The majority of budget priced broadband routers provide a basic level of firewall protection but for many small to medium businesses this isn’t enough. They want features such as a high throughput firewall they can customize for business use, and not games, plus VPN termination along with traffic management and user authentication as well. D-Link’s latest DFL-210 aims to offer these features and more and all at an affordable price.
It represents the entry level of D-Link’s NetDefend appliances and uses technology from Swedish vendor Clavister running as it does a version of its CorePlus operating system. You get a quartet of switched Fast Ethernet ports plus separate network ports for DMZ and WAN operations and enough processing grunt for an 80Mbps firewall throughput and room for up to 100 VPN tunnels. It also offers signature based intrusion detection and prevention, and for an extra £50 per year you can activate D-Link’s advanced service, which provides regular engine and signature database downloads.
On first browser contact with the appliance you get a quick start wizard. Make sure you turn off your pop-up blocker first though prior to accessing the appliance though, as you only get one chance with the wizard as if it’s blocked it won’t load a second time. In this event your only recourse is to hard reset the appliance or do it via the complex CLI (command line interface).
A brief glance at the management interface shows there’s a lot to this appliance. However, before messing with firewall rules get your network objects sorted out as these are used to define all your network elements. These range from individual IP addresses, ranges and subnets, to ALGs (application layer gateways), network services, schedules and VPNs. Usefully, all objects relating to interfaces, networks and subnets are maintained in an address book for easy access.
For rule creation you select service and schedule objects, assign them to source and destination interfaces and networks and decide on an action. The latter can be as simple as allow, drop or deny or you can apply NAT or SAT (static address translation). Rule management is aided by folders so you can organize rulesets based on the sources and destinations for which they are applied. Rules are maintained in lists and are applied in strict priority from the top. You can right-click on one and move it up or down the list or place it at the top or bottom. There’s very little traffic you can’t control with rules making the appliance very versatile. We could, for example, use schedules to allow email for LAN users but stop them browsing the web during working hours.