Course Outline

1

2
Course Outline

• NetDefend Family Overview Strategy
• NetDefendOS Feature Introduction
• UTM Feature NetDefend Subscription

3
NETDEFEND FAMILY OVERVIEW STRATEGY

• DSC-Security

4
NetDefend Family Overview Strategy

• NetDefend Family Overview Strategy

• D-Link NetDefand Family Introduction
• NetDefendOS Introduction

5
D-Link NetDefend Family Introduction

• NetDefend Family Overview Strategy

• After this section, you should be capable to
  express
• All NetDefend Family
• D-Link VPN client DS-601/605
• How to introduce NetDefend IPS Firewall?
• How to introduce NetDefend UTM Firewall?
• The competitiveness of NetDefend Firewall Family
• NetDefend Firewall selling point.

6

• NetDefend Family Overview Strategy
• Product Line Overview

NetDefend VPN Firewall / UTM Family
SOHO Small Business
Medium Business Enterprise

DFL-260
DFL-860
DFL-1660
DFL-2560
DFL-210
DFL-800
DFL-1600
DFL-2500
VPN Remote Client Software
DS-601 / 605
7
D-Link VPN Client Introduction-DS-601/605

• NetDefend Family Overview Strategy
• VPN Client DS-601/605

• Software installable on Windows NT, 98 SE, ME,
  2000 or XP platform.
• DS-601 For single user license.
• DS-605 For 5 users licenses.
• For remote users VPN connection from
  home/outside the office.
• Support Tunnel and Transport mode for easy
  communication between client and gateway.
• Certified interoperability with whole series of
  D-Link NetDefend IPS/UTM Firewalls and VPN router
  to ensure users seamless connection environment.

8
DS-601/605 QA

• NetDefend Family Overview Strategy
• VPN Client DS-601/605

• What version does NOT DS-601/605 support?
  (Multiple Choice)
• a. XP
• b. Vista
• c. 2000
• d. MAC OS
• How many user license does DS-605 provide?
• a. 1
• b. 3
• c. 5
• d. 7
• What is major difference between DS-601 and
  DS-605?
• a. License
• b. Specification
• c. support service level
• d. OS platform
• 4. Which model can DS-601/605 establish VPN
  connection with? (Multiple Choice)

9

• NetDefend Family Overview Strategy
• NetDefendOS

NetDefendOS Introduction
Platform Compatibility DFL-210/260/800/860/
1600/2500 After this section, you should be
capable to express 1. What is NetDefendOS? 2.
What management User Interface does NetDefendOS
provide? 3. What is ICSA Labs? 4. What is ICSA
firewall certified?
10

• NetDefend Family Overview Strategy
• NetDefendOS

NetDefendOS Introduction

• The hardware of D-Link Firewalls
  DFL-210/260/800/860/1600/2500 is driven and
  controlled by NetDefendOS. Designed as a
  dedicated firewall operating system, NetDefendOS
  features high throughput performance with high
  reliability while at the same time implementing
  the key elements of IPS/UTM firewall.
• From the administrator's perspective the
  conceptual approach of NetDefendOS is to
  visualize operations through a set of logical
  building blocks or objects, which allow the
  configuration of the product in an almost
  limitless number of different ways. This granular
  control allows the administrator to meet the
  requirements of the most demanding network
  security scenario.
• NetDefendOS provides two types of management
  interfaces
• Command Line Interface (CLI)
• The Command Line Interface, accessible locally
  via serial console port or remotely using the
  Secure Shell (SSH) protocol, provides the most
  fine-granular control over all parameters in
  NetDefendOS.
• Web User Interface
• The Web User Interface provides a user-friendly
  and intuitive graphical management interface,
  accessible from a standard web browser.

11

• NetDefend Family Overview Strategy
• NetDefendOS

NetDefendOS Introduction

• NetDefendOS Benefit
• NetDefendOS is a proprietary, close architecture,
  it has less OS vulnerability, and more
  reliability comparing with other competitors who
  use window OS, Linux or others open source.
• NetDefendOS Certified by ICSA labs
• D-Links NetDefend IPS Firewall has passed the
  strictest firewall certification in ICSA Labs
  Corporate Firewalls. The D-Link IPS NetDefend
  Firewalls have to pass a series of rigorous
  tests, including system installation and
  configuration, setting security policies, system
  management, system logging, event testing, port
  security and more. Not only did the NetDefend
  Firewall passes these tests, but it also earned
  praise from ICSA Labs Network Security Labs for
  unique features in the web administration
  interface that allow administrators to safely
  make changes to the firewalls configuration
  remotely
• D-Link Certified in ICSA Labs https//www.icsalab
  s.com/icsa/product.php?tidfghhf456fgh

12
NetDefend IPS Firewall Introduction

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

Enterprise
Medium Business
Small Business
Branch Office
Performance
80 Mbps
150 Mbps
320 Mbps
600 Mbps
13
High Performance Cost Efficiency

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

DFL- 210 Targets SOHO

• Firewall Throughput 80Mbps
• VPN Performance 25Mbps (3DES/AES)
• 1 Ethernet WAN Port, 4 Ethernet LAN Ports, 1
  Configurable DMZ Ethernet Port

DFL- 800 Targets Small Business

• Firewall Throughput 150Mbps
• VPN Performance 60Mbps (3DES/AES)
• 2 Ethernet WAN Ports, 7 Ethernet LAN Ports,
  1 Configurable DMZ Ethernet Port

14

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

High Performance Cost Efficiency
DFL- 1600 Targets Medium Business

• Firewall Throughput 320Mbps
• VPN Performance 120Mbps (3DES/AES)
• 6 User-Configurable Gigabit Ports

DFL- 2500 Targets Enterprise

• Firewall Throughput 600Mbps
• VPN Performance 300Mbps (3DES/AES)
• 8 User-Configurable Gigabit Ports

15
Features of DFL 210 / 800 / 1600 / 2500

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

Integrated Functions
Fault Tolerance

• Firewall Protection
• Proactive Security With ZoneDefense Mechanism
• Content Filtering/Intrusion Detection
• Parental Access Control
• User Authentication
• Instant Message/P2P Blocking
• Denial of Service (DoS) Protection
• Virtual Private Network (VPN) Security
• Bandwidth Management

• WAN Traffic Fail-Over
• Active/Passive Modes for High Availability

Bandwidth Management

• WAN Traffic Bandwidth Management
• Multi-WAN Interfaces for Traffic Load Sharing
• Outbound Traffic Load Balancing
• Policy-Based Routing

Content Filtering

• URL/E-Mail Filtering
• Java Script/Active X/Cookie Filtering
• IM/P2P Program Filtering

• Firmware upgraded feature.

