Sie sind auf Seite 1von 8

Security | DFL-260E/860E/1660/2560(G) 1

NetDefend UTM Firewall Series

Integrated Firewall/VPN Today’s continuously shifting security Powerful VPN Performance

• Powerful Firewall Engine environment presents a challenge for NetDefend UTM Firewalls offer an integrated
• Virtual Private Network (VPN) Security small/home office networks with limited IT VPN Client and Server. This allows remote
• Granular Bandwidth Management capabilities. Fortunately, the D-Link offices to securely connect to a head office
• 802.1Q VLAN Tagging and port-based VLAN NetDefend Unified Threat Management or a trusted partner network. Mobile users
• D-Link End-to-End Security Solutions (E2ES) (UTM) firewalls provide a powerful security working from home or remote locations can
Integration with ZoneDefense solution to protect business networks from also safely connect to the office network to
a wide variety of threats. UTM Firewalls offer access company data and e-mail. NetDefend
Advanced Functions a comprehensive defense against virus UTM Firewalls have hardware-based VPN
• Stateful Packet Inspection (SPI) attacks, unauthorised intrusions and harmful engines to support and manage a large
• Detect/Drop Intruding Packets content, successfully enhancing fundamental number of VPN configurations. They support
• Server Load Balancing capabilities for managing, monitoring and IPSec, PPTP, and L2TP protocols in Client
• Policy-Based Routing maintaining a healthy network. Server mode and can handle pass- through
traffic as well. Advanced VPN configuration
Unified Threat Management Enterprise-Class Firewall Security options include: DES/3DES/AES/Twofish/
• Intrusion Prevention System (IPS) NetDefend UTM Firewalls provide complete Blowfish/ CAST-128 encryption, Manual or
• Antivirus (AV) Protection advanced security features to manage, IKE/ISAKMP key management, Quick/Main/
• Web Content Filtering (WCF) monitor, and maintain a healthy and secure Aggressive Negotiation modes, and VPN
• Optional Service Subscriptions network. Network management features authentication support using either an external
include: Remote Management, Bandwidth RADIUS server or a large user database.
Virtual Private Network Control Policies URL Black/White Lists,
• IPSec NAT Traversal Access Policies, and SNMP. For network UTM Services
• VPN Hub and Spoke monitoring, these firewalls support e-mail Maintaining an effective defense against the
• IPSec, PPTP, L2TP alerts, system logs, consistency checks and various threats originating from the Internet,
• DES, 3DES, AES, Twofish, Blowfish, real-time statistics. requires that all three databases used by the
CAST- 128 Encryption NetDefend UTM Firewalls are kept up-to-date.
• Automated Key Management via Unified Threat Management In order to provide a robust defense, D-Link
IKE/ISAKMP NetDefend UTM Firewalls integrate an offers optional NetDefend Firewall UTM
• Aggressive/Main/Quick Negotiation intrusion detection and prevention system, Service subscriptions which include updates
gateway antivirus and content filtering for for each aspect of defense: Intrusion
Enhanced Network Services superior Layer 7 content inspection protection. Prevention Systems (IPS), Antivirus and Web
• DHCP Server/Client/Relay An acceleration engine increases throughput, Content Filtering (WCF). NetDefend UTM
• IGMP V3 while the real-time update service keeps the Subscriptions ensure that each of the
• H.323 NAT Traversal IPS information, antivirus signatures, and firewall’s service databases are complete
• Robust Application Security for ALGs URL databases current. Combined, these and effective.
• OSPF Dynamic Routing Protocol enhancements help to protect the office
• Run-Time Web-Based Authentication network from application exploits, network
worms, malicious code attacks and provide
Performance Optimisation everything a business needs to safely
• UTM Acceleration Engine manage employee Internet access.
• Multiple WAN Interfaces for
Traffic Load Sharing
Security | DFL-260E/860E/1660/2560(G) 2

