Ips firewalls, Utm firewalls – D-Link DAS-3324G User Manual
Page 23
D-Link Product Guide 2008
D-Link Product Guide 2008
iPS FiREwallS
The IPS (Intrusion Prevention Service) firewalls provide an all-in-one business-class security solution with integrated functions including
firewall, load balance, fault tolerance, content filtering, user authentication, Denial of Service (DoS) protection, Virtual Private Network
(VPN) remote connection and malicious internal traffic prevention. These firewalls come with multiple user-configurable interfaces,
including high-speed Gigabit ports, for flexible, bottleneck-free network deployments linking different workgroups and enterprises
together.
D-Link NetDefend firewalls adopt a unique IPS technology - component-based signatures, which are built to recognize and protect
against all varieties of known and unknown attacks, and which can address all critical aspects of an attack or potential attack including
payload, NOP sled, infection, and exploits. In terms of signature coverage, the IPS database includes attack information and data from
a global attack sensor-grid and exploits collected from public sites such as the National Vulnerability Database and Bugtrax. These
firewalls deliver high quality IPS signatures by constantly creating and optimizing NetDefend signatures via the D-Link Auto-Signature
Sensor System. Without overloading existing security appliances, these signatures ensure a high ratio of detection accuracy and the
lowest ratio of false positives.
To minimize any impact of a disaster on an entire network, D-Link NetDefend firewalls include a special feature called ZoneDefense - a
mechanism that operates seamlessly with D-Link xStack switches to perform proactive network security. ZoneDefense automatically
quarantines infected computers on the network and prevents them from flooding the network with malicious traffic.
D-Link NetDefend firewalls can be remotely managed via a web-based interface or through a dedicated VPN connection. They include
flexible features to monitor and maintain a healthy and secure network, such as e-mail alerts, system log and real-time statistics.
Function/Feature
6 User-Configurable
Gigabit Ports
8 User-Configurable
Gigabit Ports
1 Ethernet WAN
1 Ethernet DMZ
4 Ethernet LANs
2 Ethernet WANs
1 Ethernet DMZ
7 Ethernet LANs
320Mbps
120Mbps
400,000
2,500
600Mbps
300Mbps
1,000,000
4,000
50Mbps
10Mbps
3,000
500
150Mbps
60Mbps
25,000
1,000
Proxy Arp
80
DES/3DES/AES Only
3 Types
3 Types
3 Types
All Methods
300
All Methods
1 200
,
All Methods
2,500
IGMP v3
IGMP v3
IGMP v3
OSPF
OSPF
OSPF
IPS Firewall
DFL-800
For Small
Business
DFL-1600
For Medium-Sized
Business
ZoneDefense
ZoneDefense
ZoneDefense
1 Ethernet WAN
1 Ethernet DMZ
(User-Configurable)
4 Ethernet LANs
80Mbps
25Mbps
12,000
500
IGMP v3
All Methods
100
When DMZ Configured as WAN 2
2 Types (Without Stickiness)
DFL-2500
For Enterprise
DFL-200
For SOHO
***
***
***
***
DFL-210
For Workgroup &
Branch Office
Interface
IM/P2P Blocking
Ethernet: 10/100BASE-TX Ports
Gigabit: 10/100/1000BASE-T Ports
Firewall Throughput
VPN Throughput
Concurrent Sessions
Policies
System
Performance
Transparent Mode
NAT, PAT
Dynamic Routing Protocol
H.323 NAT Traversal
Application Layer Gateway (ALG)
Proactive Network Security
Firewall System
Networking
VPN
Traffic
Load Balance
Bandwidth
Management
DHCP Server/Client
DHCP Relay
Policy-Based Routing
802.1q VLAN
IP Multicast *
Encryption Methods
(DES/3DES/AES/Twofish/Blowfish/CAST-128)
Dedicated VPN Tunnels **
PPTP/L2TP Server
Hub and Spoke
IPSec NAT Traversal
Outbound Load Balancing *
Server Load Balancing
Load balance Algorithms
Traffic Redirect When Fail-Over
Policy-Based Traffic Shaping
Guaranteed Bandwidth
Maximum Bandwidth
Priority Bandwidth
Dynamic Bandwidth Limit Balancing
NIDS Pattern
Automatic Pattern Update
DoS/DDoS Protection
Attack Alarm Via Email
Advanced IPS/IDP Subscription
Intrusion Detection
& Prevention
(IPS/IDP)
IM/P2P Application Support
* Function available in future firmware upgrade.
