Network Security Firewall for SME
D-Link's DFL-700 is an easy-to deploy firewall designed for small and medium enterprises (SMEs), workgroups, and departments that require
superior price/performance. This device is a powerful security solution that provides integrated Network Address Translation (NAT), Firewall,
Content Filtering, IDS protection, bandwidth management as well as Virtual Private Network (VPN) support. The DFL-700 includes a WAN link
support, a trusted LAN port, and a DMZ port to support local e-mail and web servers, and is compact enough to fit anywhere. With an intuitive
web-based interface and simple process, the DFL-700 provides users with easy installation.

Multi-Function Security Application
Advanced Features for Complete Protection
The DFL-700 features functions typically found from enterprise-
DFL-700 provides advanced features including Content filtering, IDS
grade firewalls, such as Stateful Packet Inspection (SPI), detect/drop
(Intrusion Detection System), Bandwidth Management for complete
intruding packets, embedded VPN, a physical DMZ port, multiple-
solution protection to users' Network. Content Filtering lets you
mapped IPs and multiple virtual servers. The DFL-700 connects your
filter/protect your network with customized policy. Bandwidth
office easily to a broadband modem such as cable or DSL through an
management guarantees bandwidth for different services.
external 10/100BASE-TX WAN port.
The DFL-700 protects your network from attacks. It can be
Full Firewall Functions
configured to log all attacks, locate the source IP address generating
The DFL-700 provides complete firewall functions, including the
the attack, send the attack report notification to a specified e-mail
NAT mode, PAT (Port Address Translation) mode, Transparent mode,
address and establish policies to restrict incoming traffic from
Routing mode and SPI. It also supports customized policy and virtual
specific IP address sources. Network administrators can set e-mail
server configuration. Administrators can easily manage the network
addresses to receive alert message from the DFL-700. When
through graphical statistics in a logging/monitoring system.
intrusion events are detected, the DFL-700 will log them and send
alert e-mail, and the administrator can check the log file on the router
High Performance IPSec VPN Support
to find out what happened.
The DFL-700 is equipped with embedded VPN support, allowing
you to create multiple IPSec tunnels to remote sites/clients. IPSec on
the DFL-700 uses strong encryption with DES, 3DES, AES and
1 DMZ Port, 1 Trusted LAN Port
Automated Key Management via IKE/ISAKMP. A VPN tunnel can
The DFL-700 includes an auto-sensing 10/100BASE-TX LAN ports
be activated from the DFL-700 to a remote site or a mobile user for
that connect to your internal office network, and a physical DMZ
secured traffic flow using triple DES encryption. This offers users a
(Demilitarized Zone) port that can connect your Web, mail or FTP
way to confidentially access and transfer sensitive information.
servers for access from the Internet. The DMZ function is useful
Multiple VPN tunnels may be easily created without the need to
because it alleviates congested server traffic from entering the
setup IKE (Internet Key Exchange) policies.
Internal network, while protecting your other office computers from
Internet attacks by hiding them behind the firewall.
Access Control List (ACL)
URL blocking is part of basic features offered by DFL-700. This
Easy Setup
function provides the benefit of limiting access to undesirable
The DFL-700 provides an easy-to-use interface that is password-
Internet sites. Logs of real-time Internet traffic, alarms of Internet
protected but still easily accessible through any Internet browser.
attacks, and notice of web-browsing activities are logged and can be
Incoming and outgoing policies for firewall traffic, as well as
reported through e-mail notification.
configuration can be easily set up through this web-based interface.
DFL-700 supports Radius authentication so you can make use of
your existing Radius Server and user information.
Key Features
1 10/100BASE-TX LAN port, 1 10/100BASE-TX DMZ port
NAT Application Level Gateway (ALG) support
1 10/100BASE-TX WAN port for cable/DSL modem connection
DHCP server/client and parental control
PPTP, L2TP, IPSec VPN tunneling support
PPPoE support for dial-up DSL to save ISP charge
PPTP, L2TP, IPSec VPN pass throughput support
Content filtering, URL/domain blocking and key word check
Aggressive/Main client mode for VPN
Virtual server support
Stateful Packet Inspection (SPI) firewall protection
Web-based configuration management & real-time monitoring
Denial of Service (DoS) and DDoS attack blocking
SYSlog protocol support
Network Address Translation (NAT)/Network Address Port
Translation (NAPT)

