`. Course Outline NetDefend Family Overview & Strategy NetDefendOS Feature Introduction UTM Feature & NetDefend Subscription

`

Course Outline

• NetDefend Family Overview & Strategy• NetDefendOS Feature Introduction• UTM Feature & NetDefend Subscription

NETDEFEND FAMILY OVERVIEW & STRATEGY

DSC-Security

NetDefend Family Overview & Strategy

• D-Link NetDefand Family Introduction• NetDefendOS Introduction


D-Link NetDefend Family Introduction

After this section, you should be capable to express:1. All NetDefend Family 2. D-Link VPN client DS-601/6053. How to introduce NetDefend IPS Firewall?4. How to introduce NetDefend UTM Firewall?5. The competitiveness of NetDefend Firewall Family6. NetDefend Firewall selling point.


NetDefend Family Overview & Strategy•Product Line Overview

VPN Remote Client Software

DFL-210 DFL-800 DFL-1600 DFL-2500

NetDefend VPN Firewall / UTM Family

SOHO Small Business Medium Business Enterprise

DS-601 / 605

DFL-260 DFL-860 DFL-1660 DFL-2560

D-Link VPN Client Introduction-DS-601/605

• Software installable on Windows NT, 98 SE, ME, 2000 or XP platform.

• DS-601: For single user license.• DS-605: For 5 users licenses.• For remote users’ VPN connection from home/outside the office.• Support Tunnel and Transport mode for easy communication

between client and gateway.• Certified interoperability with whole series of D-Link NetDefend

IPS/UTM Firewalls and VPN router to ensure users seamless connection environment.

NetDefend Family Overview & Strategy•VPN Client DS-601/605

DS-601/605 Q&A

NetDefend Family Overview & Strategy•VPN Client DS-601/605

1. What version does NOT DS-601/605 support? (Multiple Choice)a. XPb. Vista c. 2000 d. MAC OS

2. How many user license does DS-605 provide?a. 1 b. 3 c. 5 d. 7

3. What is major difference between DS-601 and DS-605?a. License b. Specification c. support service level d. OS platform

4. Which model can DS-601/605 establish VPN connection with? (Multiple Choice)a. DFL-800 b. DFL-M510 c. DI-804 HVd. DSA-5100

NetDefend Family Overview & Strategy•NetDefendOS

NetDefendOS Introduction

Platform Compatibility: DFL-210/260/800/860/1600/2500

After this section, you should be capable to express:1. What is NetDefendOS?2. What management User Interface does NetDefendOS provide? 3. What is ICSA Labs?4. What is ICSA firewall certified?

The hardware of D-Link Firewalls DFL-210/260/800/860/1600/2500 is driven and controlled by NetDefendOS. Designed as a dedicated firewall operating system, NetDefendOS features high throughput performance with high reliability while at the same time implementing the key elements of IPS/UTM firewall.From the administrator's perspective the conceptual approach of NetDefendOS is to visualize operations through a set of logical building blocks or objects, which allow the configuration of the product in an almost limitless number of different ways. This granular control allows the administrator to meet the requirements of the most demanding network security scenario.

NetDefendOS provides two types of management interfaces:Command Line Interface (CLI):The Command Line Interface, accessible locally via serial console port or remotely using the Secure Shell (SSH) protocol, provides the most fine-granular control over all parameters in NetDefendOS.

Web User Interface:The Web User Interface provides a user-friendly and intuitive graphical management interface, accessible from a standard web browser.



NetDefendOS Benefit NetDefendOS is a proprietary, close architecture, it has less OS vulnerability, and more reliability comparing with other competitors who use window OS, Linux or others open source.

NetDefendOS Certified by ICSA labs:D-Link’s NetDefend IPS Firewall has passed the strictest firewall certification in “ICSA Labs – Corporate Firewalls”. The D-Link IPS NetDefend Firewalls have to pass a series of rigorous tests, including system installation and configuration, setting security policies, system management, system logging, event testing, port security and more. Not only did the NetDefend Firewall passes these tests, but it also earned praise from ICSA Labs’ Network Security Labs for unique features in the web administration interface that allow administrators to safely make changes to the firewall’s configuration remotely

D-Link Certified in ICSA Labs: https://www.icsalabs.com/icsa/product.php?tid=fghhf456fgh



SmallBusiness

Enterprise

Medium Business

BranchOffice

NetDefend Family Overview & Strategy•NetDefend IPS Firewall

Performance

DFL-800

DFL-1600

DFL-2500

DFL-210

80 Mbps 150 Mbps 320 Mbps 600 Mbps

NetDefend IPS Firewall Introduction

High Performance & Cost Efficiency


DFL- 800 Targets Small Business

• Firewall Throughput: 150Mbps• VPN Performance: 60Mbps (3DES/AES)• 2 Ethernet WAN Ports, 7 Ethernet LAN Ports,

1 Configurable DMZ Ethernet Port

DFL- 210 Targets SOHO

• Firewall Throughput: 80Mbps• VPN Performance: 25Mbps (3DES/AES)• 1 Ethernet WAN Port, 4 Ethernet LAN Ports,

1 Configurable DMZ Ethernet Port

DFL- 1600 Targets Medium Business

• Firewall Throughput: 320Mbps• VPN Performance: 120Mbps (3DES/AES)• 6 User-Configurable Gigabit Ports

DFL- 2500 Targets Enterprise

• Firewall Throughput: 600Mbps• VPN Performance: 300Mbps (3DES/AES)• 8 User-Configurable Gigabit Ports


High Performance & Cost Efficiency

Features of DFL – 210 / 800 / 1600 / 2500


Integrated Functions

• Firewall Protection• Proactive Security With ZoneDefense

Mechanism• Content Filtering/Intrusion Detection• Parental Access Control• User Authentication• Instant Message/P2P Blocking• Denial of Service (DoS) Protection• Virtual Private Network (VPN) Security• Bandwidth Management

Content Filtering

• URL/E-Mail Filtering• Java Script/Active X/Cookie Filtering• IM/P2P Program Filtering

Fault Tolerance

• WAN Traffic Fail-Over• Active/Passive Modes for

High Availability

Bandwidth Management

• WAN Traffic Bandwidth Management

• Multi-WAN Interfaces for Traffic Load Sharing

• Outbound Traffic Load Balancing*• Policy-Based Routing

• Firmware upgraded feature.

Small Business

• SonicWALL TZ170 • Fortinet Fortigate 60• WatchGuard SOHO 6• Juniper NetScreen 5GT• ZyXELL ZyWALL 5 / 35• Cisco 501

Competitors

DFL-210 Competitors on the Market

Advantages

Firewall System• Application Layer Gateway• H.323 NAT Traversal

support• RADIUS, LDAP,

Active Directory user authentication support

Networking• IEEE 802.1q VLAN

support• IP Multicast (IGMP)

support

VPN• Versatile encryption methods• Numerous VPN tunnel support• PPTP/L2TP Server support

Traffic Load Balance•Outbound Traffic load balancing*

Others• IP and MAC binding• IM/P2P blocking support• Unrestricted user licenses



Small Business

• Cisco PIX 506E• ZyXELL ZyWALL 70• WatchGuard Firebox X500

• Fortinet Fortigate 100A• Juniper NetScreen 25

Competitors


Advantages

Firewall System• Zone Defense • Application Layer Gateway• H.323 NAT Traversal support• RADIUS, LDAP, Active Directory user authentication support

Networking• IEEE 802.1q VLAN support• IP Multicast (IGMP) support

VPN• Versatile encryption methods• Numerous VPN tunnel support• PPTP/L2TP Server support

Traffic Load Balance•Outbound Traffic load balancing*




Medium Business

• SonicWALL 3060• Fortinet Fortigate 200A• WatchGuard Firebox X2500

• Fortinet Fortigate 300A• Juniper NetScreen 204• Cisco PIX 525E

Competitors


Advantages

Interface• High port density with configurable Gigabit port

Firewall System• Zone Defense• Application Layer Gateway• RADIUS, LDAP, Active Directory user authentication support

Networking• IP Multicast (IGMP) support

VPN• Versatile encryption methods• PPTP/L2TP server support• PPTP/L2TP/IPSec VPN client pass through support

Traffic Load Balance• Outbound Traffic load balancing*• Server load balancing




• Fortinet Fortigate 500A

• Juniper NetScreen 208

Competitors


Advantages

Interface• High port density with configurable Gigabit port

System Performance• Higher concurrent session

Firewall System• Zone Defense• Application Layer Gateway• RADIUS, LDAP, Active Directory user authentication support

Networking• IP Multicast (IGMP) support

VPN• Versatile encryption methods• PPTP/L2TP server support• PPTP/L2TP/IPSec VPN client pass through support

Traffic Load Balance• Outbound Traffic load balancing*• Server load balancing



Enterprice


1. Which segment do NetDefend Firewalls fulfill?(Multiple Choice ) a. Home b. SOHO c. Telecom d. SMB

2. Which model do NetDefend Firewall provide gigabit interface? (Multiple Choice )a. DFL-800 b. DFL-210c. DFL-1600d. DFL-2500

3. What is the competitor for DFL-210?a. Fortinet Fortigate 60 b. WatchGuard Firebox X500 c. Juniper NetScreen 25 d. Cisco PIX 515

4. What is the competitor for DFL-800?a. Fortinet Fortigate 60 b. WatchGuard Firebox X500 c. Juniper NetScreen 204 d. Cisco PIX 506


NetDefend IPS Firewall Q&A

5. What is the competitor for DFL-1600?a. Fortinet Fortigate 300A b. WatchGuard Firebox X500 c. Juniper NetScreen 204 d. SonicWALL Pro 2040

6. What is the competitor for DFL-2500?a. Fortinet Fortigate 400A b. WatchGuard Firebox X2500 c. Juniper NetScreen 208 d. SonicWALL Pro 3060

7. Which model does support port configurable? a. DFL-210 b. DFL-800 c. DFL-1600 d. DFL-2500 e. All of Above




8. What feature does NOT NetDefend DFL-210 Firewall support?a. Traffic Shapingb. Server load balancing c. IPS d. Policy based routing

9. What model can support HA? (Multiple Choice )a. DFL-210b. DFL-800c. DFL-1600 d. DFL-2500

10. What model can NOT support ZoneDefense?a. DFL-210b. DFL-800 c. DFL-1600 d. DFL-2500



11. Which detail is WRONG for firewall/VPN throughput?a. DFL-210 80/25 Mbps b. DFL-800 150/80 Mbps c. DFL-1600 320/120 Mbps d. DFL-2500 600/300Mbps

12. What kind of user authentication does firewall support?a. LDAP b. RADIUSc. Active Directoryd. All of above

13 How many user license does DFL-210 support?a. 100 b. 200c. 300 d. Unrestricted user licenses



14. Which model is for branch office?a. DFL-210 b. DFL-800 c. DFL-1600 d. DFL-2500

15. Which model is for small business? a. DFL-210 b. DFL-800 c. DFL-1600 d. DFL-2500

16. What is NetDefend Firewall ‘s advantage?a. Firewall and VPN throughput b. Joint defense with switchc. Comprehensive feature setd. Flexible interface module

17. Which feature can integrate Switch into security solution from gateway to endpoint?a. Web Contend Filtering b. Anti-Virusc. Intrusion Prevention Systemd. ZoneDefense


Firewall VPN IPS Antivirus

WebContent Filtering

ApplicationControl

NetDefend UTM Firewall Portfolio

Targets at SMBs and Enterprises to enable protections against all varieties of network threats simultaneously in real time.

