`
Course Outline
• NetDefend Family Overview & Strategy
• NetDefendOS Feature Introduction
• UTM Feature & NetDefend Subscription
DSC-Security
NETDEFEND FAMILY
OVERVIEW & STRATEGY
NetDefend Family Overview & Strategy
NetDefend Family Overview & Strategy
• D-Link NetDefand Family Introduction
• NetDefendOS Introduction
NetDefend Family Overview & Strategy
D-Link NetDefend Family Introduction
After this section, you should be capable to express:
1. All NetDefend Family
2. D-Link VPN client DS-601/605
3. How to introduce NetDefend IPS Firewall?
4. How to introduce NetDefend UTM Firewall?
5. The competitiveness of NetDefend Firewall Family
6. NetDefend Firewall selling point.
NetDefend Family Overview & Strategy
•Product Line Overview
NetDefend VPN Firewall / UTM Family
SOHO
Small Business
DFL-260
DFL-860
DFL-210
DFL-800
VPN Remote Client Software
DS-601 / 605
Medium Business
DFL-1660
DFL-1600
Enterprise
DFL-2560
DFL-2500
NetDefend Family Overview & Strategy
•VPN Client DS-601/605
D-Link VPN Client Introduction-DS-601/605
•
•
•
•
•
•
Software installable on Windows NT, 98 SE, ME, 2000 or XP
platform.
DS-601: For single user license.
DS-605: For 5 users licenses.
For remote users’ VPN connection from home/outside the office.
Support Tunnel and Transport mode for easy communication
between client and gateway.
Certified interoperability with whole series of D-Link NetDefend
IPS/UTM Firewalls and VPN router to ensure users seamless
connection environment.
NetDefend Family Overview & Strategy
•VPN Client DS-601/605
DS-601/605 Q&A
1. What version does NOT DS-601/605 support? (Multiple Choice)
a. XP
b. Vista
c. 2000
d. MAC OS
2. How many user license does DS-605 provide?
a. 1
b. 3
c. 5
d. 7
3. What is major difference between DS-601 and DS-605?
a. License
b. Specification
c. support service level
d. OS platform
4. Which model can DS-601/605 establish VPN connection with? (Multiple Choice)
a. DFL-800
b. DFL-M510
c. DI-804 HV
d. DSA-5100
NetDefend Family Overview & Strategy
•NetDefendOS
NetDefendOS Introduction
Platform Compatibility: DFL-210/260/800/860/1600/2500
After this section, you should be capable to express:
1. What is NetDefendOS?
2. What management User Interface does NetDefendOS provide?
3. What is ICSA Labs?
4. What is ICSA firewall certified?
NetDefend Family Overview & Strategy
•NetDefendOS
NetDefendOS Introduction
The hardware of D-Link Firewalls DFL-210/260/800/860/1600/2500 is driven and controlled by
NetDefendOS. Designed as a dedicated firewall operating system, NetDefendOS features high
throughput performance with high reliability while at the same time implementing the key
elements of IPS/UTM firewall.
From the administrator's perspective the conceptual approach of NetDefendOS is to visualize
operations through a set of logical building blocks or objects, which allow the configuration of
the product in an almost limitless number of different ways. This granular control allows the
administrator to meet the requirements of the most demanding network security scenario.
NetDefendOS provides two types of management interfaces:
Command Line Interface (CLI):
The Command Line Interface, accessible locally via serial console port or remotely using the
Secure Shell (SSH) protocol, provides the most fine-granular control over all parameters in
NetDefendOS.
Web User Interface:
The Web User Interface provides a user-friendly and intuitive graphical management interface,
accessible from a standard web browser.
NetDefend Family Overview & Strategy
•NetDefendOS
NetDefendOS Introduction
NetDefendOS Benefit
NetDefendOS is a proprietary, close architecture, it has less OS vulnerability, and
more reliability comparing with other competitors who use window OS, Linux or
others open source.
NetDefendOS Certified by ICSA labs:
D-Link’s NetDefend IPS Firewall has passed the strictest firewall certification in
“ICSA Labs – Corporate Firewalls”. The D-Link IPS NetDefend Firewalls have to
pass a series of rigorous tests, including system installation and configuration,
setting security policies, system management, system logging, event testing, port
security and more. Not only did the NetDefend Firewall passes these tests, but it
also earned praise from ICSA Labs’ Network Security Labs for unique features in
the web administration interface that allow administrators to safely make changes to
the firewall’s configuration remotely
D-Link Certified in ICSA Labs:
https://www.icsalabs.com/icsa/product.php?tid=fghhf456fgh
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
NetDefend IPS Firewall Introduction
Enterprise
DFL-2500
Medium
Business
DFL-1600
Small
Business
DFL-800
Branch
Office
DFL-210
80 Mbps
Performance
150 Mbps
320 Mbps
600 Mbps
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
High Performance & Cost Efficiency
DFL- 210 Targets SOHO
• Firewall Throughput: 80Mbps
• VPN Performance: 25Mbps (3DES/AES)
• 1 Ethernet WAN Port, 4 Ethernet LAN Ports,
1 Configurable DMZ Ethernet Port
DFL- 800 Targets Small Business
• Firewall Throughput: 150Mbps
• VPN Performance: 60Mbps (3DES/AES)
• 2 Ethernet WAN Ports, 7 Ethernet LAN Ports,
1 Configurable DMZ Ethernet Port
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
High Performance & Cost Efficiency
DFL- 1600 Targets Medium Business
• Firewall Throughput: 320Mbps
• VPN Performance: 120Mbps (3DES/AES)
• 6 User-Configurable Gigabit Ports
DFL- 2500 Targets Enterprise
• Firewall Throughput: 600Mbps
• VPN Performance: 300Mbps (3DES/AES)
• 8 User-Configurable Gigabit Ports
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
Features of DFL – 210 / 800 / 1600 / 2500
Integrated Functions
• Firewall Protection
• Proactive Security With ZoneDefense
Mechanism
• Content Filtering/Intrusion Detection
• Parental Access Control
• User Authentication
• Instant Message/P2P Blocking
• Denial of Service (DoS) Protection
• Virtual Private Network (VPN) Security
• Bandwidth Management
Content Filtering
• URL/E-Mail Filtering
• Java Script/Active X/Cookie Filtering
• IM/P2P Program Filtering
• Firmware upgraded feature.
Fault Tolerance
• WAN Traffic Fail-Over
• Active/Passive Modes for
High Availability
Bandwidth Management
• WAN Traffic Bandwidth
Management
• Multi-WAN Interfaces for Traffic
Load Sharing
• Outbound Traffic Load Balancing*
• Policy-Based Routing
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
DFL-210 Competitors on the Market
Small Business
Competitors
• SonicWALL TZ170
• Fortinet Fortigate 60
• WatchGuard SOHO 6
• Juniper NetScreen 5GT
• ZyXELL ZyWALL 5 / 35
• Cisco 501
Advantages
Firewall System
• Application Layer Gateway
• H.323 NAT Traversal
support
• RADIUS, LDAP,
Active Directory user
authentication support
Networking
• IEEE 802.1q VLAN
support
• IP Multicast (IGMP)
support
VPN
• Versatile encryption
methods
• Numerous VPN tunnel
support
• PPTP/L2TP Server
support
Traffic Load Balance
•Outbound Traffic load
balancing*
Others
• IP and MAC binding
• IM/P2P blocking support
• Unrestricted user licenses
• Firmware upgraded feature.
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
DFL-800 Competitors on the Market
Small Business
Competitors
• Cisco PIX 506E
• ZyXELL ZyWALL 70
• WatchGuard
Firebox X500
• Fortinet Fortigate 100A
• Juniper NetScreen 25
Advantages
Firewall System
• Zone Defense
• Application Layer Gateway
• H.323 NAT Traversal
support
• RADIUS, LDAP,
Active Directory user
authentication support
VPN
• Versatile encryption
methods
• Numerous VPN tunnel
support
• PPTP/L2TP Server
support
Traffic Load Balance
Networking
• IEEE 802.1q VLAN
support
• IP Multicast (IGMP)
support
•Outbound Traffic load
balancing*
Others
• IP and MAC binding
• IM/P2P blocking support
• Unrestricted user licenses
• Firmware upgraded feature.
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
DFL-1600 Competitors on the Market
Medium Business
Competitors
• SonicWALL 3060
• Fortinet Fortigate 200A
• WatchGuard Firebox
X2500
• Fortinet Fortigate 300A
• Juniper NetScreen 204
• Cisco PIX 525E
Advantages
Interface
• High port density with
configurable Gigabit port
Firewall System
• Zone Defense
• PPTP/L2TP server support
• PPTP/L2TP/IPSec
VPN client pass through
support
• Application Layer
Gateway
• RADIUS, LDAP,
Active Directory user
authentication support
Traffic Load Balance
• Outbound Traffic load
Networking
• IP Multicast (IGMP)
Others
• IP and MAC binding
support
• Firmware upgraded feature.
VPN
• Versatile encryption methods
balancing*
• Server load balancing
• IM/P2P blocking support
• Unrestricted user licenses
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
DFL-2500 Competitors on the Market
Enterprice
Competitors
• Fortinet Fortigate
500A
• Juniper NetScreen
208
Advantages
Interface
• High port density with
configurable Gigabit port
System Performance
• Higher concurrent
session
Firewall System
• Zone Defense
• Application Layer
Gateway
• RADIUS, LDAP,
Active Directory user
authentication support
Networking
• IP Multicast (IGMP) support
VPN
• Versatile encryption methods
• PPTP/L2TP server support
• PPTP/L2TP/IPSec
VPN client pass through
support
Traffic Load Balance
• Outbound Traffic load
balancing*
• Server load balancing
Others
• IP and MAC binding
• Firmware upgraded feature.
• IM/P2P blocking support
• Unrestricted user licenses
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
NetDefend IPS Firewall Q&A
1. Which segment do NetDefend Firewalls fulfill?(Multiple Choice )
a. Home
b. SOHO
c. Telecom
d. SMB
2. Which model do NetDefend Firewall provide gigabit interface? (Multiple Choice )
a. DFL-800
b. DFL-210
c. DFL-1600
d. DFL-2500
3. What is the competitor for DFL-210?
a. Fortinet Fortigate 60
b. WatchGuard Firebox X500
c. Juniper NetScreen 25
d. Cisco PIX 515
4. What is the competitor for DFL-800?
a. Fortinet Fortigate 60
b. WatchGuard Firebox X500
c. Juniper NetScreen 204
d. Cisco PIX 506
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
NetDefend IPS Firewall Q&A
5. What is the competitor for DFL-1600?
a. Fortinet Fortigate 300A
b. WatchGuard Firebox X500
c. Juniper NetScreen 204
d. SonicWALL Pro 2040
6. What is the competitor for DFL-2500?
a. Fortinet Fortigate 400A
b. WatchGuard Firebox X2500
c. Juniper NetScreen 208
d. SonicWALL Pro 3060
7. Which model does support port configurable?
a. DFL-210
b. DFL-800
c. DFL-1600
d. DFL-2500
e. All of Above
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
NetDefend IPS Firewall Q&A
8. What feature does NOT NetDefend DFL-210 Firewall support?
a. Traffic Shaping
b. Server load balancing
c. IPS
d. Policy based routing
9. What model can support HA? (Multiple Choice )
a. DFL-210
b. DFL-800
c. DFL-1600
d. DFL-2500
10. What model can NOT support ZoneDefense?
a. DFL-210
b. DFL-800
c. DFL-1600
d. DFL-2500
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
NetDefend IPS Firewall Q&A
11. Which detail is WRONG for firewall/VPN throughput?
a. DFL-210 80/25 Mbps
b. DFL-800 150/80 Mbps
c. DFL-1600 320/120 Mbps
d. DFL-2500 600/300Mbps
12. What kind of user authentication does firewall support?
a. LDAP
b. RADIUS
c. Active Directory
d. All of above
13 How many user license does DFL-210 support?
a. 100
b. 200
c. 300
d. Unrestricted user licenses
NetDefend Family Overview & Strategy
•NetDefend IPS Firewall
NetDefend IPS Firewall Q&A
14. Which model is for branch office?
a. DFL-210
b. DFL-800
c. DFL-1600
d. DFL-2500
15. Which model is for small business?
a. DFL-210
b. DFL-800
c. DFL-1600
d. DFL-2500
16. What is NetDefend Firewall ‘s advantage?
a. Firewall and VPN throughput
b. Joint defense with switch
c. Comprehensive feature set
d. Flexible interface module
17. Which feature can integrate Switch into security solution from gateway to endpoint?
a. Web Contend Filtering
b. Anti-Virus
c. Intrusion Prevention System
d. ZoneDefense
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
NetDefend UTM Product Overview
Stemming from NetDefendOS
Adopting the same kernel certified by ICSA Labs, NetDefend UTM
Firewall also integrates innovative technologies from world leading
IPS, AV and WCF partners.
NetDefend UTM Firewall Portfolio
Firewall
VPN



IPS
Antivirus
Web
Content
Filtering
Application
Control
Targets at SMBs and Enterprises to enable protections against all varieties
of network threats simultaneously in real time.
Positions at high throughput and high performance UTM Firewalls with Truly
Hardware Acceleration
Incorporates leading technologies of IPS, Antivirus and Web Content
Filtering from well-known vendors
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
NetDefend UTM Firewall Introduction

NetDefend UTM firewall DFL-260/860 series is D-Link’s brand new Unified Threat
Management (UTM) Firewall solution which further integrates IPS, Anti-Virus and Web
Content Filtering, providing more secure and productive networking for SMBs.

