NetDefend UTM Firewall Series Integrated Firewall/VPN
TodayÔÇÖs continuously shifting security environment updates for each aspect of defense: Intrusion
presents a challenge for small/home office networks Prevention Systems (IPS), Antivirus and Web Content
┬âPowerful Firewall Engine
with limited IT capabilities. Fortunately, the D-Link Filtering (WCF). NetDefend UTM Subscriptions
┬âVirtual Private Network (VPN) Security
NetDefend Unified Threat Management (UTM) ensure that each of the firewallÔÇÖs service databases
┬âGranular Bandwidth Management
firewalls provide a powerful security solution to are complete and effective.
┬â802.1Q VLAN Tagging and Port-Based
protect business networks from a wide variety
of threats. UTM Firewalls offer a comprehensive Robust Intrusion Prevention
┬âD-Link End-to-End Security Solutions
defense against virus attacks, unauthorized The NetDefend UTM Firewalls employ component-
(E2ES) Integration with ZoneDefense
intrusions, and harmful content, successfully based signatures, a unique IPS technology which
enhancing fundamental capabilities for managing, recognizes and protects against all varieties of Advanced Functions
monitoring, and maintaining a healthy network.
known and unknown attacks. This system can
address all critical aspects of an attack or potential
┬âStateful Packet Inspection (SPI) Enterprise-Class Firewall Security
attack including payload, NOP sled, infection, and
┬âDetect/Drop Intruding Packets
NetDefend UTM Firewalls provide a complete set exploits. In terms of signature coverage, the IPS
┬âServer Load Balancing
of advanced security features to manage, monitor, database includes attack information and data from
and maintain a healthy and secure network. Network a global attack sensor-grid and exploits collected
management features include: Remote Management, from public sites such as the National Vulnerability Unified Threat Management
Bandwidth Control Policies, URL Blacklists and Database and Bugtrax. The NetDefend UTM Firewalls
┬âIntrusion Prevention System (IPS)
Whitelists, Access Policies, and SNMP. For network constantly create and optimize NetDefend signatures
┬âAntivirus (AV) Protection
monitoring, these firewalls support e-mail alerts, via the D-Link Auto-Signature Sensor System without
system logs, consistency checks, and real-time overloading existing security appliances. These
┬âWeb Content Filtering (WCF)
signatures ensure a high ratio of detection accuracy
┬âOptional Service Subscriptions Unified Threat Management
and a low ratio of false positives. Virtual Private Network
NetDefend UTM Firewalls integrate an intrusion Stream-Based Virus Scanning
┬âIPSec NAT Traversal
detection and prevention system, gateway The NetDefend UTM Firewalls examine files of any
┬âVPN Hub and Spoke
antivirus, and content filtering for superior size, using a stream-based virus scanning technology
Layer 7 content inspection protection. An acceleration which eliminates the need to cache incoming files.
┬âIPSec, PPTP, L2TP, SSL
engine increases throughput, while the real-time This zero-cache scanning method not only increases
┬âDES, 3DES, AES, Twofish, Blowfish,
update service keeps the IPS information, antivirus inspection performance but also reduces network
signatures, and URL databases current. Combined, bottlenecks. NetDefend UTM firewalls use virus
┬âAutomated Key Management via IKE/
these enhancements help to protect office networks signatures from Kaspersky Labs to provide systems
from application exploits, network worms, malicious with reliable and accurate antivirus protection, as
code attacks, and provide everything a business well as prompt signature updates. Consequently,
needs to safely manage employee Internet access.
viruses and malware can be effectively blocked Enhanced Network Services Powerful VPN Performance
before they reach desktops or mobile devices.
NetDefend UTM Firewalls offer an integrated VPN Web Content Filtering
Client and Server. This allows remote offices to Web Content Filtering helps administrators monitor,
┬âH.323 NAT Traversal
securely connect to a head office or a trusted partner manage, and control employee Internet usage. The
┬âRobust Application Security for ALGs
network. Mobile users working from home or remotely NetDefend UTM Firewalls implement multiple global
┬âOSPF Dynamic Routing Protocol
can also safely connect to the office network to access index servers with millions of URLs and real-time
company data and e-mail. NetDefend UTM Firewalls website data to enhance performance capacity and
┬âRun-Time Web-Based Authentication
have hardware-based VPN engines to support and maximize service availability. These firewalls use Performance Optimization
manage a large number of VPN configurations. granular policies and explicit blacklists and whitelists
┬âUTM Acceleration Engine
They support IPSec, PPTP, L2TP, and SSL protocols to control access to certain types of websites for any
in Client/Server mode and can handle pass-through combination of users, interfaces, and IP networks.
┬âMultiple WAN Interfaces for Traffic Load
traffic as well.1 Advanced VPN configuration options The firewall can actively handle Internet content by
include: DES/3DES/AES/Twofish/Blowfish/CAST-128 stripping potential malicious objects, such as Java
Quick/Main/Aggressive Negotiation modes, and cookies.
VPN authentication support using either an external
RADIUS server or a large user database. VPNC UTM Services
Maintaining an effective defense against the various
threats originating from the Internet requires that
all three databases used by the NetDefend UTM VPNC
Firewalls are kept up-to-date. In order to provide a
robust defense, D-Link offers optional NetDefend
Firewall UTM Service subscriptions which include 01
NetDefend UTM Firewall Series DFL-260E NetDefend UTM Subscription Licensed for Unlimited Users
The standard NetDefend UTM Subscription provides Optional subscription services for IPS, Antivirus
┬âFirewall Throughput: 150 Mbps
your firewall with UTM service updates for 12 months Scanning, and Web Content Filtering are priced per
┬âVPN Performance: 45 Mbps (3DES/AES)
starting from the day you activate or extend your firewall rather than per user, thus reducing the total
┬â1 10/100/1000 Ethernet WAN Port
service.2 The NetDefend UTM Subscription can be cost of ownership for licensing.