Positions at high throughput and high performance UTM Firewalls with Truly Hardware Acceleration

Incorporates leading technologies of IPS, Antivirus and Web Content Filtering from well-known vendors

NetDefend UTM Product Overview

NetDefend Family Overview & Strategy•NetDefend UTM Firewall

Stemming from NetDefendOSAdopting the same kernel certified by ICSA Labs, NetDefend UTM Firewall also integrates innovative technologies from world leading IPS, AV and WCF partners.

NetDefend UTM firewall DFL-260/860 series is D-Link’s brand new Unified Threat Management (UTM) Firewall solution which further integrates IPS, Anti-Virus and Web Content Filtering, providing more secure and productive networking for SMBs.

All hardware design of NetDefend UTM Firewall such as housing, Ethernet interface and Web GUI are same as NetDefend IPS firewall, additionally, NetDefend UTM Firewall equips with hardware acceleration for speeding up IPS and Anti-Virus scanning performance, outranges Cisco, WatchGuard, SonicWALL, Juniper and Fortinet in the same market segment.


DFL- 260 Targets SOHO• Firewall Throughput: 80Mbps• VPN Performance: 25Mbps• IPS Performance: 25Mbps• Anti-Virus Performance: 25Mbps

• Web Content Filtering: 30+ Categories

DFL- 860 Targets Small Business• Firewall Throughput: 150Mbps• VPN Performance: 60Mbps • IPS Performance: 50Mbps• Anti-Virus Performance: 50Mbps• Web Content Filtering: 30+ Categories

NetDefend UTM Firewall Introduction

NetDefend IPS/UTM Firewall delivers rich advanced features in friendly and easy configuration, enables the stability, flexibility and scalability of IT infrastructure, makes it a cost-effective solution for Small to Medium Business (SMB).

Emerging network threats and Zero-Day attacks drive the market demand toward seeking a more robust security mechanism. Built with advanced IPS signatures technology and powered by Kaspersky anti-virus solution (only UTM Firewall), NetDefend IPS/UTM Firewall is the efficient and effective solution to stop various network threats and attacks for SMBs.

NetDefend UTM Firewall delivers with High Port Density, and built-in Multiple WAN Ports and WAN / LAN / DMZ Port Configurable enables customers scale their infrastructure on their own demands.

NetDefend Family Overview & Strategy•UTM/IPS Firewall Key Competency

UTM/IPS Firewall Key Competency

You already learned a lot of IPS and UTM firewall features in previous slides. The followings are IPS/UTM firewall key advantages to compete with our competitors in the market

NetDefend UTM Firewall offers High Network Throughputs and High Network Performance for customers, providing up to 80 / 150 Mbps Firewall Throughput, and 25 / 60 Mbps IPSec VPN Throughput, in respective with DFL-260 / 860.

NetDefend UTM Firewall enables WAN Load Balance, WAN Fail-over, and Server Load Balance to provide customers continuous Internet connection and smooth network services mechanism.

NetDefend UTM Firewall provides advanced Traffic Shaping Technology, which allows prioritize and differentiate network traffic according to the service precedence. For Mission-critical service, the bandwidth can always be guaranteed and optimized, meanwhile for the minor service, the bandwidth can be adjusted dynamically upon network traffic condition.

NetDefend UTM Firewall features not only an intuitive and object-oriented user interface that can be easily configured via a web console, but also a Command-Line Interface (CLI) with full function sets for advanced users. User can easily configure or perform the administrative functions of the firewalls.


Multiple Encryption Methods are implemented on NetDefend UTM Firewall, including DES, 3DES, AES, Twofish, Blowfish and CAST-128, to provide secure VPN connections for SMB and enterprises.

NetDefend UTM Firewall features Built-in IPS and Anti-Virus proactive engine, commit customers to effectively detect and prevent hybrid network threats with low false-positive rate.

ZoneDefense integrates D-Link NetDefend Firewall and xStack Switch to enable the Proactive Network Security mechanism. Whenever network virus or worm attacks are detected by the Firewall, ZoneDefense triggers and notifies D-Link Switches automatically, in real time the infected hosts are disconnected to further stop mutual infection among internal hosts.



DFL-260 DFL-860

UTM Firewall Performance 80Mbps 150Mbps

VPN Performance 25Mbps 60Mbps

IPS Performance 25Mbps 50Mbps

Anti-Virus Performance 25Mbps 50Mbps

Web Content Filtering Y Y

High Performance of NetDefend UTM Firewall

NetDefend UTM Firewall equip with a hardware accelerator for layer 7 content inspection, which increase IPS and Anti-Virus high performance of NetDefend UTM Firewall than other competitors.

We also compare IPS and Anti-Virus performance with a famous security provider J company’s UTM firewall in next slides for your reference.

1. High IPS performance with hardware accelerator.

2. UTM firewall throughput is Triple higher than J company XX 20.

For more detail will be introduced in IPS Feature chapter


*Test Criteria: 5 concurrent users download 10 MB file by HTTP protocol

1. Super fast Anti-Virus scanning by hardware accelerator.

2. Scanning capability is Triple faster than J company XX 20.

D-Link ONLY spends 8 seconds to finish 10MB file transmission, but J company needs to speed 30 seconds.

For more detail will be introduced in Anti-Virus Feature chapter


*Test Criteria: 5 concurrent users download 10 MB file by HTTP protocol

1. Huge and comprehensive IPS signature database.

2. IPS database is 10x larger than J company XX 20.


DFL-860 J company XX 20

Anti-Virus / IPS Performance 54 / 52 Mbps* 22 / 16 Mbps

IPS Signature Number 8000+ 808

File Transmission Speed (10MB) 14 seconds 35 seconds

File size limitation No limitation 10MB


Double more performance for Anti-Virus scanning.

Triple performance for Intrusion Prevention System.

Providing 8000+ signatures to cover most intrusion attacks and high IPS performance 52 Mbps compete with J company who is using few IPS signatures (#808) and poor performance (13 Mbps).

* Value is based on real traffic.

For more detail will be introduced in IPS and Anti-Virus Feature chapter.

DFL-860 J company XX 20

Anti-Virus / IPS Performance 54 / 52 Mbps 22 / 16 Mbps

IPS Signature Number 8000+ 808

File Transmission Speed (10MB) 14 seconds 35 seconds

File size limitation No limitation 10MB


No File size limitation, supporting large file scanning for Anti-Virus.

Streaming Based Technology speeds up 2X UTM performance for Anti-Virus scanning.

No current Session Limited, keep high performance with uses increased.

Other competitors as J company, implement Proxy Mode that have to store file, and then scan it, the bottleneck of file size and connection number are limited by device memory size.

For more detail will be introduced in IPS and Anti-Virus Feature chapter

Price

Fortigate 60

ZyWall 5 UTM

UT

M

Per

form

ance

• Firewall Throughput: 90Mbps• VPN Throughput: 30+Mbps • Software Based IPS• Software Based Anti-Virus• Expensive optional license charge is required !

• Firewall Throughput: 70Mbps• VPN Throughput: 20Mbps • Software Based IPS• Software Based Anti-Virus

• Firewall Throughput: 80Mbps• VPN Throughput: 25Mbps • Hardware Based IPS• Hardware Based Anti-Virus



DFL-260

Juniper 5GT

SonicWALL TZ 190


Competitive Comparison & Analysis

Fortinet 200A

UT

M

Per

form

ance

Price

ZyWall 70

WatchGuard X550e

SonicWALL Pro 2040


• Firewall Throughput: 200Mbps• VPN Throughput: 50Mbps • Software Based IPS• Software Based Anti-Virus • Expensive optional license charge is required !


• Firewall Throughput: 150Mbps• VPN Throughput: 70Mbps • Poor IPS& AV performance

• Firewall Throughput: 160Mbps• VPN Throughput: 40Mbps • Software Based IPS• Software Based IPS


DFL-860

Juniper SSG 20


Competitive Comparison & Analysis

Summary: NetDefend UTM Firewall Selling Point


High throughput, high performance with truly Hardware Acceleration. Fast file transmission speed for Anti-Virus scanning capability. Comprehensive IPS signature database (8000+). No file size and connection limitation for Anti-Virus scanning. Other

competitors can not prevent virus hidden in over specific file size and not able to support large concurrent sessions.

Well-Known Anti-Virus database by Kaspersky Triggering ZoneDefense by IPS and Anti-Virus* to real-time protect

virus or network worm outbreak. NetDefend Center website provides great value information for

network security

Adopting the same kernel certified by ICSA Labs, NetDefend UTM Firewall also integrates innovative technologies from world leading IPS, AV and WCF partners.

* Support in future release

1. Which NetDefend UTM Firewall are available now? (Multiple Choice )a. DFL-260 b. DFL-860 c. DFL-1660 d. DFL-2560

2. What new feature does NetDefend firewall support after firmware version 2.20?a. IPS b. Anti-Virus c. Web Content Filtering d. Anti-SPAM

3. Why can D-Link UTM Firewall reach high performance?a. Embed hardware accelerator b. Anti-Virus Engine by Kaspersky c. New CPU processor d. New software core

4. What is the IPS and Anti-Virus performance of DFL-860?a. 30/30 Mbps b. 50/50 Mbps c. 45/45 Mbps d. 60/60 Mbps

NetDefend UTM Firewall Q&A


5. What is the IPS and Anti-Virus performance of DFL-260?a. 20/20 Mbps b. 40/20 Mbps c. 30/30 Mbps d. 35/35 Mbps

6. How many MB is file size limitation of UTM Firewall for anti-virus?a. 3 MB b. 5MBc. 10 MB d. No limitation

7. Who is the anti-virus signature vendor? a. Trendmicro b. Symantec c. McAfee d. Kaspersky

8. How many number of IPS signatures is in UTM database?a. 3000+ b. 6000+c. 8000+ d. 5000+



9. What is major difference between UTM firewall and IPS firewall?a. UTM firewall has VPN, but IPS firewall has not b. UTM firewall has Anti-Virus and WCF, but IPS firewall does not c. UTM firewall has IPS and Anti-Virus, but IPS firewall has IPS and WCFd. UTM firewall has WCF and Anti-Virus, but IPS firewall has IPS and Anti-Virus.

10. What is D-Link UTM’s advantages? a. Performance b. Signature number c. scanning file size d. ZoneDefense (exclude DFL-260)e. all of above



NetDefend Family’s Competency

• Following is our advantage:– Sufficient features

– Solution oriented

– Outstanding performance

– Affordable price

• How to fight with our major competitors? – Fortinet

– SonicWALL

– Juniper

– ZyXEL

NetDefend Family Overview & Strategy•Competitive Comparison & Analysis

Myth of FortinetNetDefend’s Advantages and & Counterplot

Fortinet is a innovator which provides many advanced security features in security market.

How to Compete with Fortinet?

Weakness

Poor performance with anti-virus or IPS enabled

Complete firewall products, but have no total solution

Only provide 30 days free trial for UTM service

Anti-Virus database is not from well-known provider

IPS signature is only 2,000

Service coverage focus on main countries

Conclusion

Comparing with D-Link security product, Forinet seems to have complete product line, but the performance and feature of D-Link firewall are excellent.