All hardware design of NetDefend UTM Firewall such as housing, Ethernet interface and
Web GUI are same as NetDefend IPS firewall, additionally, NetDefend UTM Firewall
equips with hardware acceleration for speeding up IPS and Anti-Virus scanning
performance, outranges Cisco, WatchGuard, SonicWALL, Juniper and Fortinet in the
same market segment.
DFL- 260 Targets SOHO
•
•
•
•
•
Firewall Throughput: 80Mbps
VPN Performance: 25Mbps
IPS Performance: 25Mbps
Anti-Virus Performance: 25Mbps
Web Content Filtering: 30+ Categories
DFL- 860 Targets Small Business
•
•
•
•
•
Firewall Throughput: 150Mbps
VPN Performance: 60Mbps
IPS Performance: 50Mbps
Anti-Virus Performance: 50Mbps
Web Content Filtering: 30+ Categories
NetDefend Family Overview & Strategy
•UTM/IPS Firewall Key Competency
You already learned a lot of IPS and UTM firewall features in previous slides.
The followings are IPS/UTM firewall key advantages to compete with our
competitors in the market
UTM/IPS Firewall Key Competency

NetDefend IPS/UTM Firewall delivers rich advanced features in friendly and
easy configuration, enables the stability, flexibility and scalability of IT
infrastructure, makes it a cost-effective solution for Small to Medium
Business (SMB).

Emerging network threats and Zero-Day attacks drive the market demand
toward seeking a more robust security mechanism. Built with advanced IPS
signatures technology and powered by Kaspersky anti-virus solution (only
UTM Firewall), NetDefend IPS/UTM Firewall is the efficient and effective
solution to stop various network threats and attacks for SMBs.

NetDefend UTM Firewall delivers with High Port Density, and built-in
Multiple WAN Ports and WAN / LAN / DMZ Port Configurable enables
customers scale their infrastructure on their own demands.
NetDefend Family Overview & Strategy
•UTM/IPS Firewall Key Competency

NetDefend UTM Firewall offers High Network Throughputs and High
Network Performance for customers, providing up to 80 / 150 Mbps
Firewall Throughput, and 25 / 60 Mbps IPSec VPN Throughput, in
respective with DFL-260 / 860.

NetDefend UTM Firewall enables WAN Load Balance, WAN Fail-over,
and Server Load Balance to provide customers continuous Internet
connection and smooth network services mechanism.

NetDefend UTM Firewall provides advanced Traffic Shaping Technology,
which allows prioritize and differentiate network traffic according to the
service precedence. For Mission-critical service, the bandwidth can always
be guaranteed and optimized, meanwhile for the minor service, the
bandwidth can be adjusted dynamically upon network traffic condition.

NetDefend UTM Firewall features not only an intuitive and object-oriented
user interface that can be easily configured via a web console, but also a
Command-Line Interface (CLI) with full function sets for advanced users.
User can easily configure or perform the administrative functions of the
firewalls.
NetDefend Family Overview & Strategy
•UTM/IPS Firewall Key Competency

Multiple Encryption Methods are implemented on NetDefend UTM Firewall,
including DES, 3DES, AES, Twofish, Blowfish and CAST-128, to provide
secure VPN connections for SMB and enterprises.

NetDefend UTM Firewall features Built-in IPS and Anti-Virus proactive
engine, commit customers to effectively detect and prevent hybrid network
threats with low false-positive rate.

ZoneDefense integrates D-Link NetDefend Firewall and xStack Switch to
enable the Proactive Network Security mechanism. Whenever network virus
or worm attacks are detected by the Firewall, ZoneDefense triggers and
notifies D-Link Switches automatically, in real time the infected hosts are
disconnected to further stop mutual infection among internal hosts.
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
High Performance of NetDefend UTM Firewall
NetDefend UTM Firewall equip with a hardware accelerator for layer 7
content inspection, which increase IPS and Anti-Virus high
performance of NetDefend UTM Firewall than other competitors.
DFL-260
DFL-860
UTM Firewall Performance
80Mbps
150Mbps
VPN Performance
25Mbps
60Mbps
IPS Performance
25Mbps
50Mbps
Anti-Virus Performance
25Mbps
50Mbps
Web Content Filtering
Y
Y
We also compare IPS and Anti-Virus performance with a famous security
provider J company’s UTM firewall in next slides for your reference.
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
1. High IPS performance with hardware accelerator.
2. UTM firewall throughput is Triple higher than J company XX 20.
For more detail will be introduced in IPS Feature chapter
*Test Criteria: 5 concurrent users download 10 MB file by HTTP protocol
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
1. Super fast Anti-Virus scanning by hardware accelerator.
2. Scanning capability is Triple faster than J company XX 20.
D-Link ONLY spends 8 seconds to finish 10MB file transmission, but J company
needs to speed 30 seconds.
For more detail will be introduced in Anti-Virus Feature chapter
*Test Criteria: 5 concurrent users download 10 MB file by HTTP protocol
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
1. Huge and comprehensive IPS signature database.
2. IPS database is 10x larger than J company XX 20.
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
DFL-860
J company XX 20
54 / 52 Mbps*
22 / 16 Mbps
8000+
808
File Transmission Speed (10MB)
14 seconds
35 seconds
File size limitation
No limitation
10MB
Anti-Virus / IPS Performance
IPS Signature Number

Double more performance for Anti-Virus scanning.

Triple performance for Intrusion Prevention System.

Providing 8000+ signatures to cover most intrusion attacks and high IPS
performance 52 Mbps compete with J company who is using few IPS signatures
(#808) and poor performance (13 Mbps).
* Value is based on real traffic.
For more detail will be introduced in IPS and Anti-Virus Feature chapter.
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
DFL-860
J company XX 20
54 / 52 Mbps
22 / 16 Mbps
8000+
808
File Transmission Speed (10MB)
14 seconds
35 seconds
File size limitation
No limitation
10MB
Anti-Virus / IPS Performance
IPS Signature Number

Streaming Based Technology speeds up 2X UTM performance for Anti-Virus scanning.

No File size limitation, supporting large file scanning for Anti-Virus.

No current Session Limited, keep high performance with uses increased.

Other competitors as J company, implement Proxy Mode that have to store file, and then
scan it, the bottleneck of file size and connection number are limited by device memory
size.
For more detail will be introduced in IPS and Anti-Virus Feature chapter
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
UTM Performance
Competitive Comparison & Analysis
• Firewall Throughput: 80Mbps
• VPN Throughput: 25Mbps
• Hardware Based IPS
• Hardware Based Anti-Virus
• Firewall Throughput: 75Mbps
• VPN Throughput: 20Mbps
• Software Based IPS
• Software Based Anti-Virus
DFL-260
ZyWall 5
UTM
SonicWAL
L TZ 190
Fortigate 60
• Firewall Throughput: 70Mbps
• VPN Throughput: 20Mbps
• Software Based IPS
• Software Based Anti-Virus
Juniper 5GT
• Firewall Throughput: 65Mbps
• VPN Throughput: 25Mbps
• Hardware Based IPS
• Hardware Based Anti-Virus
• Firewall Throughput: 90Mbps
• VPN Throughput: 30+Mbps
• Software Based IPS
• Software Based Anti-Virus
• Expensive optional license charge is required !
Price
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
Competitive Comparison & Analysis
UTM Performance
• Firewall Throughput: 150Mbps
• VPN Throughput: 60Mbps
• Hardware Based IPS
• Hardware Based Anti-Virus
DFL-860
Juniper SSG 20
ZyWall 70
SonicWALL Pro
2040
• Firewall Throughput: 160Mbps
• VPN Throughput: 40Mbps
• Software Based IPS
• Software Based IPS
Fortinet 200A
WatchGuard X550e
• Firewall Throughput: 100Mbps
• VPN Throughput: 40Mbps
• Hardware Based IPS
• Hardware Based Anti-Virus
• Firewall Throughput: 200Mbps
• VPN Throughput: 50Mbps
• Software Based IPS
• Software Based Anti-Virus
• Expensive optional license charge is required !
• Firewall Throughput: 150Mbps
• VPN Throughput: 70Mbps
• Poor IPS& AV performance
• Firewall Throughput: 125Mbps
• VPN Throughput: 20Mbps
• Software Based IPS
• Software Based Anti-Virus
Price
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
Summary:
NetDefend UTM Firewall Selling Point
Adopting the same kernel certified by ICSA Labs, NetDefend UTM Firewall also
integrates innovative technologies from world leading IPS, AV and WCF partners.