16
DFL-210 Competitors on the Market

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

Small Business
Advantages Firewall System Application Layer Gateway H.323 NAT Traversal support RADIUS, LDAP, Active Directory user authentication support Networking IEEE 802.1q VLAN support IP Multicast (IGMP) support VPN Versatile encryption methods Numerous VPN tunnel support PPTP/L2TP Server support Traffic Load Balance Outbound Traffic load balancing Others IP and MAC binding IM/P2P blocking support Unrestricted user licenses
Competitors

• SonicWALL TZ170
• Fortinet Fortigate 60
• WatchGuard SOHO 6
• Juniper NetScreen 5GT
• ZyXELL ZyWALL 5 / 35
• Cisco 501

• Firmware upgraded feature.

17
DFL-800 Competitors on the Market

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

Advantages Firewall System Zone Defense Application Layer Gateway H.323 NAT Traversal support RADIUS, LDAP, Active Directory user authentication support Networking IEEE 802.1q VLAN support IP Multicast (IGMP) support VPN Versatile encryption methods Numerous VPN tunnel support PPTP/L2TP Server support Traffic Load Balance Outbound Traffic load balancing Others IP and MAC binding IM/P2P blocking support Unrestricted user licenses
Small Business
Competitors

• Cisco PIX 506E
• ZyXELL ZyWALL 70
• WatchGuard Firebox X500
• Fortinet Fortigate 100A
• Juniper NetScreen 25

• Firmware upgraded feature.

18
DFL-1600 Competitors on the Market

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

Advantages Interface High port density with configurable Gigabit port Firewall System Zone Defense Application Layer Gateway RADIUS, LDAP, Active Directory user authentication support Networking IP Multicast (IGMP) support VPN Versatile encryption methods PPTP/L2TP server support PPTP/L2TP/IPSec VPN client pass through support Traffic Load Balance Outbound Traffic load balancing Server load balancing Others IP and MAC binding IM/P2P blocking support Unrestricted user licenses
Medium Business
Competitors

• SonicWALL 3060
• Fortinet Fortigate 200A
• WatchGuard Firebox X2500
• Fortinet Fortigate 300A
• Juniper NetScreen 204
• Cisco PIX 525E

• Firmware upgraded feature.

19
DFL-2500 Competitors on the Market

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

Advantages Interface High port density with configurable Gigabit port System Performance Higher concurrent session Firewall System Zone Defense Application Layer Gateway RADIUS, LDAP, Active Directory user authentication support Networking IP Multicast (IGMP) support VPN Versatile encryption methods PPTP/L2TP server support PPTP/L2TP/IPSec VPN client pass through support Traffic Load Balance Outbound Traffic load balancing Server load balancing Others IP and MAC binding IM/P2P blocking support Unrestricted user licenses
Enterprice
Competitors

• Fortinet Fortigate 500A
• Juniper NetScreen 208

• Firmware upgraded feature.

20
NetDefend IPS Firewall QA

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

• Which segment do NetDefend Firewalls
  fulfill?(Multiple Choice )
• a. Home
• b. SOHO
• c. Telecom
• d. SMB
• Which model do NetDefend Firewall provide
  gigabit interface? (Multiple Choice )
• a. DFL-800
• b. DFL-210
• c. DFL-1600
• d. DFL-2500
• What is the competitor for DFL-210?
• a. Fortinet Fortigate 60
• b. WatchGuard Firebox X500
• c. Juniper NetScreen 25
• d. Cisco PIX 515
• 4. What is the competitor for DFL-800?

21
NetDefend IPS Firewall QA

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

5. What is the competitor for DFL-1600? a.
Fortinet Fortigate 300A b. WatchGuard Firebox
X500 c. Juniper NetScreen 204 d. SonicWALL
Pro 2040 6. What is the competitor for
DFL-2500? a. Fortinet Fortigate 400A b.
WatchGuard Firebox X2500 c. Juniper NetScreen
208 d. SonicWALL Pro 3060 7. Which model does
support port configurable? a. DFL-210 b.
DFL-800 c. DFL-1600 d. DFL-2500 e. All of
Above
22
NetDefend IPS Firewall QA

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

8. What feature does NOT NetDefend DFL-210
Firewall support? a. Traffic Shaping b. Server
load balancing c. IPS d. Policy based
routing 9. What model can support HA? (Multiple
Choice ) a. DFL-210 b. DFL-800 c. DFL-1600
d. DFL-2500 10. What model can NOT support
ZoneDefense? a. DFL-210 b. DFL-800 c.
DFL-1600 d. DFL-2500
23
NetDefend IPS Firewall QA

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

11. Which detail is WRONG for firewall/VPN
throughput? a. DFL-210 80/25 Mbps b. DFL-800
150/80 Mbps c. DFL-1600 320/120 Mbps d.
DFL-2500 600/300Mbps 12. What kind of user
authentication does firewall support? a. LDAP
b. RADIUS c. Active Directory d. All of
above 13 How many user license does DFL-210
support? a. 100 b. 200 c. 300 d.
Unrestricted user licenses
24
NetDefend IPS Firewall QA

• NetDefend Family Overview Strategy
• NetDefend IPS Firewall

14. Which model is for branch office? a. DFL-210
b. DFL-800 c. DFL-1600 d. DFL-2500 15.
Which model is for small business? a. DFL-210
b. DFL-800 c. DFL-1600 d. DFL-2500 16.
What is NetDefend Firewall s advantage? a.
Firewall and VPN throughput b. Joint defense
with switch c. Comprehensive feature set d.
Flexible interface module 17. Which feature can
integrate Switch into security solution from
gateway to endpoint? a. Web Contend Filtering
b. Anti-Virus c. Intrusion Prevention
System d. ZoneDefense
25

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

NetDefend UTM Product Overview
Stemming from NetDefendOS Adopting the same
kernel certified by ICSA Labs, NetDefend UTM
Firewall also integrates innovative technologies
from world leading IPS, AV and WCF partners.
NetDefend UTM Firewall Portfolio

• Targets at SMBs and Enterprises to enable
  protections against all varieties of network
  threats simultaneously in real time.
• Positions at high throughput and high performance
  UTM Firewalls with Truly Hardware Acceleration
• Incorporates leading technologies of IPS,
  Antivirus and Web Content Filtering from
  well-known vendors

26

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

NetDefend UTM Firewall Introduction

• NetDefend UTM firewall DFL-260/860 series is
  D-Links brand new Unified Threat Management
  (UTM) Firewall solution which further integrates
  IPS, Anti-Virus and Web Content Filtering,
  providing more secure and productive networking
  for SMBs.
• All hardware design of NetDefend UTM Firewall
  such as housing, Ethernet interface and Web GUI
  are same as NetDefend IPS firewall, additionally,
  NetDefend UTM Firewall equips with hardware
  acceleration for speeding up IPS and Anti-Virus
  scanning performance, outranges Cisco,
  WatchGuard, SonicWALL, Juniper and Fortinet in
  the same market segment.

