Network Security Firewall for SME
D-Link's DFL-700 is an easy-to deploy firewall designed for small and medium enterprises (SMEs), workgroups, and departments that require
superior price/performance. This device is a powerful security solution that provides integrated Network Address Translation (NAT), Firewall,
Content Filtering, IDS protection, bandwidth management as well as Virtual Private Network (VPN) support. The DFL-700 includes a WAN link
support, a trusted LAN port, and a DMZ port to support local e-mail and web servers, and is compact enough to fit anywhere. With an intuitive
web-based interface and simple process, the DFL-700 provides users with easy installation.

Multi-Function Security Application
Advanced Features for Complete Protection
The DFL-700 features functions typically found from enterprise-
DFL-700 provides advanced features including Content filtering, IDS
grade firewalls, such as Stateful Packet Inspection (SPI), detect/drop
(Intrusion Detection System), Bandwidth Management for complete
intruding packets, embedded VPN, a physical DMZ port, multiple-
solution protection to users' Network. Content Filtering lets you
mapped IPs and multiple virtual servers. The DFL-700 connects your
filter/protect your network with customized policy. Bandwidth
office easily to a broadband modem such as cable or DSL through an
management guarantees bandwidth for different services.
external 10/100BASE-TX WAN port.
The DFL-700 protects your network from attacks. It can be
Full Firewall Functions
configured to log all attacks, locate the source IP address generating
The DFL-700 provides complete firewall functions, including the
the attack, send the attack report notification to a specified e-mail
NAT mode, PAT (Port Address Translation) mode, Routing mode and
address and establish policies to restrict incoming traffic from
SPI. It also supports customized policy and virtual server
specific IP address sources. Network administrators can set e-mail
configuration. Administrators can easily manage the network through
addresses to receive alert message from the DFL-700. When
graphical statistics in a logging/monitoring system.
intrusion events are detected, the DFL-700 will log them and send
alert e-mail, and the administrator can check the log file on the router
High Performance IPSec VPN Support
to find out what happened.
The DFL-700 is equipped with embedded VPN support, allowing
you to create multiple IPSec tunnels to remote sites/clients. IPSec on
the DFL-700 uses strong encryption with DES, 3DES, AES and
1 DMZ Port, 1 Trusted LAN Port
Automated Key Management via IKE/ISAKMP. A VPN tunnel can
The DFL-700 includes an auto-sensing 10/100BASE-TX LAN ports
be activated from the DFL-700 to a remote site or a mobile user for
that connect to your internal office network, and a physical DMZ
secured traffic flow using triple DES encryption. This offers users a
(Demilitarized Zone) port that can connect your Web, mail or FTP
way to confidentially access and transfer sensitive information.
servers for access from the Internet. The DMZ function is useful
Multiple VPN tunnels may be easily created without the need to
because it alleviates congested server traffic from entering the
setup IKE (Internet Key Exchange) policies.
Internal network, while protecting your other office computers from
Internet attacks by hiding them behind the firewall.
Access Control List (ACL)
URL blocking is part of basic features offered by DFL-700. This
Easy Setup
function provides the benefit of limiting access to undesirable
The DFL-700 provides an easy-to-use interface that is password-
Internet sites. Logs of real-time Internet traffic, alarms of Internet
protected but still easily accessible through any Internet browser.
attacks, and notice of web-browsing activities are logged and can be
Incoming and outgoing policies for firewall traffic, as well as
reported through e-mail notification.
configuration can be easily set up through this web-based interface.
DFL-700 supports Radius authentication so you can make use of
your existing Radius Server and user information.
Key Features
1 10/100BASE-TX LAN port, 1 10/100BASE-TX DMZ port
NAT Application Level Gateway (ALG) support
1 10/100BASE-TX WAN port for cable/DSL modem connection
DHCP server/client and parental control
PPTP, L2TP, IPSec VPN tunneling support *
PPPoE support for dial-up DSL to save ISP charge
PPTP, L2TP, IPSec VPN pass throughput support
Content filtering, URL/domain blocking and key word check
Aggressive/Main client mode for VPN
Virtual server support
Stateful Packet Inspection (SPI) firewall protection
Web-based configuration management & real-time monitoring
Denial of Service (DoS) and DDoS attack blocking
SYSlog protocol support
Network Address Translation (NAT)/Network Address Port
Translation (NAPT)

* PPTP, L2TP VPN tunnels supported in future firmware upgrade.

