Компания D-Link объявляет о появлении нового межсетевого экрана DFL-870.
В сентябре 2016 года будет доступен для заказа новый межсетевой экран от компании D-Link.
DFL-870
1.1 Hardware Specification
CPU: Dual core x86 based 1.7GHz processor
Flash: 4GB Flash
RAM: 2GB DDR3 SDRAM
Interface:
6 Configurable 10/100/1000Base-T Ethernet ports
Console: Mini-USB port x 1
USB 2.0 x 2 (Reserved for future used
1.2.1 Firewall Mode of Operation
Layer 3 mode: Route mode, NAT mode
Layer 2 mode: Transparent mode
Network Address Translation (NAT)
Port Address Translation (PAT)
Policy-base NAT
Port Forwarding
Time-Scheduled policies configuration
1.2.2 D-Link Joint Security
D-Link switches completed integrate NetDefend UTM Firewall into proactive Joint Security for
protecting enterprise network against various network attacks.
Host/Network Based Abnormal and Malicious Traffic Detection/Prevention
Network Threshold Based Detection
Triggered by IPS/IDP Signature Detection
Triggered by AV Signature Detection
Concurrent Connections/Sessions Control by Host/Network Based
Proactive D-Link ZoneDefense™2.0 Technology (The prerequisite of ZoneDefense capable
switch is to support D-Link Universal ZoneDefense MIB. Please refer to switch’s product
datasheet or specification for more details).
1.2.3 Virtual Private Network (VPN)
IPSec Protocol: ESP
IPSec Mode: Tunnel mode, Transport mode
Encryption Method: DES/3DES/AES/Twofish/Blowfish/CAST-128/NULL
Authentication Algorithm: MD5, SHA-1
Perfect Forward Secrecy (DH Group): Group 1, 2, 5
Support PPTP/L2TP/IPSec/SSL VPN Server
Support L2TPv3 Server and Client
PPTP Server support MPPE encryption
Site to Site VPN, Remote Access VPN for IPSec
Dedicated VPN Tunnels: up to 300
IKE mode: Main mode, Aggressive mode
Key Management:
Pre-share key
X.509 v3
Manual Key
IPSec NAT Traversal (NAT-T)
VPN Policy Selection Through: Routing / Policy-Base Routing
Deed Peer Detection (DPD)
VPN Tunnel Keep Alive
Prevent Replay Attack
Redundant VPN Gateway
Support VPN Hub and Spoke
IPSec IKE Config Mode
1.2.4 IP Assignment & Routing
Static IP address
PPPoE for xDSL, PPTP Client for xDSL and DHCP Client for WAN interface
BigPond Cable, Telia compliance
Multiple PPPoE tunnel
Support Unnumbered PPPoE
Internal DHCP Server
DHCP Relay
DHCP over IPSec
Static DHCP addresses assignment
IP NAT Pool
IP Alias
Static Routes
OSPF Dynamic Routing
Policy-Based Routing (PBR)
Virtual Routing
BPDU Relay
1.2.5Networking
Support Multiple WAN Link
Link Aggregation
Support IEEE 802.1q VLAN: up to 16 VLANs
Policy-Base 802.1q VLAN
Double VLAN (Q-in-Q)
IP Interface: 128 items
IP Multicast: IGMP v3 routing and forwarding (compatible with v1 and v2)
DDNS Client: D-Link DDNS, DynDNS.org, TZO.com, dhs.org, Peanut Hull (oray.net)
H.323 NAT Traversal
Support ALG (Application Layer Gateway):
HTTP, FTP, H.323, POP3, SMTP, SIP, TFTP, TLS 1.0 (RFC 2246)
MPLS Pass through
1.2.6 IPv6 Support
IPv6 Phase 2 logo certified
6 in 4 Tunneling
IPv4/v6 Dual Stack
IPv6 on Ethernet and VLAN interface
IPv6 Routing
IPv6 Firewall rule (Allow, Drop, Reject)
IPv6 Policy Based Routing
ICMPv6
DHCPv6 Server
IPv6 Neighbor Discovery
1.2.7 System Management
Install Wizard
Local Console Interface
Web UI Interface
Command Line (CLI) based remote management
Secure Command Shell (SSH)
SNTP and UDP Time Synchronization
Support D-Link NTP Server
Support PCAP Recording
1.2.8 User and Device Administration
Multiple Administrators
Note: Only single administrator can login into firewall at the same time to prevent multiple privilege
controls. The second administrative user and later one will be forced to read-only permission
temporarily when first administrative account has been login.