NetDefend UTM Firewall Series

Robust Intrusion Prevention use granular policies and explicit black/

The NetDefend UTM Firewalls employ white lists to control access to certain types
component- based signatures. A unique IPS of websites for any combination of users,
technology which recognises and protects interfaces and IP networks. The firewall can
against all varieties of known and unknown actively handle Internet content by stripping
attacks. This system can address all critical potential malicious objects, such as Java
aspects of an attack or potential attack Applets, JavaScripts/VBScripts, ActiveX
including payload, NOP sled, infection, and objects, and cookies.
exploits. In terms of signature coverage,
the IPS database includes attack information NetDefend UTM Subscription
and data from a global attack sensor-grid The standard NetDefend UTM Subscription
and exploits collected data from public sites. provides your firewall with UTM service
The NetDefend UTM Firewalls constantly updates for 12 months* starting from the
create and optimise NetDefend signatures day you activate or extend your service.
via the D-Link Auto-Signature Sensor System The NetDefend UTM Subscription can be
without overloading existing security renewed regularly to provide your firewalls
appliances. These signatures ensure a high with the most up-to-date security service
ratio of detection accuracy and a low ratio available from D-Link.
of false positives. NetDefend Center:
*Actual service package may vary depending on region.
Stream-Based Virus Scanning
The NetDefend UTM Firewalls examine files
of any size, using a stream-based virus Powerful VPN Engine
scanning technology which eliminates the Hardware-based data encryption and
need to cache incoming files. This zero-cache authentication for IPSec, PPTP, and L2TP
scanning method not only increases inspection in Client/Server mode enable fast and
performance, but also reduces network safe handling of VPN traffic. The Professional
bottlenecks. NetDefend UTM firewalls use Intrusion Prevention System (IPS) automatically
virus signatures from Kaspersky Labs to updates from a comprehensive IPS signature
provide systems with reliable and accurate database focus on attack payloads to protect
antivirus protection, as well as prompt signature the network against zero-day attacks. The Real-
updates. Consequentially, viruses and malware Time Antivirus Inspection engine scans using
can be blocked before they reach the the most complete, most up-to-date antivirus
desktops or mobile devices. signature database. Streaming-based pattern
matching provides the effective protection
Web Content Filtering against viruses.
Web Content Filtering helps administrators
monitor, manage and control employee
Internet usage. The NetDefend UTM Firewalls
implement multiple global index servers with
millions of URLs and real-time website data
to enhance performance capacity and
maximize service availability. These firewalls
Security | DFL-260E/860E/1660/2560(G) 3