Technical Specifications
- CPU: x86 300MHz high-performance processor
- System log
- DRAM: 64 Mbytes
- Firmware backup
- Flash memory: 16 Mbytes
- E-mail alerts
- Factory reset button
- Filtering activity (logging rejected internal and external
- Accelerator: VPN accelerator for higher performance
connection requests)
Device Ports
- WAN: 10/100BASE-TX port
- Web access log
- LAN: 10/100BASE-TX port
- Internet Access Monitor
- DMZ: 10/100BASE-TX port
- Remote Management from WAN
- Console port: serial COM port
- Simple Network Time Protocol (SNTP)
- Simple Network Management Protocol (SNMP)
Performance & Throughput
- Https
- Firewall: 47 Mbps or higher
- Consistency checks
- 3DES: 17 Mbps or higher
- AES: 28 Mbps or higher
Firewall & VPN User Authentication
- Concurrent sessions: 10,000 max.
- RADIUS (external) database
- VPN tunnels: 200 max.
- Built-in database: 500 users limit
- Policies: 1,000 max.
- Schedules: 256 max.
- On-line users: 100 max.
- NIDS pattern
- DDOS and DOS detected
- Mac address bind with IP
Firewall Mode of Operation
- On-line pattern update
- NAT (Network Address Translation)
- Attack alarm (via E-mail)
- PAT (Port Address Translation)
- Log and report
- Route mode
- Virtual IP
Bandwidth Management
- Policy-based NAT
- Guaranteed bandwidth
- Maximum bandwidth
VPN Security
- Priority-bandwidth utilization
- IPSec Server/Client, PPTP Server/Client, L2TP Server/Client*
- DiffServ stamp
- IPSec/PPTP/L2TP pass through
- Class-based policies
- Authentication transform: MD5 and SHA-1
- Application-specific traffic class
- Encryption transform: Null, DES, 3DES and AES
- Policy-based traffic shaping
- Key management: manual and IKE
- Subnet-specific traffic class
- Keying mode: Pre-Shared Key
- Key exchange: DH1, DH2 and DH5
Driver/Firmware Support
- Negotiation mode: Quick, Main and Aggressive mode
- Remote access VPN
- Policy-Based firewall and session protection
- Keep-Alives on tunnel free configurable
Physical & Environmental
Diagnostic LEDs
- Hub-n-Spoke
- Power
* PPTP Server/Client, L2TP Server/Client functions available in future firmware upgrade.
- Status
Firewall Security
- Stateful Packet Inspection (SPI)/Denial of Service (DOS)
- Packet filter
Power Input
- Content filter (URL Keyword Blocking;
Through 5V 3.0A switching external power adapter
Java/ActiveX/Cookie/Proxy Blocking)
- Custom Protocol Filters
Power Consumption
- Custom ICMP Filter
15 watts max.
- Microsoft Active Directory Integration (via MS IAS)
235 x 162 x 35.6 mm (device only)
- Multiple administrators
- Root Admin, Admin & Read Only user levels
- Software upgrades and configuration changes
513 grams (device only)
- Trust host
Operation Temperature
Network Service
0 to 55 C
- DHCP Server/Client
- DHCP Relay
Storage Temperature
- DHCP over IPSec
-20 to 70 C
o o
- PPPoE for DSL
- PPTP for DSL
Operation Humidity
- BigPond Cable
5% to 95% non-condensing
- H.323 Application layer gateway*
- SIP Application layer gateway*
Storage Humidity
- FTP application layer gateway
5% to 95% non-condensing
- DNS resolving of remote gateway
* Functions available in future firmware upgrade.
Emission (EMI)
- FCC Class A
- CE Class A
- C-Tick

Technical Specifications
- UL
- LVD (EN60950)
Ordering Information
1 RJ-45 10/100BASE-TX port (for DSL/cable
modem connection)
1 RJ-45 10/100BASE-TX port (for DMZ network)
1 RJ-45 10/100BASE-TX port (for internal
Please specify your order as follows:
Includes a US standard power adapter
Includes an EU standard power adapter
Includes a UK standard power adapter
Includes an Australia standard power adapter
Includes a China standard power adapter
VPN Remote Access Software
Single user license
5 users license
Specifications subject to change without
TEL: 1-714-885-6000
FAX: 1-866-743-4905
prior notice.
D-Link is a registered trademarks of
TEL: 1-905-8295033
FAX: 1-905-8295223
D-Link Corporation/D-Link System Inc.
TEL: 44-20-8731-5555
FAX: 44-20-8731-5511
All other trademarks belong to their
TEL: 49-6196-77990
FAX: 49-6196-7799300
TEL: 33-1-30238688
FAX: 33-1-30238689
TEL: 31-10-282-1445
FAX: 31-10-282-1331
TEL: 32(0)2-517-7111
FAX: 32(0)2-517-6500
TEL: 39-2-2900-0676
FAX: 39-2-2900-1723
TEL: 34-93-4090770
FAX: 34-93-4910795
TEL: 46-(0)8564-61900
FAX: 46-(0)8564-61901
TEL: 47-22-309075
FAX: 47-22-309085
TEL: 45-43-969040
FAX: 45-43-424347
TEL: 358-9-2707-5080
FAX: 358-9-2707-5081
TEL: 65-6774-6233
FAX: 65-6774-6322
TEL: 61-2-8899-1800
FAX: 61-2-8899-1868
TEL: 81-3-5434-9678
FAX: 81-3-5434-9868
TEL: 86-10-8518-2533
FAX: 86-10-8518-2250
TEL: 91-022-652-6696
FAX: 91-022-652-8914
Middle East (Dubai) TEL: 9714-8834234
FAX: 9714-8834394
TEL: 90-212-335-2553
FAX: 90-212-335-2500
TEL: 202-414-4295
FAX: 202-415-6704
TEL: 972-9-9715700
FAX: 972-9-9715601
TEL: 56-2-232-3185
FAX: 56-2-232-0923
TEL: 55-11-55039320
FAX: 55-11-55039321
South Africa
TEL: 27(0)1266-52165
FAX: 270 )1266-52186
TEL: 7-095-744-0099
FAX: 7-095-744-0099#350
TEL: 886-2-2910-2626
FAX: 886-2-2910-1515
Rev. 03 (Aug. 2004)
D-Link Corp.
TEL: 886-2-2916-1600
FAX: 886-2-2914-6299

Document Outline