┬â5 10/100/1000 Ethernet LAN Ports
renewed regularly to provide your firewalls with
┬â1 10/100/1000 Ethernet DMZ Port
the most up-to-date security service available from WAN Link Load-Balancing and Fault-Tolerance
Multiple WAN ports support traffic load balancing
and failover, thus guaranteeing Internet availability DFL-860E
┬âFirewall Throughput: 200 Mbps
NetDefend Center: http://security.dlink.com.tw
┬âVPN Performance: 60 Mbps (3DES/AES) D-Link End-to-End Security (E2ES) Solutions 3
The ZoneDefense mechanism, operating in
┬â2 10/100/1000 Ethernet WAN Ports
conjunction with D-Link xStack switches,
┬â8 10/100/1000 Ethernet LAN Ports
automatically quarantines infected workstations and
┬â1 10/100/1000 Ethernet DMZ Port
prevents them from flooding the internal network with
malicious traffic. DFL-1660
┬â4 SFP Ports (DFL-2560G) D-Link Green Certified
The D-Link Green certified DFL-1660 and DFL-2560(G)
Only Server mode available for SSL VPN.
2 Actual service package may vary depending on region.
are built with an 80 PLUS internal power supply.
3 For DFL-860E, DFL-1660, and DFL-2560(G) only
80 PLUS certified power supplies offer increased
reliability due to greater efficiency, and provide a
reduced cost of ownership through longer equipment Powerful VPN Engine
life. Additionally, 80 PLUS power supplies help
Hardware-based data encryption and authentication prevent pollution by limiting energy consumption, and
for IPSec, PPTP, L2TP, and SSL in Client/Server mode run at a lower temperature to reduce cooling costs.
enable fast and safe handling of VPN traffic.1 Professional Intrusion Prevention System (IPS)
The DFL-260E and DFL-860E save energy automatically
Automatic updates from a comprehensive IPS through cable length and link status detection. By
signature database focus on attack payloads to detecting the length of cables connected to a port, the
protect the network against zero-day attacks.
amount of power used for the port can be adjusted,
only using as much as is needed. The DFL-260E/860E Real-Time Antivirus Inspection (AV)
can also detect if a port is not in use, such as when
The antivirus engine scans using the most complete, a connected computer is shut down or if nothing is
most up-to-date antivirus signature database. connected to the port, and can automatically reduce
Streaming-based pattern matching provides effective the power used for that port, cutting energy used for
protection against viruses.
it by a substantial amount. Fast, Efficient Web Content Filtering
Multiple index server implementation, granular D-Link Green certified devices comply with RoHS
policies, blacklists and active content handling (Restriction of Hazardous Substances) and WEEE
enhance performance and effectiveness of web (Waste Electrical and Electronic Equipment)
directives. RoHS directives restrict the use of specific
hazardous materials during manufacturing, while Acceleration Engine for Unified Threat Management
WEEE implements standards for proper recycling
A powerful processor allows the firewall to carry out and disposal. Together, these considerations make
IPS and Antivirus scanning simultaneously without D-Link Green firewall products the environmentally
responsible choice. 02
Physical & Power Supply Internal Power Supply 80 PLUS Internal Power Supply
Environmental Max. Power Consumption 18.6 watts 22.8 watts 66.8 watts 103 watts Dimensions 280 x 180 x 44 mm 330 x 180 x 44 mm 440 x 400 x 44 mm 11ÔÇŁ Rack-Mount 13ÔÇŁ Rack-Mount 19ÔÇŁ Standard Rack-Mount Operating Temperature 0 to 40 ┬░C Storage Temperature -20 to 70 ┬░C Operating Humidity 5% to 95% non-condensing EMI FCC Class A CE Class A C-Tick VCCI Safety UL LVD (EN60950-1) LVD (EN60950-1) cUL, CB MTBF 186,614 hours 140,532 hours 400,000 hours 310,000 hours
4 Compatible with D-Link SFP module transceivers: DEM-310GT, DEM-311GT, DEM-312GT2, DEM-314GT, DEM-315GT, DEM-330T, DEM-330R, DEM-331T, DEM-331R, DGS-712
5 Actual performance may vary depending on network conditions and activated services.
6 The maximum firewall plaintext throughput is based on RFC2544 testing methodologies.
7 VPN throughput is measured using UDP traffic at 1420 byte packet size adhering to RFC 2544.
8 IPS and Anti-Virus performance test is based on HTTP protocol with a 1Mb file attachment run on the IXIA IxLoad. Testing is done with multiple flows through multiple port pairs.
9 Performance based on firmware 2.27.00 and above
10 Available when DMZ port is configured as WAN port 05
Secure Network Implementation Using NetDefendÔäó UTM Firewalls ACN 052 202 838 D-Link Corporation
No. 289 Xinhu 3rd Road, Neihu, Taipei 114, Taiwan
Specifications are subject to change without notice.
D-Link is a registered trademark of D-Link Corporation and its overseas subsidiaries.
All other trademarks belong to their respective owners.
┬ę2011 D-Link Corporation. All rights reserved.
Release 03 (June 2011) 06