D-Link is to provides network total solution to customers, not single product, firewalls integrate xStack switch to be ZoneDefense solution, unified switch integrates access point to be a wireless management solution.

D-Link have complete service coverage by 130+ office on 70+ countries worldwide.


Compare with Fortinet

Myth of SonicWALLNetDefend’s Advantages and & Counterplot

SonicWALL promotes his deep packet inspection technology and integrated security features.

How to Compete with SonicWALL?

Several advanced features have to purchase enhanced OS and upgrade license, such as Policy-based routing, advanced NAT feature, sufficient Policy number, HA, Load Balancing, Object-based Management and LDAP.

Though the client purchases enhanced OS to support HA feature, SonicWALL still does not provide Firewall and VPN session synchronization. It’s a lame solution for H.A.

After license upgrade, SonicWALL still lacks some enhanced network feature, such as PPTP Server and 802.1q VLAN support.

Bandwidth / traffic control is always their weak point, they never mentioned traffic shaping and traffic load balancing feature.

No Gigabit interfaces and VPN tunnel number is limited

Conclusion

Without purchasing extra license, D-Link NetDefend firewall is already built-in many advanced network features in signal license

D-Link delivers enterprise-level security solution, ZoneDefense, to customers for fulfilling Joint Security.

D-Link NetDefend Firewall delivers the best Total Costs of Ownership (TCO) for customers.


Compare with SonicWALL

Myth of JuniperNetDefend’s Advantages and & Counterplot

Juniper is the market leader in security market. Juniper Firewall enables L2 and L3 operation mode, meanwhile highlight their signature pack for network security.

How to Compete with Juniper?

L2 mode (Transparent mode) or L3 mode (Router / NAT mode) cannot co-exist, meanwhile the operation mode change will lose all of the configuration.

10MB file size limitation for file based Anti-Virus scanning. It needs more latency time especially for multiple files transfer for real environment.

Juniper only delivers simple QoS for traffic prioritization. There are no any advanced and granular setting to guarantee per-user bandwidth control.

Juniper still lacks some enhanced network feature, such as PPTP Server, Server Load Balancing, Dynamic Bandwidth Balancing Mechanism.

Conclusion

D-Link NetDefend Firewall has high C/P rate and reduce business Total Cost Ownership. No extra cost for full set features.

D-Link can integrate all xStack switch series to enable client-less with end-point security solution: ZoneDefense technology.

Full set functionality: High port density (entry level) and all Gbe Copper interfaces (Enterprise) which can fulfill different environment requests.


Compare with Juniper

Myth of ZyXELNetDefend’s Advantages and & Counterplot

ZyXEL’s ZyWALL is ICSA-certified, and earns excellent reputation in SMB segment of security appliance market in Europe. How to Compete with ZyXEL?

ZyWALL Firewall and UTM series have limited port interfaces, lack of expansibility for SMBs.

ZyWALL Firewall and UTM series provide limited number of VPN tunnels. For ZyWALL 70 UTM, its VPN tunnels at most is 1,000.

Only ZyWALL 1050 supports 802.1Q VLAN, for the rest models, they do not support 802.1Q at all.

ZyWALL Firewall and UTM series do not support L2TP Server.

ZyWALL security service bundles Anti-Virus and IDP together, customers cannot buy either one individually.

ZyWALL Firewall and UTM series are ICSA-certified with the testing criteria “Residential” only, rather than the “Corporate” criteria.

Conclusion

D-Link NetDefend Firewall and UTM series pass ICSA Corporate Level testing criteria, however ZyWALL pass ICSA Residential Lcevel only .

D-Link can integrate all xStack switch series to enable client-less with end-point security solution: ZoneDefense technology.

Compared with ZyXEL, D-Link’s brand is more sounding and has more comprehensive office and tech-support network around the world.


Compare with ZyXEL

NETDEFENDOS FEATURE INTRODUCTION

DCS-Security

Key Features in NetDefendOS

• Routing Features• Route Failover • Virtual Private Network (VPN)• Virtual Local Area Network (VLAN)• High Availability (HA)• Traffic Management• User Authentication• ZoneDefense

NetDefendOS Feature Introduction

Routing Features in NetDefendOS

NetDefendOS Feature Introduction•Routing Features


After this section, you should be capable to express:1. What is static routing?2. What is the PBR (Policy Based Route)? 3. What could we achieve when using this feature?4. What is load sharing? 5. What is the key component of load sharing?6. What is dynamic routing? 7. What is the difference between dynamic and static routing?

Internet

Static Route & Route Failover


LAN Net

ISP1

Red Line Green Line

ISP2

Policy Based Route

• The NetDefendOS provides following types of PBR– Source-based routing

– Service-based routing

• Benefit of Policy Based Route:– Load sharing between multiple WAN links


Dynamic Routing

• Why do we need dynamic routing?• What is dynamic routing?• What dynamic routing do we support?

– OSPF (Open Shortest Path First)


Load Sharing

• More than two internet connections• Interoperate with PBR

– Source-based routing

– Service-based routing


Competitive AnalysisStatic Route, PBR, OSPF

Static Route

PBR OSPFLoad

Sharing

SonicWALL √ √ √ √

WatchGuard √ √ √ √

Fortinet √ √ √ √

Juniper √ √ √ √

Cisco √ √ √ √


Summary:Routing Features in NetDefendOS

• Routing determines the path from source to destination– Static Routing: predefined path– Dynamic Routing: learning and updating the path automatically

• Policy Based Route (PBR) determines path according to– Service type; different traffics (HTTP or FTP) use different routes– Source IP address; different users use different routes

• Via Policy Based Route (PBR), load sharing between multiple WAN links could be achieved


Routing Features Q&A

1. What kind of dynamic routing protocol does NetDefendOS support?

a. RIP (Routing Information Protocol)

b. OSPF (Open Shortest Path First)

c. BGP (Border Gateway Protocol)

d. EGP (Exterior Gateway Protocol)

2. Does NetDefendOS support Route Failover feature?

a. YES

b. No

3. What of following feature is NOT supported in NetDefendOS Firewall?

a. Static Route

b. Policy Based Route

c. RIP (Routing Information Protocol)

d. OSPF (Open Shortest Path Fast)


Routing Features Q&A

4. Which of following PBR is NOT supported in NetDefendOS ? (Multiple Choice)

a. Source-based routing

b. Service-based routing

c. Schedule-based routing

d. Port-based routing

5. With which feature, NetDefendOS could support load sharing between multiple WAN links?a. Static Routeb. Traffic Managementc. Dynamic Routed. Policy Based Route

6. Which model support load sharing feature?a. DFL-210b. DFL-800c. DFL-1600d. DFL-2500e. All above



After completing this section, you will be able to:

1. Describe what is Route Failover and its benefits

2. Describe how to implement Route Failover solution

3. Describe the selling point for Route Failover

Route Failover

NetDefendOS Feature Introduction•Route Failover

What is Route Failover

• Firewall is often deployed as the gateway of a network where availability and connectivity is crucial. Today corporations are relying heavily on the access to the Internet, and their operations will be severely disrupted if an Internet connection fails.

• To utilize multiple ISPs/ WAN links, NetDefendOS provides a Route Failover capability. Therefore, when one route fail, traffic can automatically failover to another alternative route.


A Typical Scenario of Failover


Route Failover allows the connections to different Internet Service Providers to avoid a single point of failure. Consequently, it enables enterprises to have backup Internet connectivity using a secondary Internet Service Provider (ISP).

How NetDefendOS Delivers Failover

For a route with Route Monitoring enabled, one of Route Monitoring

methods must be chosen:

– Interface Link Status– Gateway Monitoring


Competitive Analysis – Failover Feature Comparison


The D-Link NetDefend Route Failover Feature Comparison:

• SonicWALL

• ZyXEL

• WatchGuard

• Cisco

• Juniper

• Fortinet

DFL-210

Small-to-Medium Business Segment

D-Link SonicWALL ZyXEL WatchGuard Firebox

Features / Competitors

DFL-210TZ 180

10 Node Lic / 25 Node Lic

TZ 190 ZyWALL 5 ZyWALL 35 X Edge 5 X Edge 15

Failover Y Y Y Not Available Y Optional Optional



D-Link Cisco Juniper Fortinet

Features / Competitors DFL-210 PIX 501 PIX 506E 5XT 5GTFortiGate-

60FortiGate-

100A

Failover Y Not Available Not Available Optional Optional Y Y

DFL-260



Features / Competitors DFL-260Pro 1260 Standard / Enhanced

ZyWALL 5 UTM

ZyWALL 35 UTM

X Edge X10e

X Edge X20e

X Edge X20e

Failover Y YNot

AvailableY Optional Optional Y




Features / Competitors DFL-260 N/A 5XT 5GT FortiGate-60/60A FortiGate-100A

Failover Y N/A Optional Optional Y Y




Pro 2040 Standard / Enhanced

ZyWALL 70X Core X500Standard / Advanced

X Core X700Standard / Advanced

Failover Y Y Y Y Optional / Yes Optional / Yes

DFL-800



Features / Competitors DFL-800 PIX 506EPIX 515E

(R, DMZ) / (UR, FO, FO-AA)

NetScreen-25

NetScreen-50

FortiGate-100A

FortiGate-200A

Failover YNot

AvailableNot Available /

YY Y Y Y



D-Link SonicWALL ZyXEL WatchGuard


DFL-860Pro 1260 Standard / Enhanced


ZyWALL 70 UTM



Failover Y Y Y Y Optional / Yes Optional / Yes

DFL-860




DFL-860ASA 5505

Base / Security Plus

SSG 5Base /

Extended

SSG 20Base /

Extended

FortiGate-100A

FortiGate-200A

Failover Y Not Available / Y Y Y Y


Summary:Route Failover


•Today the low costs of xDSL lines makes it possible to allow SMBs utilize multiple ISPs/ WAN links as WAN backup via Route Failover feature to prevent operations severely disrupted due to Internet connection fails.

•In the entry level model segment such as DFL-210/260/800/860, most competitors deliver Route Failover feature as an option, and require to pay extra fee for this feature. Different from our competitors, considering the IT demands of SMB, the D-Link NetDefend IPS/UTM Firewall family generously bundles the Route Failover feature with no need to pay extra costs for the license upgrade.

•D-Link NetDefend IPS/UTM Firewall family delivers the affordable price with best-value security feature set for SMBs.


After completing this section, you will be able to:1. Describe what is VPN and its benefits2. Describe how to implement VPN solutions3. Describe the selling point for VPN

VPN

NetDefendOS Feature Introduction•VPN

What is VPN?

•A Virtual Private Network (VPN) is a private network connection that occurs through a public network.

•VPNs can be used to connect LANs together across the Internet or other public networks. With a VPN, the remote end appears to be connected to the network as if it were connected locally.

•VPN has attracted the attention of many organizations looking to both expand their networking capabilities and reduce their costs.


A Typical Scenario of VPN Solutions


Internet• Remote Access VPN

Tunneling Protocol:

• L2TP

• PPTP

• IPSec

• Site-to-Site VPN

Local Network

Local Network

A Close Look at IPSec VPN Topology

• Site-to-Site Topology


Internet

Local NetworkDFL-210/260/800/860

DFL-2500

VPN Tunnel is dedicated.