NetDefend UTM Firewall Series

DFL-260E Fast, Efficient Web Content Filtering D-Link Green Certified

• Firewall Throughput: 150 Mbps Multiple index server implementation, The D-Link Green certified DFL-1660 and
• VPN Performance: 45 Mbps (3DES/AES) granular policies, black lists and active DFL-2560(G) are built with an 80 PLUS
• 1 10/100/1000 Ethernet WAN Ports content handlingenhance performance internal power supply. 80 PLUS certified
• 5 10/100/1000 Ethernet LAN Ports and effectiveness of web surfing control. power supplies offer increased reliability due
• 1 10/100/1000 Ethernet DMZ Port to greater efficiency, and provide a reduced
Acceleration Engine for Unified cost of ownership through longer equipment
DFL-860E Threat Management life. Additionally, 80 PLUS power supplies
• Firewall Throughput: 200 Mbps A powerful processor allows the firewall help prevent pollution by limiting energy
• VPN Performance: 60 Mbps (3DES/AES) to carry out IPS and Antivirus scanning consumption, and run at a lower temperature
• 2 10/100/1000 Ethernet WAN Ports simultaneously without performance to reduce cooling costs.
• 8 10/100/1000 Ethernet LAN Ports degradation.
• 1 10/100/1000 Ethernet DMZ Port The DFL-260E and DFL-860E save energy
Licensed for Unlimited Users automatically through cable length and link
DFL-1660 Optional subscription services for IPS, status detection. By detecting the length of
• Firewall Throughput: 1.2 Gbps Antivirus Scanning and Web Content Filtering cables connected to a port, the amount of
• VPN Performance: 350 Mbps (3DES/AES) are priced per firewall rather than per user, power used for the port can be adjusted,
• 6 Configurable Gigabit Ethernet Ports thus reducing the total cost of ownership for only using as much as is needed. The DFL-
licensing. 260E/860E can also detect if a port is not in
DFL-2560(G) use, such as when a connected computer
• Firewall Throughput: 2 Gbps WAN Link Load-Balancing and is shut down or if nothing is connected to
• VPN Performance: 1 Gbps (3DES/AES) Fault-Tolerance the port, and can automatically reduce the
• 10 Configurable Gigabit Ethernet Ports Multiple WAN ports support traffic load power used for that port, cutting energy
• 4 SFP Ports (DFL-2560G) balancing and failover, guaranteeing Internet used for it by a substantial amount.
availability and bandwidth.
D-Link Green certified devices comply with
D-Link End-to-End Security (E2ES) RoHS (Restriction of Hazardous Substances)
Solutions* and WEEE (Waste Electrical and Electronic
The ZoneDefense mechanism operating in Equipment) directives. RoHS directives
conjunction with D-Link xStack switches restrict the use of specific hazardous
automatically quarantines infected materials during manufacturing, while
workstations and prevents them from WEEE implements standards for proper
flooding the internal network with recycling and disposal. Together, these
malicious traffic. considerations make D-Link Green firewall
*For DFL-860E, DFL-1660, and DFL-2560(G) only
products the environmentally responsible

Security | DFL-260E/860E/1660/2560(G) 4

Technical Specifications DFL-260E DFL-860E DFL-1660 DFL-2560(G)

Interfaces 1 10/100/1000 WAN 2 10/100/1000 WAN

1 10/100/1000 DMZ 1 10/100/1000 DMZ 6 configurable 10 configurable
(configurable) (configurable) 10/100/1000 10/100/1000
5 10/100/1000 LAN 8 10/100/1000 LAN
4 SFP ports (DFL-
2560G only) 7
2 USB ports 2 USB ports 2 USB ports 2 USB ports
(reserved) (reserved) (reserved) (reserved)
Console RJ-45 RJ-45 1 DB-9 RS-232 1 DB-9 RS-232

System Firewall Throughput2 150 Mbps 200 Mbps 1.2 Gbps 2 Gbps
Performance1 VPN Throughput3 45 Mbps 60 Mbps 350 Mbps 1 Gbps

IPS Throughput4 60 Mbps 80 Mbps 400 Mbps 600 Mbps

Antivirus Through-
35 Mbps 50 Mbps 225 Mbps 450 Mbps
Concurrent Sessions 25,0005 40,0005 600,000 1,500,000
New Sessions
2,000 4,000 15,000 20,000
(per second)
Policies 500 1,000 4,000 6,000

Firewall System Transparent Mode √ √ √ √

NAT, PAT √ √ √ √
Dynamic Routing
H.323 NAT Traversal √ √ √ √
√ √ √ √
Application Layer
√ √ √ √
Proactive End-Point
Networking DHCP Server/Client √ √ √ √

DHCP Relay √ √ √ √

Policy-Based Routing √ √ √ √

IEEE 802.1q VLAN 8 16 1024 2048

Port-based VLAN √ √ √ √

IP Multicast IGMP v3
Security | DFL-260E/860E/1660/2560(G) 5

Technical Specifications DFL-260E DFL-860E DFL-1660 DFL-2560(G)

Virtual Private Encryption Methods

(DES/ 3DES/ AES/ Twofish/ √ √ √ √
Network (VPN) Blowfish/ CAST-128)