High throughput, high performance with truly Hardware Acceleration.
Fast file transmission speed for Anti-Virus scanning capability.
Comprehensive IPS signature database (8000+).
No file size and connection limitation for Anti-Virus scanning. Other
competitors can not prevent virus hidden in over specific file size and
not able to support large concurrent sessions.
Well-Known Anti-Virus database by Kaspersky
Triggering ZoneDefense by IPS and Anti-Virus* to real-time protect
virus or network worm outbreak.
NetDefend Center website provides great value information for
network security
* Support in future release
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
NetDefend UTM Firewall Q&A
1. Which NetDefend UTM Firewall are available now? (Multiple Choice )
a. DFL-260
b. DFL-860
c. DFL-1660
d. DFL-2560
2. What new feature does NetDefend firewall support after firmware version 2.20?
a. IPS
b. Anti-Virus
c. Web Content Filtering
d. Anti-SPAM
3. Why can D-Link UTM Firewall reach high performance?
a. Embed hardware accelerator
b. Anti-Virus Engine by Kaspersky
c. New CPU processor
d. New software core
4. What is the IPS and Anti-Virus performance of DFL-860?
a. 30/30 Mbps
b. 50/50 Mbps
c. 45/45 Mbps
d. 60/60 Mbps
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
NetDefend UTM Firewall Q&A
5. What is the IPS and Anti-Virus performance of DFL-260?
a. 20/20 Mbps
b. 40/20 Mbps
c. 30/30 Mbps
d. 35/35 Mbps
6. How many MB is file size limitation of UTM Firewall for anti-virus?
a. 3 MB
b. 5MB
c. 10 MB
d. No limitation
7. Who is the anti-virus signature vendor?
a. Trendmicro
b. Symantec
c. McAfee
d. Kaspersky
8. How many number of IPS signatures is in UTM database?
a. 3000+
b. 6000+
c. 8000+
d. 5000+
NetDefend Family Overview & Strategy
•NetDefend UTM Firewall
NetDefend UTM Firewall Q&A
9. What is major difference between UTM firewall and IPS firewall?
a. UTM firewall has VPN, but IPS firewall has not
b. UTM firewall has Anti-Virus and WCF, but IPS firewall does not
c. UTM firewall has IPS and Anti-Virus, but IPS firewall has IPS and WCF
d. UTM firewall has WCF and Anti-Virus, but IPS firewall has IPS and Anti-Virus.
10. What is D-Link UTM’s advantages?
a. Performance
b. Signature number
c. scanning file size
d. ZoneDefense (exclude DFL-260)
e. all of above
NetDefend Family Overview & Strategy
•Competitive Comparison & Analysis
NetDefend Family’s Competency
• Following is our advantage:
–
–
–
–
Sufficient features
Solution oriented
Outstanding performance
Affordable price
• How to fight with our major competitors?
–
–
–
–
Fortinet
SonicWALL
Juniper
ZyXEL
NetDefend Family Overview & Strategy
•Competitive Comparison & Analysis
Compare with Fortinet
Myth of Fortinet
Fortinet is a innovator which provides
many advanced security features in
security market.
How to Compete with Fortinet?
NetDefend’s Advantages and & Counterplot
Weakness
Poor performance with anti-virus or IPS enabled
Complete firewall products, but have no total solution
Only provide 30 days free trial for UTM service
Anti-Virus database is not from well-known provider
IPS signature is only 2,000
Service coverage focus on main countries
Conclusion
 Comparing with D-Link security product, Forinet seems to have complete
product line, but the performance and feature of D-Link firewall are
excellent.
 D-Link is to provides network total solution to customers, not single product,
firewalls integrate xStack switch to be ZoneDefense solution, unified switch
integrates access point to be a wireless management solution.
 D-Link have complete service coverage by 130+ office on 70+ countries
worldwide.
NetDefend Family Overview & Strategy
•Competitive Comparison & Analysis
Compare with SonicWALL
Myth of SonicWALL
SonicWALL promotes his deep
packet inspection technology and
integrated security features.
How to Compete with SonicWALL?
NetDefend’s Advantages and & Counterplot
Several advanced features have to purchase enhanced OS and upgrade
license, such as Policy-based routing, advanced NAT feature, sufficient
Policy number, HA, Load Balancing, Object-based Management and LDAP.
Though the client purchases enhanced OS to support HA feature,
SonicWALL still does not provide Firewall and VPN session synchronization.
It’s a lame solution for H.A.
After license upgrade, SonicWALL still lacks some enhanced network
feature, such as PPTP Server and 802.1q VLAN support.
Bandwidth / traffic control is always their weak point, they never mentioned
traffic shaping and traffic load balancing feature.
No Gigabit interfaces and VPN tunnel number is limited
Conclusion
 Without purchasing extra license, D-Link NetDefend firewall is already builtin many advanced network features in signal license
 D-Link delivers enterprise-level security solution, ZoneDefense, to
customers for fulfilling Joint Security.
 D-Link NetDefend Firewall delivers the best Total Costs of Ownership (TCO)
for customers.
NetDefend Family Overview & Strategy
•Competitive Comparison & Analysis
Compare with Juniper
Myth of Juniper
Juniper is the market leader in
security market. Juniper Firewall
enables L2 and L3 operation mode,
meanwhile highlight their signature
pack for network security.
How to Compete with Juniper?
NetDefend’s Advantages and & Counterplot
L2 mode (Transparent mode) or L3 mode (Router / NAT mode) cannot coexist, meanwhile the operation mode change will lose all of the
configuration.
10MB file size limitation for file based Anti-Virus scanning. It needs more
latency time especially for multiple files transfer for real environment.
Juniper only delivers simple QoS for traffic prioritization. There are no any
advanced and granular setting to guarantee per-user bandwidth control.
Juniper still lacks some enhanced network feature, such as PPTP Server,
Server Load Balancing, Dynamic Bandwidth Balancing Mechanism.
Conclusion
 D-Link NetDefend Firewall has high C/P rate and reduce business Total
Cost Ownership. No extra cost for full set features.
 D-Link can integrate all xStack switch series to enable client-less with endpoint security solution: ZoneDefense technology.
 Full set functionality: High port density (entry level) and all Gbe Copper
interfaces (Enterprise) which can fulfill different environment requests.
NetDefend Family Overview & Strategy
•Competitive Comparison & Analysis
Compare with ZyXEL
Myth of ZyXEL
ZyXEL’s ZyWALL is ICSA-certified,
and earns excellent reputation in
SMB segment of security appliance
market in Europe. How to Compete
with ZyXEL?
NetDefend’s Advantages and & Counterplot
ZyWALL Firewall and UTM series have limited port interfaces, lack of
expansibility for SMBs.
ZyWALL Firewall and UTM series provide limited number of VPN tunnels.
For ZyWALL 70 UTM, its VPN tunnels at most is 1,000.
Only ZyWALL 1050 supports 802.1Q VLAN, for the rest models, they do not
support 802.1Q at all.
ZyWALL Firewall and UTM series do not support L2TP Server.
ZyWALL security service bundles Anti-Virus and IDP together, customers
cannot buy either one individually.
ZyWALL Firewall and UTM series are ICSA-certified with the testing criteria
“Residential” only, rather than the “Corporate” criteria.
Conclusion
 D-Link NetDefend Firewall and UTM series pass ICSA Corporate Level
testing criteria, however ZyWALL pass ICSA Residential Lcevel only .
 D-Link can integrate all xStack switch series to enable client-less with endpoint security solution: ZoneDefense technology.
 Compared with ZyXEL, D-Link’s brand is more sounding and has more
comprehensive office and tech-support network around the world.
DCS-Security
NETDEFENDOS FEATURE
INTRODUCTION
NetDefendOS Feature Introduction
Key Features in NetDefendOS
•
•
•
•
•
•
•
•
Routing Features
Route Failover
Virtual Private Network (VPN)
Virtual Local Area Network (VLAN)
High Availability (HA)
Traffic Management
User Authentication
ZoneDefense
NetDefendOS Feature Introduction
•Routing Features
Routing Features in NetDefendOS
Platform Compatibility: DFL-210/260/800/860/1600/2500
After this section, you should be capable to express:
1. What is static routing?
2. What is the PBR (Policy Based Route)?
3. What could we achieve when using this feature?
4. What is load sharing?
5. What is the key component of load sharing?
6. What is dynamic routing?
7. What is the difference between dynamic and static routing?
NetDefendOS Feature Introduction
•Routing Features
Static Route & Route Failover
Internet
Red Line
ISP1
Green Line
ISP2
LAN Net
NetDefendOS Feature Introduction
•Routing Features
Policy Based Route
• The NetDefendOS provides following types of PBR
– Source-based routing
– Service-based routing
• Benefit of Policy Based Route:
– Load sharing between multiple WAN links
NetDefendOS Feature Introduction
•Routing Features
Dynamic Routing
• Why do we need dynamic routing?
• What is dynamic routing?
• What dynamic routing do we support?
– OSPF (Open Shortest Path First)
NetDefendOS Feature Introduction
•Routing Features
Load Sharing
• More than two internet connections
• Interoperate with PBR
– Source-based routing
– Service-based routing
NetDefendOS Feature Introduction
•Routing Features
Competitive Analysis
Static Route, PBR, OSPF
Static
Route
PBR
OSPF
Load
Sharing
SonicWALL
√
√
√
√
WatchGuard
√
√
√
√
Fortinet
√
√
√
√
Juniper
√
√
√
√
Cisco
√
√
√
√
NetDefendOS Feature Introduction
•Routing Features
Summary:
Routing Features in NetDefendOS
• Routing determines the path from source to destination
– Static Routing: predefined path
– Dynamic Routing: learning and updating the path automatically
• Policy Based Route (PBR) determines path according to
– Service type; different traffics (HTTP or FTP) use different routes
– Source IP address; different users use different routes
• Via Policy Based Route (PBR), load sharing between
multiple WAN links could be achieved
NetDefendOS Feature Introduction
•Routing Features
Routing Features Q&A
1.
What kind of dynamic routing protocol does NetDefendOS support?
a. RIP (Routing Information Protocol)
b. OSPF (Open Shortest Path First)
c. BGP (Border Gateway Protocol)
d. EGP (Exterior Gateway Protocol)
2.
Does NetDefendOS support Route Failover feature?
a. YES
b. No
3.
What of following feature is NOT supported in NetDefendOS Firewall?
a. Static Route
b. Policy Based Route
c. RIP (Routing Information Protocol)
d. OSPF (Open Shortest Path Fast)
NetDefendOS Feature Introduction
•Routing Features
Routing Features Q&A
4.
Which of following PBR is NOT supported in NetDefendOS ? (Multiple Choice)
a. Source-based routing
b. Service-based routing
c. Schedule-based routing
d. Port-based routing
5.
With which feature, NetDefendOS could support load sharing between multiple WAN links?
a. Static Route
b. Traffic Management
c. Dynamic Route
d. Policy Based Route
6.
Which model support load sharing feature?
a. DFL-210
b. DFL-800
c. DFL-1600
d. DFL-2500
e. All above
NetDefendOS Feature Introduction
•Route Failover
Route Failover
Platform Compatibility: DFL-210/260/800/860/1600/2500
After completing this section, you will be able to:
1. Describe what is Route Failover and its benefits
2. Describe how to implement Route Failover solution
3. Describe the selling point for Route Failover
NetDefendOS Feature Introduction
•Route Failover
What is Route Failover
• Firewall is often deployed as the gateway of a network where
availability and connectivity is crucial. Today corporations are relying
heavily on the access to the Internet, and their operations will be
severely disrupted if an Internet connection fails.
• To utilize multiple ISPs/ WAN links, NetDefendOS provides a Route
Failover capability. Therefore, when one route fail, traffic can
automatically failover to another alternative route.
NetDefendOS Feature Introduction
•Route Failover
A Typical Scenario of Failover
Route Failover allows the connections to different Internet Service Providers to
avoid a single point of failure. Consequently, it enables enterprises to have
backup Internet connectivity using a secondary Internet Service Provider (ISP).
NetDefendOS Feature Introduction
•Route Failover
How NetDefendOS Delivers Failover
For a route with Route Monitoring enabled, one of Route Monitoring
methods must be chosen:
– Interface Link Status
– Gateway Monitoring
NetDefendOS Feature Introduction
•Route Failover
Competitive Analysis –
Failover Feature Comparison
The D-Link NetDefend Route Failover Feature Comparison:
• SonicWALL
• ZyXEL
• WatchGuard
• Cisco
• Juniper
• Fortinet
NetDefendOS Feature Introduction
•Route Failover
DFL-210
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-210
TZ 180
10 Node Lic /
25 Node Lic
TZ 190
ZyWALL 5
ZyWALL 35
X Edge 5
X Edge 15
Failover
Y
Y
Y
Not Available
Y
Optional
Optional
Small-to-Medium
Business Segment
D-Link
Features / Competitors
DFL-210
PIX 501
PIX 506E
5XT
5GT
FortiGate60
FortiGate100A
Failover
Y
Not Available
Not Available
Optional
Optional
Y
Y
SonicWALL
ZyXEL
Cisco
WatchGuard Firebox
Juniper
Fortinet
NetDefendOS Feature Introduction
•Route Failover
DFL-260
Small-to-Medium
Business Segment
D-Link
SonicWALL
Features / Competitors
DFL-260
Pro 1260
Standard /
Enhanced
ZyWALL 5
UTM
ZyWALL 35
UTM
X Edge
X10e
X Edge
X20e
X Edge
X20e
Failover
Y
Y
Not
Available
Y
Optional
Optional
Y
Small-to-Medium
Business Segment
D-Link
Cisco
Features / Competitors
DFL-260
N/A
5XT
5GT
FortiGate-60/60A
FortiGate-100A
Failover
Y
N/A
Optional
Optional
Y
Y
ZyXEL
WatchGuard Firebox
Juniper
Fortinet
NetDefendOS Feature Introduction
•Route Failover
DFL-800
Small-to-Medium
Business Segment
D-Link
Features / Competitors
DFL-800
Pro 1260
Standard /
Enhanced
Pro 2040
Standard /
Enhanced
ZyWALL 70
X Core X500
Standard /
Advanced
X Core X700
Standard /
Advanced
Failover
Y
Y
Y
Y
Optional / Yes
Optional / Yes
Small-to-Medium
Business Segment
D-Link
Features / Competitors
DFL-800
PIX 506E
PIX 515E
(R, DMZ) / (UR,
FO, FO-AA)
NetScreen
-25
NetScreen
-50
FortiGate100A
FortiGate200A
Failover
Y
Not
Available
Not Available /
Y
Y
Y
Y
Y
SonicWALL
ZyXEL
Cisco
WatchGuard Firebox
Juniper
Fortinet
NetDefendOS Feature Introduction
•Route Failover
DFL-860
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-860
Pro 1260
Standard /
Enhanced
Pro 2040
Standard /
Enhanced
ZyWALL 70
UTM
X Core X500
Standard /
Advanced
X Core X700
Standard /
Advanced
Failover
Y
Y
Y
Y
Optional / Yes
Optional / Yes
Small-to-Medium
Business Segment
D-Link
Cisco
Features /
Competitors
DFL-860
ASA 5505
Base / Security Plus
Failover
Y
Not Available / Y
SonicWALL
ZyXEL
WatchGuard
Juniper
SSG 5
Base /
Extended
SSG 20
Base /
Extended
Y
Fortinet
FortiGate100A
FortiGate200A
Y
Y
NetDefendOS Feature Introduction
•Route Failover
Summary:
Route Failover
• Today the low costs of xDSL lines makes it possible to allow SMBs
utilize multiple ISPs/ WAN links as WAN backup via Route Failover
feature to prevent operations severely disrupted due to Internet
connection fails.
• In the entry level model segment such as DFL-210/260/800/860, most
competitors deliver Route Failover feature as an option, and require to
pay extra fee for this feature. Different from our competitors, considering
the IT demands of SMB, the D-Link NetDefend IPS/UTM Firewall family
generously bundles the Route Failover feature with no need to pay extra
costs for the license upgrade.
• D-Link NetDefend IPS/UTM Firewall family delivers the affordable price
with best-value security feature set for SMBs.
NetDefendOS Feature Introduction
•VPN
VPN
Platform Compatibility: DFL-210/260/800/860/1600/2500
After completing this section, you will be able to:
1. Describe what is VPN and its benefits
2. Describe how to implement VPN solutions
3. Describe the selling point for VPN
NetDefendOS Feature Introduction
•VPN
What is VPN?
• A Virtual Private Network (VPN) is a private network connection that
occurs through a public network.
• VPNs can be used to connect LANs together across the Internet or
other public networks. With a VPN, the remote end appears to be
connected to the network as if it were connected locally.
• VPN has attracted the attention of many organizations looking to both
expand their networking capabilities and reduce their costs.
NetDefendOS Feature Introduction
•VPN
A Typical Scenario of VPN Solutions
Tunneling Protocol:
• L2TP
• Remote Access VPN
Internet
• PPTP
• IPSec
• Site-to-Site VPN
Local Network
Local Network
NetDefendOS Feature Introduction
•VPN
A Close Look at IPSec VPN Topology
• Site-to-Site Topology
Internet
DFL-2500
DFL-210/260/800/860
VPN Tunnel is
dedicated.
Local Network
Local Network
Head Office
Client
Server
Remote Office / Branch Office
(ROBO)
NetDefendOS Feature Introduction
•VPN
A Close Look at IPSec VPN Topology
• Hub-and-Spoke Topology
Client
Local Network
Spoke
Internet
Remote Office 1
DFL-210/260/800/860
DFL-2500
Hub
Client
Local Network
Local Network
Spoke
Head Office
Remote Office 2
NetDefendOS Feature Introduction
•VPN
More Discussion about IPSec VPNs
•
•
•
Rules and Routing play the key role in IPSec VPN configuration
NetDefendOS provides IPSec VPN connection via Rule-based VPN Configuration
Rule-based Configuration enables granular controls for administrators to decide what
traffic should go through the tunnel.
FTP Server
on the Internet
Internet