DFL- 260 Targets SOHO
DFL- 860 Targets Small Business

• Firewall Throughput 80Mbps
• VPN Performance 25Mbps
• IPS Performance 25Mbps
• Anti-Virus Performance 25Mbps
• Web Content Filtering 30 Categories

• Firewall Throughput 150Mbps
• VPN Performance 60Mbps
• IPS Performance 50Mbps
• Anti-Virus Performance 50Mbps
• Web Content Filtering 30 Categories

27

• NetDefend Family Overview Strategy
• UTM/IPS Firewall Key Competency

You already learned a lot of IPS and UTM firewall
features in previous slides. The followings are
IPS/UTM firewall key advantages to compete with
our competitors in the market
UTM/IPS Firewall Key Competency

• NetDefend IPS/UTM Firewall delivers rich advanced
  features in friendly and easy configuration,
  enables the stability, flexibility and
  scalability of IT infrastructure, makes it a
  cost-effective solution for Small to Medium
  Business (SMB).
• Emerging network threats and Zero-Day attacks
  drive the market demand toward seeking a more
  robust security mechanism. Built with advanced
  IPS signatures technology and powered by
  Kaspersky anti-virus solution (only UTM
  Firewall), NetDefend IPS/UTM Firewall is the
  efficient and effective solution to stop various
  network threats and attacks for SMBs.
• NetDefend UTM Firewall delivers with High Port
  Density, and built-in Multiple WAN Ports and WAN
  / LAN / DMZ Port Configurable enables customers
  scale their infrastructure on their own demands.

28

• NetDefend Family Overview Strategy
• UTM/IPS Firewall Key Competency

• NetDefend UTM Firewall offers High Network
  Throughputs and High Network Performance for
  customers, providing up to 80 / 150 Mbps Firewall
  Throughput, and 25 / 60 Mbps IPSec VPN
  Throughput, in respective with DFL-260 / 860.
• NetDefend UTM Firewall enables WAN Load Balance,
  WAN Fail-over, and Server Load Balance to provide
  customers continuous Internet connection and
  smooth network services mechanism.
• NetDefend UTM Firewall provides advanced Traffic
  Shaping Technology, which allows prioritize and
  differentiate network traffic according to the
  service precedence. For Mission-critical service,
  the bandwidth can always be guaranteed and
  optimized, meanwhile for the minor service, the
  bandwidth can be adjusted dynamically upon
  network traffic condition.
• NetDefend UTM Firewall features not only an
  intuitive and object-oriented user interface that
  can be easily configured via a web console, but
  also a Command-Line Interface (CLI) with full
  function sets for advanced users. User can easily
  configure or perform the administrative functions
  of the firewalls.

29

• NetDefend Family Overview Strategy
• UTM/IPS Firewall Key Competency

• Multiple Encryption Methods are implemented on
  NetDefend UTM Firewall, including DES, 3DES, AES,
  Twofish, Blowfish and CAST-128, to provide secure
  VPN connections for SMB and enterprises.
• NetDefend UTM Firewall features Built-in IPS and
  Anti-Virus proactive engine, commit customers to
  effectively detect and prevent hybrid network
  threats with low false-positive rate.
• ZoneDefense integrates D-Link NetDefend Firewall
  and xStack Switch to enable the Proactive Network
  Security mechanism. Whenever network virus or
  worm attacks are detected by the Firewall,
  ZoneDefense triggers and notifies D-Link Switches
  automatically, in real time the infected hosts
  are disconnected to further stop mutual infection
  among internal hosts.

30

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

High Performance of NetDefend UTM Firewall
NetDefend UTM Firewall equip with a hardware
accelerator for layer 7 content inspection, which
increase IPS and Anti-Virus high performance of
NetDefend UTM Firewall than other competitors.
DFL-260 DFL-860
UTM Firewall Performance 80Mbps 150Mbps
VPN Performance 25Mbps 60Mbps
IPS Performance 25Mbps 50Mbps
Anti-Virus Performance 25Mbps 50Mbps
Web Content Filtering Y Y
We also compare IPS and Anti-Virus performance
with a famous security provider J companys UTM
firewall in next slides for your reference.
31

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

• High IPS performance with hardware accelerator.
• UTM firewall throughput is Triple higher than J
  company XX 20.
• For more detail will be introduced in IPS Feature
  chapter

Test Criteria 5 concurrent users download 10 MB
file by HTTP protocol
32

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

• Super fast Anti-Virus scanning by hardware
  accelerator.
• Scanning capability is Triple faster than J
  company XX 20.
• D-Link ONLY spends 8 seconds to finish 10MB file
  transmission, but J company needs to speed 30
  seconds.
• For more detail will be introduced in Anti-Virus
  Feature chapter

Test Criteria 5 concurrent users download 10 MB
file by HTTP protocol
33

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

1. Huge and comprehensive IPS signature database.
2. IPS database is 10x larger than J company XX 20.

34

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

DFL-860 J company XX 20
Anti-Virus / IPS Performance 54 / 52 Mbps 22 / 16 Mbps
IPS Signature Number 8000 808
File Transmission Speed (10MB) 14 seconds 35 seconds
File size limitation No limitation 10MB
Value is based on real traffic. For more
detail will be introduced in IPS and Anti-Virus
Feature chapter.
35

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

DFL-860 J company XX 20
Anti-Virus / IPS Performance 54 / 52 Mbps 22 / 16 Mbps
IPS Signature Number 8000 808
File Transmission Speed (10MB) 14 seconds 35 seconds
File size limitation No limitation 10MB
For more detail will be introduced in IPS and
Anti-Virus Feature chapter
36
Competitive Comparison Analysis

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

UTM Performance

• Firewall Throughput 80Mbps
• VPN Throughput 25Mbps
• Hardware Based IPS
• Hardware Based Anti-Virus

• Firewall Throughput 75Mbps
• VPN Throughput 20Mbps
• Software Based IPS
• Software Based Anti-Virus

• Firewall Throughput 90Mbps
• VPN Throughput 30Mbps
• Software Based IPS
• Software Based Anti-Virus
• Expensive optional license charge is required !

• Firewall Throughput 70Mbps
• VPN Throughput 20Mbps
• Software Based IPS
• Software Based Anti-Virus

• Firewall Throughput 65Mbps
• VPN Throughput 25Mbps
• Hardware Based IPS
• Hardware Based Anti-Virus

Price
37
Competitive Comparison Analysis

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

• Firewall Throughput 150Mbps
• VPN Throughput 60Mbps
• Hardware Based IPS
• Hardware Based Anti-Virus

UTM Performance

• Firewall Throughput 160Mbps
• VPN Throughput 40Mbps
• Software Based IPS
• Software Based IPS

ZyWall 70

• Firewall Throughput 100Mbps
• VPN Throughput 40Mbps
• Hardware Based IPS
• Hardware Based Anti-Virus

• Firewall Throughput 150Mbps
• VPN Throughput 70Mbps
• Poor IPS AV performance

• Firewall Throughput 200Mbps
• VPN Throughput 50Mbps
• Software Based IPS
• Software Based Anti-Virus
• Expensive optional license charge is required !