Multi-level user permission control (Administrator and Read-Only)
Software upgrade, Configuration Backup/Restore from:
Web UI
Trust host for remote management
Support multi-language Web GUI by uploading specific language file.
1.2.9 User Authentication
Build-in user database: 500 items
External user database: RADIUS, Microsoft AD, LDAP (LDAP supports Microsoft Active
Directory 2003, Microsoft Active Directory 2008 and OpenLDAP version 2.2.26)
Run-Time Web Authentication with Internal and External User Database
RADIUS Accounting for External Accounting Server
User Group-Base Authentication
Support multiple authentication servers at the same time (Maximum 3 servers)
XAUTH (Extended Authentication) for IPSec authentication
Support User Identity Awareness
It enables a dynamic and flexible configurations based on user or user groups to ensure that
the user has access to its resources at anytime from any device.
Device-Independent access.
No client installation required.
1.2.10 Logging and Monitoring
Internal log capacity: 500 records
Log viewer
Email notification
Support external log server: syslog server
Support 8 log receivers
Real-Time performance monitor
Event log and alarm
Sorting/Filtering/Search log messages
Support SNMP v1, v2c
SNMP Trap
SNMP Standard MIB-II and Private MIB
VPN tunnel monitor
1.2.11 Bandwidth Management
Guaranteed Bandwidth
Maximum Bandwidth
<ass=msonormal style=»color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;»> Priority-Bandwidth utilization
Policy-Base traffic shaping
Time-Scheduled traffic shaping
Bandwidth Management in VPN tunnel
Dynamic Bandwidth Balancing
Differentiated Services (DiffServ)
IDP Traffic Shaping
It supports to apply to specific source IP addresses or network subnet.
It supports the “New Connections Throttling” feature; the triggered host will stop after a
configured amount of time
1.2.12 Intrusion Prevention System (IPS/IDP)
NIDS pattern auto update
DoS, DDoS attack protection
Detect Nimda, CodeRed attack
IP black-listing: It will be triggered by network threshold or IPS/IDP signature database
Attack alarm via email notification
ZoneDefense Feature triggered by IPS/IDP Signature Database.
Subscription-based security service providing 1-year, 2-year and 3-year license period.
1.2.13 Anti-Virus Protection
Supported Protocol: HTTP, FTP, SMTP and POP3
Anti-Virus over VPN
Protocol/Port Configurable
Scanning of all MIME types
Supported Compression File Formats: ZIP, GZIP
Scanning of all MIME types including iPhone applications (.ipa file)
ZoneDefense Feature triggered by Anti-Virus Signature Database.
Subscription-based security service providing 1-year, 2-year and 3-year license period.
1.2.15 Dynamic Web Content Filtering
Subscription-based security service providing 1-year, 2-year and 3-year license period.
Support Web URL filtering over HTTP and HTTPS traffic.
Scripts Type: Java Applet, Java Scripts, VB Scripts, Cookies, Active X.
Web content categories: 32 Categories
Customize Forbidden Web Page
Maximum file size protection
Request URL reclassification
Allow User Override
Local database URL Cache
Support SafeSearch Enforcement
1.2.16 Application Control
Recognize over 1,000 applications.
Rule based to configure application filters for users and user groups by signatures.
Advanced support for bandwidth management, control and prioritization on applications.
Subscription-based security service providing 1-year, 2-year and 3-year license period.
1.2.17 Traffic Load Balancing
Outbound traffic load balancing
Server load balancing
Algorithm for server load balancing feature:
Round Robin
Connection Rate
IP Address/Network Stickiness
Traffic redirect when any WAN connection failover
1.2.18 Email Security
Support Protocol: SMTP and POP3
Sender/Recipient Email address Blacklist/Exempt List filtering (for SMTP protocol only)
MIME header check for file extensions filtering
Email rate protection (for SMTP protocol only)
Email size protection (for SMTP protocol only)
Anti-Spam (for SMTP protocol only)
Real-Time DNSBL/Open Relay Database Server
Weight-based DNS blacklist
Customize spam tag information in email subject
Forward blocked emails
2.1 Power
100 – 240 VAC Internal AC power supply unit
2.2 Operation Temperature
0 – 40 ℃
2.3 Storage Temperature
-20 – 70 ℃
2.4 Operation and Storage Humidity
5%-95% non-condensing
3.0 Emission (EMI), Safety and other certification
EMI: FCC Class A, CE Class A, VCCI