DFL-2500
DFL-210/260/800/860
Rule Action: Allow
Service: FTP
Local Network
Local Network
The client is not allowed to access FTP
servers on the Internet; however, he/she is
allowed to access the internal FTP server at
the Head Office via VPN tunnel
Head Office
Remote Office
Client
FTP Server
NetDefendOS Feature Introduction
•VPN
Remote Access VPNs
• The IP address of remote access clients are normally dynamic.
• Users usually require to install a VPN software on the machine.
• Tunnel connections are between a remote user’s computer and the VPN appliance.
Internet
Local Network
VPN Remote Client Software
NetDefendOS Feature Introduction
•VPN
Planning a VPN
In designing a VPN, there are many considerations that need to be
addressed, including:
• Protecting mobile and home computers
• Restricting access through the VPN to needed services, only when
mobile computers are potentially vulnerable
• Creating DMZs for services that need to be shared with other
companies through VPNs
• Adapting VPN access policies for different groups of users
• Creating key distribution policies
NetDefendOS Feature Introduction
•VPN
Competitive Analysis –
VPN Feature Comparison
The D-Link NetDefend VPN Feature Comparison:
• SonicWALL
• ZyXEL
• WatchGuard
• Cisco
• Juniper
• Fortinet
NetDefendOS Feature Introduction
•VPN
DFL-210
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-210
TZ 180
10 Node Lic / 25
Node Lic
TZ 190
ZyWALL 5
ZyWALL 35
X Edge 5
X Edge 15
80Mbps
90+Mbps
90+Mbps
65Mbps
70Mbps
80Mbps
95Mbps
25Mbps
30+Mbps
30+Mbps
25Mbps
30Mbps
35Mbps
35Mbps
2 / 10
15
2
15
1/11
5/25
Firewall Throughput
VPN Throughput
VPN
Site-to-Site
Tunnel
100
Client-to-Site
Tunnel
SonicWALL
0 (Bundled) - 5
(Max) /
1 (Bundled) -25
(Max)
ZyXEL
10
2 (Bundled)
- 25
WatchGuard Firebox
35
NetDefendOS Feature Introduction
•VPN
DFL-210
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-210
PIX 501
PIX 506E
5XT
5GT
FortiGate-60
FortiGate100A
80Mbps
60Mbps
100Mbps
70Mbps
75Mbps
70Mbps
100Mbps
25Mbps
3Mbps
15Mbps
20Mbps
20Mbps
20Mbps
40Mbps
100
10
25
10
10
50
80
Firewall Throughput
VPN
Throughput
VPN
Cisco
Juniper
Fortinet
Site-to-Site
Tunnel
Client-to-Site
Tunnel
NetDefendOS Feature Introduction
•VPN
DFL-260
Small-to-Medium
Business Segment
D-Link
SonicWALL
Features / Competitors
DFL-260
Pro 1260
Standard /
Enhanced
ZyWALL 5
UTM
ZyWALL 35
UTM
X Edge
X10e
X Edge X20e
X Edge X20e
Firewall Throughput
80Mbps
90Mbps
65Mbps
70Mbps
100Mbps
100Mbps
100Mbps
25Mbps
30Mbps
25Mbps
30Mbps
35Mbps
35Mbps
35Mbps
5
15
25
5 (Bundled)
- 11
5 (Bundled)
- 25
5 (Bundled)
- 55
VPN Throughput
VPN
Site-to-Site
Tunnel
WatchGuard Firebox
25
100
Client-to-Site
Tunnel
ZyXEL
10
50
35
NetDefendOS Feature Introduction
•VPN
DFL-260
Small-to-Medium
Business Segment
D-Link
Cisco
Features / Competitors
DFL-260
N/A
Firewall Throughput
VPN
Throughput
Juniper
Fortinet
5XT
5GT
FortiGate-60/60A
FortiGate-100A
80Mbps
70Mbps
75Mbps
70Mbps
100Mbps
25Mbps
20Mbps
20Mbps
20Mbps
40Mbps
10
10
50
80
N/A
VPN
Site-to-Site
Tunnel
100
Client-to-Site
Tunnel
NetDefendOS Feature Introduction
•VPN
DFL-800
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-800
Pro 1260
Standard /
Enhanced
Pro 2040
Standard /
Enhanced
ZyWALL 70
X Core X500
Standard / Advanced
X Core X700
Standard /
Advanced
Firewall Throughput
150Mbps
90Mbps
200Mbps
90Mbps
100/110 Mbps
150/160 Mbps
60Mbps
30Mbps
50Mbps
40Mbps
20/30 Mbps
40/60 Mbps
25
50
0 - 50 (Need to
Upgrade)
100
5 (Bundled) - 50
10 (Bundled) 100
VPN Throughput
VPN
Site-to-Site
Tunnel
SonicWALL
300
Client-to-Site
Tunnel
ZyXEL
WatchGuard Firebox
100
5
(Bundled)
- 50
10 (Bundled) 50/200
NetDefendOS Feature Introduction
•VPN
DFL-800
Small-to-Medium
Business Segment
D-Link
Features / Competitors
DFL-800
PIX 506E
PIX 515E
(R, DMZ) / (UR,
FO, FO-AA)
NetScreen25
NetScreen50
FortiGate100A
FortiGate200A
Firewall Throughput
150Mbps
100Mbps
190Mbps
100Mbps
170Mbps
100Mbps
150Mbps
60Mbps
15Mbps
20 / 60 Mbps
20Mbps
45Mbps
40Mbps
70Mbps
300
25
Not Available /
2000
125
500
80
200
VPN
Throughput
VPN
Cisco
Juniper
Fortinet
Site-to-Site
Tunnel
Client-to-Site
Tunnel
NetDefendOS Feature Introduction
•VPN
DFL-860
Small-to-Medium
Business Segment
D-Link
Features / Competitors
DFL-860
Pro 1260
Standard /
Enhanced
Pro 2040
Standard /
Enhanced
ZyWALL 70
UTM
X Core X500
Standard /
Advanced
X Core X700
Standard /
Advanced
Firewall Throughput
150Mbps
90Mbps
200Mbps
90Mbps
100/110 Mbps
150/160 Mbps
60Mbps
30Mbps
50Mbps
40Mbps
20/30 Mbps
40/60 Mbps
25
50
0 - 50 (Need
to Upgrade)
100
5 (Bundled) 50
10 (Bundled)
- 100
VPN Throughput
VPN
Site-to-Site
Tunnel
SonicWALL
ZyXEL
300
Client-to-Site
Tunnel
WatchGuard
100
5 (Bundled)
- 50
10 (Bundled) 50/200
NetDefendOS Feature Introduction
•VPN
DFL-860
Small-to-Medium
Business Segment
D-Link
Cisco
Features /
Competitors
DFL-860
ASA 5505
Base / Security Plus
Firewall Throughput
150Mbps
150Mbps
60Mbps
300
VPN
Throughput
VPN
Juniper
SSG 5
Base /
Extended
SSG 20
Base /
Extended
Fortinet
FortiGate100A
FortiGate200A
160Mbps
100Mbps
150Mbps
100Mbps
40Mbps
40Mbps
70Mbps
10 / 25
25 / 40
80
200
Site-to-Site
Tunnel
Client-to-Site
Tunnel
NetDefendOS Feature Introduction
•VPN
DFL-1600
Small-to-Medium
Business Segment
D-Link
SonicWALL
ZyXEL
WatchGuard
DFL-1600
Pro 3060
Standard /
Enhanced
Pro 4060
Enhanced
ZyWALL
1050
X Core X1000
Standard /
Advanced
X Core X2500
Standard /
Advanced
X Core X550e
(UTM)
Standard /
Advanced
Firewall Throughput
320Mbps
290Mbps
300Mbps
300Mbps
225 / 240
Mbps
275+ / 300+
Mbps
300+ Mbps
VPN
Throughput
120Mbps
75Mbps
190Mbps
100Mbps
75 / 100
Mbps
100 / 130
Mbps
35 Mbps
500/1,000
3,000
400
400
35 (Bundled)
- 45
50 (Bundled)
- 1,000
1,000
(Bundled)
5 (Bundled)
- 75
Features /
Competitors
VPN
Site-to-Site
Tunnel
1,200
Client-toSite Tunnel
1,000
25
(Bundled)
- 500
3,000
NetDefendOS Feature Introduction
•VPN
DFL-1600
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-1600
PIX 525
(R) / (UR, FO,
FO-AA)
ASA 5510
Base / Security
Plus
SSG 140
NetScree
n-204
NetScree
n-208
FortiGate-300A
Firewall Throughput
320Mbps
330Mbps
300Mbps
350+Mb
ps
375Mbp
s
375Mbp
s
400Mbps
VPN
Throughput
120Mbps
30 / 70Mbps
170Mbps
100Mbp
s
175Mbp
s
175Mbp
s
120Mbps
1200
Not Available /
2,000
250
125
1,000
1,000
1,500
VPN
Cisco
Juniper
Fortinet
Site-to-Site
Tunnel
Client-toSite Tunnel
NetDefendOS Feature Introduction
•VPN
DFL-2500
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-2500
Pro 4060
Enhanced
Pro 4100
Enhanced
Firewall Throughput
600Mbps
300Mbps
300Mbps
190Mbps
VPN Throughput
SonicWALL
ZyXEL
WatchGuard Firebox
X Peak X5000
Advanced
X Peak X6000
Advanced
700Mbps
400 Mbps
700 Mbps
400Mbps
190 Mbps
300 Mbps
N/A
N/A
VPN
Site-to-Site
Tunnel
3,000
3,500
400
400
3,000
4,500
1,200 (Bundled) 4,000
1,600 (Bundled) 5,000
2,500
Client-to-Site
Tunnel
NetDefendOS Feature Introduction
•VPN
DFL-2500
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-2500
ASA 5520
ASA 5540
NetScreen208
NetScreen500
FortiGate400A
FortiGate500A
Firewall Throughput
600Mbps
450Mbps
650Mbps
375Mbps
700Mbps
500Mbps
600Mbps
VPN
Throughput
300Mbps
225Mbps
325Mbps
175Mbps
250Mbps
140Mbps
150Mbps
2,000
3,000
VPN
Cisco
Juniper
Site-to-Site
Tunnel
5,000
2,500
Client-toSite Tunnel
Fortinet
750
5,000
1,000
10,000
NetDefendOS Feature Introduction
•VPN
Summary:
VPN (Virtual Private Network )
The D-Link NetDefend IPS/UTM Firewall family provides outstanding
firewall / VPN performance compared with other key players on the
market.
Meanwhile, for the max number of VPN tunnel, NetDefend IPS/UTM
Firewall family by default bundles more tunnels than our competitors,
without charging any extra costs or upgrade fee for extra tunnels.
From the viewpoint of either performance-costs or value-costs ratio, DLink NetDefend IPS/UTM Firewall family is the best Firewall / UTM
solution for mid-to-large sized organizations.
NetDefendOS Feature Introduction
•VPN
VPN Q&A
1. What is the maximum number of VPNs supported on a DFL-800/860 Firewall/UTM
device running NetDefendOS?
a. 100
b. 150
c. 200
d. 250
e. 300
2. Which of the following protocols isn’t a tunneling protocol but is probably used at your
site by tunneling protocols for network security?
a. IPSec
b. PPTP
c. L2TP
d. L2F
NetDefendOS Feature Introduction
•VPN
VPN Q&A
3. Which answer below is NOT the benefits of VPN encryption:
a. Confidentiality
b. Authentication
c. Integrity
d. Non-repudiation
e. None of the above
4. What is the maximum VPN throughput of DFL-800 / 860 device running NetDefendOS?
a. 50 Mbps
b. 60 Mbps
c. 70 Mbps
d. 80 Mbps
e. 90 Mbps
NetDefendOS Feature Introduction
•VPN
VPN Q&A
5. What is the maximum VPN throughput of DFL-1600 device running NetDefendOS?
a. 100 Mbps
b. 110 Mbps
c. 120 Mbps
d. 150 Mbps
e. 200 Mbps
6. What is the maximum VPN throughput of DFL-2500 device running NetDefendOS?
a. 100 Mbps
b. 150 Mbps
c. 200 Mbps
d. 250 Mbps
e. 300 Mbps
NetDefendOS Feature Introduction
•VPN
VPN Q&A
7. Which two settings are important in IPSec VPN configuration, and will decide weather
the traffic should go through the tunnel? (Multiple Choice)
a. Network Interfaces
b. Routing
c. IPSec Interface
d. Rules
e. None of the above
8. How does NetDefendOS provide IPSec VPN configuration ?
a. Policy-based Configuration
b. Interface-based Configuration
c. Rule-based Configuration
d. Route-based Configuration
e. Security-based Configuration
NetDefendOS Feature Introduction
•VLAN
VLAN
Platform Compatibility: DFL-210/260/800/860/1600/2500
After completing this section, you will be able to:
1. Describe what is VLAN and its benefits
2. Describe how to implement VLAN solutions
3. Describe the selling point for VLAN
NetDefendOS Feature Introduction
•VLAN
What is VLAN
• A Virtual Local Area Network (VLAN) allows administrators to create
logical groups of users and systems and segment them on the
network.
• This network segmentation enables administrators hide segments of
the network from other segments and hence control network
resource access.
• Also administrators can set up VLANs to control the paths that data
takes to get from one point to another. VLAN technology is a good
way to contain network traffic to a certain area in a network.
NetDefendOS Feature Introduction
•VLAN
A Typical Scenario of VLAN
Internet
NetDefendOS Feature Introduction
•VLAN
NetDefendOS Provides Cost-Effective VLAN
Solution for SMB
Internet
D-Link NetDefend
IPS/UTM Firewalls
NetDefendOS Feature Introduction
•VLAN
How NetDefendOS Supports VLAN
•
NetDefendOS is fully compliant with the IEEE 802.1Q specification for
Virtual LANs. On a protocol level, Virtual LANs work by adding a Virtual
LAN identifier (VLAN ID) to the Ethernet frame header. The VLAN ID is a
number from 0 to 4095 and is used to identify a specific Virtual LAN. In this
way, Ethernet frames can belong to different Virtual LANs, but still share the
same physical media.
•
The Virtual LAN support in NetDefendOS works by defining one or more
Virtual LAN interfaces. Each Virtual LAN interface is interpreted as a logical
interface by the system.
•
Ethernet frames received by the system are examined for a VLAN ID. If a
VLAN ID is found, and a matching Virtual LAN interface has been defined,
the system will consider that interface to be the receiving interface for the
frame before further processing takes place.
•
Virtual LANs are useful in several different scenarios, for instance, when
filtering is needed between different Virtual LANs in an organization, or
when the number of interfaces needs to be expanded.
NetDefendOS Feature Introduction
•VLAN
Competitive Analysis –
VLAN Feature Comparison
The D-Link NetDefend VLAN Feature Comparison:
• SonicWALL
• ZyXEL
• WatchGuard
• Cisco
• Juniper
• Fortinet
NetDefendOS Feature Introduction
•VLAN
DFL-210
Small-to-Medium
Business Segment
D-Link
SonicWALL
WatchGuard
Firebox
ZyXEL
DFL-210
TZ 180
10 Node Lic / 25
Node Lic
TZ 190
ZyWALL 5
ZyWALL
35
X Edge 5
X Edge 15
Max. No. of VLAN
8
Not Available
Not
Available
Not
Available
Not
Available
Not
Available
Not
Available
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
Features /
Competitors
Max. No. of VLAN
Cisco
DFL-210
PIX 501
8
Not
Available
Juniper
PIX 506E
2
5XT
3
Fortinet
5GT
FortiGate-60
FortiGate-100A
3
10 (Bundled) –
25, 50, 100, 250
(via Lic Upgrade)
10 (Bundled) 25, 50, 100,
250 (via Lic
Upgrade)
NetDefendOS Feature Introduction
•VLAN
DFL-260
Small-to-Medium
Business Segment
D-Link
SonicWALL
Features /
Competitors
DFL-260
Pro 1260
Standard /
Enhanced
ZyWALL 5
UTM
ZyWALL 35
UTM
X Edge
X10e
X Edge
X20e
X Edge
X20e
Max. No. of VLAN
8
Not Available /
25
Not
Available
Not
Available
Not
Available
Not
Available
Not
Available
Small-to-Medium
Business Segment
D-Link
Cisco
Features /
Competitors
DFL-260
N/A
5XT
5GT
FortiGate-60/60A
FortiGate-100A
Max. No. of VLAN
8
N/A
3
3
10 (Bundled) –
25, 50, 100, 250
(via Lic Upgrade)
10 (Bundled) - 25,
50, 100, 250 (via
Lic Upgrade)
ZyXEL
WatchGuard Firebox
Juniper
Fortinet
NetDefendOS Feature Introduction
•VLAN
DFL-800
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-800
Pro 1260
Standard /
Enhanced
Pro 2040
Standard /
Enhanced
ZyWALL 70
X Core X500
Standard /
Advanced
X Core X700
Standard /
Advanced
Max. No. of VLAN
16
Not Available
/ 25
Not
Available /
25
Not Available
Not Available
Not Available
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-800
Max. No. of VLAN
16
SonicWALL
ZyXEL
Cisco
PIX 506E
2
PIX 515E
(R, DMZ) /
(UR, FO, FOAA)
10 / 25
Juniper
NetScree
n-25
16
WatchGuard Firebox
Fortinet
NetScreen
-50
FortiGate-100A
FortiGate200A
16
10 (Bundled) –
25, 50, 100, 250
(via Lic Upgrade)
10 (Bundled) 25, 50, 100,
250 (via Lic
Upgrade)
NetDefendOS Feature Introduction
•VLAN
DFL-860
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-860
Pro 1260
Standard /
Enhanced
Pro 2040
Standard /
Enhanced
ZyWALL 70
UTM
X Core X500
Standard /
Advanced
X Core X700
Standard /
Advanced
Max. No. of VLAN
16
Not Available /
25
Not Available /
25
Not
Available
Not Available
Not Available
Small-to-Medium
Business Segment
D-Link
Cisco
Features /
Competitors
DFL-860
ASA 5505
Base / Security Plus
16
3 (Trunking Disabled)
/ 3 (Trunking
Enabled)
Max. No. of VLAN
SonicWALL
ZyXEL
Juniper
SSG 5
Base /
Extended
SSG 20
Base /
Extended
10 / 50
WatchGuard
Fortinet
FortiGate-100A
FortiGate200A
10 (Bundled) –
25, 50, 100,
250
(via Lic Upgrade)
10 (Bundled) 25, 50, 100,
250 (via Lic
Upgrade)
NetDefendOS Feature Introduction
•VLAN
DFL-1600
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-1600
Pro 3060
Standard /
Enhanced
Pro 4060
Enhanced
ZyWALL
1050
X Core X1000
Standard /
Advanced
X Core X2500
Standard /
Advanced
X Core X550e
(UTM)
Standard /
Advanced
Max. No. of VLAN
128
Not
Available /
50
200
Y
Not Available
Not Available
Not