• Firewall Throughput 125Mbps
• VPN Throughput 20Mbps
• Software Based IPS
• Software Based Anti-Virus

Price
38
Summary NetDefend UTM Firewall Selling Point

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

Adopting the same kernel certified by ICSA Labs,
NetDefend UTM Firewall also integrates innovative
technologies from world leading IPS, AV and WCF
partners.

• High throughput, high performance with truly
  Hardware Acceleration.
• Fast file transmission speed for Anti-Virus
  scanning capability.
• Comprehensive IPS signature database (8000).
• No file size and connection limitation for
  Anti-Virus scanning. Other competitors can not
  prevent virus hidden in over specific file size
  and not able to support large concurrent
  sessions.
• Well-Known Anti-Virus database by Kaspersky
• Triggering ZoneDefense by IPS and Anti-Virus to
  real-time protect virus or network worm outbreak.
• NetDefend Center website provides great value
  information for network security

Support in future release
39

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

NetDefend UTM Firewall QA

• Which NetDefend UTM Firewall are available now?
  (Multiple Choice )
• a. DFL-260
• b. DFL-860
• c. DFL-1660
• d. DFL-2560
• What new feature does NetDefend firewall support
  after firmware version 2.20?
• a. IPS
• b. Anti-Virus
• c. Web Content Filtering
• d. Anti-SPAM
• Why can D-Link UTM Firewall reach high
  performance?
• a. Embed hardware accelerator
• b. Anti-Virus Engine by Kaspersky
• c. New CPU processor
• d. New software core
• 4. What is the IPS and Anti-Virus performance of
  DFL-860?

40

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

NetDefend UTM Firewall QA
5. What is the IPS and Anti-Virus performance of
DFL-260? a. 20/20 Mbps b. 40/20 Mbps c.
30/30 Mbps d. 35/35 Mbps 6. How many MB is
file size limitation of UTM Firewall for
anti-virus? a. 3 MB b. 5MB c. 10 MB d. No
limitation 7. Who is the anti-virus signature
vendor? a. Trendmicro b. Symantec c.
McAfee d. Kaspersky 8. How many number of IPS
signatures is in UTM database? a. 3000 b.
6000 c. 8000 d. 5000
41

• NetDefend Family Overview Strategy
• NetDefend UTM Firewall

NetDefend UTM Firewall QA
9. What is major difference between UTM firewall
and IPS firewall? a. UTM firewall has VPN, but
IPS firewall has not b. UTM firewall has
Anti-Virus and WCF, but IPS firewall does not
c. UTM firewall has IPS and Anti-Virus, but IPS
firewall has IPS and WCF d. UTM firewall has WCF
and Anti-Virus, but IPS firewall has IPS and
Anti-Virus. 10. What is D-Link UTMs advantages?
a. Performance b. Signature number c.
scanning file size d. ZoneDefense (exclude
DFL-260) e. all of above
42
NetDefend Familys Competency

• NetDefend Family Overview Strategy
• Competitive Comparison Analysis

• Following is our advantage
• Sufficient features
• Solution oriented
• Outstanding performance
• Affordable price
• How to fight with our major competitors?
• Fortinet
• SonicWALL
• Juniper
• ZyXEL

43

• NetDefend Family Overview Strategy
• Competitive Comparison Analysis

Compare with Fortinet
Myth of Fortinet NetDefends Advantages and Counterplot
Fortinet is a innovator which provides many advanced security features in security market. How to Compete with Fortinet? Weakness Poor performance with anti-virus or IPS enabled Complete firewall products, but have no total solution Only provide 30 days free trial for UTM service Anti-Virus database is not from well-known provider IPS signature is only 2,000 Service coverage focus on main countries Conclusion Comparing with D-Link security product, Forinet seems to have complete product line, but the performance and feature of D-Link firewall are excellent. D-Link is to provides network total solution to customers, not single product, firewalls integrate xStack switch to be ZoneDefense solution, unified switch integrates access point to be a wireless management solution. D-Link have complete service coverage by 130 office on 70 countries worldwide.
44

• NetDefend Family Overview Strategy
• Competitive Comparison Analysis

Compare with SonicWALL
Myth of SonicWALL NetDefends Advantages and Counterplot
SonicWALL promotes his deep packet inspection technology and integrated security features. How to Compete with SonicWALL? Several advanced features have to purchase enhanced OS and upgrade license, such as Policy-based routing, advanced NAT feature, sufficient Policy number, HA, Load Balancing, Object-based Management and LDAP. Though the client purchases enhanced OS to support HA feature, SonicWALL still does not provide Firewall and VPN session synchronization. Its a lame solution for H.A. After license upgrade, SonicWALL still lacks some enhanced network feature, such as PPTP Server and 802.1q VLAN support. Bandwidth / traffic control is always their weak point, they never mentioned traffic shaping and traffic load balancing feature. No Gigabit interfaces and VPN tunnel number is limited Conclusion Without purchasing extra license, D-Link NetDefend firewall is already built-in many advanced network features in signal license D-Link delivers enterprise-level security solution, ZoneDefense, to customers for fulfilling Joint Security. D-Link NetDefend Firewall delivers the best Total Costs of Ownership (TCO) for customers.
45

• NetDefend Family Overview Strategy
• Competitive Comparison Analysis

Compare with Juniper
Myth of Juniper NetDefends Advantages and Counterplot
Juniper is the market leader in security market. Juniper Firewall enables L2 and L3 operation mode, meanwhile highlight their signature pack for network security. How to Compete with Juniper? L2 mode (Transparent mode) or L3 mode (Router / NAT mode) cannot co-exist, meanwhile the operation mode change will lose all of the configuration. 10MB file size limitation for file based Anti-Virus scanning. It needs more latency time especially for multiple files transfer for real environment. Juniper only delivers simple QoS for traffic prioritization. There are no any advanced and granular setting to guarantee per-user bandwidth control. Juniper still lacks some enhanced network feature, such as PPTP Server, Server Load Balancing, Dynamic Bandwidth Balancing Mechanism. Conclusion D-Link NetDefend Firewall has high C/P rate and reduce business Total Cost Ownership. No extra cost for full set features. D-Link can integrate all xStack switch series to enable client-less with end-point security solution ZoneDefense technology. Full set functionality High port density (entry level) and all Gbe Copper interfaces (Enterprise) which can fulfill different environment requests.
46

