DFL-900EOL EOS

Integrated VPN Firewall for Departmental Networks

Description

Firewall Protection
Your of fice is connected to the outside world through the Internet. It is easy for hackers to intrude your databases to steal or destroy data. The DFL-900 provides a wide range of protection against outside attacks, plus comprehensive security that includes user authentication, scheduled policies and Virtual Server Mapping. The DFL-900 provides NAT translation of IP addresses from the internal private network to the public IP network.

Content Filtering
As part of its firewall protection, the DFL-900 provides filtering of potentially malicious codes embedded in web pages to remove Active objects, java, JavaScript and other potential threats.

Robust SPI Firewall Protection Against Hacker Attacks
The DFL-900 defends your networks against damaging Denial of Service (DoS) attacks and offers network reliability through Stateful Packet Inspection. It can detect hacker attacks and filter intruding packets from entering the office network.The DFL-900 protects your network from attacks such as SYN Flood, Ping of Death, Spoof, Tear Drop, ICMP Flood, UDP Flood, etc. It can be configured to log all these attacks, locate the source IP address generating the attack, send the attack report notification to a specified e-mail address and establish the policy to restrict incoming traffic from the specific IP address source.

LAN-to-LAN and Mobile Remote VPN Connection
The DFL-900 supports VPN functions including IPSec, ESP security in tunnel mode, LAN to-LAN and mobile remote access. The DFL-900 is equipped with embedded VPN support that can create multiple IPSec tunnels to remote offices. IPSec on the DFL-900 uses strong encryption with DES, 3DES, and Automated Key Management via IKE/ISAKMP. A VPN tunnel can be activated from the DFL-900 to a remote site for a secured traffic flow between two locations for mobile users using triple DES Encryption. This offers users a way to confidentially access and transfer sensitive information. Multiple VPN tunnels may be easily created without the need to setup IKE (Internet Key Exchange) policies.

Access Control
Administration access can be controlled such that the DFL-900 can be administered from the protected internal network or the external public Internet. The DFL-900 supports an internal database for authenticating user access to various services. It maps public IP addresses to  information servers on the internal network to allow public access. You can also prevent access to particular web sites, using powerful pattern matching to block access to URLs.

Bandwidth Management/QoS
The quality of the services may degrade or even fail due to bandwidth misuse. Popular online communication applications, such as MSN, P2P, eMu and eDunkey, have impacted the bandwidth of enterprises. How to guarantee the quality of service (QoS) becomes an important topic of today's enterprises. Adding more bandwidth is not really a solution because it does not guarantee availability. The correct way of solving this problem is to apply bandwidth management. With the DFL-900's built-in bandwidth management capability, you can easily set up bandwidth policies based on their network configuration and company's policies. DFL-900 will make sure that bandwidth need of anticipated traffic can be met and bandwidth consumption of unexpected traffic is monitored and controlled. Bandwidth policies of the DFL-900 can be specified based on source, destination (IP or subnet), and applications. 

Scheduled Policies
Firewall policies may be scheduled for different times of the day/week/month and for one time use or recurring.

Hardware Acceleration
The DFL-900 uses a special design ASIC to perform VPN encryption and decryption. This off-loads CPU loading through hardware-based acceleration.

1 DMZ Port, 1 Trusted LAN Port
The DFL-900 provides an auto-sensing 10/100BASE-TX LAN port that connects to your internal office network, and a physical DMZ (Demilitarized Zone) port that can connect your Web, mail or FTP  servers for access from the Internet. The DMZ function is useful because it alleviates congested server traffic from entering the Internal network, while protecting your other office computers from Internet attacks by hiding them behind the firewall.

Management
The DFL-900 supports web-based management using a secure SSL connection from a remote terminal either on the internal corporate network or even from an external remote site. The DFL-900 can also be administered on-site using its RS-232 serial connection.

General features

Certificates

Order info

Pictures

DFL-900
Front view

Downloads

Support Resources