Компания D-Link объявляет о появлении нового межсетевого экрана DFL-870

Компания D-Link объявляет о появлении нового межсетевого экрана DFL-870.

В сентябре 2016 года будет доступен для заказа новый межсетевой экран от компании D-Link.


  1. 1. Product General Feature Information

1.1 Hardware Specification

 CPU: Dual core x86 based 1.7GHz processor

 Flash: 4GB Flash


 Interface:

 6 Configurable 10/100/1000Base-T Ethernet ports

 Console: Mini-USB port x 1

 USB 2.0 x 2 (Reserved for future used


1.2.1 Firewall Mode of Operation

 Layer 3 mode: Route mode, NAT mode

 Layer 2 mode: Transparent mode

 Network Address Translation (NAT)

 Port Address Translation (PAT)

 Policy-base NAT

 Port Forwarding

 Time-Scheduled policies configuration

1.2.2 D-Link Joint Security

D-Link switches completed integrate NetDefend UTM Firewall into proactive Joint Security for

protecting enterprise network against various network attacks.

 Host/Network Based Abnormal and Malicious Traffic Detection/Prevention

 Network Threshold Based Detection

 Triggered by IPS/IDP Signature Detection

 Triggered by AV Signature Detection

 Concurrent Connections/Sessions Control by Host/Network Based

 Proactive D-Link ZoneDefense™2.0 Technology (The prerequisite of ZoneDefense capable

switch is to support D-Link Universal ZoneDefense MIB. Please refer to switch’s product

datasheet or specification for more details).

1.2.3 Virtual Private Network (VPN)

 IPSec Protocol: ESP

 IPSec Mode: Tunnel mode, Transport mode

 Encryption Method: DES/3DES/AES/Twofish/Blowfish/CAST-128/NULL

 Authentication Algorithm: MD5, SHA-1

 Perfect Forward Secrecy (DH Group): Group 1, 2, 5

 Support PPTP/L2TP/IPSec/SSL VPN Server

 Support L2TPv3 Server and Client

 PPTP Server support MPPE encryption

 Site to Site VPN, Remote Access VPN for IPSec

 Dedicated VPN Tunnels: up to 300

 IKE mode: Main mode, Aggressive mode

 Key Management:

 Pre-share key

 X.509 v3

 Manual Key

 IPSec NAT Traversal (NAT-T)

 VPN Policy Selection Through: Routing / Policy-Base Routing

 Deed Peer Detection (DPD)

 VPN Tunnel Keep Alive

 Prevent Replay Attack

 Redundant VPN Gateway

 Support VPN Hub and Spoke

 IPSec IKE Config Mode

1.2.4 IP Assignment & Routing

 Static IP address

 PPPoE for xDSL, PPTP Client for xDSL and DHCP Client for WAN interface

 BigPond Cable, Telia compliance

 Multiple PPPoE tunnel

 Support Unnumbered PPPoE

 Internal DHCP Server

 DHCP Relay

 DHCP over IPSec

 Static DHCP addresses assignment

 IP NAT Pool

 IP Alias

 Static Routes

 OSPF Dynamic Routing

 Policy-Based Routing (PBR)

 Virtual Routing

 BPDU Relay





 Support Multiple WAN Link

 Link Aggregation

 Support IEEE 802.1q VLAN: up to 16 VLANs

 Policy-Base 802.1q VLAN

 Double VLAN (Q-in-Q)

 IP Interface: 128 items

 IP Multicast: IGMP v3 routing and forwarding (compatible with v1 and v2)

 DDNS Client: D-Link DDNS,, Peanut Hull (

 H.323 NAT Traversal

 Support ALG (Application Layer Gateway):

 HTTP, FTP, H.323, POP3, SMTP, SIP, TFTP, TLS 1.0 (RFC 2246)

 MPLS Pass through

1.2.6 IPv6 Support

 IPv6 Phase 2 logo certified

 6 in 4 Tunneling

 IPv4/v6 Dual Stack

 IPv6 on Ethernet and VLAN interface

 IPv6 Routing

 IPv6 Firewall rule (Allow, Drop, Reject)

 IPv6 Policy Based Routing

 ICMPv6

 DHCPv6 Server

 IPv6 Neighbor Discovery

1.2.7 System Management

 Install Wizard

 Local Console Interface

 Web UI Interface

 Command Line (CLI) based remote management

 Secure Command Shell (SSH)

 SNTP and UDP Time Synchronization

 Support D-Link NTP Server

 Support PCAP Recording

1.2.8 User and Device Administration

 Multiple Administrators

Note: Only single administrator can login into firewall at the same time to prevent multiple privilege

controls. The second administrative user and later one will be forced to read-only permission

temporarily when first administrative account has been login.

