NetDefend UTM Firewall Series Integrated Firewall/VPN
TodayÔÇÖs continuously shifting security environment updates for each aspect of defense: Intrusion
presents a challenge for small/home office networks Prevention Systems (IPS), Antivirus and Web Content
┬âPowerful Firewall Engine
with limited IT capabilities. Fortunately, the D-Link Filtering (WCF). NetDefend UTM Subscriptions
┬âVirtual Private Network (VPN) Security
NetDefend Unified Threat Management (UTM) ensure that each of the firewallÔÇÖs service databases
┬âGranular Bandwidth Management
firewalls provide a powerful security solution to are complete and effective.
┬â802.1Q VLAN Tagging and port-based
protect business networks from a wide variety
of threats. UTM Firewalls offer a comprehensive Robust Intrusion Prevention
┬âD-Link End-to-End Security Solutions
defense against virus attacks, unauthorized The NetDefend UTM Firewalls employ component-
(E2ES) Integration with ZoneDefense
intrusions, and harmful content, successfully based signatures, a unique IPS technology which
enhancing fundamental capabilities for managing, recognizes and protects against all varieties of Advanced Functions
monitoring, and maintaining a healthy network.
known and unknown attacks. This system can
address all critical aspects of an attack or potential
┬âStateful Packet Inspection (SPI) Enterprise-Class Firewall Security
attack including payload, NOP sled, infection, and
┬âDetect/Drop Intruding Packets
NetDefend UTM Firewalls provide complete exploits. In terms of signature coverage, the IPS
┬âServer Load Balancing
advanced security features to manage, monitor, and database includes attack information and data from
maintain a healthy and secure network. Network a global attack sensor-grid and exploits collected
management features include: Remote Management, from public sites such as the National Vulnerability Unified Threat Management
Bandwidth Control Policies, URL Black/White Lists, Database and Bugtrax. The NetDefend UTM Firewalls
┬âIntrusion Prevention System (IPS)
Access Policies, and SNMP. For network monitoring, constantly create and optimize NetDefend signatures
┬âAntivirus (AV) Protection
these firewalls support e-mail alerts, system logs, via the D-Link Auto-Signature Sensor System without
consistency checks and real-time statistics.
overloading existing security appliances. These
┬âWeb Content Filtering (WCF)
┬âOptional Service Subscriptions Unified Threat Management
signatures ensure a high ratio of detection accuracy
NetDefend UTM Firewalls integrate an intrusion and a low ratio of false positives. Virtual Private Network
detection and prevention system, gateway Stream-Based Virus Scanning
┬âIPSec NAT Traversal
antivirus, and content filtering for superior The NetDefend UTM Firewalls examine files of any
┬âVPN Hub and Spoke
Layer 7 content inspection protection. An acceleration size, using a stream-based virus scanning technology
engine increases throughput, while the real-time which eliminates the need to cache incoming files.
┬âIPSec, PPTP, L2TP
update service keeps the IPS information, antivirus This zero-cache scanning method not only increases
┬âDES, 3DES, AES, Twofish, Blowfish, CAST-
signatures, and URL databases current. Combined, inspection performance but also reduces network
these enhancements help to protect the office bottlenecks. NetDefend UTM firewalls use virus
┬âAutomated Key Management via IKE/
network from application exploits, network worms, signatures from Kaspersky Labs to provide systems
malicious code attacks, and provide everything a with reliable and accurate antivirus protection, as
business needs to safely manage employee Internet well as prompt signature updates. Consequentially,
viruses and malware can be effectively blocked Enhanced Network Services Powerful VPN Performance
before they reach the desktops or mobile devices.
NetDefend UTM Firewalls offer an integrated Web Content Filtering
VPN Client and Server. This allows remote offices Web Content Filtering helps administrators monitor,
┬âH.323 NAT Traversal
to securely connect to a head office or a trusted manage, and control employee Internet usage. The
┬âRobust Application Security for ALGs
partner network. Mobile users working from home NetDefend UTM Firewalls implement multiple global
┬âOSPF Dynamic Routing Protocol
or remote locations can also safely connect to the index servers with millions of URLs and real-time
office network to access company data and e-mail. website data to enhance performance capacity and
┬âRun-Time Web-Based Authentication
NetDefend UTM Firewalls have hardware-based VPN maximize service availability. These firewalls use Performance Optimization
engines to support and manage a large number of VPN granular policies and explicit black/white lists to
┬âUTM Acceleration Engine
configurations. They support IPSec, PPTP, and L2TP control access to certain types of websites for any
protocols in Client/Server mode and can handle pass-
combination of users, interfaces and IP networks.
┬âMultiple WAN Interfaces for Traffic Load
through traffic as well. Advanced VPN configuration The firewall can actively handle Internet content by
options include: DES/3DES/AES/Twofish/Blowfish/
stripping potential malicious objects, such as Java
management, Quick/Main/Aggressive Negotiation cookies.
modes, and VPN authentication support using either
an external RADIUS server or a large user database. VPNC UTM Services
Maintaining an effective defense against the various
threats originating from the Internet requires that
all three databases used by the NetDefend UTM VPNC
Firewalls are kept up-to-date. In order to provide a
robust defense, D-Link offers optional NetDefend
Firewall UTM Service subscriptions which include 01
NetDefend UTM Firewall Series DFL-260E NetDefend UTM Subscription Licensed for Unlimited Users
The standard NetDefend UTM Subscription provides Optional subscription services for IPS, Antivirus
┬âFirewall Throughput: 150 Mbps
your firewall with UTM service updates for 12 Scanning, and Web Content Filtering are priced per
┬âVPN Performance: 45 Mbps (3DES/AES)
months* starting from the day you activate or extend firewall rather than per user, thus reducing the total
┬â1 10/100/1000 Ethernet WAN Ports
your service. The NetDefend UTM Subscription can cost of ownership for licensing.
