D-Link DFL-600 Firewall/VPN Manual Rev. 2.0 Building Networks for People
The DMZ port is used to allow computers and devices connected to this port to have more direct access to the Internet. This is useful for certain ap
When the changes are complete, Click Next. Please wait while the wizard configures the computer. This may take a few minutes.
In the window below, select the best option. In this example, “Create a Network Setup Disk” has been selected. You will run this disk on each of th
Format the disk if you wish, and Click Next. Please wait while the wizard copies the files. Please read the information under Here’s how in the sc
The new settings will take effect when you restart the computer. Click Yes to restart the computer. You have completed configuring this compute
Naming your Computer Naming your computer is optional. If you would like to name your computer please follow these directions: In Windows XP: Clic
• In this window, enter the Computer name. • Select Workgroup and enter the name of the Workgroup. • All computers on your network must have
Assigning a Static IP Address Note: Residential Gateways/Broadband Routers will automatically assign IP Addresses to the computers on the network, us
Right-click on Local Area Connections. Double-click Properties Highlight Internet Protocol (TCP/IP) Click Properties
Select Use the following IP address in the Internet Protocol (TCP/IP) Properties window. Input your IP address and subnet mask. (The IP Addresses o
You have completed the assignment of a Static IP Address. (You do not need to assign a Static IP Address if you have a DHCP-capable Gateway/Router.
address, subnet mask, default gateway address, and primary and secondary DNS addresses. This information will be provided by your ISP. Point-to-Poi
Contacting Technical Support You can find the most recent software and user documentation on the D-Link website. D-Link provides free technical supp
Limited Warranty and Registration D-Link Systems, Inc. (“D-Link”) provides this 1-Year warranty for its product only to the person or entity who rig
• After an RMA number is issued, the defective product must be packaged securely in the original or other suitable shipping package to ensure that i
• Increase the separation between the equipment and receiver. • Connect the equipment into an outlet on a circuit different from that to which the r
Using the Configuration Utility Launch your web browser and type the device IP address (https:// 192.168.0.1) in the browser’s address box. This is t
The Setup Wizard will guide you the most basic setup tasks, such as setting an administrative password, selecting the type of WAN connection you hav
Setup Wizard The Setup Wizard will guide you through the most basic setup tasks for the DFL-600. All other configuration tasks can be accomplished th
Enter a password in the Password field, and again in the Verify Password field. This will become the logon password for the DFL-600. This password
This menu allows you to select the type of connection your ISP provides. Many ISPs use the PPPoE (Point-to-Point Protocol over Ethernet) for DSL co
Some ISPs require you to use an assigned host name for your Internet connection. If your ISP requires this, you can enter the assigned host name in t
This screen will allow you to enter the PPPoE information, if your ISP uses the PPPoE protocol for your Internet account. Your ISP must provide thi
You have completed the basic setup Wizard. The configuration now needs to be entered into the DFL-600’s non-volatile RAM. Clicking Restart will sa
Table of Contents Introduction... 4 IP Address Settings and Computer Settings ... 8 Introduc
Home The Home menu contains links to all of the setup menus for the DFL-600. Click on the WAN button:
WAN Settings The WAN Settings menu allows you to view the current configuration for your DFL-600, and to choose the protocol by which your DFL-600 wil
IP Settings Mode This drop-down menu determines how the DFL-600 will obtain its IP address information. The fields where you will enter the informat
Default Gateway This is the IP address of a device at your ISP’s office where packets destined for the Internet − from your home network − are sent,
Static IP Address − If your ISP has assigned you an IP address that will never change, choose this option. When this option is chosen, the followin
PPPoE − If your ISP uses Point-to-Point Protocol over Ethernet (PPPoE), choose this option. When this option is chosen, the following fields appear t
LAN Settings The LAN Settings allows you to view the current IP address and subnet mask assigned to the DFL-600. It also allows you to change these s
gateway setting for computers on the LAN side will be the DFL-600’s IP address − in this case, 192.168.0.1. Saving all of this information to the DF
DHCP Settings DHCP (Dynamic Host Configuration Protocol) is a method of automatically assigning IP addresses, subnet masks, default gateway and DNS se
IP addresses can range from 0.0.0.0 to 255.255.255.255, but in the DFL-600’s default IP addressing scheme, the range is from 192.168.0.0 to 192.168.