Head Office

Remote Office / Branch Office (ROBO)

ClientServer

Local Network

A Close Look at IPSec VPN Topology

• Hub-and-Spoke Topology


Internet

Local Network

DFL-210/260/800/860

Remote Office 1

Client

Local Network

DFL-2500

Head Office

Hub

Local NetworkClient

Remote Office 2

Spoke

Spoke

More Discussion about IPSec VPNs

• Rules and Routing play the key role in IPSec VPN configuration

• NetDefendOS provides IPSec VPN connection via Rule-based VPN Configuration

• Rule-based Configuration enables granular controls for administrators to decide what traffic should go through the tunnel.


Internet

Local NetworkLocal Network

DFL-210/260/800/860DFL-2500

Rule Action: Allow

Service: FTP

Head OfficeRemote Office

The client is not allowed to access FTP servers on the Internet; however, he/she is allowed to access the internal FTP server at the Head Office via VPN tunnel

FTP ServerClient

FTP Server on the Internet

Remote Access VPNs


Internet

Local Network

• The IP address of remote access clients are normally dynamic.

• Users usually require to install a VPN software on the machine.

• Tunnel connections are between a remote user’s computer and the VPN appliance.

VPN Remote Client Software

Planning a VPN

In designing a VPN, there are many considerations that need to be addressed, including:

• Protecting mobile and home computers• Restricting access through the VPN to needed services, only when mobile computers are potentially vulnerable• Creating DMZs for services that need to be shared with other companies through VPNs• Adapting VPN access policies for different groups of users• Creating key distribution policies


Competitive Analysis – VPN Feature Comparison


The D-Link NetDefend VPN Feature Comparison:

• SonicWALL

• ZyXEL

• WatchGuard

• Cisco

• Juniper

• Fortinet

DFL-210



Features / Competitors DFL-210TZ 180


TZ 190 ZyWALL 5 ZyWALL 35 X Edge 5 X Edge 15

Firewall Throughput 80Mbps 90+Mbps 90+Mbps 65Mbps 70Mbps 80Mbps 95Mbps

VPN

VPN Throughput 25Mbps 30+Mbps 30+Mbps 25Mbps 30Mbps 35Mbps 35Mbps

Site-to-Site Tunnel

100

2 / 10 15

10 35

2 15

Client-to-Site Tunnel

0 (Bundled) - 5 (Max) /

1 (Bundled) -25 (Max)

2 (Bundled) - 25

1/11 5/25


DFL-210



Features / Competitors DFL-210 PIX 501 PIX 506E 5XT 5GT FortiGate-60FortiGate-

100A

Firewall Throughput 80Mbps 60Mbps 100Mbps 70Mbps 75Mbps 70Mbps 100Mbps

VPN

VPN Throughput

25Mbps 3Mbps 15Mbps 20Mbps 20Mbps 20Mbps 40Mbps

Site-to-Site Tunnel

100 10 25 10 10 50 80



DFL-260




ZyWALL 5 UTM

ZyWALL 35 UTM

X Edge X10e

X Edge X20e X Edge X20e


VPN

VPN Throughput 25Mbps 30Mbps 25Mbps 30Mbps 35Mbps 35Mbps 35Mbps

Site-to-Site Tunnel

100

25

10 35

5 15 25


505

(Bundled) - 11

5 (Bundled) -

25

5 (Bundled) - 55


DFL-260



Features / Competitors DFL-260 N/A 5XT 5GT FortiGate-60/60A FortiGate-100A

Firewall Throughput 80Mbps

N/A

70Mbps 75Mbps 70Mbps 100Mbps

VPN

VPN Throughput

25Mbps 20Mbps 20Mbps 20Mbps 40Mbps

Site-to-Site Tunnel

100 10 10 50 80







ZyWALL 70X Core X500

Standard / Advanced


Firewall Throughput 150Mbps 90Mbps 200Mbps 90Mbps 100/110 Mbps 150/160 Mbps

VPN

VPN Throughput 60Mbps 30Mbps 50Mbps 40Mbps 20/30 Mbps 40/60 Mbps

Site-to-Site Tunnel

300

25 50

100

0 - 50 (Need to Upgrade)

100


5 (Bundled)

- 50

10 (Bundled) - 50/200

5 (Bundled) - 5010 (Bundled) -

100

DFL-800




Features / Competitors DFL-800 PIX 506EPIX 515E

(R, DMZ) / (UR, FO, FO-AA)

NetScreen-25

NetScreen-50

FortiGate-100A

FortiGate-200A


VPN

VPN Throughput 60Mbps 15Mbps 20 / 60 Mbps 20Mbps 45Mbps 40Mbps 70Mbps

Site-to-Site Tunnel

300 25Not Available /

2000125 500 80 200


DFL-800






ZyWALL 70 UTM



Firewall Throughput 150Mbps 90Mbps 200Mbps 90Mbps 100/110 Mbps 150/160 Mbps

VPN

VPN Throughput 60Mbps 30Mbps 50Mbps 40Mbps 20/30 Mbps 40/60 Mbps

Site-to-Site Tunnel

300

25 50

100

0 - 50 (Need to Upgrade)

100


5 (Bundled) - 50

10 (Bundled) - 50/200

5 (Bundled) - 50

10 (Bundled) - 100

DFL-860





DFL-860ASA 5505


SSG 5Base /

Extended

SSG 20Base /

Extended

FortiGate-100A

FortiGate-200A

Firewall Throughput 150Mbps 150Mbps 160Mbps 100Mbps 150Mbps

VPN

VPN Throughput

60Mbps 100Mbps 40Mbps 40Mbps 70Mbps

Site-to-Site Tunnel

300 10 / 25 25 / 40 80 200


DFL-860


DFL-1600




DFL-1600Pro 3060

Standard / Enhanced

Pro 4060Enhanced

ZyWALL 1050



X Core X550e (UTM)

Standard / Advanced

Firewall Throughput 320Mbps 290Mbps 300Mbps 300Mbps225 / 240

Mbps275+ / 300+

Mbps300+ Mbps

VPN

VPN Throughput

120Mbps 75Mbps 190Mbps 100Mbps75 / 100

Mbps100 / 130

Mbps35 Mbps

Site-to-Site Tunnel

1,200

500/1,000 3,000

1,000

400 40035

(Bundled) - 45


25 (Bundled) -

5003,000

50 (Bundled) - 1,000

1,000 (Bundled)

5 (Bundled) - 75


DFL-1600




DFL-1600PIX 525

(R) / (UR, FO, FO-AA)

ASA 5510Base / Security

PlusSSG 140

NetScreen-204

NetScreen-208

FortiGate-300A

Firewall Throughput 320Mbps 330Mbps 300Mbps350+Mb

ps375Mbp

s375Mbp

s400Mbps

VPN

VPN Throughput

120Mbps 30 / 70Mbps 170Mbps100Mbp

s175Mbp

s175Mbp

s120Mbps

Site-to-Site Tunnel

1200Not Available /

2,000250 125 1,000 1,000 1,500



DFL-2500



Features / Competitors DFL-2500Pro 4060Enhanced

Pro 4100Enhanced

N/AX Peak X5000

AdvancedX Peak X6000

Advanced

Firewall Throughput 600Mbps 300Mbps 700Mbps

N/A

400 Mbps 700 Mbps

VPN

VPN Throughput 300Mbps 190Mbps 400Mbps 190 Mbps 300 Mbps

Site-to-Site Tunnel

2,500

3,000 3,500 400 400


3,000 4,5001,200 (Bundled) -

4,0001,600 (Bundled) -

5,000


DFL-2500




DFL-2500 ASA 5520 ASA 5540NetScreen-

208NetScreen-

500FortiGate-

400AFortiGate-

500A


VPN

VPN Throughput

300Mbps 225Mbps 325Mbps 175Mbps 250Mbps 140Mbps 150Mbps

Site-to-Site Tunnel

2,500 750 5,000 1,000

5,000

2,000 3,000


10,000


Summary:VPN (Virtual Private Network )


The D-Link NetDefend IPS/UTM Firewall family provides outstanding firewall / VPN performance compared with other key players on the market.

Meanwhile, for the max number of VPN tunnel, NetDefend IPS/UTM Firewall family by default bundles more tunnels than our competitors, without charging any extra costs or upgrade fee for extra tunnels.

From the viewpoint of either performance-costs or value-costs ratio, D-Link NetDefend IPS/UTM Firewall family is the best Firewall / UTM solution for mid-to-large sized organizations.

VPN Q&A


1. What is the maximum number of VPNs supported on a DFL-800/860 Firewall/UTM device running NetDefendOS?

a. 100

b. 150

c. 200

d. 250

e. 300

2. Which of the following protocols isn’t a tunneling protocol but is probably used at your site by tunneling protocols for network security?

a. IPSec

b. PPTP

c. L2TP

d. L2F

VPN Q&A


3. Which answer below is NOT the benefits of VPN encryption:

a. Confidentiality

b. Authentication

c. Integrity

d. Non-repudiation

e. None of the above

4. What is the maximum VPN throughput of DFL-800 / 860 device running NetDefendOS?

a. 50 Mbps

b. 60 Mbps

c. 70 Mbps

d. 80 Mbps

e. 90 Mbps

VPN Q&A


5. What is the maximum VPN throughput of DFL-1600 device running NetDefendOS?

a. 100 Mbps

b. 110 Mbps

c. 120 Mbps

d. 150 Mbps

e. 200 Mbps

6. What is the maximum VPN throughput of DFL-2500 device running NetDefendOS?

a. 100 Mbps

b. 150 Mbps

c. 200 Mbps

d. 250 Mbps

e. 300 Mbps

VPN Q&A


7. Which two settings are important in IPSec VPN configuration, and will decide weather the traffic should go through the tunnel? (Multiple Choice)

a. Network Interfaces

b. Routing

c. IPSec Interface

d. Rules


8. How does NetDefendOS provide IPSec VPN configuration ?

a. Policy-based Configuration

b. Interface-based Configuration

c. Rule-based Configuration

d. Route-based Configuration

e. Security-based Configuration



1. Describe what is VLAN and its benefits

2. Describe how to implement VLAN solutions

3. Describe the selling point for VLAN

VLAN

NetDefendOS Feature Introduction•VLAN

What is VLAN

• A Virtual Local Area Network (VLAN) allows administrators to create logical groups of users and systems and segment them on the network.

• This network segmentation enables administrators hide segments of

the network from other segments and hence control network resource access.

• Also administrators can set up VLANs to control the paths that data takes to get from one point to another. VLAN technology is a good way to contain network traffic to a certain area in a network.


A Typical Scenario of VLAN


Internet

NetDefendOS Provides Cost-Effective VLAN Solution for SMB


Internet

D-Link NetDefend IPS/UTM Firewalls

How NetDefendOS Supports VLAN

• NetDefendOS is fully compliant with the IEEE 802.1Q specification for Virtual LANs. On a protocol level, Virtual LANs work by adding a Virtual LAN identifier (VLAN ID) to the Ethernet frame header. The VLAN ID is a number from 0 to 4095 and is used to identify a specific Virtual LAN. In this way, Ethernet frames can belong to different Virtual LANs, but still share the same physical media.

• The Virtual LAN support in NetDefendOS works by defining one or more Virtual LAN interfaces. Each Virtual LAN interface is interpreted as a logical interface by the system.

• Ethernet frames received by the system are examined for a VLAN ID. If a VLAN ID is found, and a matching Virtual LAN interface has been defined, the system will consider that interface to be the receiving interface for the frame before further processing takes place.