• NetDefend Family Overview Strategy
• Competitive Comparison Analysis

Compare with ZyXEL
Myth of ZyXEL NetDefends Advantages and Counterplot
ZyXELs ZyWALL is ICSA-certified, and earns excellent reputation in SMB segment of security appliance market in Europe. How to Compete with ZyXEL? ZyWALL Firewall and UTM series have limited port interfaces, lack of expansibility for SMBs. ZyWALL Firewall and UTM series provide limited number of VPN tunnels. For ZyWALL 70 UTM, its VPN tunnels at most is 1,000. Only ZyWALL 1050 supports 802.1Q VLAN, for the rest models, they do not support 802.1Q at all. ZyWALL Firewall and UTM series do not support L2TP Server. ZyWALL security service bundles Anti-Virus and IDP together, customers cannot buy either one individually. ZyWALL Firewall and UTM series are ICSA-certified with the testing criteria Residential only, rather than the Corporate criteria. Conclusion D-Link NetDefend Firewall and UTM series pass ICSA Corporate Level testing criteria, however ZyWALL pass ICSA Residential Lcevel only . D-Link can integrate all xStack switch series to enable client-less with end-point security solution ZoneDefense technology. Compared with ZyXEL, D-Links brand is more sounding and has more comprehensive office and tech-support network around the world.
47
NETDEFENDOS FEATURE INTRODUCTION

• DCS-Security

48
Key Features in NetDefendOS

• NetDefendOS Feature Introduction

• Routing Features
• Route Failover
• Virtual Private Network (VPN)
• Virtual Local Area Network (VLAN)
• High Availability (HA)
• Traffic Management
• User Authentication
• ZoneDefense

49
Routing Features in NetDefendOS

• NetDefendOS Feature Introduction
• Routing Features

Platform Compatibility DFL-210/260/800/860/16
00/2500 After this section, you should be
capable to express 1. What is static routing? 2.
What is the PBR (Policy Based Route)? 3. What
could we achieve when using this feature? 4. What
is load sharing? 5. What is the key component of
load sharing? 6. What is dynamic routing? 7.
What is the difference between dynamic and static
routing?
50
Static Route Route Failover

• NetDefendOS Feature Introduction
• Routing Features

Red Line
Green Line
51
Policy Based Route

• NetDefendOS Feature Introduction
• Routing Features

• The NetDefendOS provides following types of PBR
• Source-based routing
• Service-based routing
• Benefit of Policy Based Route
• Load sharing between multiple WAN links

52
Dynamic Routing

• NetDefendOS Feature Introduction
• Routing Features

• Why do we need dynamic routing?
• What is dynamic routing?
• What dynamic routing do we support?
• OSPF (Open Shortest Path First)

53
Load Sharing

• NetDefendOS Feature Introduction
• Routing Features

• More than two internet connections
• Interoperate with PBR
• Source-based routing
• Service-based routing

54
Competitive AnalysisStatic Route, PBR, OSPF

• NetDefendOS Feature Introduction
• Routing Features

Static Route PBR OSPF Load Sharing
SonicWALL v v v v
WatchGuard v v v v
Fortinet v v v v
Juniper v v v v
Cisco v v v v
55
SummaryRouting Features in NetDefendOS

• NetDefendOS Feature Introduction
• Routing Features

• Routing determines the path from source to
  destination
• Static Routing predefined path
• Dynamic Routing learning and updating the path
  automatically
• Policy Based Route (PBR) determines path
  according to
• Service type different traffics (HTTP or FTP)
  use different routes
• Source IP address different users use different
  routes
• Via Policy Based Route (PBR), load sharing
  between multiple WAN links could be achieved

56
Routing Features QA

• NetDefendOS Feature Introduction
• Routing Features

• 1. What kind of dynamic routing protocol does
  NetDefendOS support?
• a. RIP (Routing Information Protocol)
• b. OSPF (Open Shortest Path First)
• c. BGP (Border Gateway Protocol)
• d. EGP (Exterior Gateway Protocol)
• 2. Does NetDefendOS support Route Failover
  feature?
• a. YES
• b. No
• 3. What of following feature is NOT supported in
  NetDefendOS Firewall?
• a. Static Route
• b. Policy Based Route
• c. RIP (Routing Information Protocol)
• d. OSPF (Open Shortest Path Fast)

57
Routing Features QA

• NetDefendOS Feature Introduction
• Routing Features

• 4. Which of following PBR is NOT supported in
  NetDefendOS ? (Multiple Choice)
• a. Source-based routing
• b. Service-based routing
• c. Schedule-based routing
• d. Port-based routing
• With which feature, NetDefendOS could support
  load sharing between multiple WAN links?a.
  Static Routeb. Traffic Managementc. Dynamic
  Routed. Policy Based Route
• Which model support load sharing feature?a.
  DFL-210b. DFL-800c. DFL-1600d. DFL-2500e. All
  above

58
Route Failover

• NetDefendOS Feature Introduction
• Route Failover

Platform Compatibility DFL-210/260/800/860/16
00/2500 After completing this section, you will
be able to 1. Describe what is Route Failover
and its benefits 2. Describe how to implement
Route Failover solution 3. Describe the selling
point for Route Failover
59
What is Route Failover

• NetDefendOS Feature Introduction
• Route Failover

• Firewall is often deployed as the gateway of a
  network where availability and connectivity is
  crucial. Today corporations are relying heavily
  on the access to the Internet, and their
  operations will be severely disrupted if an
  Internet connection fails.
• To utilize multiple ISPs/ WAN links, NetDefendOS
  provides a Route Failover capability. Therefore,
  when one route fail, traffic can automatically
  failover to another alternative route.

60
A Typical Scenario of Failover

• NetDefendOS Feature Introduction
• Route Failover

Route Failover allows the connections to
different Internet Service Providers to avoid a
single point of failure. Consequently, it enables
enterprises to have backup Internet connectivity
using a secondary Internet Service Provider (ISP).
61
How NetDefendOS Delivers Failover

• NetDefendOS Feature Introduction
• Route Failover

• For a route with Route Monitoring enabled, one of
  Route Monitoring methods must be chosen
• Interface Link Status
• Gateway Monitoring

62
Competitive Analysis Failover Feature
Comparison

• NetDefendOS Feature Introduction
• Route Failover

• The D-Link NetDefend Route Failover Feature
  Comparison
• SonicWALL
• ZyXEL
• WatchGuard
• Cisco
• Juniper
• Fortinet

63
DFL-210

• NetDefendOS Feature Introduction
• Route Failover

Small-to-Medium Business Segment D-Link SonicWALL SonicWALL ZyXEL ZyXEL WatchGuard Firebox WatchGuard Firebox
Features / Competitors DFL-210 TZ 18010 Node Lic / 25 Node Lic TZ 190 ZyWALL 5 ZyWALL 35 X Edge 5 X Edge 15
Failover Y Y Y Not Available Y Optional Optional
Small-to-Medium Business Segment D-Link Cisco Cisco Juniper Juniper Fortinet Fortinet
Features / Competitors DFL-210 PIX 501 PIX 506E 5XT 5GT FortiGate-60 FortiGate-100A
Failover Y Not Available Not Available Optional Optional Y Y
64
DFL-260