Available /
25
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-1600
PIX 525
(R) / (UR,
FO, FO-AA)
ASA 5510
Base /
Security Plus
SSG
140
NetScree
n-204
NetScre
en-208
FortiGate-300A
Max. No. of VLAN
128
25 /100
10 / 25
100
32
32
10 (Bundled) –
25, 50, 100, 250
(via Lic Upgrade)
SonicWALL
ZyXEL
Cisco
WatchGuard
Juniper
Fortinet
NetDefendOS Feature Introduction
•VLAN
DFL-2500
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-2500
Pro 4060
Enhanced
Pro 4100
Enhanced
N/A
X Peak X5000
Advanced
X Peak X6000
Advanced
Max. No. of VLAN
1024
200
300
N/A
Not Available
Not Available
Small-to-Medium
Business Segment
D-Link
Features /
Competitors
DFL-2500
Max. No. of VLAN
1024
SonicWALL
ZyXEL
Cisco
ASA 5520
100
WatchGuard Firebox
Juniper
ASA 5540
200
Fortinet
NetScreen
-208
NetScreen
-500
FortiGate-400A
FortiGate-500A
32
800 (100
per port)
10 (Bundled) –
25, 50, 100,
250
(via Lic Upgrade)
10 (Bundled) –
25, 50, 100,
250
(via Lic Upgrade)
NetDefendOS Feature Introduction
•VLAN
Summary :
VLAN (Virtual Local Area Network )
• With the VLAN feature, organizations can enable routing capability
between VLANs, and implement security policies among different LAN
segments, therefore different departments, e.g. RD and Sales, can have
different access controls toward network resources.
• In the entry level model segment such as DFL-210/260/800/860, most
competitors do not deliver VLAN feature, this negatives the infrastructure
expandability for SMBs. Having an insight into IT demands of SMB, the
D-Link NetDefend IPS/UTM Firewall family all bundles more VLAN
number than other competitors with no need to pay extra costs for the
license upgrade.
• D-Link NetDefend IPS/UTM Firewall family is the best partner with the
business and infrastructure growth of SMBs.
NetDefendOS Feature Introduction
•VLAN
VLAN Q&A
1. VLAN tagging within a NetDefend device is based on which industry standard?
a. 802.1d
b. 802.1q
c. 802.11q
d. 802.2
e. 802.3
2. What is the valid range of VLAN tag numbers that are usable on a NetDefend device?
a. 0 thru 500
b. 1 thru 500
c. 0 thru 2048
d. 0 thru 4095
e. 1 thru 4094
NetDefendOS Feature Introduction
•VLAN
VLAN Q&A
3. What is the maximum number of VLANs supported on a DFL-800/860 IPS/UTM Firewall
device running NetDefendOS?
a. 10
b. 16
c. 20
d. 25
e. 50
4. What is the maximum number of VLANs supported on a DFL-2500 Firewall device
running NetDefendOS?
a. 100
b. 200
c. 512
d. 1000
e. 1024
NetDefendOS Feature Introduction
•VLAN
VLAN Q&A
5. In the DFL-210 segment, which competitors do NOT provide VLAN feature? (Multiple
Choice )
a. Cisco
b. Juniper
c. SonicWALL
d. Fortinet
e. WatchGuard
f. ZyXEL
6. In the DFL-860 segment, which competitors by default with Standard Firmware do NOT
provide VLAN feature? (Multiple Choice )
a. WatchGuard
b. Fortinet
c. Juniper
d. SonicWALL
e. ZyXEL
f. Cisco
NetDefendOS Feature Introduction
•VLAN
VLAN Q&A
7. What is NetDefendOS’ main advantage in VLAN support, comparing to other
competitors? (Multiple Choice )
a. Supported more VLAN by default.
b. VLAN number upgrade as an option.
c. No need to pay extra costs for VLAN number
d. Support 5 VLANs by default.
e. Support VLAN feature on entry level models.
8. What is the benefit of NetDefendOS’ VLAN support ? (Multiple Choice )
a. Allow to contain network traffic, and increase network performance
b. Create VLAN ID
c. Enable security control between VLANs
d. Enable L3 routing between VLANs
e. Allow physical network connection
NetDefendOS Feature Introduction
•High Availability
High Availability (HA)
Platform Compatibility: DFL-1600/2500
After completing this section, you will be able to:
1. Describe NetDefend firewall HA feature and how it works
2. Describe what HA will do / will not do for you
3. Describe the requirements before HA implementation
NetDefendOS Feature Introduction
•High Availability
Overview
• High Availability (HA) is a hardware fault-tolerant capability that is
available on certain models of D-Link NetDefend Firewalls. Currently
the firewalls that offer this feature are the DFL-1600 and DFL-2500
models with active-passive HA implementation.
• D-Link High Availability works by adding a Backup D-Link firewall to an
existing firewall. The Backup firewall has the same configuration as the
Primary firewall. Therefore, this feature must have two identical firewall
model to perform this feature.
• Throughout this chapter, the phrases “Master firewall" and “Primary
firewall" are used interchangeably, as are the phrases “Slave firewall"
and “Backup firewall".
NetDefendOS Feature Introduction
•High Availability
How High Availability Works
Two firewall appliances are required, one is for Master and another one
is for Backup.
When a failure on the Master firewall occurs, the Backup firewall
transitions to active mode and assumes the configuration and role of
Master.
Backup firewall contains a real-time mirrored configuration of Master
firewall via a dedicated Ethernet cable link.
NetDefendOS Feature Introduction
•High Availability
What High Availability will do for you
• Hardware-based redundant
• State-synchronized solution
• When the cluster failover to the inactive firewall, it knows which
connections are active and communication may continue to flow
uninterrupted.
• Extremely less failover time (< 800ms)
NetDefendOS Feature Introduction
•High Availability
What High Availability will NOT do for you
• It’s not a panacea for all
communication failures
• It will not create a load-sharing
cluster.
• Only two firewalls, a "Master" and
a "Slave", are supported.
• Broken interfaces will not be
detected by HA
Interface
Broken
NetDefendOS Feature Introduction
•High Availability
High Availability Scenario Example
NetDefend firewall with
hardware failover mechanism
to prevent single point failure
situation which ensure network
communication to be keep-alive.
If Master Firewall fails,
Slave Firewall would take
over
NetDefendOS Feature Introduction
•High Availability
Requirements before using HA
• The High Availability is only supported on DFL-1600 and DFL-2500
• The Master and Slave NetDefend Firewall must be using the same
hardware model – mixing and matching D-Link of different hardware
types is not currently supported.
• NetDefend High Availability does not support PPP protocols and
dynamic IP address assignment from your ISP.
• D-Link NetDefend Firewall in the High Availability pair must have the
same firmware version installed.
• The high availability feature requires THREE unique static LAN IP
addresses to operate normally.
NetDefendOS Feature Introduction
•High Availability
Feature Matrix
DFL-200
DFL-210
DFL-800
DFL-1600
DFL-2500
Active-Passive mode
N/A
N/A
N/A
Yes
Yes
Active-Active mode
N/A
N/A
N/A
N/A
N/A
State Synchronization
N/A
N/A
N/A
Yes
Yes
VPN Synchronization
N/A
N/A
N/A
Yes
Yes
Device Failure Detection
N/A
N/A
N/A
Yes
Yes
Dead Link Detection
N/A
N/A
N/A
Yes
Yes
Dead Gateway
Detection
N/A
N/A
N/A
Yes
Yes
Dead Interface
Detection
N/A
N/A
N/A
Yes
Yes
Average Failover Time
N/A
N/A
N/A
<800ms
<800ms
Synchronization Method
N/A
N/A
N/A
Dedicated Ethernet Interface
NetDefendOS Feature Introduction
•High Availability
Summary:
HA (High Availability)
• The HA feature is offered on both DFL-1600 and DFL-2500 with
active-passive mode.
• NetDefend High Availability (HA) provides a solution for two key
requirements of critical enterprise networking components: enhanced
reliability and prevent single point failure from appliance perspective.
• NetDefend HA is implemented by configuring two firewall units to
operate as an HA cluster.
• The HA must be using same hardware model and firmware version
NetDefendOS Feature Introduction
•High Availability
High Availability (HA) Q&A
1. Which of the following feature is NOT supported for NetDefend High Availability?
a. Active-Passive HA mode
b. Dead link detection
c. Hardware failover mechanism between Master and Backup
d. Hardware Load balancing between Master and Backup
e. Firewall state and VPN synchronization
2. Which of the following condition is NOT required before using NetDefend High Availability?
a. Static WAN IP address
b. Same hardware model
c. Additional Ethernet cable for synchronization
d. Same firmware version installed
e. Redundant power supply
NetDefendOS Feature Introduction
•High Availability
High Availability (HA) Q&A
3. Which following characteristic about High Availability is NOT true?
a. Only two firewalls are supported
b. Connection link failover
c. Single point failure prevention
d. Increasing network reliability
e. None of the above
NetDefendOS Feature Introduction
•Traffic Management
Traffic Management
Platform Compatibility: DFL-210/260/800/860/1600/2500
After completing this section, you will be able to:
1. Describe terminologies and feature definitions associated with Traffic Management
2. Describe what Traffic Management purpose is
3. Describe the selling point for Traffic Management
NetDefendOS Feature Introduction
•Traffic Management
Strategies for Optimizing Applications
on the WAN
Managing application performance can be quite a challenge. Productivity
drops and frustration climbs when performance turns inconsistent,
unpredictable, and slow. Do any of these problems sound familiar to you?
• Repeated bandwidth upgrades fail to address performance but do increase
costs substantially.
• A branch office’s ERP performance plummets whenever an employee synchs
email.
• Enthusiasm for VoIP (Voice over IP) fades when callers routinely face stutter
and static during peak network usage.
• Surges from recreational and infected traffic cause urgent, interactive
applications to struggle.
• Nightly server backups that haven’t finished by the next morning.
NetDefendOS Feature Introduction
•Traffic Management
What’s Causing Bandwidth Performance
Problems?
•
•
•
•
•
•
•
More application traffic
Recreational traffic
Web-based applications
Voice/video/data network convergence
Disaster readiness
Network Threat Attack
New Breed of Applications
NetDefendOS Feature Introduction
•Traffic Management
What is Quality of Service ?
• Quality of Service (QoS) means providing consistent, predictable
data delivery service. In other words, satisfying customer application
requirements.
• QoS feature is called “Traffic Management” on NetDefendOS Web
GUI.
• It’s the allocation of the appropriate amount of network bandwidth to
every users and applications on an interface.
• It works by measuring and queuing IP packets
NetDefendOS Feature Introduction
•Traffic Management
Why QoS is Needed ?
• Internet Protocol (IP) does not provide reliable mechanism to assure
timely delivery for data throughput.
• Unlike “Pure Virtual Circuit” technologies, such as ATM and Frame
Relay, IP does not make hard allocations of resource.
• Typical network traffic is bursty rather than continuous.
• Mission-critical information can not tolerate unpredictable losses.
• The conferencing, telephony and video streaming demand high data
throughput and low-latency requirements when use two-way
communications.
NetDefendOS Feature Introduction
•Traffic Management
How Traffic Management Works?
• Queuing Packets when traffic exceeds configured limits.
• Dropping packets if the packet buffers are full.
• Prioritizing traffic according to the administrator's choice.
• Providing bandwidth guarantees.
NetDefendOS Feature Introduction
•Traffic Management
Traffic Management Scenario Example
You could use Traffic Management to achieve following purpose:
-SMTP guaranteed to 800Kbps and maximum limit is 1600Kbps, Highest Priority.
-HTTP guaranteed to 600Kbps and maximum limit is 1200Kbps, Second Priority
-FTP guaranteed to 400Kbps and maximum bandwidth limit is 800Kbps, Third
Priority.
-Other protocols is NOT guaranteed and limited. But It can burst its traffic to use
all available bandwidth if SMTP/HTTP/HTTPS/FTP is not full traffic load.
NetDefendOS Feature Introduction
•Traffic Management
Key Advantages
• Granular control for traffic prioritizing, guaranteeing and limiting
• Nicely integrated with the firewall ruleset
• Accurately control and manage bandwidth utilization
• IPSec tunnel traffic can be integrated by QoS
• Dynamic Bandwidth Balancing (D-Link unique)
NetDefendOS Feature Introduction
•Traffic Management
Traffic Management Q&A
1. Which of the following firewall model does NOT support traffic management feature?
a. DFL-210
b. DFL-800
c. DFL-1600
d. DFL-2500
e. None of Above.
2. Which of the following features is D-Link unique one than other firewall suppliers for traffic
management?
a. Guarantee bandwidth
b. Queuing packets
c. Dropping packets if the packet buffers is full
d. Dynamic Bandwidth Balancing
e. Maximum bandwidth Limiting
NetDefendOS Feature Introduction
•Traffic Management
Traffic Management Q&A
3. Which of the following scenario does NOT supported in Traffic Management feature on NetDefend
Firewall?
a. Two-Way bandwidth limits
b. Per-user traffic limits and guarantee
c. Manage bandwidth in IPSec Tunnel
d. increasing reliability by traffic failover
e. By VLAN interfaces to manage bandwidth usage
NetDefendOS Feature Introduction
•Traffic Management
Traffic Management Q&A
4. Which of the following description is incorrect for Traffic Management feature advantage on
NetDefend Firewall?
a. Traffic Management could enable bandwidth priority, bandwidth guarantee and bandwidth load
balancing.
b. The VLAN interfaces could be performed Traffic Management in NetDefend Firewall Series
c. The IPSec tunnel can be integrated by Traffic Management.
d. The dynamic bandwidth balancing feature is able to ensures that the per-user bandwidth limits
are dynamically lowered (and raised) in order to evenly balance the available bandwidth between
the users of the pipe.
e. Traffic management can perform packet based bandwidth utilization control.
NetDefendOS Feature Introduction
•User Authentication
User Authentication
Platform Compatibility: DFL-210/260/800/860/1600/2500
After completing this section, you will be able to:
1. Describe what is User Authentication
2. Describe what is Run-Time Web Base Authentication
3. Describe what is Accounting Server
4. Describe the selling point for User Authentication
NetDefendOS Feature Introduction
•User Authentication
User Authentication Introduction
User authentication is frequently used in services, such as HTTP, FTP, and VPN.
NetDefendOS uses a Username/Password combination as the primary authentication
method, strengthened by encryption algorithms. More advanced and secure means of
authentication include Public-Private Keys, X.509 Certificates, IPsec/IKE, IKE XAuth,
and ID Lists.
User Types