• Virtual LANs are useful in several different scenarios, for instance, when filtering is needed between different Virtual LANs in an organization, or when the number of interfaces needs to be expanded.


Competitive Analysis – VLAN Feature Comparison


The D-Link NetDefend VLAN Feature Comparison:

• SonicWALL

• ZyXEL

• WatchGuard

• Cisco

• Juniper

• Fortinet

DFL-210


D-Link SonicWALL ZyXELWatchGuard

Firebox


DFL-210TZ 180


TZ 190 ZyWALL 5ZyWALL

35X Edge 5 X Edge 15

Max. No. of VLAN 8 Not AvailableNot

AvailableNot

AvailableNot

AvailableNot

AvailableNot

Available





DFL-210 PIX 501 PIX 506E 5XT 5GT FortiGate-60 FortiGate-100A

Max. No. of VLAN 8Not

Available2 3 3

10 (Bundled) – 25, 50, 100, 250 (via Lic Upgrade)

10 (Bundled) - 25, 50, 100, 250 (via Lic Upgrade)

DFL-260





ZyWALL 5 UTM

ZyWALL 35 UTM

X Edge X10e

X Edge X20e

X Edge X20e

Max. No. of VLAN 8Not Available /

25Not

AvailableNot

AvailableNot

AvailableNot

AvailableNot

Available





DFL-260 N/A 5XT 5GT FortiGate-60/60A FortiGate-100A

Max. No. of VLAN 8 N/A 3 310 (Bundled) –

25, 50, 100, 250 (via Lic Upgrade)

10 (Bundled) - 25, 50, 100, 250 (via

Lic Upgrade)






ZyWALL 70X Core X500Standard / Advanced



Available / 25

Not Available /

25Not Available Not Available Not Available

DFL-800




DFL-800 PIX 506E

PIX 515E(R, DMZ) /

(UR, FO, FO-AA)

NetScreen-25

NetScreen-50

FortiGate-100AFortiGate-

200A

Max. No. of VLAN 16 2 10 / 25 16 1610 (Bundled) –

25, 50, 100, 250 (via Lic Upgrade)








ZyWALL 70 UTM



Max. No. of VLAN 16Not Available /

25Not Available /

25Not

AvailableNot Available Not Available

DFL-860




DFL-860ASA 5505


SSG 5Base /

Extended

SSG 20Base /

ExtendedFortiGate-100A

FortiGate-200A

Max. No. of VLAN 163 (Trunking Disabled) / 3 (Trunking Enabled)

10 / 50

10 (Bundled) – 25, 50, 100, 250

(via Lic Upgrade)



DFL-1600




DFL-1600Pro 3060

Standard / Enhanced

Pro 4060Enhanced

ZyWALL 1050



X Core X550e (UTM)

Standard / Advanced


Available / 50

200 Y Not Available Not AvailableNot

Available / 25





DFL-1600PIX 525

(R) / (UR, FO, FO-AA)

ASA 5510Base /

Security Plus

SSG 140

NetScreen-204

NetScreen-208

FortiGate-300A

Max. No. of VLAN 128 25 /100 10 / 25 100 32 3210 (Bundled) –

25, 50, 100, 250 (via Lic Upgrade)

DFL-2500




DFL-2500Pro 4060Enhanced

Pro 4100Enhanced

N/AX Peak X5000

AdvancedX Peak X6000

Advanced

Max. No. of VLAN 1024 200 300 N/A Not Available Not Available





DFL-2500 ASA 5520 ASA 5540NetScreen

-208NetScreen

-500FortiGate-400A FortiGate-500A

Max. No. of VLAN 1024 100 200 32800 (100 per port)

10 (Bundled) – 25, 50, 100, 250

(via Lic Upgrade)

10 (Bundled) – 25, 50, 100,

250 (via Lic

Upgrade)

Summary :VLAN (Virtual Local Area Network )


•With the VLAN feature, organizations can enable routing capability between VLANs, and implement security policies among different LAN segments, therefore different departments, e.g. RD and Sales, can have different access controls toward network resources.

•In the entry level model segment such as DFL-210/260/800/860, most competitors do not deliver VLAN feature, this negatives the infrastructure expandability for SMBs. Having an insight into IT demands of SMB, the D-Link NetDefend IPS/UTM Firewall family all bundles more VLAN number than other competitors with no need to pay extra costs for the license upgrade.

•D-Link NetDefend IPS/UTM Firewall family is the best partner with the business and infrastructure growth of SMBs.

VLAN Q&A


1. VLAN tagging within a NetDefend device is based on which industry standard?

a. 802.1d

b. 802.1q

c. 802.11q

d. 802.2

e. 802.3

2. What is the valid range of VLAN tag numbers that are usable on a NetDefend device?

a. 0 thru 500

b. 1 thru 500

c. 0 thru 2048

d. 0 thru 4095

e. 1 thru 4094

VLAN Q&A


3. What is the maximum number of VLANs supported on a DFL-800/860 IPS/UTM Firewall device running NetDefendOS?

a. 10

b. 16

c. 20

d. 25

e. 50

4. What is the maximum number of VLANs supported on a DFL-2500 Firewall device running NetDefendOS?

a. 100

b. 200

c. 512

d. 1000

e. 1024

VLAN Q&A


5. In the DFL-210 segment, which competitors do NOT provide VLAN feature? (Multiple Choice )

a. Cisco

b. Juniper

c. SonicWALL

d. Fortinet

e. WatchGuard

f. ZyXEL

6. In the DFL-860 segment, which competitors by default with Standard Firmware do NOT provide VLAN feature? (Multiple Choice )

a. WatchGuard

b. Fortinet

c. Juniper

d. SonicWALL

e. ZyXEL

f. Cisco

VLAN Q&A


7. What is NetDefendOS’ main advantage in VLAN support, comparing to other competitors? (Multiple Choice )

a. Supported more VLAN by default.

b. VLAN number upgrade as an option.

c. No need to pay extra costs for VLAN number

d. Support 5 VLANs by default.

e. Support VLAN feature on entry level models.

8. What is the benefit of NetDefendOS’ VLAN support ? (Multiple Choice )

a. Allow to contain network traffic, and increase network performance

b. Create VLAN ID

c. Enable security control between VLANs

d. Enable L3 routing between VLANs

e. Allow physical network connection

Platform Compatibility: DFL-1600/2500

After completing this section, you will be able to:1. Describe NetDefend firewall HA feature and how it works2. Describe what HA will do / will not do for you3. Describe the requirements before HA implementation

High Availability (HA)

NetDefendOS Feature Introduction•High Availability

•High Availability (HA) is a hardware fault-tolerant capability that is available on certain models of D-Link NetDefend Firewalls. Currently the firewalls that offer this feature are the DFL-1600 and DFL-2500 models with active-passive HA implementation.

•D-Link High Availability works by adding a Backup D-Link firewall to an existing firewall. The Backup firewall has the same configuration as the Primary firewall. Therefore, this feature must have two identical firewall model to perform this feature.

•Throughout this chapter, the phrases “Master firewall" and “Primary firewall" are used interchangeably, as are the phrases “Slave firewall" and “Backup firewall".


Overview

Two firewall appliances are required, one is for Master and another one is for Backup.

When a failure on the Master firewall occurs, the Backup firewall transitions to active mode and assumes the configuration and role of Master.

Backup firewall contains a real-time mirrored configuration of Master firewall via a dedicated Ethernet cable link.


How High Availability Works

•Hardware-based redundant

•State-synchronized solution

•When the cluster failover to the inactive firewall, it knows which connections are active and communication may continue to flow uninterrupted.

•Extremely less failover time (< 800ms)


What High Availability will do for you

What High Availability will NOT do for you

• It’s not a panacea for all communication failures

• It will not create a load-sharing cluster.

• Only two firewalls, a "Master" and a "Slave", are supported.

• Broken interfaces will not be detected by HA


Interface Broken

High Availability Scenario Example


If Master Firewall fails, Slave Firewall would take over

NetDefend firewall with hardware failover mechanism to prevent single point failure situation which ensure network communication to be keep-alive.

•The High Availability is only supported on DFL-1600 and DFL-2500

•The Master and Slave NetDefend Firewall must be using the same hardware model – mixing and matching D-Link of different hardware types is not currently supported.

•NetDefend High Availability does not support PPP protocols and dynamic IP address assignment from your ISP.

•D-Link NetDefend Firewall in the High Availability pair must have the same firmware version installed.

•The high availability feature requires THREE unique static LAN IP addresses to operate normally.

Requirements before using HA


Feature Matrix

DFL-200 DFL-210 DFL-800 DFL-1600 DFL-2500

Active-Passive mode N/A N/A N/A Yes Yes

Active-Active mode N/A N/A N/A N/A N/A

State Synchronization N/A N/A N/A Yes Yes

VPN Synchronization N/A N/A N/A Yes Yes

Device Failure Detection N/A N/A N/A Yes Yes

Dead Link Detection N/A N/A N/A Yes Yes

Dead Gateway Detection

N/A N/A N/A Yes Yes

Dead Interface Detection

N/A N/A N/A Yes Yes

Average Failover Time N/A N/A N/A <800ms <800ms

Synchronization Method N/A N/A N/A Dedicated Ethernet Interface


•The HA feature is offered on both DFL-1600 and DFL-2500 with active-passive mode.

•NetDefend High Availability (HA) provides a solution for two key requirements of critical enterprise networking components: enhanced reliability and prevent single point failure from appliance perspective.

•NetDefend HA is implemented by configuring two firewall units to operate as an HA cluster.

•The HA must be using same hardware model and firmware version

Summary:HA (High Availability)


1. Which of the following feature is NOT supported for NetDefend High Availability?

a. Active-Passive HA mode

b. Dead link detection

c. Hardware failover mechanism between Master and Backup

d. Hardware Load balancing between Master and Backup

e. Firewall state and VPN synchronization

2. Which of the following condition is NOT required before using NetDefend High Availability?

a. Static WAN IP address

b. Same hardware model

c. Additional Ethernet cable for synchronization

d. Same firmware version installed

e. Redundant power supply

High Availability (HA) Q&A


3. Which following characteristic about High Availability is NOT true?

a. Only two firewalls are supported

b. Connection link failover

c. Single point failure prevention

d. Increasing network reliability



High Availability (HA) Q&A



1. Describe terminologies and feature definitions associated with Traffic Management

2. Describe what Traffic Management purpose is

3. Describe the selling point for Traffic Management

Traffic Management

NetDefendOS Feature Introduction•Traffic Management

Managing application performance can be quite a challenge. Productivity drops and frustration climbs when performance turns inconsistent, unpredictable, and slow. Do any of these problems sound familiar to you?

• Repeated bandwidth upgrades fail to address performance but do increase costs substantially.• A branch office’s ERP performance plummets whenever an employee synchs email.• Enthusiasm for VoIP (Voice over IP) fades when callers routinely face stutter and static during peak network usage.• Surges from recreational and infected traffic cause urgent, interactive applications to struggle.• Nightly server backups that haven’t finished by the next morning.

Strategies for Optimizing Applications on the WAN


What’s Causing Bandwidth Performance Problems?

• More application traffic• Recreational traffic• Web-based applications• Voice/video/data network convergence• Disaster readiness• Network Threat Attack• New Breed of Applications


What is Quality of Service ?