• NetDefendOS Feature Introduction
• Route Failover

Small-to-Medium Business Segment D-Link SonicWALL ZyXEL ZyXEL WatchGuard Firebox WatchGuard Firebox WatchGuard Firebox
Features / Competitors DFL-260 Pro 1260 Standard / Enhanced ZyWALL 5 UTM ZyWALL 35 UTM X Edge X10e X Edge X20e X Edge X20e
Failover Y Y Not Available Y Optional Optional Y
Small-to-Medium Business Segment D-Link Cisco Juniper Juniper Fortinet Fortinet
Features / Competitors DFL-260 N/A 5XT 5GT FortiGate-60/60A FortiGate-100A
Failover Y N/A Optional Optional Y Y
65
DFL-800

• NetDefendOS Feature Introduction
• Route Failover

Small-to-Medium Business Segment D-Link SonicWALL SonicWALL ZyXEL WatchGuard Firebox WatchGuard Firebox
Features / Competitors DFL-800 Pro 1260 Standard / Enhanced Pro 2040 Standard / Enhanced ZyWALL 70 X Core X500Standard / Advanced X Core X700Standard / Advanced
Failover Y Y Y Y Optional / Yes Optional / Yes
Small-to-Medium Business Segment D-Link Cisco Cisco Juniper Juniper Fortinet Fortinet
Features / Competitors DFL-800 PIX 506E PIX 515E(R, DMZ) / (UR, FO, FO-AA) NetScreen-25 NetScreen-50 FortiGate-100A FortiGate-200A
Failover Y Not Available Not Available / Y Y Y Y Y
66
DFL-860

• NetDefendOS Feature Introduction
• Route Failover

Small-to-Medium Business Segment D-Link SonicWALL SonicWALL ZyXEL WatchGuard WatchGuard
Features / Competitors DFL-860 Pro 1260 Standard / Enhanced Pro 2040 Standard / Enhanced ZyWALL 70 UTM X Core X500Standard / Advanced X Core X700Standard / Advanced
Failover Y Y Y Y Optional / Yes Optional / Yes
Small-to-Medium Business Segment D-Link Cisco Juniper Juniper Fortinet Fortinet
Features / Competitors DFL-860 ASA 5505Base / Security Plus SSG 5Base / Extended SSG 20Base / Extended FortiGate-100A FortiGate-200A
Failover Y Not Available / Y Y Y Y Y
67
SummaryRoute Failover

• NetDefendOS Feature Introduction
• Route Failover

• Today the low costs of xDSL lines makes it
  possible to allow SMBs utilize multiple ISPs/ WAN
  links as WAN backup via Route Failover feature to
  prevent operations severely disrupted due to
  Internet connection fails.
• In the entry level model segment such as
  DFL-210/260/800/860, most competitors deliver
  Route Failover feature as an option, and require
  to pay extra fee for this feature. Different from
  our competitors, considering the IT demands of
  SMB, the D-Link NetDefend IPS/UTM Firewall family
  generously bundles the Route Failover feature
  with no need to pay extra costs for the license
  upgrade.
• D-Link NetDefend IPS/UTM Firewall family delivers
  the affordable price with best-value security
  feature set for SMBs.

68
VPN

• NetDefendOS Feature Introduction
• VPN

Platform Compatibility DFL-210/260/800/860/1
600/2500 After completing this section, you will
be able to 1. Describe what is VPN and its
benefits 2. Describe how to implement VPN
solutions 3. Describe the selling point for VPN
69
What is VPN?

• NetDefendOS Feature Introduction
• VPN

• A Virtual Private Network (VPN) is a private
  network connection that occurs through a public
  network.
• VPNs can be used to connect LANs together across
  the Internet or other public networks. With a
  VPN, the remote end appears to be connected to
  the network as if it were connected locally.
• VPN has attracted the attention of many
  organizations looking to both expand their
  networking capabilities and reduce their costs.

70
A Typical Scenario of VPN Solutions

• NetDefendOS Feature Introduction
• VPN

• Tunneling Protocol
• L2TP
• PPTP
• IPSec

• Remote Access VPN

• Site-to-Site VPN

71
A Close Look at IPSec VPN Topology

• NetDefendOS Feature Introduction
• VPN

• Site-to-Site Topology

DFL-2500
VPN Tunnel is dedicated.
DFL-210/260/800/860
Head Office
Remote Office / Branch Office (ROBO)
72
A Close Look at IPSec VPN Topology

• NetDefendOS Feature Introduction
• VPN

• Hub-and-Spoke Topology

73
More Discussion about IPSec VPNs

• NetDefendOS Feature Introduction
• VPN

• Rules and Routing play the key role in IPSec VPN
  configuration
• NetDefendOS provides IPSec VPN connection via
  Rule-based VPN Configuration
• Rule-based Configuration enables granular
  controls for administrators to decide what
  traffic should go through the tunnel.

FTP Server on the Internet
Internet
?
DFL-2500
DFL-210/260/800/860
Rule Action Allow Service FTP
Local Network
Local Network
The client is not allowed to access FTP servers
on the Internet however, he/she is allowed to
access the internal FTP server at the Head Office
via VPN tunnel
Head Office
Remote Office
FTP Server
Client
74
Remote Access VPNs

• NetDefendOS Feature Introduction
• VPN

• The IP address of remote access clients are
  normally dynamic.
• Users usually require to install a VPN software
  on the machine.
• Tunnel connections are between a remote users
  computer and the VPN appliance.

VPN Remote Client Software
75
Planning a VPN

• NetDefendOS Feature Introduction
• VPN

• In designing a VPN, there are many considerations
  that need to be addressed, including
• Protecting mobile and home computers
• Restricting access through the VPN to needed
  services, only when
• mobile computers are potentially vulnerable
• Creating DMZs for services that need to be
  shared with other
• companies through VPNs
• Adapting VPN access policies for different
  groups of users
• Creating key distribution policies

76
Competitive Analysis VPN Feature Comparison

• NetDefendOS Feature Introduction
• VPN

• The D-Link NetDefend VPN Feature Comparison
• SonicWALL
• ZyXEL
• WatchGuard
• Cisco
• Juniper
• Fortinet

77
DFL-210

• NetDefendOS Feature Introduction
• VPN

Small-to-Medium Business Segment Small-to-Medium Business Segment D-Link SonicWALL SonicWALL ZyXEL ZyXEL WatchGuard Firebox WatchGuard Firebox
Features / Competitors Features / Competitors DFL-210 TZ 18010 Node Lic / 25 Node Lic TZ 190 ZyWALL 5 ZyWALL 35 X Edge 5 X Edge 15
Firewall Throughput Firewall Throughput 80Mbps 90Mbps 90Mbps 65Mbps 70Mbps 80Mbps 95Mbps
VPN VPN Throughput 25Mbps 30Mbps 30Mbps 25Mbps 30Mbps 35Mbps 35Mbps
VPN Site-to-Site Tunnel 100 2 / 10 15 10 35 2 15
VPN Client-to-Site Tunnel 100 0 (Bundled) - 5 (Max) /1 (Bundled) -25 (Max) 2 (Bundled) - 25 10 35 1/11 5/25
78
DFL-210