** Include PPTP, L2TP and IPSec tunnels; all included VPN tunnels are licensed.
*** Supported IM/P2P applications include 2 Find MP3, Aimini, AOL instant Messenger, ANts P2P, Ares P2P, Bit Torrent, Direct Connect, eDonkey,
Gnutella, KaZaA, KCeasy, WinMX, iTunes, IRC, MSN Messenger, Yahoo! Messenger (based on Sep. 22, 2006 pattern version).
UTM FiREwallS
The NetDefend UTM firewalls incorporate an Intrusion Prevention System (IPS), gateway Anti-Virus (AV), and Web Content Filtering
(WCF) for superior Layer 7 content inspection protection. These firewalls use a hardware accelerator approach to increase IPS and
AV throughput, and a web surfing control database containing millions of URLs for WCF. IPS, Anti-Virus and URL database real-time
update services protect enterprise networks from application exploits, network worms, malicious code attacks, and provide everything
businesses need to manage employee Internet access behavior. Maintaining an effective defense against the various threats originating
from the Internet requires that all three databases used by the UTM firewalls are kept up-to-date. In order to provide a robust defense,
D-Link offers NetDefend Firewall UTM Services which include distinct NetDefend service updates for each aspect of network defenses:
IPS, Anti-Virus, and WCF. NetDefend Firewall UTM Services ensure that each of the UTM firewall’s service databases is always
accurate and current.
The UTM firewalls feature:
●
Real-time AntiVirus Gateway Inspection (AV)
●
Professional Intrusion Prevention System (IPS)
●
Automatic signature update
●
Zero Day Attack protection
●
Web Content Filtering (WCF)
●
Low-cost licensing using per-firewall service maintenance
The UTM firewalls are shipped with 12 months’ Intrusion Prevention System (IPS) subscription, 12 months’ Anti-Virus (AV) subscription,
and 90 days’ Web Content Filtering (WCF) subscription - free of charge. Upon expiration of these free subscription services, users can
extend their subscriptions by purchasing NetDefend UTM subscriptions for selective services.
* Available in future firmware upgrade
** Include PPTP, L2TP and IPSec tunnels; all included VPN tunnels are licensed.
*** Supported IM/P2P applications include 2 Find MP3, Aimini, AOL instant Messenger, ANts P2P, Ares P2P, Bit Torrent, Direct Connect, eDonkey,
Gnutella, KaZaA, KCeasy, WinMX, iTunes, IRC, MSN Messenger, Yahoo! Messenger (based on Sep. 22, 2006 pattern version).
Function/Feature
150Mbps
60Mbps
25,000
1,000
3 Types
OSPF
ZoneDefense
80Mbps
25Mbps
12,000
500
IGMP v3
100
When DMZ Configured as WAN 2
2 Types (Without Stickiness)
***
UTM Firewall
DFL-260
For Workgroup & Branch Office
DFL-860
For Small Business
1 WAN
1 DMZ (User-Configurable)
4 LAN
2 WAN
1 DMZ
7 LAN
DES, 3DES, AES, Twofish, Blowfish, CAST-128
URL, Keyword
Java, Cookie, ActiveX, VB
Blacklist, Keyword
IGMP v3
300
DES, 3DES, AES, Twofish, Blowfish, CAST-128
Kaspersky
***
URL, Keyword
Java, Cookie, ActiveX, VB
Blacklist, Keyword
Kaspersky
Interface
IM/P2P Blocking
Firewall Throughput
VPN Throughput
Concurrent Sessions
Policies
System
Performance
Firewall System
Networking
VPN
Traffic
Load Balance
Bandwidth
Management
DHCP Server/Client
DHCP Relay
Policy-Based Routing
802.1q VLAN
IP Multicast *
Outbound Load Balancing *
Server Load Balancing
Load balance Algorithms
Traffic Redirect When Fail-Over
Policy-Based Traffic Shaping
Guaranteed Bandwidth
Maximum Bandwidth
Priority Bandwidth
Dynamic Bandwidth Limit Balancing
Intrusion Detection
& Prevention
(IPS/IDP)
10/100BASE-TX Ethernet Ports
Transparent Mode
NAT, PAT
Dynamic Routing Protocol
H.323 NAT Traversal
Application Layer Gateway (ALG)
Proactive Network Security
Encryption Methods
Dedicated VPN Tunnels **
PPTP/L2TP Server
Hub and Spoke
IPSec NAT Traversal
IM/P2P Application Support
NIDS Pattern
Automatic Pattern Update
DoS, DDoS Protection
Customizable Detection Signature
Attack Alarm via Email
Content
Filtering
HTTP Type
Script Type
Email Type*
External Database Content Filtering
Real Time AV Scanning
Unlimited File Size
Scans VPN Tunnels
Supported Compression File
Signature Licensor
Automatic Pattern Update
Anti-Virus