• Quality of Service (QoS) means providing consistent, predictable data delivery service. In other words, satisfying customer application requirements.

• QoS feature is called “Traffic Management” on NetDefendOS Web GUI.

• It’s the allocation of the appropriate amount of network bandwidth to every users and applications on an interface.

• It works by measuring and queuing IP packets


Why QoS is Needed ?

• Internet Protocol (IP) does not provide reliable mechanism to assure timely delivery for data throughput.

• Unlike “Pure Virtual Circuit” technologies, such as ATM and Frame Relay, IP does not make hard allocations of resource.

• Typical network traffic is bursty rather than continuous.

• Mission-critical information can not tolerate unpredictable losses.

• The conferencing, telephony and video streaming demand high data throughput and low-latency requirements when use two-way communications.


How Traffic Management Works?

• Queuing Packets when traffic exceeds configured limits.

• Dropping packets if the packet buffers are full.

• Prioritizing traffic according to the administrator's choice.

• Providing bandwidth guarantees.


Traffic Management Scenario Example

You could use Traffic Management to achieve following purpose:

-SMTP guaranteed to 800Kbps and maximum limit is 1600Kbps, Highest Priority.

-HTTP guaranteed to 600Kbps and maximum limit is 1200Kbps, Second Priority

-FTP guaranteed to 400Kbps and maximum bandwidth limit is 800Kbps, Third Priority.

-Other protocols is NOT guaranteed and limited. But It can burst its traffic to use all available bandwidth if SMTP/HTTP/HTTPS/FTP is not full traffic load.


Key Advantages

• Granular control for traffic prioritizing, guaranteeing and limiting

• Nicely integrated with the firewall ruleset

• Accurately control and manage bandwidth utilization

• IPSec tunnel traffic can be integrated by QoS

• Dynamic Bandwidth Balancing (D-Link unique)


1. Which of the following firewall model does NOT support traffic management feature?

a. DFL-210

b. DFL-800

c. DFL-1600

d. DFL-2500

e. None of Above.

2. Which of the following features is D-Link unique one than other firewall suppliers for traffic management?

a. Guarantee bandwidth

b. Queuing packets

c. Dropping packets if the packet buffers is full

d. Dynamic Bandwidth Balancing

e. Maximum bandwidth Limiting

Traffic Management Q&A


3. Which of the following scenario does NOT supported in Traffic Management feature on NetDefend Firewall?

a. Two-Way bandwidth limits

b. Per-user traffic limits and guarantee

c. Manage bandwidth in IPSec Tunnel

d. increasing reliability by traffic failover

e. By VLAN interfaces to manage bandwidth usage



4. Which of the following description is incorrect for Traffic Management feature advantage on NetDefend Firewall?

a. Traffic Management could enable bandwidth priority, bandwidth guarantee and bandwidth load

balancing.

b. The VLAN interfaces could be performed Traffic Management in NetDefend Firewall Series

c. The IPSec tunnel can be integrated by Traffic Management.

d. The dynamic bandwidth balancing feature is able to ensures that the per-user bandwidth limits

are dynamically lowered (and raised) in order to evenly balance the available bandwidth between

the users of the pipe.

e. Traffic management can perform packet based bandwidth utilization control.




After completing this section, you will be able to:1. Describe what is User Authentication2. Describe what is Run-Time Web Base Authentication3. Describe what is Accounting Server4. Describe the selling point for User Authentication

User Authentication

NetDefendOS Feature Introduction•User Authentication

User Authentication Introduction


User authentication is frequently used in services, such as HTTP, FTP, and VPN. NetDefendOS uses a Username/Password combination as the primary authentication method, strengthened by encryption algorithms. More advanced and secure means of authentication include Public-Private Keys, X.509 Certificates, IPsec/IKE, IKE XAuth, and ID Lists.

NetDefendOS has authentication schemes which support diverse users.

These can be: Administrators Normal users accessing the network PPPoE/PPTP/L2TP users using PPP authentication methods IPsec\IKE users - the entities authentication during the IKE negotiation phases

(Implemented by Pre-shared Keys or Certificates). IKE XAuth users - an extension to IKE authentication, occurring between negotiation

phase 1 and phase 2 User groups - groups of users that are subject to same criteria.

User Types

User Authentication Introduction


NetDefendOS can either use a locally stored database, or a database on an external server to provide user authentication.

The Local User Database (UserDB): support 150 items External Authentication Servers: RADIUS server (Remote Authentication Dial

In User Service)

Authentication Agents

Four different agents built into NetDefendOS can be used to perform username/password authentication. They are:

HTTP - Authentication via web browsing. Users surf to the firewall and login either through a HTML form or a "401 - Authentication Required" dialog.

HTTPS - Authentication via secure web browsing. Similar to HTTP agent except that Host and Root Certificates are used to establish SSL connection to the firewall.

XAUTH - Authentication during IKE negotiation in IPsec VPN (if the IPSec tunnel has been configured to require XAUTH authentication).

PPP - Authentication when PPTP/L2TP tunnels are set up (if the PPTP/L2TP tunnel has been configured to require user authentication).

Run-Time Web Base Authentication


The most common application of User Authentication is Run-Time Web Base User Authentication which is similar to WAC ( Web-based Access Control ) of D-Link xStack Switch. The firewall will request user authentication before he/She can pass through the firewall. While the user firstly open this browser, he/She will automatically be redirected to the login page.

Internet

Local Network

NetDefend FirewallWeb Surfing

Client

Accounting Server


NetDefendOS also support “Accounting” through the RADIUS server, in order to count those bytes or packets that were sent and received. Some vendors use different term in this feature, D-Link terms this feature name Accounting Server in firewall Web GUI and User manual

• When a user establishing a new connection through the D-Link Firewall, NetDefendOS sends an Accounting Request START message to a nominated RADIUS server, to record the start of the new session.

• When a admin/user is no longer authenticated, for example, after the admin/user logs out or the session time expires, an Accounting Request STOP message is sent by NetDefendOS containing the relevant session statistics.


D-Link Fortinet Juniper SonicWALL ZyXEL

Build-in Database V V V V V

External Database: RADIUS V V V V V

External Database: LDAP* V VEnhanced OS

only

External Database: MS IAS VEnhanced OS

only

XAUTH for IPSec Authentication V V V V V

Run-Time Web base Authentication

All service Only Http

*Available in future firmware upgrade

Competitive Analysis

Summary:User Authentication


Provide four authentication agents, Http, XAUTH and PPP. Provide a local database and support external database: RADIUS

Server Support Accounting through RADIUS Server.

1. What authentication agents that D-Link does NOT support?a. FTP b. XAuth c. Http/Https d. PPTP/L2TP

2. What user database that D-Link does NOT support now?a. TACAS + b. RADIUS c. Microsoft IAS d. LDAP

3. Which vendor does support web authentication in their firewall product line? (Multiple Choice)a. D-Link b. Fortinet c. ZyXEL d. Juniper

User Authentication Q&A


4. What is “Accounting Server”?a. Provide statistic information of RADIUS session b. Transfer corporate policy into network policy c. The device for corporate policy enforcementd. The server provide user log-in and log-off services

5. How many items does D-Link local database support?a. 150 b. 200 c. 250 d. 300

6. Which database type does Accounting Server support?a. Local database b. RADIUS server c. LDAP server d. RACAS+ server

User Authentication Q&A


ZoneDefense

Platform Compatibility: DFL-800/860/1600/2500

In this section, you will learn the following:

1. What is D-Link’s complete security solution?

2. What is Gateway Security?

3. What is Endpoint Security?

4. What is Joint Security?

5. What role is ZoneDefense in D-Link’s complete security solution?

6. What’s the difference between D-Link and our competitors in security solution offering?

NetDefendOS Feature Introduction•ZoneDefense

D-Link’s complete security solution


Enterprise Network

Joint Security Endpoint Security Gateway Security

Endpoint Security


• 802.1x: Guest VLAN, Identity Based VLAN/Security/QoS

• Web-based Access Control: WAC, Web Authentication(HP), Network Login(Extreme), Captive Portal

• MAC-based Access Control: MAC, MAC Authentication(HP), RADA(3Com)

• Addressing Control: DHCP Snooping/ARP Inspection(Cisco), IMP Binding

• NAC: Cisco NAC, TCG NAC, Vendor Specific NAC

• Microsoft NAP

Solution

High Lighted are currently supported by D-Link xStack Switch

Firewall

Traditional Firewalls have limited ports & performance, so L3 network switching still relies on L3 switches

Whenever there’s an infected mobile user Current network security architecture can’t effectively

prevent the virus/worm infection & outbreak

L3 Core Switch

Server Farm

It will result in mutual infection between clients, and coming virus/ worm outbreak could even generate DoS effect to network devices

Joint Security - ZoneDefense Technology


Challenge to Current Network Security

L3 Core Switch

New high port density & high performance firewalls will be able to take over L3 switching and enable security policies between LANs

Whenever there’s an infected mobile user New architecture will be able to stop the virus/ worm

infection across LANs

Firewall

Server Farm

Further, when Firewall detects virus/ worm activities, it will notify the access layer switches to block the suspected host to effectively stop the mutual infection or virus/ worm outbreak in time

D-Link ZoneDefenseTM

Joint Security - ZoneDefense Technology


New Network Security Architecture

Joint Security

• Gateway Security, supported NetDefend Model:– NetDefend IPS Firewall

• DFL-800/DFL-1600/DFL-2500– NetDefend UTM Firewall

• DFL-860

• Endpoint Security, supported D-Link Switch– All xStack Series

• Competitors in Joint Security– Cisco, HP


Joint Security Comparison TableD-Link v.s. HP – Solution Match


HP D-Link

Authentication ProCurve Manager Plus + IDM (Identity Driven Manager)

Microsoft NAP supportD-View Security Plug-in*

MAC, WAC, 802.1x, Guest VLAN MAC, WAC, 802.1x, Guest VLAN, IP-MAC-Port Binding

Malicious Traffic Mitigation

ProCurve Manager Plus + NIM (Network Immunity Manager)

ZoneDefenseD-View Security Plug-in*

Virus Throttling ZoneDefensePer flow Bandwidth Control & Reaction*

* in plan

D-Link v.s. HP Authentication


HP D-Link

Solution ProCurve Manager Plus + IDM Microsoft NAP support

Pros User-based ACL - authorization setting based on user, time & location.

User-based Traffic prioritization and Rate limit

Prevailing vendor with strong 3rd party support

Not only authentication but also health checking (up-to-date patch, virus patterns, personal firewall status, etc)

Allocate guest VLAN even when auth or health checking failed

Cons Proprietary solution, may not integrate with other vendors’ solution in the future

Extra effort - Client software needs to be installed

Needs to installed 3rd party software if host health check is needed

Not able to set up user-based Traffic prioritization and Rate limit

D-Link v.s. HPMalicious Traffic Mitigation

HP D-Link

Solution ProCurve Manager Plus + NIM ZoneDefense

Pros Can provide detailed response actions: lock out MAC, bandwidth limitation, etc

Ease of deployment, lower maintenance cost Fully integrated xStack & NetDefend solutions

Cons Rely on 3rd party IPS/UTM to provide pattern matching trigger Complex architecture with expensive price

Currently block IP only

Solution Virus Throttling ZoneDefense

Pros Virus incident containmentDynamic Bandwidth limitation

ZoneDefense can be triggered not only based on traffic threshold, but also IPS & AV*. True pattern matching, minimize the chance of false positives.