Package Contents Contents of Package: • D-Link DFL-600 Firewall/VPN Router • Manual • Quick Installation Guide • Power Adapter, 5V DC, 2.5A*
Domain Name The DFL-600 can provide a domain name to computers on your network. This domain name suffix can be provided automatically by your ISP,
NAT Network Address Translation Note: NAT is automatically applied between the WAN and the LAN sides of the DFL-600. It does not require any user c
DMZ NAT and the firewall features of your DFL-600 may conflict with certain interactive applications such as video conferencing or playing Internet
DMZ Settings The DMZ Settings screen allows you to Enable and Disable the DMZ port on the DFL-600 and to specify the IP address and Subnet Mask that t
servers to connections to the WAN or Internet. The IP address must be from the same range as the IP address of the DMZ port. The default DMZ IP addr
Time Settings The DFL-600 can be set to obtain and distribute the correct time to computers on your LAN using the Simple Network Time Protocol (SNTP)
Set Type This drop-down menu allows you to select either the IP address of an SNTP server, or the Domain Name (URL) of an SNTP server that the DFL-6
Clicking the Enable click box, opposite the User Control table entry, will open the rest of the User Management page, including the Bandwidth control
User Control This allows you to enable or disable the authentication of users on the LAN side of the DFL-600, without changing the configuration sett
Clicking the Add Users link will open the following page: Add Users This allows you to add User names and Passwords for users on your LAN. In the
Introduction The D-Link DFL-600 Broadband VPN Router enables your network to connect to the Internet via a secure, private connection using a Cable o
POP3 The Post Office Protocol, version 3. This is used to view and retrieve e-mail from a POP3 server on the WAN. Server IP Enter the IP address of
If you have some PCs (or other network devices) that do not require RADIUS user authentication to access the WAN (Internet), you can enable 802.1x, an
RADIUS The Remote Access Dial-in User Service (RADIUS) is one of the most common protocols used to carry authorization, authentication, and configura
RADIUS server will use to connect to PCs on your LAN for the RADIUS accounting function. The default port number for accounting is 1813. Secret Key E
Clicking on the Edit link (which appears when you enable 802.1x) will open the 802.1x Device Configuration page, as shown below. If you have PCs on
802.1X 802.1x is a standard for passing the Extensible Authentication Protocol (EAP) over a LAN. You should enable this only if there are 802.1x dev
Clicking the LDAP click box will open the following page: LDAP Server IP Enter the IP address of your LDAP server here. Your ISP should provide
Advanced Settings NAT Network Address Translation Network Address Translation (NAT) is a routing protocol that allows your network to become a privat
Private IP This is the IP address of the server on your LAN that will provide the service to remote users. Transport Type You can select the transpo
Application Gateway (ALG) Some applications require multiple TCP or UDP ports to function properly. Applications such as Internet gaming, video confe
With Firewall Protection, Hacker-attack logging, and Virtual Private Networking, the DFL-600 provides a level of security suitable for many businesses
port is used, enter the same port number in both the starting and ending port number fields. Trigger Type This is the protocol (TCP or UDP) that the
down menu. Selecting one of the listed applications is the equivalent of entering the correct settings in the fields above for the specific applicati
Subnet Mask This is the corresponding subnet mask for the remote network. Gateway IP Address This is the IP address of the gateway on the remote netwo
Rip Version Your DFL-600 can automatically discover routes to destinations on both your LAN and the WAN (Internet). You can choose either RIP1, RIP2
Policy (Firewall Settings) Policy Rules The DFL-600 allows you to establish a period of time that a policy rule will be active or enforced. In addi
Next, select a period of time for the policy to be active. Always instructs the router to enforce a policy any time that policy is enabled. One Time
The Port Filter allows you to specify transport protocols and TCP/UDP port ranges that the DFL-600 will allow computers on the WAN side to use to mak
• (Int• runpro• en remoThe following fields can be configured for the current In policy. Transport Type This drop-down menu allows you to spec
Key Word Filter The DFL-600 will also allow you to enter key words that the router will use to deny access from PCs on web sites that contain these wo
The Port Filter allows you to specify transport protocols and TCP/UDP port ranges that the DFL-600 will prevent computers on the LAN side from using
Rearview Power (5V 2.5A DC) Connects the DC power adapter to the Power port WAN Connects DSL/Cable modem to the WAN Ethernet port Ports 1-3 Connec
• (Int• runpro• en remoThe following fields can be configured for the current Out policy. Transport Type This drop-down menu allows you to spe
Untrusted Domains he Domain Filter allows you to specify domain names that the DFL-600 Twill prevent computers on the LAN side from using to make c
Enter a Domain Name that you want the DFL-600 to scan for and prevent PCs on websites that contain that word in their URLs from accessing PCs on you
Enter a MAC Address that you want the DFL-600 to scan for and filter packets that have that MAC address as their destination address.
