Multi-Function Security Appliance
The DFL-600 is an integrated VPN Firewall solution for SMEs, featuring Stateful Packet Inspection (SPI), detect/drop intruding packets, embedded VPN, physical DMZ port, multiple-mapped IPs and multiple virtual servers, which are typically found from enterprise-grade firewalls. The DFL-600 connects your office easily to a broadband modem such as cable or DSL through an external 10/100BASE-TX WAN port.
Robust SPI Firewall Protection Against Hacker Attacks
The DFL-600 is designed with advanced security features typically cannot be found in residential gateways. It defends your networks against damaging Denial of Service (DoS) attacks and offers network reliability through Stateful Packet Inspection. It can detect hacker attacks and filter intruding packets from entering the office network.The DFL-600 protects your network from attacks such as SYN Flood, Ping of Death, Spoof, Tear Drop, ICMP Flood, UDP Flood, etc. It can be configured to log all these attacks, locate the source IP address generating the attack, send the attack report notification to a specified e-mail address and establish the policy to restrict incoming traffic from the specific IP address source.
High Performance IPSec VPN Support
The DFL-600 is equipped with embedded VPN support that can create multiple IPSec tunnels to remote offices. IPSec on the DFL-600 uses strong encryption with DES, 3DES, and Automated Key Management via IKE/ISAKMP. A VPN tunnel can be activated from the DFL-600 to a remote site for a secured traffic flow between two locations for mobile users using triple DES Encryption. This offers
users a way to confidentially access and transfer sensitive information. Multiple VPN tunnels may be easily created without the need to setup IKE (Internet Key Exchange) policies.
Access Control List (ACL)
URL blocking is part of basic features offered by DFL-600 and provides the benefit of limiting access to undesirable Internet sites. Logs of real-time Internet traffic, alarms of Internet attacks, and notice of web-browsing activities are logged and can be reported through e-mail notification. DFL-600 supports Radius authentication so you can make use of your existing Radius Server and user information. It also supports X.509 certificate-based authentication, using a set of PKIX-compliant certificate enrollment and verification standards.
Network administrators can set e-mail addresses to receive alert message from the DFL-600. When intrusion events are detected, the DFL-600 will log them and send alert e-mail, and the administrator can check the log file on the router to find out what happened.
1 DMZ Port, 3 Fast Ethernet Switch Ports
The DFL-600 includes 3 auto-sensing 10/100BASE-TX LAN ports that connect to your internal office network, and a physical DMZ (Demilitarized Zone) port that can connect your Web, mail or FTP servers for access from the Internet. You can add DMZ ports to the DFL-600 by designating any of the 3 LAN ports as DMZ ports. This DMZ function is useful because it alleviates congested server traffic from entering the Internal network, while protecting your other office computers from Internet attacks by hiding them behind the firewall.
The DFL-600 provides an easy-to-use interface that is password-protected but still easily accessible through any Internet browser. Incoming and outgoing policies for firewall traffic, as well as setup configuration can be easily accomplished through this web-based interface.