• NetDefendOS Feature Introduction
• VPN

Small-to-Medium Business Segment Small-to-Medium Business Segment D-Link Cisco Cisco Juniper Juniper Fortinet Fortinet
Features / Competitors Features / Competitors DFL-210 PIX 501 PIX 506E 5XT 5GT FortiGate-60 FortiGate-100A
Firewall Throughput Firewall Throughput 80Mbps 60Mbps 100Mbps 70Mbps 75Mbps 70Mbps 100Mbps
VPN VPN Throughput 25Mbps 3Mbps 15Mbps 20Mbps 20Mbps 20Mbps 40Mbps
VPN Site-to-Site Tunnel 100 10 25 10 10 50 80
VPN Client-to-Site Tunnel 100 10 25 10 10 50 80
79
DFL-260

• NetDefendOS Feature Introduction
• VPN

Small-to-Medium Business Segment Small-to-Medium Business Segment D-Link SonicWALL ZyXEL ZyXEL WatchGuard Firebox WatchGuard Firebox WatchGuard Firebox
Features / Competitors Features / Competitors DFL-260 Pro 1260 Standard / Enhanced ZyWALL 5 UTM ZyWALL 35 UTM X Edge X10e X Edge X20e X Edge X20e
Firewall Throughput Firewall Throughput 80Mbps 90Mbps 65Mbps 70Mbps 100Mbps 100Mbps 100Mbps
VPN VPN Throughput 25Mbps 30Mbps 25Mbps 30Mbps 35Mbps 35Mbps 35Mbps
VPN Site-to-Site Tunnel 100 25 10 35 5 15 25
VPN Client-to-Site Tunnel 100 50 10 35 5 (Bundled) - 11 5 (Bundled) - 25 5 (Bundled) - 55
80
DFL-260

• NetDefendOS Feature Introduction
• VPN

Small-to-Medium Business Segment Small-to-Medium Business Segment D-Link Cisco Juniper Juniper Fortinet Fortinet
Features / Competitors Features / Competitors DFL-260 N/A 5XT 5GT FortiGate-60/60A FortiGate-100A
Firewall Throughput Firewall Throughput 80Mbps N/A 70Mbps 75Mbps 70Mbps 100Mbps
VPN VPN Throughput 25Mbps N/A 20Mbps 20Mbps 20Mbps 40Mbps
VPN Site-to-Site Tunnel 100 N/A 10 10 50 80
VPN Client-to-Site Tunnel 100 N/A 10 10 50 80
81
DFL-800

• NetDefendOS Feature Introduction
• VPN

Small-to-Medium Business Segment Small-to-Medium Business Segment D-Link SonicWALL SonicWALL ZyXEL WatchGuard Firebox WatchGuard Firebox
Features / Competitors Features / Competitors DFL-800 Pro 1260 Standard / Enhanced Pro 2040 Standard / Enhanced ZyWALL 70 X Core X500Standard / Advanced X Core X700Standard / Advanced
Firewall Throughput Firewall Throughput 150Mbps 90Mbps 200Mbps 90Mbps 100/110 Mbps 150/160 Mbps
VPN VPN Throughput 60Mbps 30Mbps 50Mbps 40Mbps 20/30 Mbps 40/60 Mbps
VPN Site-to-Site Tunnel 300 25 50 100 0 - 50 (Need to Upgrade) 100
VPN Client-to-Site Tunnel 300 5 (Bundled) - 50 10 (Bundled) - 50/200 100 5 (Bundled) - 50 10 (Bundled) - 100
82
DFL-800

• NetDefendOS Feature Introduction
• VPN

Small-to-Medium Business Segment Small-to-Medium Business Segment D-Link Cisco Cisco Juniper Juniper Fortinet Fortinet
Features / Competitors Features / Competitors DFL-800 PIX 506E PIX 515E(R, DMZ) / (UR, FO, FO-AA) NetScreen-25 NetScreen-50 FortiGate-100A FortiGate-200A
Firewall Throughput Firewall Throughput 150Mbps 100Mbps 190Mbps 100Mbps 170Mbps 100Mbps 150Mbps
VPN VPN Throughput 60Mbps 15Mbps 20 / 60 Mbps 20Mbps 45Mbps 40Mbps 70Mbps
VPN Site-to-Site Tunnel 300 25 Not Available / 2000 125 500 80 200
VPN Client-to-Site Tunnel 300 25 Not Available / 2000 125 500 80 200
83
DFL-860

• NetDefendOS Feature Introduction
• VPN

Small-to-Medium Business Segment Small-to-Medium Business Segment D-Link SonicWALL SonicWALL ZyXEL WatchGuard WatchGuard
Features / Competitors Features / Competitors DFL-860 Pro 1260 Standard / Enhanced Pro 2040 Standard / Enhanced ZyWALL 70 UTM X Core X500Standard / Advanced X Core X700Standard / Advanced
Firewall Throughput Firewall Throughput 150Mbps 90Mbps 200Mbps 90Mbps 100/110 Mbps 150/160 Mbps
VPN VPN Throughput 60Mbps 30Mbps 50Mbps 40Mbps 20/30 Mbps 40/60 Mbps
VPN Site-to-Site Tunnel 300 25 50 100 0 - 50 (Need to Upgrade) 100
VPN Client-to-Site Tunnel 300 5 (Bundled) - 50 10 (Bundled) - 50/200 100 5 (Bundled) - 50 10 (Bundled) - 100
84
DFL-860

• NetDefendOS Feature Introduction
• VPN

Small-to-Medium Business Segment Small-to-Medium Business Segment D-Link Cisco Juniper Juniper Fortinet Fortinet
Features / Competitors Features / Competitors DFL-860 ASA 5505Base / Security Plus SSG 5Base / Extended SSG 20Base / Extended FortiGate-100A FortiGate-200A
Firewall Throughput Firewall Throughput 150Mbps 150Mbps 160Mbps 160Mbps 100Mbps 150Mbps
VPN VPN Throughput 60Mbps 100Mbps 40Mbps 40Mbps 40Mbps 70Mbps
VPN Site-to-Site Tunnel 300 10 / 25 25 / 40 25 / 40 80 200
VPN Client-to-Site Tunnel 300 10 / 25 25 / 40 25 / 40 80 200
85
DFL-1600