 Multi-level user permission control (Administrator and Read-Only)

 Software upgrade, Configuration Backup/Restore from:

 Web UI

 Trust host for remote management

 Support multi-language Web GUI by uploading specific language file.

1.2.9 User Authentication

 Build-in user database: 500 items

 External user database: RADIUS, Microsoft AD, LDAP (LDAP supports Microsoft Active

Directory 2003, Microsoft Active Directory 2008 and OpenLDAP version 2.2.26)

 Run-Time Web Authentication with Internal and External User Database

 RADIUS Accounting for External Accounting Server

 User Group-Base Authentication

 Support multiple authentication servers at the same time (Maximum 3 servers)

 XAUTH (Extended Authentication) for IPSec authentication

 Support User Identity Awareness

 It enables a dynamic and flexible configurations based on user or user groups to ensure that

the user has access to its resources at anytime from any device.

 Device-Independent access.

 No client installation required.

1.2.10 Logging and Monitoring

 Internal log capacity: 500 records

 Log viewer

 Email notification

 Support external log server: syslog server

 Support 8 log receivers

 Real-Time performance monitor

 Event log and alarm

 Sorting/Filtering/Search log messages

 Support SNMP v1, v2c

 SNMP Trap

 SNMP Standard MIB-II and Private MIB

 VPN tunnel monitor

1.2.11 Bandwidth Management

 Guaranteed Bandwidth

 Maximum Bandwidth

<ass=msonormal style=»color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;»> Priority-Bandwidth utilization

 Policy-Base traffic shaping

 Time-Scheduled traffic shaping

 Bandwidth Management in VPN tunnel

 Dynamic Bandwidth Balancing

 Differentiated Services (DiffServ)

 IDP Traffic Shaping

 It supports to apply to specific source IP addresses or network subnet.

 It supports the “New Connections Throttling” feature; the triggered host will stop after a

configured amount of time

1.2.12 Intrusion Prevention System (IPS/IDP)

 NIDS pattern auto update

 DoS, DDoS attack protection

 Detect Nimda, CodeRed attack

 IP black-listing: It will be triggered by network threshold or IPS/IDP signature database

 Attack alarm via email notification

 ZoneDefense Feature triggered by IPS/IDP Signature Database.

 Subscription-based security service providing 1-year, 2-year and 3-year license period.

1.2.13 Anti-Virus Protection

 Supported Protocol: HTTP, FTP, SMTP and POP3

 Anti-Virus over VPN

 Protocol/Port Configurable

 Scanning of all MIME types

 Supported Compression File Formats: ZIP, GZIP

 Scanning of all MIME types including iPhone applications (.ipa file)

 ZoneDefense Feature triggered by Anti-Virus Signature Database.

 Subscription-based security service providing 1-year, 2-year and 3-year license period.

1.2.15 Dynamic Web Content Filtering

 Subscription-based security service providing 1-year, 2-year and 3-year license period.

 Support Web URL filtering over HTTP and HTTPS traffic.

 Scripts Type: Java Applet, Java Scripts, VB Scripts, Cookies, Active X.

 Web content categories: 32 Categories

 Customize Forbidden Web Page

 Maximum file size protection

 Request URL reclassification

 Allow User Override

 Local database URL Cache

 Support SafeSearch Enforcement




1.2.16 Application Control

 Recognize over 1,000 applications.

 Rule based to configure application filters for users and user groups by signatures.

 Advanced support for bandwidth management, control and prioritization on applications.

 Subscription-based security service providing 1-year, 2-year and 3-year license period.

1.2.17 Traffic Load Balancing

 Outbound traffic load balancing

 Server load balancing

Algorithm for server load balancing feature:

 Round Robin

 Connection Rate

 IP Address/Network Stickiness

 Traffic redirect when any WAN connection failover

1.2.18 Email Security

 Support Protocol: SMTP and POP3

 Sender/Recipient Email address Blacklist/Exempt List filtering (for SMTP protocol only)

 MIME header check for file extensions filtering

 Email rate protection (for SMTP protocol only)

 Email size protection (for SMTP protocol only)

 Anti-Spam (for SMTP protocol only)

 Real-Time DNSBL/Open Relay Database Server

 Weight-based DNS blacklist

 Customize spam tag information in email subject

 Forward blocked emails

  1. 2. Physical Environment

2.1 Power

 100 – 240 VAC Internal AC power supply unit

2.2 Operation Temperature

 0 – 40 ℃

2.3 Storage Temperature

 -20 – 70 ℃

2.4 Operation and Storage Humidity

 5%-95% non-condensing

3.0 Emission (EMI), Safety and other certification

 EMI: FCC Class A, CE Class A, VCCI