically assigning IP addresses, subnet masks, default gateway and DNS se

IP addresses can range from 0.0.0.0 to 255.255.255.255, but in the DFL-600’s default IP addressing scheme, the range is from 192.168.0.0 to 192.168.

Package Contents Contents of Package: • D-Link DFL-600 Firewall/VPN Router • Manual • Quick Installation Guide • Power Adapter, 5V DC, 2.5A*

Domain Name The DFL-600 can provide a domain name to computers on your network. This domain name suffix can be provided automatically by your ISP,

NAT Network Address Translation Note: NAT is automatically applied between the WAN and the LAN sides of the DFL-600. It does not require any user c

DMZ NAT and the firewall features of your DFL-600 may conflict with certain interactive applications such as video conferencing or playing Internet

DMZ Settings The DMZ Settings screen allows you to Enable and Disable the DMZ port on the DFL-600 and to specify the IP address and Subnet Mask that t

servers to connections to the WAN or Internet. The IP address must be from the same range as the IP address of the DMZ port. The default DMZ IP addr

Time Settings The DFL-600 can be set to obtain and distribute the correct time to computers on your LAN using the Simple Network Time Protocol (SNTP)

Set Type This drop-down menu allows you to select either the IP address of an SNTP server, or the Domain Name (URL) of an SNTP server that the DFL-6

Clicking the Enable click box, opposite the User Control table entry, will open the rest of the User Management page, including the Bandwidth control

User Control This allows you to enable or disable the authentication of users on the LAN side of the DFL-600, without changing the configuration sett

Clicking the Add Users link will open the following page: Add Users This allows you to add User names and Passwords for users on your LAN. In the

Introduction The D-Link DFL-600 Broadband VPN Router enables your network to connect to the Internet via a secure, private connection using a Cable o

POP3 The Post Office Protocol, version 3. This is used to view and retrieve e-mail from a POP3 server on the WAN. Server IP Enter the IP address of

If you have some PCs (or other network devices) that do not require RADIUS user authentication to access the WAN (Internet), you can enable 802.1x, an

RADIUS The Remote Access Dial-in User Service (RADIUS) is one of the most common protocols used to carry authorization, authentication, and configura

RADIUS server will use to connect to PCs on your LAN for the RADIUS accounting function. The default port number for accounting is 1813. Secret Key E

Clicking on the Edit link (which appears when you enable 802.1x) will open the 802.1x Device Configuration page, as shown below. If you have PCs on

802.1X 802.1x is a standard for passing the Extensible Authentication Protocol (EAP) over a LAN. You should enable this only if there are 802.1x dev

Clicking the LDAP click box will open the following page: LDAP Server IP Enter the IP address of your LDAP server here. Your ISP should provide

Advanced Settings NAT Network Address Translation Network Address Translation (NAT) is a routing protocol that allows your network to become a privat

Private IP This is the IP address of the server on your LAN that will provide the service to remote users. Transport Type You can select the transpo

Application Gateway (ALG) Some applications require multiple TCP or UDP ports to function properly. Applications such as Internet gaming, video confe

With Firewall Protection, Hacker-attack logging, and Virtual Private Networking, the DFL-600 provides a level of security suitable for many businesses

port is used, enter the same port number in both the starting and ending port number fields. Trigger Type This is the protocol (TCP or UDP) that the

down menu. Selecting one of the listed applications is the equivalent of entering the correct settings in the fields above for the specific applicati

Subnet Mask This is the corresponding subnet mask for the remote network. Gateway IP Address This is the IP address of the gateway on the remote netwo

Rip Version Your DFL-600 can automatically discover routes to destinations on both your LAN and the WAN (Internet). You can choose either RIP1, RIP2

Policy (Firewall Settings) Policy Rules The DFL-600 allows you to establish a period of time that a policy rule will be active or enforced. In addi

Next, select a period of time for the policy to be active. Always instructs the router to enforce a policy any time that policy is enabled. One Time

The Port Filter allows you to specify transport protocols and TCP/UDP port ranges that the DFL-600 will allow computers on the WAN side to use to mak

• (Int• runpro• en remoThe following fields can be configured for the current In policy. Transport Type This drop-down menu allows you to spec

Key Word Filter The DFL-600 will also allow you to enter key words that the router will use to deny access from PCs on web sites that contain these wo

The Port Filter allows you to specify transport protocols and TCP/UDP port ranges that the DFL-600 will prevent computers on the LAN side from using

Rearview Power (5V 2.5A DC) Connects the DC power adapter to the Power port WAN Connects DSL/Cable modem to the WAN Ethernet port Ports 1-3 Connec

• (Int• runpro• en remoThe following fields can be configured for the current Out policy. Transport Type This drop-down menu allows you to spe

Untrusted Domains he Domain Filter allows you to specify domain names that the DFL-600 Twill prevent computers on the LAN side from using to make c

Enter a Domain Name that you want the DFL-600 to scan for and prevent PCs on websites that contain that word in their URLs from accessing PCs on you

Enter a MAC Address that you want the DFL-600 to scan for and filter packets that have that MAC address as their destination address.

