URL filtering is complex to set up as you create an HTTP ALG object with a blacklist or whitelist of URL keywords. Each ALG object can contain multiple entries and you’ll need to create a service object and assign it to a rule which needs to be inserted in the priority list. ActiveX objects, Java apps and VBScript can be stripped out and you can limit the size of files that can be downloaded. You also get ALGs for FTP, SMTP and H.323 but not SIP. With the FTP ALG we could block file types by their extension and if you try copying down a file that matches the parameter the download will just sit there contemplating its navel before eventually hanging.
Traffic management is a lot easier to configure as you create pipes that measure the traffic flowing through them and enforce guaranteed bandwidth and restrictions in KB/sec for designated services. Don’t follow the manual when setting up user authentication as it will fail, due to a clash with remote management on port 80 and 443. You need to change these first followed by the creation of a local user database and then you must add no less than five new rules. It’s as well that D-Link has a support FAQ showing twelve web pages of procedures as it’s impossible to work this one out from the manual. At one point we called in D-Link’s support but found they were so ill-informed about the NetDefend products we actually ended up showing them how to carry out certain procedures.
The IDP/IDS features are another case in point as they are designed to allow you to scan for attacks specific to a type of service. Using the entire signature database will affect firewall performance so you create rules that protect selected services and only apply the relevant signatures to them. However, you can only go by the occasionally nebulous signature name to ascertain what they do as D-Link hasn’t added any meaningful comments to each one.
There’s no denying the DFL-210 is a powerful security appliance but it’s totally unsuited to small businesses with limited IT expertise as it presents a truly exponential learning curve. The inadequate documentation means it’s not immediately obvious how a lot of the features are configured and D-Link’s poor support comes in for criticism as well. Overall, we found configuration a frustrating experience and actually lost count of the number of times we had to reset the appliance back to factory defaults during testing