Dedicated VPN
100 3005 2,500 5,000
PPTP/L2TP Server √ √ √ √

Hub and Spoke √ √ √ √

IPSec NAT Traversal √ √ √ √

SSL VPN Available in future update

Traffic Load Outbound Load

√ √ √ √
Server Load
√ √ √
Outbound Load
Round-robin, Weight-based Round-robin, Destination-based, Spill-over
Balance Algorithms
Traffic Redirect at
√ √ √ √
Bandwidth Policy-Based Traffic
√ √ √ √
√ √ √ √
√ √ √ √
Priority Bandwidth √ √ √ √
Dynamic Bandwidth
√ √ √ √
High Availability WAN Fail-Over √ √ √ √
(HA) Active-Passive Mode √ √
Device Failure
√ √
Link Failure
√ √
FW/VPN Session SYN √ √

Intrusion Automatic Pattern

√ √ √ √
Detection &
Prevention Protection
√ √ √ √
System Attack Alarm via
(IDP/IPS) √ √ √ √
Advanced IDP/IPS
√ √ √ √
IP Blacklist by
√ √ √
Threshold or IDP/IPS
Security | DFL-260E/860E/1660/2560(G) 6

Technical Specifications DFL-260E DFL-860E DFL-1660 DFL-2560(G)

Content HTTP Type URL Blacklist/Whitelist

Filtering Script Type Java, Cookie, ActiveX, VB

E-mail Type E-mail Blacklist/Whitelist

External Database
√ √ √ √
Content Filtering
Antivirus Real Time AV
√ √ √ √
Unlimited File Size √ √ √ √

Scans VPN Tunnels √ √ √ √

√ √ √ √
Compressed Files
Signature Licensor Kaspersky
Automatic Pattern
√ √ √ √
Physical & Power Supply Internal Power Supply 80 PLUS Internal Power Supply
Environmental 280 x 180 x 44 mm 330 x 180 x 44 mm 440 x 400 x 44 mm
11” Rack-Mount 13” Rack-Mount 19” Standard Rack-Mount
0° to 40° C
Storage Temperature -20° to 70° C

Operating Humidity 5% to 95% non-condensing

FCC Class A
CE Class A
Safety UL LVD (EN60950-1) LVD (EN60950-1) cUL, CB

MTBF 186,614 Hours 140,532 Hours 400,000 Hours 310,000 Hours

Actual performance may vary depending on network conditions and activated services.
The maximum firewall plaintext throughput is based on RFC2544 testing methodologies.
VPN throughput is measured using UDP traffic at 1420 byte packet size adhering to RFC 2544.
IPS and Anti-Virus performance test is based on HTTP protocol with a 1Mb file attachment run on the IXIA IxLoad.
Testing is done with multiple flows through multiple port pairs.
Performance based on firmware 2.27.00 and above.
Available when DMZ port is configured as WAN port.
Compatible with D-Link SFP module transceivers: DEM-310GT, DEM-311GT, DEM-312GT2, DEM-314GT, DEM-315GT, DEM-330T, DEM-330R,
DEM-331T, DEM-331R.
Security | DFL-260E/860E/1660/2560(G) 7

Secure Network Implementation Using NetDefendTM UTM Firewalls

D-Link Corporation, No. 289 Xinhu 3rd Road, Neihu, Taipei 114, Taiwan. Specifications are subject to change without notice. D-Link is a registered trademark of D-Link Corporation and its overseas subsidiaries.
All other trademarks belong to their respective owners. ©2010 D-Link Corporation. All rights reserved. Release 02 (October 2010)
Security | DFL-260E/860E/1660/2560(G) 8

D-Link Europe

D-Link European HQ Finland Norway
Albania France Poland
Adria Germany Portugal
Austria Greece Romania
Belgium Hungary Serbia
Bosnia & Herzegovina Italy Slovenia
Bulgaria Kosovo Spain
Croatia Luxembourg Sweden
Czech Republic Montenegro Switzerland
Denmark Netherlands UK & Ireland