┬â5 10/100/1000 Ethernet LAN Ports
be renewed regularly to provide your firewalls with
┬â1 10/100/1000 Ethernet DMZ Port
the most up-to-date security service available from WAN Link Load-Balancing and Fault-Tolerance
Multiple WAN ports support traffic load balancing
and failover, thus guaranteeing Internet availability DFL-860E
┬âFirewall Throughput: 200 Mbps
NetDefend Center: http://security.dlink.com.tw
┬âVPN Performance: 60 Mbps (3DES/AES) D-Link End-to-End Security (E2ES) Solutions*
*Actual service package may vary depending on region.
The ZoneDefense mechanism operating in
┬â2 10/100/1000 Ethernet WAN Ports
┬â8 10/100/1000 Ethernet LAN Ports
automatically quarantines infected workstations and
┬â1 10/100/1000 Ethernet DMZ Port
prevents them from flooding the internal network with
malicious traffic. DFL-1660
┬âFirewall Throughput: 1.2 Gbps
*For DFL-860E, DFL-1660, and DFL-2560(G) only
┬â4 SFP Ports (DFL-2560G) D-Link Green Certified
The D-Link Green certified DFL-1660 and DFL-2560(G)
are built with an 80 PLUS internal power supply.
80 PLUS certified power supplies offer increased
reliability due to greater efficiency, and provide a
reduced cost of ownership through longer equipment
life. Additionally, 80 PLUS power supplies help Powerful VPN Engine
prevent pollution by limiting energy consumption, and
Hardware-based data encryption and authentication run at a lower temperature to reduce cooling costs.
for IPSec, PPTP, and L2TP in Client/Server mode
enable fast and safe handling of VPN traffic.
The DFL-260E and DFL-860E save energy automatically
Professional Intrusion Prevention System (IPS)
through cable length and link status detection. By
Automatic updates from a comprehensive IPS detecting the length of cables connected to a port, the
signature database focus on attack payloads to amount of power used for the port can be adjusted,
protect the network against zero-day attacks.
only using as much as is needed. The DFL-260E/860E
Real-Time Antivirus Inspection (AV)
can also detect if a port is not in use, such as when
The antivirus engine scans using the most complete, a connected computer is shut down or if nothing is
most up-to-date antivirus signature database. connected to the port, and can automatically reduce
Streaming-based pattern matching provides the the power used for that port, cutting energy used for
effective protection against viruses.
it by a substantial amount. Fast, Efficient Web Content Filtering
Multiple index server implementation, granular D-Link Green certified devices comply with RoHS
policies, black lists and active content handling (Restriction of Hazardous Substances) and WEEE
enhance performance and effectiveness of web (Waste Electrical and Electronic Equipment)
directives. RoHS directives restrict the use of specific
hazardous materials during manufacturing, while Acceleration Engine for Unified Threat Management
WEEE implements standards for proper recycling
A powerful processor allows the firewall to carry out and disposal. Together, these considerations make
IPS and Antivirus scanning simultaneously without D-Link Green firewall products the environmentally
responsible choice. 02
Physical & Power Supply Internal Power Supply 80 PLUS Internal Power Supply
Environmental Dimensions 280 x 180 x 44 mm 330 x 180 x 44 mm 440 x 400 x 44 mm 11ÔÇŁ Rack-Mount 13ÔÇŁ Rack-Mount 19ÔÇŁ Standard Rack-Mount Operating Temperature 0┬░ to 40┬░ C Storage Temperature -20┬░ to 70┬░ C Operating Humidity 5% to 95% non-condensing EMI FCC Class A CE Class A C-Tick VCCI Safety UL LVD (EN60950-1) LVD (EN60950-1) cUL, CB MTBF 186,614 Hours 140,532 Hours 400,000 Hours 310,000 Hours
1 Actual performance may vary depending on network conditions and activated services.
2 The maximum firewall plaintext throughput is based on RFC2544 testing methodologies.
3 VPN throughput is measured using UDP traffic at 1420 byte packet size adhering to RFC 2544.
4 IPS and Anti-Virus performance test is based on HTTP protocol with a 1Mb file attachment run on the IXIA IxLoad. Testing is done with multiple flows through multiple port pairs.
5 Performance based on firmware 2.27.00 and above
6 Available when DMZ port is configured as WAN port
7 Compatible with D-Link SFP module transceivers: DEM-310GT, DEM-311GT, DEM-312GT2, DEM-314GT, DEM-315GT, DEM-330T, DEM-330R, DEM-331T, DEM-331R, DGS-712 05
Secure Network Implementation Using NetDefendÔäó UTM Firewalls ACN 052 202 838 D-Link Corporation
No. 289 Xinhu 3rd Road, Neihu, Taipei 114, Taiwan
Specifications are subject to change without notice.
D-Link is a registered trademark of D-Link Corporation and its overseas subsidiaries.
All other trademarks belong to their respective owners.
┬ę2010 D-Link Corporation. All rights reserved.
Release 02 (December 2010) 06