IPSec Settings IPSec (Internet Protocol Security) is a group of protocols designed to allow flexible, secure and interoperable communication over the
IPSEC Tunnel Mode The IPSEC Tunnel Mode page allows you to setup a secure tunnel between your DFL-600 and a remote gateway.
Add/New Tunnel The following fields will identify the VPN tunnel on the DFL-600. Tunnel ID An alphanumeric string that identifies the remote tunnel.
IKE Life Duration This is the duration (in seconds) the phase 1 key after the tunnel is established. When this duration has past, the two peers will
Phase 2 Proposal The following entries will establish the setup for the negotiation between the two endpoints for the encryption of messages once the
ESP Transform This drop-down menu allows you to select the encryption algorithm that will be used when ESP is selected in the IPSec Operation drop-do
Firewall Protection Supports general hacker attack pattern monitoring and logging. PPPoE Client
addresses of computers on the remote LAN (the remote endpoint of the VPN tunnel) that will be allowed to access the VPN. Type This drop-down menu allo
IPSec Status Click on the IPSec Status link to display the current IPSec status table, as shown below.
VPN-PPTP Settings The Point-to-Point Tunneling Protocol (PPTP) is another method of establishing a secure tunnel between the DFL-600 and a remote gate
PPTP Account The PPTP Account settings page allows you to enter a username and password for a PPTP account. A combined maximum of 64 PPTP and L2TP u
VPN-L2TP Settings The Layer 2 Tunneling Protocol (L2TP) is another method of establishing a secure tunnel between your DFL-600 and a remote gateway.
L2TP Account The L2TP page allows you enter your username and password for an L2TP account. A combined maximum of 64 PPTP and L2TP user accounts can
available in China. Please visit their respective websites for more information. Clicking on the DDNS button from the Advanced page will open the fo
Tools − Administration The Admin Settings page allows you to add or edit the Username and Password list to control access to the configuration of the
Remote Access The Remote Access page allows you to enter the IP addresses of computers on the WAN (Internet) that will be allowed to access the confi
Tools − Firmware The Firmware Upgrade page allows you to upgrade the DFL-600’s firmware from a new firmware file stored on your local hard drive. I
IP Address Settings and Computer Settings In order to install the DFL-600 you will need to check your computer’s settings and the values from your I
Update File Enter the full DOS path and filename to the new firmware file on your local hard drive. For example, if the file is in the root director
Status − Device Info The Device Information page displays the current network settings and allows you to view the IP address assigned to the DFL-600 b
WAN Status MAC Address This is the MAC address of the DFL-600 on the WAN. Connection Type This displays the current connection type between the DFL-60
Private IP address: Port This is the IP address and port number of a computer or device on your LAN that has an active NAT session. Peer IP address: P
Intrusion Type A brief statement of the type of intrusion that was attempted is displayed here. Source: port Displays the source IP address and the
Transport Type Source The protocol used to make the connection attempt is displayed here. Destination: port The IP address and the TCP/UDP port numb
Source: port The IP address and TCP/UDP port number of the computer or device that initiated the session is displayed here. Destination: port The I
intruder’s IP address will remain in the Intruder Blacklist for an additional amount of time. While the intruder’s IP address is on the DFL-600’s Int
IPSec Log The DFL-600 maintains a table containing statistics concerning the IPSec protocol connection between the WAN and the LAN. These statistics
Introduction and Overview The DFL-600 Firewall/VPN Router creates two separate networks on the LAN side of your network − by default, a 192.168.0.0 s
Sys Log The DFL-600 can save or transmit Syslog messages to aid in network administration. You must have a Syslog application on one of the computers
Remote Server IP Enter the IP address of the computer on your LAN that is running the Sys log application. Sys Log Level This drop-down menu allows y
Status − Traffic Log Your DFL-600 keeps a log of the total number of bytes received and transmitted on to and from the LAN and WAN. This information
Connecting PCs to the DFL-600 Router If you do not wish to set the static IP address on your PC, you will need to configure your PC to request an IP
Click the Properties button, then choose the IP Address tab. Select Obtain an IP address automatically. After clicking OK, windows might ask you to
• IPCONFIG (for Windows 2000/NT/XP) In the DOS command prompt type IPCONFIG and press Enter. Your PC IP information will be displayed as shown bel
Networking Basics Using the Network Setup Wizard in Windows XP In this section you will learn how to establish a network at home or work, using Micro
Please follow all the instructions in this window: Click Next In the following window, select the best description of your computer. If your c
Click Next Enter a Computer description and a Computer name (optional.) Click Next
Enter a Workgroup name. All computers on your network should have the same Workgroup name. Click Next Please wait while the wizard applies the ch
Comments to this Manuals