Cons Not true edge protection - Only HP’s higher end switches support Virus Throttle Not true pattern-matching, but threshold setting with high false positives

All xStack Switch supports ZoneDefense NetDefend Firewall is needed


* in plan

Summary:ZoneDefense• The Joint Security is composition of Gateway Security and Endpoint

Security

• Gateway Security: ICSA Labs certified NetDefend IPS/UTM Firewall

• Endpoint Security: xStack Switch

• Joint Security: D-Link delivers ZoneDefense to integrate firewall and switch product lines. Comparing with our competitors, D-Link has the most comprehensive solution:– Security competitors lack of switch products– Switch competitors lack of security products


ZoneDefense Q&A

1. Which of following is NOT the component within D-Link’s security solution?

a. Gateway Security

b. Seamless Security

c. Endpoint Security

d. Joint Security

2. What’s D-Link’s innovative technology to enable Joint Security between NetDefend and xStack?

a. ZoneDefense

b. NAP (Network Access Protection)

c. Network Immunity Manager (NIM)

d. Identity Driven Manager (IDM)

3. Which model does NOT support ZoneDefense feature?

a. DFL-260

b. DFL-800

c. DFL-1600

d. DFL-2500


ZoneDefense Q&A

4. ZoneDefense is the key component to integrate the Endpoint feature within NetDefend and xStack to fulfill the Joint Security.

a. True

b. False

5. Which of following feature within NetDefend firewall could NOT trigger ZoneDefense?a. Connection Rate Limitb. Total Connection Limitc. IPSd. WCF

6. Which of following switch model does NOT support the ZoneDefense technology? (Multiple Choice)a. DGS-3427b. DES-3828c. DES-3026d. DGS-3024


UTM FEATURE & NETDEFEND SUBSCRIPTION

DCS-Security

SmallBusiness

Price / Performance

Enterprise

Medium Business

DFL-260

DFL-860

BranchOffice

UTM Firewall Family

UTM Feature & NetDefend Subscription

DFL-1660 (future)

DFL-2560 (future)

NetDefend UTM Feature Overview

• Intrusion Prevention Service (IPS)– IPS Signature Service.

To secure your network with D-Link high accuracy hardware IPS engine.

• Anti-Virus (AV)– NetDefend UTM Firewall incorporates Anti-virus Service.

To protect your network with D-Link high performance hardware AV engine.

• Web Content Filtering (WCF)– NetDefend UTM Firewall provides Web Content Filtering Service.

To access D-Link’s millions of URL database and to stay with secure web surfing.

• NetDefend Subscription– For keeping IPS, AV and WCF in good status, customer needs to maintain those

subscriptions in effective period.

UTM Feature & NetDefend Subscription


After completing this section, you will be able to:1. Describe the basis of network attack and protection solution2. Understanding the difference between IDS and IPS 3. Describe the difference between maintenance IPS service and Advanced IPS service4. Understanding product registration

Intrusion Prevention Service

UTM Feature & NetDefend Subscription•Intrusion Prevention Service

Intrusion Detection System (IDS)

The IDS is intended to provide a network monitoring, analysis and notification of defense by detecting attacks. Generally, most of detection mechanism is based on pattern matching technology. It will send alarms once IDS system detect abnormal/attack traffic. The most important point is that they are unable to stop the attack.

Intrusion Prevention System (IPS)

The IPS is a new generation prevention system which is improved from IDS. It’s built-in all of features for IDS has, and it could provide additional feature: Block/Drop packets. It could further avoid internal hosts to be attacked by malicious traffic.

Attack Protection solution: IDS vs. IPS


Signature

Uses:• Fixed Patterns• Regular Expressions

To Detect and Prevent:• Viruses• Trojans• Root-kits• Unknown Exploits• Known Exploits• IM/P2P Apps

Protocol Anomaly

Uses:• RFC Compliance• Protocol Decoders• SYN Proxy• Normalization

To Detect and Prevent:• Evasions• Unknown Exploits• Traffic Anomalies• Unauthorized Access• SYN Floods

Vulnerability

Uses:• Protocol Decoders• Regular Expressions• Application Message

Parsing

To Detect and Prevent:• Unknown Exploits• Worms• Unauthorized Access

Traffic Anomaly

Uses:• Traffic Thresholds• Connection Limits• Connection Rate

Limits

To Detect and Prevent:• DDoS Attacks• Unknown Attacks• Traffic Anomalies

D-Link NetDefend IPS Filtering Methods


Built-in IPS Engine and compact signature database

• For NetDefend IPS Firewall only (DFL-210/800/1600/2500)

• The frequency of database update is not guaranteed

• Customers can get free maintenance service after their firewall is registered.

• D-Link provide IDS database maintenance service for signature error correction or signature optimization when it’s necessary.

Dual IPS Engines & Signature databases


Advanced IPS Engine and Signature Database

• For both NetDefend IPS and UTM Firewall (DFL-210/260/800/860/1600/2500)

• IPS Firewalls provide 90 days free trail advanced IPS Service.

• UTM Firewalls provide 12 months advanced IPS update service bundled.

• Customers have to apply for a free trial Activation Code on NetDefend Center or purchase NetDefend IPS Subscription, then enter the Activation Code on firewall Web UI to enable advanced IPS update service.

• For IPS Firewall (DFL-210/800/1600/2500), it will switch back to built-in IPS engine and maintenance signature database after trial update service expired.


Dual IPS Engines & Signature databases (Contd.)

• UTM models will built-in Hardware Accelerator to reach high performance for intrusion detection and prevention.

• Advanced IPS database with more than 8,000 signatures could provide better protection and accuracy.

• Comparing with competitors, D-Link provides longest IPS trial period (90 days).

• D-Link promotes the IPS functionality as a second layer of defense inside the security gateway. The IPS functionality is capable of identifying application and protocol driven attacks which a standard firewall can not.

• Only NetDefend IPS Firewall has built-in IPS engine and compact signature database by default. It can upgrade to advanced one.

• NetDefend UTM Firewall bundles 1 year Advanced IPS Service by default.

Summary:IPS (Intrusion Prevention Service)


3, what will happen when trial Advanced IPS Service is expired for IPS Firewall (DFL-210/800/1600/2500)?a. Pops up a warning message and guide user to purchase Advanced IPS Service.b. The IPS feature is disabled, however the advanced IPS signature database will not have any update.c The IPS feature is still working, however the advanced IPS signature database will not have any update. d. The IPS feature is still working, however it would be switched back to built-in IPS engine with compact signature database.e. The IPS feature is disabled, all the signatures would be cleared.


Intrusion Prevention Service Q&A

4. What will happen when trial Advanced IPS Service is expired for UTM firewall models (DFL-260 and DFL-860)?a. Pops up a warning message and guide user to purchase Advanced IPS Service.b. The IPS feature is disabled, however the advanced IPS signature database will not have any update.c. The IPS feature is still working, however t the advanced IPS signature database will not have any update. d. The IPS feature is still working, however it would be switched back to built-in IPS engine with compact signature database.e. The IPS feature is disabled, all the signatures would be cleared.


Intrusion Prevention Service Q&A


After completing this section, you will be able to know and describe:1. D-Link anti-virus technology2. D-Link anti-virus advantages 3. What is D-Link UTM firewall’s competitiveness for anti-virus competition4. How to activate anti-virus update service

Anti-Virus

UTM Feature & NetDefend Subscription•Anti-Virus

D-Link Anti-Virus Module Introduction


The NetDefendOS Anti-Virus module protects against malicious code carried in file downloads. The main purpose of UTM Anti-Virus feature is to provide the first level prevention from gateway side, not instead of client Anti-Virus software. Anti-Virus module of UTM firewall is able to prevent the most virus from network, but Anti-Virus client software is to prevent virus from others connectivity, such as USB drive, wireless or local network.

Types of Files ScannedThe NetDefendOS Anti-Virus module is able to scan the following types of downloads:• HTTP, FTP or SMTP file downloads• Any uncompressed file type transferred through these protocols• Compressed ZIP and GZIP files can be scanned

Frequently Database Updates• Anti-Virus signature is from well-known vendor Kaspersky•The Anti-Virus signature database is updated on a daily basis with new virus signatures released.

D-Link Anti-Virus Module Introduction


Built-in extreme perforamce AV accleration engine together with Stream-Based Virus Scanning technology, NetDefend UTM Firewall blocks virus and malware before they ever reach the desktops or mobile devices, thus creates a safer network environment for SMB and enterprises.

NetDefend UTM Firewall implements Stream-Based Virus Scanning technology without caching the incoming files first, thus increase the inspection performance of UTM Firewall, and ease the nightmair of network bottlenetck while enabling antivirus feature on UTM Firewall.

Figure 1: File-Based Scan Figure 2: Stream-Based Scan

D-Link Anti-Virus Module Advantage

UTM Feature & Subscription•Anti-Virus

Model Name SonicWALL Pro 2040 Juniper SSG 20 D-Link DFL-860 D-Link DFL260

Firmware version Sonic OS Enchanced 3.2.3.0-6e 5.4.0r1.0 2.12.00 2.12.00

IPS signature number N/A 800 8,000 8,000

AV signature number 25,000100,000

(File Based)4,000 4,000

Firewall Throughput 200 Mbps 160 Mbps 160 Mbps 80 Mbps

NAT + Firewall + AV 　　　　

HTTP: Packet Size(Bytes) : 1460 7.31 Mbps 6.09 Mbps 10.2 Mbps 4.04 Mbps

FTP: Packet Size(Bytes) : 1460 8.45 Mbps 5.82 Mbps 28 Mbps 19.3 Mbps

NAT + Firewall + IPS 　　　　

HTTP: Packet Size(Bytes) : 1460 15.62 Mbps 13.85 Mbps 52.2 Mbps 40 Mbps

FTP: Packet Size(Bytes) : 1460 23.49 Mbps *79.73 Mbps 46.3 Mbps 32.5 Mbps

NAT + Firewall + IPS + AV 　　　　

HTTP: Packet Size(Bytes) : 1460 4.85 Mbps 4.01 Mbps 8.4 Mbps 3.83 Mbps

FTP: Packet Size(Bytes) : 1460 5.84 Mbps 5.98 Mbps 18.4 Mbps 15 Mbps

* In IPS testing, Juniper firewall doesn't inspect packets in FTP data channel, so the performance almost reaches to pure forwarding

D-Link Anti-Virus Module Advantage

UTM Feature & Subscription•Anti-Virus

ZyXEL WatchGuard Juniper SonicWALL D-Link

Support ProtocolFTP/POP3/

HTTP/SMTPHTTP/SMTP/TCP

proxiesFTP/POP3/

HTTP/SMTP/IMAPFTP/POP3/HTTP/

SMTP/IMAP/NetBIOSHttp/SMTP/FTP

Support Compression Format Zip fileZIP, GZIP, BZIP,

TAR, BZIP2, RAR, MS CAB, MD5

Zip/Tar/GzipZip/Gzip/Deflate/LHZ/

Base64Zip/Gzip

The number of anti-virus signature

1,60020,000

(File Based)100,000

(File Based)25,000 / 4,500* 4,000

Support scanning file sizeNo file size limitation

12MB10MB, But

AV+IPS is only 6 MB

No file size limitationNo file size limitation

AV scanning over VPN No Support No Support No Support N/A Yes

Signature Databse Kaspersky Clam AV Kaspersky McAfee Kaspersky

Decompressed Level/Recursive 1 10 4 N/A 1

AV Subscription AV+IPS for 12

months12 Month AV 12 Month AV 12 Month AV 12 Month AV

AV Free Trail 90 days 30 days 30 days 30 days 12 months

* The signature number in SonicWALL TZ series is 4500, in SonicWALL Pro series with Enhanced OS is 25000.

