The main reason why you must deploy a network security firewall in each of the Internet entry point is the emerging threats. Why firewall? With the firewalls, all the flow of the traffic between your private network and the public network is controlled. Firewall as the single checkpoint will control, authenticate, filter and log the traffic according to the policies set.
For small offices with lack of security expert personnel, deployment of the hardware-based network security firewall is an ideal solution. D-Link DFL-210 is a hardware-based VPN/Firewall security appliance and is designed specifically for small offices that have no security expert.
Hardware features
Like other firewall devices, DFL-210 integrates the NAT (Network Address Translation) and SPI (Stateful Packet Inspection) firewall. As additions, the firewall supports advanced content filtering features, IDS protection, and bandwidth management. Unlike normally home wireless routers that support the VPN pass-through, the DFL-210 supports the Virtual Private Network (VPN) natively.
Click for Spec details
For local network connection, the DFL-210 includes 4-Ethernet port to let you connect direct up to four computers or expanding the network using the Switch. You can also define the user-configurable port as the DMZ (Demilitarized Zone) when the requirement of hosting a host for public access exists such as for E-mail server, Web, or FTP. Or you can use this port as WAN fail-over port. Connect this port to other ISP service for example the WAN port is used to connect to the ADSL modem while the other user-configurable port is used to connect to the Cable modem as the fail-over connection when your primary connection fails.
Native VPN Support
DFL-210 network security firewall integrates VPN client and server into the system to support up to 100 VPN secure tunneling using IPSec, PPTP, or L2TP protocols. For user authentication via VPN tunneling, the firewall supports external RADIUS server. For small offices that do not deploy RADIUS server, you can create your own internal database that supports up to 500-user database.
Unlike DFL-860 series that supports OSPF dynamic routing which is good for multi-site networks deployment, the DFL-210 doesn’t support dynamic routing but static routing. Static routing is good for couple or few inter-sites deployment. But for large multi-sites deployment, dynamic routing must be used. Therefore DFL-210 is ideal for small offices which have only two or three inter-sites network; it is not ideal solution for multi-sites deployment.
Complete UTM Solution
The DFL-210 network security firewall includes a complete UTM (Unified Threats Management) services solution for protecting your sites against any emerging internet threats. These services include the IPS (Intrusion Prevention System), AV (Antivirus) protection by Kaspersky, WCF (Web content filter), and anti spam. But those services are not free. You need to purchase the services plan in a yearly basis. Security is expensive but it is worth for protecting your valuable information assets.
The figure shows a general networking diagram for small offices that deploy DFL-210 network security firewall. You can use the user-configurable port either for DMZ port or fail-over WAN connection port.
See also:
- For small businesses, you may also consider the Cisco RV-220W which is designed for growing businesses.
- Slow network and solutions
- Cisco RV082 Dual WAN VPN Router is an all-in-one computer network solution
- Cisco SRP 500 Series Ready Platform Appliances
Recent Comments