IPSec Settings IPSec (Internet Protocol Security) is a group of protocols designed to allow flexible, secure and interoperable communication over the

IPSEC Tunnel Mode The IPSEC Tunnel Mode page allows you to setup a secure tunnel between your DFL-600 and a remote gateway.

Add/New Tunnel The following fields will identify the VPN tunnel on the DFL-600. Tunnel ID An alphanumeric string that identifies the remote tunnel.

IKE Life Duration This is the duration (in seconds) the phase 1 key after the tunnel is established. When this duration has past, the two peers will

Phase 2 Proposal The following entries will establish the setup for the negotiation between the two endpoints for the encryption of messages once the

ESP Transform This drop-down menu allows you to select the encryption algorithm that will be used when ESP is selected in the IPSec Operation drop-do

Firewall Protection Supports general hacker attack pattern monitoring and logging. PPPoE Client

addresses of computers on the remote LAN (the remote endpoint of the VPN tunnel) that will be allowed to access the VPN. Type This drop-down menu allo

IPSec Status Click on the IPSec Status link to display the current IPSec status table, as shown below.

VPN-PPTP Settings The Point-to-Point Tunneling Protocol (PPTP) is another method of establishing a secure tunnel between the DFL-600 and a remote gate

PPTP Account The PPTP Account settings page allows you to enter a username and password for a PPTP account. A combined maximum of 64 PPTP and L2TP u

VPN-L2TP Settings The Layer 2 Tunneling Protocol (L2TP) is another method of establishing a secure tunnel between your DFL-600 and a remote gateway.

L2TP Account The L2TP page allows you enter your username and password for an L2TP account. A combined maximum of 64 PPTP and L2TP user accounts can

available in China. Please visit their respective websites for more information. Clicking on the DDNS button from the Advanced page will open the fo

Tools − Administration The Admin Settings page allows you to add or edit the Username and Password list to control access to the configuration of the

Remote Access The Remote Access page allows you to enter the IP addresses of computers on the WAN (Internet) that will be allowed to access the confi

Tools − Firmware The Firmware Upgrade page allows you to upgrade the DFL-600’s firmware from a new firmware file stored on your local hard drive. I

IP Address Settings and Computer Settings In order to install the DFL-600 you will need to check your computer’s settings and the values from your I

Update File Enter the full DOS path and filename to the new firmware file on your local hard drive. For example, if the file is in the root director

Status − Device Info The Device Information page displays the current network settings and allows you to view the IP address assigned to the DFL-600 b

WAN Status MAC Address This is the MAC address of the DFL-600 on the WAN. Connection Type This displays the current connection type between the DFL-60

Private IP address: Port This is the IP address and port number of a computer or device on your LAN that has an active NAT session. Peer IP address: P

Intrusion Type A brief statement of the type of intrusion that was attempted is displayed here. Source: port Displays the source IP address and the

Transport Type Source The protocol used to make the connection attempt is displayed here. Destination: port The IP address and the TCP/UDP port numb

Source: port The IP address and TCP/UDP port number of the computer or device that initiated the session is displayed here. Destination: port The I

intruder’s IP address will remain in the Intruder Blacklist for an additional amount of time. While the intruder’s IP address is on the DFL-600’s Int

IPSec Log The DFL-600 maintains a table containing statistics concerning the IPSec protocol connection between the WAN and the LAN. These statistics

Introduction and Overview The DFL-600 Firewall/VPN Router creates two separate networks on the LAN side of your network − by default, a 192.168.0.0 s

Sys Log The DFL-600 can save or transmit Syslog messages to aid in network administration. You must have a Syslog application on one of the computers

Remote Server IP Enter the IP address of the computer on your LAN that is running the Sys log application. Sys Log Level This drop-down menu allows y

Status − Traffic Log Your DFL-600 keeps a log of the total number of bytes received and transmitted on to and from the LAN and WAN. This information

Connecting PCs to the DFL-600 Router If you do not wish to set the static IP address on your PC, you will need to configure your PC to request an IP

Click the Properties button, then choose the IP Address tab. Select Obtain an IP address automatically. After clicking OK, windows might ask you to

• IPCONFIG (for Windows 2000/NT/XP) In the DOS command prompt type IPCONFIG and press Enter. Your PC IP information will be displayed as shown bel

Networking Basics Using the Network Setup Wizard in Windows XP In this section you will learn how to establish a network at home or work, using Micro

Please follow all the instructions in this window: Click Next In the following window, select the best description of your computer. If your c

Click Next Enter a Computer description and a Computer name (optional.) Click Next

Enter a Workgroup name. All computers on your network should have the same Workgroup name. Click Next Please wait while the wizard applies the ch