Summary:Anti-Virus


• Bundles 12 months Anti-Virus Service when shipping out

• Well-Known Anti-Virus database by Kaspersky

• Because of unique stream based scanning technology, it is not necessary to cache the file before scanning, which can perform high speed virus scanning

• Comparing with WatchGuard and Juniper, there is no file size and connection limitation

within D-Link UTM firewall

• 4,000+ anti-virus signatures within database, although WatchGuard and Juniper provide more Anti-Virus signatures, however they are file-based and software-based anti-virus engine, it will cause file size limitation and performance issue when scanning

• D-Link and ZyXEL are the only two to provide built-in Hardware Accelerator to perform extremely good performance for virus scanning, but ZyXEL provides less Anti-Virus signatures than D-Link

1. What compression format does D-Link support? (Multiple Choice)a. Zip + b. Tar c. RAR d. Gzip

2. What protocol does NOT D-Link support for anti-virus? a. POP3

b. SMTP c. HTTP d. FTP

3. Why can D-Link UTM Firewall reach high performance? a. Embed hardware accelerator

b. Anti-Virus Engine by Kaspersky c. New CPU processor

d. New software core

NetDefend Anti-Virus Q&A


4. How big is the file size limitation of UTM Firewall for anti-virus? a. 3 MB

b. 5MB c. 10 MB d. No limitation

5. What is our advantage for anti-virus over competitors? a. High performance

b. no file limitation c. rich anti-Virus signature d. all of above

6. What is the weakness of general UTM Firewall? a. Poor performance

b. Limited incoming file size supportc. less signature database d. all of above

NetDefend Anti-Virus Q&A



After completing this section, you will be able to describe:1. What is Web Content Filtering Service and its benefits2. How to implement Web Content Filtering solution3. The selling point for Web Content Filtering Service

Web Content Filtering Service

UTM Feature & NetDefend Subscription•Web Content Filtering Service

What is Web Content Filtering

Web traffic is one of the biggest sources for security issues and misuse of the Internet. Inappropriate surfing habits can expose a network to many security threats as well as legal and regulatory liabilities. Productivity and internet bandwidth can also be impaired.

NetDefendOS provides three mechanisms for filtering out web content that is deemed inappropriate for an organization or group of users:

• Active Content Handling can be used to "scrub" web pages of content that the administrator considers a potential threat, such as ActiveX objects and Java Applets.

• Static Content Filtering provides a means for manually classifying web sites as "good" or "bad". This is also known as URL blacklisting and whitelisting.

• Dynamic Content Filtering is a powerful feature that enables the administrator to allow or block access to web sites depending on the category they have been classified into by an automatic classification service. Dynamic content filtering requires a minimum of administration effort and has very high accuracy.


Key Advantages of WCF Module

• Monitor non-business related web surfing.

• Control pornographic and illegal Internet content entering the workplace by blocking and coaching.

• Secure users against spyware and other malicious threats.


How D-Link WCF Module Works

• Lite Service Management– No Need to download and maintain database

– No additional equipment needed

– No complex configuration maintenance

• Performance Optimized– Optimized category classification

– Local Cache

• Artificial Intelligence – Automatic classification through neural

networks (AI)

• Close-Knit Integration– Integral part of D-Link’s HTTP ALG

– Combine with e.g. User Authentication



D-Link categorizes millions of URLs into 32 groups, enables network administrators a flexible configuration to block unwanted website access simply via add and remove action

1) A reduction in wasted staff time (by reducing inappropriate web surfing).

2) Reduced Internet access costs and achieving bandwidth savings – by limiting and / or controlling non-business related use, and improve network response

3) Reducing legal exposure to work place relations (e.g. sexual harassment cases / child pornography and the adverse publicity that an incident would generate)

4) Reduced costs for recovering from an attack as less in-approrpiate content will be allowed to enter into the network

Benefits D-Link WCF Module Delivers


Competitive Analysis – WCF Feature Comparison


The D-Link NetDefend WCF Feature Comparison:

• SonicWALL

• ZyXEL

• WatchGuard

• Cisco

• Juniper

• Fortinet

D-Link SonicWALL ZyXEL WatchGuard Cisco Juniper Fortinet

Database ContentKeeper WebSense Bluecoat SurfControl WebSenseWebsense / SurfControl

Bluecoat

Trial Period

90 days 30 days 30 days 90 days N/A 30 days 30 days


Competitive Analysis – WCF Feature Comparison

Summary:WCF (Web Content Filtering) Service


• D-Link Web Content Filtering service provides millions of URLs on global servers for real-time webpage checking. With predefined 32 web content categories for these millions of URLs. Simply via add and remove action, D-Link NetDefend UTM Firewall family offers administrators an easy and flexible configuration to manage employee’s Internet access behavior.

• D-Link Web Content Filtering service enables organizations to reduce wasted staff time, save wasted bandwidth, and prevent internal users visit malicious websites, thus increase productivity and restrict inappropriate online content.

WCF Q&A


1. Which of the following is NOT the mechanisms that NetDefendOS provides for filtering out the web content ?

a. White list

b. ActiveX

c. Flash

d. Gray list

e. Cookies

2. How many web content categories that NetDefend WCF feature predefines?

a. 25

b. 30

c. 32

d. 37

e. 40


3. What are the benefits the D-Link WCF module delivers?

a. A reduction in wasted staff time

b. Reduced Internet access costs

c. Reducing legal exposure

d. Reduced costs for recovering from an attack

e. All of the above

4. How does the D-Link WCF module handle a http request?

a. Send query to global server directly, and let global servers decide its corresponding action.

b. Check local memory cache first, if no category match, send query to global servers for the category of the webpage, then decide its action based on configuration.

c. Send query to local database servers for the category of the webpage, then decide its action based on configuration.

d. Block the webpage by default.

WCF Q&A


After completing this section, you will be able to:1. Know NetDefend Subscription2. Know NetDefend Subscription Package3. Know NetDefend Subscription part number for each model4. Know product registration 5. Know NetDefend Center web site

NetDefend Subscription

UTM Feature & NetDefend Subscription•NetDefend Subscription


NetDefend Subscription Overview

Including IPS, AV, CF

• Update service program includes 3 optional services – IPS, AV and WCF. Customer can purchase either one of the 3 or any service combination as they need.

• Both IPS and UTM firewall have corresponding IPS Update Service

• Only UTM Firewall can apply AV and WCF services • All update services would be chargeable• IPS and AV Signature release is up-to-date

The package contains:

1. Authorization Letter

2. Authorization Card

If the update service is going to be overdue, Customer has to purchase the NetDefend UTM Subscription which looks as below

Package Size:

140 mm x 125 mm x 6 mm



Authorization Card

• Authentication Code

• License Term

• Part Number

• Serial Number

•12 months services license

User has to enter the authentication code to renew Update Service via D-Link NetDefend Center (web site).

Card Size:

75 mm x 48 mm



NetDefend Center • http://security.dlink.com.tw


http://security.dlink.com.tw/

DFL-210/260/800/860/1600/2500

Download• Get the free trial update service (IPS/AV/WCF) for IPS and UTM firewall• Download related product documents

NetDefend Update Service• No update service until product registered, including IPS and AV• Enable auto-update service after user registered

Security Consultant • Automatically publish security advisory to registered customers• Authorize customers to access related technical documentation

Benefit of Being a Member


DFL-210/260/800/860/1600/2500

Step 1: Create User Account• Create User login ID and Password• Key in user and company information

Step 2: Product Registration• Key in Serial number and MAC address of your device • Key in device information

Step 3: Confirmation • Confirm and submit all information if it is correct• Check the service is activated and service period

Visit NetDefend Center at http://security.dlink.com.tw

Apply for a D-Link Membership


How to Activate NetDefend Services Via NetDefend UTM Firewall Web UI, you can activate IPS, AV and WCF services, and view each subscription duration.

Note: please register your firewall on NetDefend Center first before you activate the update service

Note: For NetDefend IPS firewall, it will not appear Anti-Virus and content filtering services !


How to Update IPS/AV Signature


You can enable auto-update feature for IPS/Anti-Virus signature, and view the last update information

Click History tab, all of update history are listed in this page.

Note: The default time setting is daily for IDP/Anti-Virus Auto-Update.

IPS/AV Signature Status on Device


You can see all number of IDP/Anti-Virus Signature on Firewall Web UI.

•The number of IDP signature database is over 10,000 signatures.

•The number of Anti-Virus signature database is 4,000 signatures.

Note: For NetDefend IPS firewall, it will not appear Anti-Virus information on WebUI!

IPS/AV Signature Status on NetDefend Center

You can see all update history of IPS/Anti-Virus Signature on NetDefend Center web site at http://security.dlink.com.tw

D-Link provides frequent signature updates for IPS & Anti-Virus.


http://security.dlink.com.tw/

Summary:NetDefend Subscription


• NetDefend IPS Firewall supports Advanced IPS Service. Customers could logon NetDefend Center to get trial code of Advanced IPS Service. The trial period is 90 days.

• NetDefend UTM Firewall supports Advanced IPS Service, Anti-Virus Service and Web Content Filtering Service.

• When shipping out NetDefend UTM Firewall models, the Advanced IPS Service and Anti-Virus Service are bundled. Therefore by default,

• customers could use Advanced IPS Service for 12 months• Anti-Virus Service for 12 months • and WCF Service for 90 days.

• When service is expired, customers need to purchase subscription pack from OBU or SI partner and enter authentication code to renew your service.

NetDefend Subscription Q&A

1. Why should I buy D-Link NetDefend IPS subscription?

a. update frequency is often

b. sufficient signature number

c. prevent zero-day attack

d. detect rate is much better than Snort

e. all above

2. Once my advanced IPS update service is expired, will the IPS/IDP feature still continue to operate if I don’t renew this service?

3. What is the Trial Period for WCF module that a NetDefend device bundles with?a. 30 Daysb. 60 Daysc. 90 Daysd. 1 Year


NetDefend Subscription Q&A

4. What is the default service bundle period for UTM ?a. IPS 30 Days, WCF 90 Days, AV 60 Days

b. IPS 1 Year, AV 1 Year, WCF 1 Year

c. IPS 1 Year, AV 1 Year, WCF 90 Days

d. IPS 90 Days, AV 90 Days, WCF 90 Days

5. How can customer extend UTM Service ?a. Buy UTM service from NetDefend Center’s on-line store

b. It is perpetual free, no need to purchase

c. Buy UTM service from D-Link’s SI partners

d. Buy UTM service from Taiwan headquarter directly

6. What period package of UTM Subscription does D-Link provide ?a. Only 12 months package

b. 3 months, 6 months, and 12 months package

c. 1 Year, 2 Years, and 3 Years package

d. Depending on customers request


End

Documents

`. Course Outline NetDefend Family Overview & Strategy NetDefendOS Feature Introduction UTM Feature & NetDefend Subscription