NetDefendOS has authentication schemes which support diverse users.
These can be:
Administrators
Normal users accessing the network
PPPoE/PPTP/L2TP users using PPP authentication methods
IPsec\IKE users - the entities authentication during the IKE negotiation phases
(Implemented by Pre-shared Keys or Certificates).
IKE XAuth users - an extension to IKE authentication, occurring between negotiation
phase 1 and phase 2
User groups - groups of users that are subject to same criteria.
NetDefendOS Feature Introduction
•User Authentication
User Authentication Introduction
NetDefendOS can either use a locally stored database, or a database on an external
server to provide user authentication.
 The Local User Database (UserDB): support 150 items
 External Authentication Servers: RADIUS server (Remote Authentication Dial
In User Service)
Authentication Agents




Four different agents built into NetDefendOS can be used to perform
username/password authentication. They are:
HTTP - Authentication via web browsing. Users surf to the firewall and login either
through a HTML form or a "401 - Authentication Required" dialog.
HTTPS - Authentication via secure web browsing. Similar to HTTP agent except that
Host and Root Certificates are used to establish SSL connection to the firewall.
XAUTH - Authentication during IKE negotiation in IPsec VPN (if the IPSec tunnel has
been configured to require XAUTH authentication).
PPP - Authentication when PPTP/L2TP tunnels are set up (if the PPTP/L2TP tunnel has
been configured to require user authentication).
NetDefendOS Feature Introduction
•User Authentication
Run-Time Web Base Authentication
The most common application of User Authentication is Run-Time Web Base
User Authentication which is similar to WAC ( Web-based Access Control ) of DLink xStack Switch. The firewall will request user authentication before he/She
can pass through the firewall. While the user firstly open this browser, he/She
will automatically be redirected to the login page.
NetDefend Firewall
Web Surfing
Local
Network
Client
Internet
NetDefendOS Feature Introduction
•User Authentication
Accounting Server
NetDefendOS also support “Accounting” through the RADIUS server, in order to
count those bytes or packets that were sent and received. Some vendors use
different term in this feature, D-Link terms this feature name Accounting Server
in firewall Web GUI and User manual
• When a user establishing a new connection through the D-Link Firewall,
NetDefendOS sends an Accounting Request START message to a nominated
RADIUS server, to record the start of the new session.
• When a admin/user is no longer authenticated, for example, after the admin/user
logs out or the session time expires, an Accounting Request STOP message is
sent by NetDefendOS containing the relevant session statistics.
NetDefendOS Feature Introduction
•User Authentication
Competitive Analysis
D-Link
Fortinet
Build-in Database
V
V
V
V
V
External Database: RADIUS
V
V
V
V
V
External Database: LDAP*
V
V
External Database: MS IAS
V
XAUTH for IPSec Authentication
V
V
Run-Time Web base
Authentication
All service
Only Http
*Available in future firmware upgrade
Juniper SonicWALL
ZyXEL
Enhanced OS
only
Enhanced OS
only
V
V
V
NetDefendOS Feature Introduction
•User Authentication
Summary:
User Authentication



Provide four authentication agents, Http, XAUTH and PPP.
Provide a local database and support external database: RADIUS
Server
Support Accounting through RADIUS Server.
NetDefendOS Feature Introduction
•User Authentication
User Authentication Q&A
1. What authentication agents that D-Link does NOT support?
a. FTP
b. XAuth
c. Http/Https
d. PPTP/L2TP
2. What user database that D-Link does NOT support now?
a. TACAS +
b. RADIUS
c. Microsoft IAS
d. LDAP
3. Which vendor does support web authentication in their firewall product line? (Multiple Choice)
a. D-Link
b. Fortinet
c. ZyXEL
d. Juniper
NetDefendOS Feature Introduction
•User Authentication
User Authentication Q&A
4. What is “Accounting Server”?
a. Provide statistic information of RADIUS session
b. Transfer corporate policy into network policy
c. The device for corporate policy enforcement
d. The server provide user log-in and log-off services
5. How many items does D-Link local database support?
a. 150
b. 200
c. 250
d. 300
6. Which database type does Accounting Server support?
a. Local database
b. RADIUS server
c. LDAP server
d. RACAS+ server
NetDefendOS Feature Introduction
•ZoneDefense
ZoneDefense
Platform Compatibility: DFL-800/860/1600/2500
In this section, you will learn the following:
1. What is D-Link’s complete security solution?
2. What is Gateway Security?
3. What is Endpoint Security?
4. What is Joint Security?
5. What role is ZoneDefense in D-Link’s complete security solution?
6. What’s the difference between D-Link and our competitors in security solution
offering?
NetDefendOS Feature Introduction
•ZoneDefense
D-Link’s complete security solution
Enterprise Network
 Gateway Security
 Endpoint Security
 Joint Security
NetDefendOS Feature Introduction
•ZoneDefense
Endpoint Security
Solution
• 802.1x: Guest VLAN, Identity Based VLAN/Security/QoS
• Web-based Access Control: WAC, Web Authentication(HP), Network
Login(Extreme), Captive Portal
• MAC-based Access Control: MAC, MAC Authentication(HP),
RADA(3Com)
• Addressing Control: DHCP Snooping/ARP Inspection(Cisco), IMP
Binding
• NAC: Cisco NAC, TCG NAC, Vendor Specific NAC
• Microsoft NAP
High Lighted are currently supported by D-Link xStack Switch
NetDefendOS Feature Introduction
•ZoneDefense
Joint Security - ZoneDefense Technology
 Challenge to Current Network Security



Traditional Firewalls have limited ports & performance,
so L3 network switching still relies on L3 switches
Whenever there’s an infected mobile user
Current network security architecture can’t effectively
prevent the virus/worm infection & outbreak
Firewall
L3 Core Switch
Server Farm
It will result in mutual infection between clients, and
coming virus/ worm outbreak could even generate
DoS effect to network devices
NetDefendOS Feature Introduction
•ZoneDefense
Joint Security - ZoneDefense Technology
 New Network Security Architecture



New high port density & high performance firewalls will be
able to take over L3 switching and enable security policies
between LANs
Whenever there’s an infected mobile user
New architecture will be able to stop the virus/ worm
infection across LANs
D-Link ZoneDefenseTM
Firewall
L3 Core Switch
Server Farm

Further, when Firewall detects virus/ worm activities, it will
notify the access layer switches to block the suspected host
to effectively stop the mutual infection or virus/ worm
outbreak in time
NetDefendOS Feature Introduction
•ZoneDefense
Joint Security
• Gateway Security, supported NetDefend Model:
– NetDefend IPS Firewall
• DFL-800/DFL-1600/DFL-2500
– NetDefend UTM Firewall
• DFL-860
• Endpoint Security, supported D-Link Switch
– All xStack Series
• Competitors in Joint Security
– Cisco, HP
NetDefendOS Feature Introduction
•ZoneDefense
Joint Security Comparison Table
D-Link v.s. HP – Solution Match
Authentication
Malicious
Traffic
Mitigation
* in plan
HP
D-Link
ProCurve Manager Plus + IDM
(Identity Driven Manager)
Microsoft NAP support
D-View Security Plug-in*
MAC, WAC, 802.1x, Guest VLAN
MAC, WAC, 802.1x, Guest VLAN,
IP-MAC-Port Binding
ProCurve Manager Plus + NIM
(Network Immunity Manager)
ZoneDefense
D-View Security Plug-in*
Virus Throttling
ZoneDefense
Per flow Bandwidth Control & Reaction*
NetDefendOS Feature Introduction
•ZoneDefense
D-Link v.s. HP
Authentication
HP
D-Link
Solution
ProCurve Manager Plus + IDM
Microsoft NAP support
Pros