Technical Specifications
- CPU: x86 300MHz high-performance processor
- Web access log
- DRAM: 64 Mbytes
- Internet Access Monitor
- Flash memory: 16 Mbytes
- Remote Management from WAN
- Factory reset button
- Simple Network Time Protocol (SNTP)
- Accelerator: VPN accelerator for higher performance
- Simple Network Management Protocol (SNMP)
- Https
Device Ports
- Consistency checks
- WAN: 10/100BASE-TX port
- LAN: 10/100BASE-TX port
Firewall & VPN User Authentication
- DMZ: 10/100BASE-TX port
- RADIUS (external) database
- Console port: serial COM port
- Built-in database: 500 users limit
Performance & Throughput
- Firewall: 50 Mbps or higher
- NIDS pattern
- 3DES: 20 Mbps or higher
- DDOS and DOS detected
- AES: 28 Mbps or higher
- Mac address bind with IP
- Concurrent sessions: 10,000 max.
- On-line pattern update
- VPN tunnels: 200 max.
- Attack alarm (via E-mail)
- Log and report
Firewall Mode of Operation
Bandwidth Management
- NAT (Network Address Translation)
- Guaranteed bandwidth
- PAT (Port Address Translation)
- Maximum bandwidth
- Transparent mode
- Priority-bandwidth utilization
- Route mode
- DiffServ stamp
- Virtual IP
- Class-based policies
- Policy-based NAT
- Application-specific traffic class
- Policy-based traffic shaping
VPN Security
- Subnet-specific traffic class
- IPSec Server/Client, PPTP Server/Client, L2TP Server/Client
- IPSec/PPTP/L2TP pass through
Driver/Firmware Support
- Authentication transform: MD5 and SHA-1
- Encryption transform: Null, DES, 3DES and AES
- Key management: manual and IKE
Physical & Environmental
- Keying mode: Pre-Shared Key
Diagnostic LEDs
- Key exchange: DH1, DH2 and DH5
- Power
- Negotiation mode: Quick, Main and Aggressive mode
- Status
- Remote access VPN
- Policy-Based firewall and session protection
- Keep-Alives on tunnel free configurable
- Hub-n-Spoke
Power Input
Firewall Security
Through 5V 3.0A switching external power adapter
- Stateful Packet Inspection (SPI)/Denial of Service (DOS)
Power Consumption
- Packet filter
15 watts max.
- Content filter (URL Keyword Blocking;
Java/ActiveX/Cookie/Proxy Blocking)
- Custom Protocol Filters
235 x 162 x 35.6 mm (device only)
- Custom ICMP Filter
- Microsoft Active Directory Integration (via MS IAS)
513 grams (device only)
- Multiple administrators
Operation Temperature
- Root Admin, Admin & Read Only user levels
0 to 55 C
- Software upgrades and configuration changes
- Trust host
Storage Temperature
-20 to 70 C
Network Service
- DHCP Server/Client
Operation Humidity
- DHCP Relay
5% to 95% non-condensing
- DHCP over IPSec
- PPPoE for DSL
Storage Humidity
- PPTP for DSL
5% to 95% non-condensing
- BigPond Cable
- H.323 Application layer gateway
Emission (EMI)
- SIP Application layer gateway
- FCC Class A
- FTP application layer gateway
- CE Class A
- DNS resolving of remote gateway
- C-Tick
- System log
- UL
- Firmware backup
- E-mail alerts
- LVD (EN60950)
- Filtering activity (logging rejected internal and external
connection requests)

Technical Specifications
Ordering Information
1 RJ-45 10/100BASE-TX port (for DSL/cable
modem connection)
1 RJ-45 10/100BASE-TX port (for DMZ network)
1 RJ-45 10/100BASE-TX port (for internal
Please specify your order as follows:
Includes a US standard power adapter
Includes an EU standard power adapter
Includes a UK standard power adapter
Includes an Australia standard power adapter
Includes a China standard power adapter
Specifications subject to change without
TEL: 1-714-885-6000
FAX: 1-866-743-4905
prior notice.
D-Link is a registered trademarks of
TEL: 1-905-8295033
FAX: 1-905-8295223
D-Link Corporation/D-Link System Inc.
TEL: 44-20-8731-5555
FAX: 44-20-8731-5511
All other trademarks belong to their
TEL: 49-6196-77990
FAX: 49-6196-7799300
TEL: 33-1-30238688
FAX: 33-1-30238689
TEL: 31-10-282-1445
FAX: 31-10-282-1331
TEL: 32(0)2-517-7111
FAX: 32(0)2-517-6500
TEL: 39-2-2900-0676
FAX: 39-2-2900-1723
TEL: 34-93-4090770
FAX: 34-93-4910795
TEL: 46-(0)8564-61900
FAX: 46-(0)8564-61901
TEL: 47-22-309075
FAX: 47-22-309085
TEL: 45-43-969040
FAX: 45-43-424347
TEL: 358-9-2707-5080
FAX: 358-9-2707-5081
TEL: 65-6774-6233
FAX: 65-6774-6322
TEL: 61-2-8899-1800
FAX: 61-2-8899-1868
TEL: 81-3-5434-9678
FAX: 81-3-5434-9868
TEL: 86-10-8518-2533
FAX: 86-10-8518-2250
TEL: 91-022-652-6696
FAX: 91-022-652-8914
Middle East (Dubai) TEL: 9714-8834234
FAX: 9714-8834394
TEL: 90-212-335-2553
FAX: 90-212-335-2500
TEL: 202-414-4295
FAX: 202-415-6704
TEL: 972-9-9715700
FAX: 972-9-9715601
TEL: 56-2-232-3185
FAX: 56-2-232-0923
TEL: 55-11-55039320
FAX: 55-11-55039321
South Africa
TEL: 27(0)1266-52165
FAX: 270 )1266-52186
TEL: 7-095-744-0099
FAX: 7-095-744-0099#350
TEL: 886-2-2910-2626
FAX: 886-2-2910-1515
Rev. 02 (May 2004)
D-Link Corp.
TEL: 886-2-2916-1600
FAX: 886-2-2914-6299

Document Outline