User-based ACL - authorization setting
based on user, time & location.
User-based Traffic prioritization and Rate
limit


Cons



Proprietary solution, may not integrate
with other vendors’ solution in the future
Extra effort - Client software needs to be
installed
Needs to installed 3rd party software if
host health check is needed

Prevailing vendor with strong 3rd party
support
Not only authentication but also health
checking (up-to-date patch, virus patterns,
personal firewall status, etc)
Allocate guest VLAN even when auth or
health checking failed
Not able to set up user-based Traffic
prioritization and Rate limit
NetDefendOS Feature Introduction
•ZoneDefense
D-Link v.s. HP
Malicious Traffic Mitigation
HP
D-Link
Solution
ProCurve Manager Plus + NIM
ZoneDefense
Pros
 Can provide detailed response actions:
lock out MAC, bandwidth limitation, etc
 Ease of deployment, lower maintenance cost
 Fully integrated xStack & NetDefend solutions
Cons
 Rely on 3rd party IPS/UTM to provide
pattern matching trigger
 Complex architecture with expensive price
 Currently block IP only
Solution
Virus Throttling
ZoneDefense
Pros
Virus incident containment
Dynamic Bandwidth limitation
 ZoneDefense can be triggered not only based
on traffic threshold, but also IPS & AV*.
 True pattern matching, minimize the chance of
false positives.
Cons
 Not true edge protection - Only HP’s
higher end switches support Virus Throttle
 Not true pattern-matching, but threshold
setting with high false positives
 All xStack Switch supports ZoneDefense
 NetDefend Firewall is needed
* in plan
NetDefendOS Feature Introduction
•ZoneDefense
Summary:
ZoneDefense
• The Joint Security is composition of Gateway Security and Endpoint
Security
• Gateway Security: ICSA Labs certified NetDefend IPS/UTM Firewall
• Endpoint Security: xStack Switch
• Joint Security: D-Link delivers ZoneDefense to integrate firewall and
switch product lines. Comparing with our competitors, D-Link has
the most comprehensive solution:
– Security competitors lack of switch products
– Switch competitors lack of security products
NetDefendOS Feature Introduction
•ZoneDefense
ZoneDefense Q&A
1. Which of following is NOT the component within D-Link’s security solution?
a. Gateway Security
b. Seamless Security
c. Endpoint Security
d. Joint Security
2. What’s D-Link’s innovative technology to enable Joint Security between NetDefend and xStack?
a. ZoneDefense
b. NAP (Network Access Protection)
c. Network Immunity Manager (NIM)
d. Identity Driven Manager (IDM)
3. Which model does NOT support ZoneDefense feature?
a. DFL-260
b. DFL-800
c. DFL-1600
d. DFL-2500
NetDefendOS Feature Introduction
•ZoneDefense
ZoneDefense Q&A
4. ZoneDefense is the key component to integrate the Endpoint feature within NetDefend and xStack
to fulfill the Joint Security.
a. True
b. False
5. Which of following feature within NetDefend firewall could NOT trigger ZoneDefense?
a. Connection Rate Limit
b. Total Connection Limit
c. IPS
d. WCF
6. Which of following switch model does NOT support the ZoneDefense technology? (Multiple Choice)
a. DGS-3427
b. DES-3828
c. DES-3026
d. DGS-3024
DCS-Security
UTM FEATURE & NETDEFEND
SUBSCRIPTION
UTM Feature & NetDefend Subscription
UTM Firewall Family
Enterprise
DFL-2560 (future)
Medium
Business
DFL-1660 (future)
Small
Business
DFL-860
Branch
Office
DFL-260
Price / Performance
UTM Feature & NetDefend Subscription
NetDefend UTM Feature Overview
• Intrusion Prevention Service (IPS)
– IPS Signature Service.
To secure your network with D-Link high accuracy hardware IPS engine.
• Anti-Virus (AV)
– NetDefend UTM Firewall incorporates Anti-virus Service.
To protect your network with D-Link high performance hardware AV engine.
• Web Content Filtering (WCF)
– NetDefend UTM Firewall provides Web Content Filtering Service.
To access D-Link’s millions of URL database and to stay with secure web surfing.
• NetDefend Subscription
– For keeping IPS, AV and WCF in good status, customer needs to maintain those
subscriptions in effective period.
UTM Feature & NetDefend Subscription
•Intrusion Prevention Service
Intrusion Prevention Service
Platform Compatibility: DFL-210/260/800/860/1600/2500
After completing this section, you will be able to:
1. Describe the basis of network attack and protection solution
2. Understanding the difference between IDS and IPS
3. Describe the difference between maintenance IPS service and Advanced IPS service
4. Understanding product registration
UTM Feature & NetDefend Subscription
•Intrusion Prevention Service
Attack Protection solution:
IDS vs. IPS
Intrusion Detection System (IDS)
The IDS is intended to provide a network monitoring, analysis and notification of
defense by detecting attacks.
Generally, most of detection mechanism is based on pattern matching technology. It
will send alarms once IDS system detect abnormal/attack traffic. The most important
point is that they are unable to stop the attack.
Intrusion Prevention System (IPS)
The IPS is a new generation prevention system which is improved from IDS. It’s builtin all of features for IDS has, and it could provide additional feature: Block/Drop
packets. It could further avoid internal hosts to be attacked by malicious traffic.
UTM Feature & NetDefend Subscription
•Intrusion Prevention Service
D-Link NetDefend IPS Filtering Methods
Signature
Protocol
Anomaly
Vulnerability
Traffic Anomaly
Uses:
• Fixed Patterns
• Regular Expressions
Uses:
• RFC Compliance
• Protocol Decoders
• SYN Proxy
• Normalization
Uses:
• Protocol Decoders
• Regular Expressions
• Application Message
Parsing
Uses:
• Traffic Thresholds
• Connection Limits
• Connection Rate
Limits
To Detect and Prevent:
• Viruses
• Trojans
• Root-kits
• Unknown Exploits
• Known Exploits
• IM/P2P Apps
To Detect and Prevent:
• Evasions
• Unknown Exploits
• Traffic Anomalies
• Unauthorized Access
• SYN Floods
To Detect and Prevent:
• Unknown Exploits
• Worms
• Unauthorized Access
To Detect and Prevent:
• DDoS Attacks
• Unknown Attacks
• Traffic Anomalies
UTM Feature & NetDefend Subscription
•Intrusion Prevention Service
Dual IPS Engines & Signature databases
Built-in IPS Engine and compact signature database
• For NetDefend IPS Firewall only (DFL-210/800/1600/2500)
• The frequency of database update is not guaranteed
• Customers can get free maintenance service after their firewall is registered.
• D-Link provide IDS database maintenance service for signature error correction or
signature optimization when it’s necessary.
UTM Feature & NetDefend Subscription
•Intrusion Prevention Service
Dual IPS Engines & Signature databases (Contd.)
Advanced IPS Engine and Signature Database
• For both NetDefend IPS and UTM Firewall (DFL-210/260/800/860/1600/2500)
• IPS Firewalls provide 90 days free trail advanced IPS Service.
• UTM Firewalls provide 12 months advanced IPS update service bundled.
• Customers have to apply for a free trial Activation Code on NetDefend Center or
purchase NetDefend IPS Subscription, then enter the Activation Code on firewall Web
UI to enable advanced IPS update service.
• For IPS Firewall (DFL-210/800/1600/2500), it will switch back to built-in IPS engine
and maintenance signature database after trial update service expired.
UTM Feature & NetDefend Subscription
•Intrusion Prevention Service
Summary:
IPS (Intrusion Prevention Service)
•
UTM models will built-in Hardware Accelerator to reach high performance for
intrusion detection and prevention.
•
Advanced IPS database with more than 8,000 signatures could provide better
protection and accuracy.
• Comparing with competitors, D-Link provides longest IPS trial period (90 days).
• D-Link promotes the IPS functionality as a second layer of defense inside the
security gateway. The IPS functionality is capable of identifying application and
protocol driven attacks which a standard firewall can not.
• Only NetDefend IPS Firewall has built-in IPS engine and compact signature
database by default. It can upgrade to advanced one.
• NetDefend UTM Firewall bundles 1 year Advanced IPS Service by default.
UTM Feature & NetDefend Subscription
•Intrusion Prevention Service
Intrusion Prevention Service Q&A
3, what will happen when trial Advanced IPS Service is expired for IPS Firewall (DFL210/800/1600/2500)?
a. Pops up a warning message and guide user to purchase Advanced IPS Service.
b. The IPS feature is disabled, however the advanced IPS signature database will not have any
update.
c The IPS feature is still working, however the advanced IPS signature database will not have
any update.
d. The IPS feature is still working, however it would be switched back to built-in IPS engine with
compact signature database.
e. The IPS feature is disabled, all the signatures would be cleared.
UTM Feature & NetDefend Subscription
•Intrusion Prevention Service
Intrusion Prevention Service Q&A
4. What will happen when trial Advanced IPS Service is expired for UTM firewall models (DFL-260
and DFL-860)?
a. Pops up a warning message and guide user to purchase Advanced IPS Service.
b. The IPS feature is disabled, however the advanced IPS signature database will not have any
update.
c. The IPS feature is still working, however t the advanced IPS signature database will not have
any update.
d. The IPS feature is still working, however it would be switched back to built-in IPS engine with
compact signature database.
e. The IPS feature is disabled, all the signatures would be cleared.
UTM Feature & NetDefend Subscription
•Anti-Virus
Anti-Virus
Platform Compatibility: DFL-260/860
After completing this section, you will be able to know and describe:
1. D-Link anti-virus technology
2. D-Link anti-virus advantages
3. What is D-Link UTM firewall’s competitiveness for anti-virus competition
4. How to activate anti-virus update service
UTM Feature & NetDefend Subscription
•Anti-Virus
D-Link Anti-Virus Module Introduction
The NetDefendOS Anti-Virus module protects against malicious code carried in file
downloads. The main purpose of UTM Anti-Virus feature is to provide the first level
prevention from gateway side, not instead of client Anti-Virus software. Anti-Virus
module of UTM firewall is able to prevent the most virus from network, but Anti-Virus
client software is to prevent virus from others connectivity, such as USB drive, wireless
or local network.
Types of Files Scanned
The NetDefendOS Anti-Virus module is able to scan the following types of downloads:
• HTTP, FTP or SMTP file downloads
• Any uncompressed file type transferred through these protocols
• Compressed ZIP and GZIP files can be scanned
Frequently Database Updates
• Anti-Virus signature is from well-known vendor Kaspersky
•The Anti-Virus signature database is updated on a daily basis with new virus
signatures released.
UTM Feature & NetDefend Subscription
•Anti-Virus
D-Link Anti-Virus Module Introduction


Built-in extreme perforamce AV accleration engine together with Stream-Based Virus
Scanning technology, NetDefend UTM Firewall blocks virus and malware before they ever reach
the desktops or mobile devices, thus creates a safer network environment for SMB and
enterprises.
NetDefend UTM Firewall implements Stream-Based Virus Scanning technology without
caching the incoming files first, thus increase the inspection performance of UTM Firewall, and
ease the nightmair of network bottlenetck while enabling antivirus feature on UTM Firewall.
Figure 1: File-Based Scan
Figure 2: Stream-Based Scan
UTM Feature & Subscription
•Anti-Virus
D-Link Anti-Virus Module Advantage
Model Name
SonicWALL Pro 2040
Juniper SSG 20
D-Link DFL-860
D-Link DFL260
Firmware version
Sonic OS Enchanced 3.2.3.0-6e
5.4.0r1.0
2.12.00
2.12.00
IPS signature number
N/A
8,000
8,000
AV signature number
25,000
800
100,000
(File Based)
4,000
4,000
Firewall Throughput
200 Mbps
160 Mbps
160 Mbps
80 Mbps
HTTP: Packet Size(Bytes) : 1460
7.31 Mbps
6.09 Mbps
10.2 Mbps
4.04 Mbps
FTP: Packet Size(Bytes) : 1460
8.45 Mbps
5.82 Mbps
28 Mbps
19.3 Mbps
HTTP: Packet Size(Bytes) : 1460
15.62 Mbps
13.85 Mbps
52.2 Mbps
40 Mbps
FTP: Packet Size(Bytes) : 1460
23.49 Mbps
*79.73 Mbps
46.3 Mbps
32.5 Mbps
HTTP: Packet Size(Bytes) : 1460
4.85 Mbps
4.01 Mbps
8.4 Mbps
3.83 Mbps
FTP: Packet Size(Bytes) : 1460
5.84 Mbps
5.98 Mbps
18.4 Mbps
15 Mbps
NAT + Firewall + AV
NAT + Firewall + IPS
NAT + Firewall + IPS + AV
* In IPS testing, Juniper firewall doesn't inspect packets in FTP data channel, so the performance almost reaches to pure forwarding
UTM Feature & Subscription
•Anti-Virus
D-Link Anti-Virus Module Advantage
ZyXEL
Support Protocol
WatchGuard
Juniper
SonicWALL
FTP/POP3/HTTP/ HTTP/SMTP/TCP FTP/POP3/HTTP/ FTP/POP3/HTTP/SMTP/
SMTP
proxies
SMTP/IMAP
IMAP/NetBIOS
D-Link
Http/SMTP/FTP
Support Compression Format
Zip file
ZIP, GZIP, BZIP,
TAR, BZIP2, RAR,
MS CAB, MD5
Zip/Tar/Gzip
Zip/Gzip/Deflate/LHZ/Ba
se64
Zip/Gzip
The number of anti-virus
signature
1,600
20,000
(File Based)
100,000
(File Based)
25,000 / 4,500*
4,000
Support scanning file size
No file size
limitation
12MB
10MB, But
AV+IPS is only 6
MB
No file size limitation
No file size
limitation
AV scanning over VPN
No Support
No Support
No Support
N/A
Yes
Signature Databse
Kaspersky
Clam AV
Kaspersky
McAfee
Kaspersky
Decompressed Level/Recursive
1
10
4
N/A
1
AV Subscription
AV+IPS for 12
months
12 Month AV
12 Month AV
12 Month AV
12 Month AV
AV Free Trail
90 days
30 days
30 days
30 days
12 months
* The signature number in SonicWALL TZ series is 4500, in SonicWALL Pro series with Enhanced OS is 25000.
UTM Feature & NetDefend Subscription
•Anti-Virus
Summary:
Anti-Virus
•
Bundles 12 months Anti-Virus Service when shipping out
•
Well-Known Anti-Virus database by Kaspersky
•
Because of unique stream based scanning technology, it is not necessary to cache the
file before scanning, which can perform high speed virus scanning
•
Comparing with WatchGuard and Juniper, there is no file size and connection limitation
within D-Link UTM firewall
•
4,000+ anti-virus signatures within database, although WatchGuard and Juniper
provide more Anti-Virus signatures, however they are file-based and software-based
anti-virus engine, it will cause file size limitation and performance issue when scanning
•
D-Link and ZyXEL are the only two to provide built-in Hardware Accelerator to perform
extremely good performance for virus scanning, but ZyXEL provides less Anti-Virus
signatures than D-Link
UTM Feature & NetDefend Subscription
•Anti-Virus
NetDefend Anti-Virus Q&A
1. What compression format does D-Link support? (Multiple Choice)
a. Zip +
b. Tar
c. RAR
d. Gzip
2. What protocol does NOT D-Link support for anti-virus?
a. POP3
b. SMTP
c. HTTP
d. FTP
3. Why can D-Link UTM Firewall reach high performance?
a. Embed hardware accelerator
b. Anti-Virus Engine by Kaspersky
c. New CPU processor
d. New software core
UTM Feature & NetDefend Subscription
•Anti-Virus
NetDefend Anti-Virus Q&A
4. How big is the file size limitation of UTM Firewall for anti-virus?
a. 3 MB
b. 5MB
c. 10 MB
d. No limitation
5. What is our advantage for anti-virus over competitors?
a. High performance
b. no file limitation
c. rich anti-Virus signature
d. all of above
6. What is the weakness of general UTM Firewall?
a. Poor performance
b. Limited incoming file size support
c. less signature database
d. all of above
UTM Feature & NetDefend Subscription
•Web Content Filtering Service
Web Content Filtering Service
Platform Compatibility: DFL-260/860
After completing this section, you will be able to describe:
1. What is Web Content Filtering Service and its benefits
2. How to implement Web Content Filtering solution
3. The selling point for Web Content Filtering Service
UTM Feature & NetDefend Subscription
•Web Content Filtering Service
What is Web Content Filtering
Web traffic is one of the biggest sources for security issues and misuse of the
Internet. Inappropriate surfing habits can expose a network to many security
threats as well as legal and regulatory liabilities. Productivity and internet
bandwidth can also be impaired.
NetDefendOS provides three mechanisms for filtering out web content that is deemed
inappropriate for an organization or group of users:
• Active Content Handling can be used to "scrub" web pages of content that the
administrator considers a potential threat, such as ActiveX objects and Java Applets.
• Static Content Filtering provides a means for manually classifying web sites as "good"
or "bad". This is also known as URL blacklisting and whitelisting.
• Dynamic Content Filtering is a powerful feature that enables the administrator to allow
or block access to web sites depending on the category they have been classified into by
an automatic classification service. Dynamic content filtering requires a minimum of
administration effort and has very high accuracy.
UTM Feature & NetDefend Subscription
•Web Content Filtering Service
Key Advantages of WCF Module
• Monitor non-business related web surfing.
• Control pornographic and illegal Internet content
entering the workplace by blocking and coaching.
• Secure users against spyware and other malicious
threats.
UTM Feature & NetDefend Subscription
•Web Content Filtering Service
How D-Link WCF Module Works
• Lite Service Management
– No Need to download and maintain database
– No additional equipment needed
– No complex configuration maintenance
• Performance Optimized
– Optimized category classification
– Local Cache
• Artificial Intelligence
– Automatic classification through neural
networks (AI)
• Close-Knit Integration
– Integral part of D-Link’s HTTP ALG
– Combine with e.g. User Authentication
UTM Feature & NetDefend Subscription
•Web Content Filtering Service
D-Link categorizes millions of URLs into 32 groups, enables network
administrators a flexible configuration to block unwanted website access
simply via add and remove action
UTM Feature & NetDefend Subscription
•Web Content Filtering Service
Benefits D-Link WCF Module Delivers
1)
A reduction in wasted staff time (by reducing inappropriate web surfing).
2)
Reduced Internet access costs and achieving bandwidth savings – by
limiting and / or controlling non-business related use, and improve network response
3)
Reducing legal exposure to work place relations (e.g. sexual harassment
cases / child pornography and the adverse publicity that an incident would generate)
4)
Reduced costs for recovering from an attack as less in-approrpiate content
will be allowed to enter into the network
UTM Feature & NetDefend Subscription
•Web Content Filtering Service
Competitive Analysis –
WCF Feature Comparison
The D-Link NetDefend WCF Feature Comparison:
• SonicWALL
• ZyXEL
• WatchGuard
• Cisco
• Juniper
• Fortinet
UTM Feature & NetDefend Subscription
•Web Content Filtering Service
Competitive Analysis –
WCF Feature Comparison
D-Link
SonicWALL
ZyXEL
WatchGuard
Cisco
Juniper
Fortinet
Database
ContentKeeper
WebSense
Bluecoat
SurfControl
WebSense
Websense /
SurfControl
Bluecoat
Trial
Period
90 days
30 days
30 days
90 days
N/A
30 days
30 days
UTM Feature & NetDefend Subscription
•Web Content Filtering Service
Summary:
WCF (Web Content Filtering) Service
• D-Link Web Content Filtering service provides millions of URLs on global
servers for real-time webpage checking. With predefined 32 web content
categories for these millions of URLs. Simply via add and remove action,
D-Link NetDefend UTM Firewall family offers administrators an easy and
flexible configuration to manage employee’s Internet access behavior.
• D-Link Web Content Filtering service enables organizations to reduce
wasted staff time, save wasted bandwidth, and prevent internal users visit
malicious websites, thus increase productivity and restrict inappropriate
online content.
UTM Feature & NetDefend Subscription
•Web Content Filtering Service
WCF Q&A
1. Which of the following is NOT the mechanisms that NetDefendOS provides for filtering
out the web content ?
a. White list
b. ActiveX
c. Flash
d. Gray list
e. Cookies
2. How many web content categories that NetDefend WCF feature predefines?
a. 25
b. 30
c. 32
d. 37
e. 40
UTM Feature & NetDefend Subscription
•Web Content Filtering Service
WCF Q&A
3. What are the benefits the D-Link WCF module delivers?
a. A reduction in wasted staff time
b. Reduced Internet access costs
c. Reducing legal exposure
d. Reduced costs for recovering from an attack
e. All of the above
4. How does the D-Link WCF module handle a http request?
a. Send query to global server directly, and let global servers decide its corresponding
action.
b. Check local memory cache first, if no category match, send query to global servers for
the category of the webpage, then decide its action based on configuration.
c. Send query to local database servers for the category of the webpage, then decide its
action based on configuration.
d. Block the webpage by default.
UTM Feature & NetDefend Subscription
•NetDefend Subscription
NetDefend Subscription
Platform Compatibility: DFL-210/260/800/860/1600/2500
After completing this section, you will be able to:
1. Know NetDefend Subscription
2. Know NetDefend Subscription Package
3. Know NetDefend Subscription part number for each model
4. Know product registration
5. Know NetDefend Center web site
UTM Feature & NetDefend Subscription
•NetDefend Subscription
NetDefend Subscription Overview
Including IPS, AV, CF
• Update service program includes 3 optional services – IPS, AV and
WCF. Customer can purchase either one of the 3 or any service
combination as they need.
• Both IPS and UTM firewall have corresponding IPS Update
Service
• Only UTM Firewall can apply AV and WCF services
• All update services would be chargeable
• IPS and AV Signature release is up-to-date
UTM Feature & NetDefend Subscription
•NetDefend Subscription
NetDefend Subscription Overview
If the update service is going to be overdue, Customer has to purchase the
NetDefend UTM Subscription which looks as below
Package Size:
140 mm x 125 mm x 6 mm
The package contains:
1. Authorization Letter
2. Authorization Card
UTM Feature & NetDefend Subscription
•NetDefend Subscription
NetDefend Subscription Overview
User has to enter the authentication code to renew Update Service via D-Link
NetDefend Center (web site).
Authorization Card
• Authentication Code
• License Term
• Part Number
• Serial Number
•12 months services license
Card Size:
75 mm x 48 mm
UTM Feature & NetDefend Subscription
•NetDefend Subscription
NetDefend Center
•
http://security.dlink.com.tw
UTM Feature & NetDefend Subscription
•NetDefend Subscription
Benefit of Being a Member
DFL-210/260/800/860/1600/2500
Download
• Get the free trial update service (IPS/AV/WCF) for IPS and UTM firewall
• Download related product documents
NetDefend Update Service
• No update service until product registered, including IPS and AV
• Enable auto-update service after user registered
Security Consultant
• Automatically publish security advisory to registered customers
• Authorize customers to access related technical documentation
UTM Feature & NetDefend Subscription
•NetDefend Subscription
Apply for a D-Link Membership
DFL-210/260/800/860/1600/2500
Visit NetDefend Center at http://security.dlink.com.tw
Step 1: Create User Account
• Create User login ID and Password
• Key in user and company information
Step 2: Product Registration
• Key in Serial number and MAC address of your device
• Key in device information
Step 3: Confirmation
• Confirm and submit all information if it is correct
• Check the service is activated and service period
UTM Feature & NetDefend Subscription
•NetDefend Subscription
How to Activate NetDefend Services
Via NetDefend UTM Firewall Web UI, you can activate IPS, AV and WCF services, and view each
subscription duration.
Note: please register your firewall on NetDefend Center
first before you activate the update service
Note: For NetDefend IPS firewall, it will not appear Anti-Virus and content filtering services !
UTM Feature & NetDefend Subscription
•NetDefend Subscription
How to Update IPS/AV Signature
You can enable auto-update feature for IPS/Anti-Virus signature, and view the last update
information
Note: The default time setting is daily for IDP/Anti-Virus AutoUpdate.
Click History tab, all of update history are listed in this page.
UTM Feature & NetDefend Subscription
•NetDefend Subscription
IPS/AV Signature Status on Device
You can see all number of IDP/Anti-Virus Signature on Firewall Web UI.
•The number of IDP signature database is over 10,000 signatures.
•The number of Anti-Virus signature database is 4,000 signatures.
Note: For NetDefend IPS firewall, it will not appear Anti-Virus information on WebUI!
UTM Feature & NetDefend Subscription
•NetDefend Subscription
IPS/AV Signature Status on NetDefend Center
You can see all update history of IPS/Anti-Virus Signature on NetDefend Center web site at
http://security.dlink.com.tw
D-Link provides frequent signature updates for IPS & Anti-Virus.
UTM Feature & NetDefend Subscription
•NetDefend Subscription
Summary:
NetDefend Subscription
• NetDefend IPS Firewall supports Advanced IPS Service. Customers could
logon NetDefend Center to get trial code of Advanced IPS Service. The
trial period is 90 days.
• NetDefend UTM Firewall supports Advanced IPS Service, Anti-Virus
Service and Web Content Filtering Service.
• When shipping out NetDefend UTM Firewall models, the Advanced IPS
Service and Anti-Virus Service are bundled. Therefore by default,
• customers could use Advanced IPS Service for 12 months
• Anti-Virus Service for 12 months
• and WCF Service for 90 days.
• When service is expired, customers need to purchase subscription
pack from OBU or SI partner and enter authentication code to renew
your service.
UTM Feature & NetDefend Subscription
•NetDefend Subscription
NetDefend Subscription Q&A
1. Why should I buy D-Link NetDefend IPS subscription?
a. update frequency is often
b. sufficient signature number
c. prevent zero-day attack
d. detect rate is much better than Snort
e. all above
2. Once my advanced IPS update service is expired, will the IPS/IDP feature still continue to operate
if I don’t renew this service?
3. What is the Trial Period for WCF module that a NetDefend device bundles with?
a. 30 Days
b. 60 Days
c. 90 Days
d. 1 Year
UTM Feature & NetDefend Subscription
•NetDefend Subscription
NetDefend Subscription Q&A
4. What is the default service bundle period for UTM ?
a. IPS 30 Days, WCF 90 Days, AV 60 Days
b. IPS 1 Year, AV 1 Year, WCF 1 Year
c. IPS 1 Year, AV 1 Year, WCF 90 Days
d. IPS 90 Days, AV 90 Days, WCF 90 Days
5. How can customer extend UTM Service ?
a. Buy UTM service from NetDefend Center’s on-line store
b. It is perpetual free, no need to purchase
c. Buy UTM service from D-Link’s SI partners
d. Buy UTM service from Taiwan headquarter directly
6. What period package of UTM Subscription does D-Link provide ?
a. Only 12 months package
b. 3 months, 6 months, and 12 months package
c. 1 Year, 2 Years, and 3 Years package
d. Depending on customers request
End