• NetDefendOS Feature Introduction
• VPN

Small-to-Medium Business Segment Small-to-Medium Business Segment D-Link SonicWALL SonicWALL ZyXEL WatchGuard WatchGuard WatchGuard
Features / Competitors Features / Competitors DFL-1600 Pro 3060Standard / Enhanced Pro 4060Enhanced ZyWALL 1050 X Core X1000Standard / Advanced X Core X2500Standard / Advanced X Core X550e (UTM)Standard / Advanced
Firewall Throughput Firewall Throughput 320Mbps 290Mbps 300Mbps 300Mbps 225 / 240 Mbps 275 / 300 Mbps 300 Mbps
VPN VPN Throughput 120Mbps 75Mbps 190Mbps 100Mbps 75 / 100 Mbps 100 / 130 Mbps 35 Mbps
VPN Site-to-Site Tunnel 1,200 500/1,000 3,000 1,000 400 400 35 (Bundled) - 45
VPN Client-to-Site Tunnel 1,200 25 (Bundled) - 500 3,000 1,000 50 (Bundled) - 1,000 1,000 (Bundled) 5 (Bundled) - 75
86
DFL-1600

• NetDefendOS Feature Introduction
• VPN

Small-to-Medium Business Segment Small-to-Medium Business Segment D-Link Cisco Cisco Juniper Juniper Juniper Fortinet
Features / Competitors Features / Competitors DFL-1600 PIX 525(R) / (UR, FO, FO-AA) ASA 5510Base / Security Plus SSG 140 NetScreen-204 NetScreen-208 FortiGate-300A
Firewall Throughput Firewall Throughput 320Mbps 330Mbps 300Mbps 350Mbps 375Mbps 375Mbps 400Mbps
VPN VPN Throughput 120Mbps 30 / 70Mbps 170Mbps 100Mbps 175Mbps 175Mbps 120Mbps
VPN Site-to-Site Tunnel 1200 Not Available / 2,000 250 125 1,000 1,000 1,500
VPN Client-to-Site Tunnel 1200 Not Available / 2,000 250 125 1,000 1,000 1,500
87
DFL-2500

• NetDefendOS Feature Introduction
• VPN

Small-to-Medium Business Segment Small-to-Medium Business Segment D-Link SonicWALL SonicWALL ZyXEL WatchGuard Firebox WatchGuard Firebox
Features / Competitors Features / Competitors DFL-2500 Pro 4060Enhanced Pro 4100Enhanced N/A X Peak X5000Advanced X Peak X6000Advanced
Firewall Throughput Firewall Throughput 600Mbps 300Mbps 700Mbps N/A 400 Mbps 700 Mbps
VPN VPN Throughput 300Mbps 190Mbps 400Mbps N/A 190 Mbps 300 Mbps
VPN Site-to-Site Tunnel 2,500 3,000 3,500 N/A 400 400
VPN Client-to-Site Tunnel 2,500 3,000 4,500 N/A 1,200 (Bundled) - 4,000 1,600 (Bundled) - 5,000
88
DFL-2500

• NetDefendOS Feature Introduction
• VPN

Small-to-Medium Business Segment Small-to-Medium Business Segment D-Link Cisco Cisco Juniper Juniper Fortinet Fortinet
Features / Competitors Features / Competitors DFL-2500 ASA 5520 ASA 5540 NetScreen-208 NetScreen-500 FortiGate-400A FortiGate-500A
Firewall Throughput Firewall Throughput 600Mbps 450Mbps 650Mbps 375Mbps 700Mbps 500Mbps 600Mbps
VPN VPN Throughput 300Mbps 225Mbps 325Mbps 175Mbps 250Mbps 140Mbps 150Mbps
VPN Site-to-Site Tunnel 2,500 750 5,000 1,000 5,000 2,000 3,000
VPN Client-to-Site Tunnel 2,500 750 5,000 1,000 10,000 2,000 3,000
89
SummaryVPN (Virtual Private Network )

• NetDefendOS Feature Introduction
• VPN

The D-Link NetDefend IPS/UTM Firewall family
provides outstanding firewall / VPN performance
compared with other key players on the
market. Meanwhile, for the max number of VPN
tunnel, NetDefend IPS/UTM Firewall family by
default bundles more tunnels than our
competitors, without charging any extra costs or
upgrade fee for extra tunnels. From the
viewpoint of either performance-costs or
value-costs ratio, D-Link NetDefend IPS/UTM
Firewall family is the best Firewall / UTM
solution for mid-to-large sized organizations.
90
VPN QA

• NetDefendOS Feature Introduction
• VPN

1. What is the maximum number of VPNs supported
on a DFL-800/860 Firewall/UTM device running
NetDefendOS? a. 100 b. 150 c. 200 d. 250 e.
300 2. Which of the following protocols isnt a
tunneling protocol but is probably used at your
site by tunneling protocols for network
security? a. IPSec b. PPTP c. L2TP d. L2F
91
VPN QA

• NetDefendOS Feature Introduction
• VPN

3. Which answer below is NOT the benefits of VPN
encryption a. Confidentiality b.
Authentication c. Integrity d.
Non-repudiation e. None of the above 4. What is
the maximum VPN throughput of DFL-800 / 860
device running NetDefendOS? a. 50 Mbps b. 60
Mbps c. 70 Mbps d. 80 Mbps e. 90 Mbps
92
VPN QA

• NetDefendOS Feature Introduction
• VPN

5. What is the maximum VPN throughput of DFL-1600
device running NetDefendOS? a. 100 Mbps b. 110
Mbps c. 120 Mbps d. 150 Mbps e. 200 Mbps 6.
What is the maximum VPN throughput of DFL-2500
device running NetDefendOS? a. 100 Mbps b. 150
Mbps c. 200 Mbps d. 250 Mbps e. 300 Mbps
93
VPN QA

• NetDefendOS Feature Introduction
• VPN

7. Which two settings are important in IPSec VPN
configuration, and will decide weather the
traffic should go through the tunnel? (Multiple
Choice) a. Network Interfaces b. Routing c.
IPSec Interface d. Rules e. None of the
above 8. How does NetDefendOS provide IPSec VPN
configuration ? a. Policy-based Configuration
b. Interface-based Configuration c. Rule-based
Configuration d. Route-based Configuration e.
Security-based Configuration
94
VLAN

• NetDefendOS Feature Introduction
• VLAN

Platform Compatibility DFL-210/260/800/860/1
600/2500 After completing this section, you will
be able to 1. Describe what is VLAN and its
benefits 2. Describe how to implement VLAN
solutions 3. Describe the selling point for VLAN
95
What is VLAN

• NetDefendOS Feature Introduction
• VLAN

• A Virtual Local Area Network (VLAN) allows
  administrators to create logical groups of users
  and systems and segment them on the network.
• This network segmentation enables administrators
  hide segments of the network from other segments
  and hence control network resource access.
• Also administrators can set up VLANs to control
  the paths that data takes to get from one point
  to another. VLAN technology is a good way to
  contain network traffic to a certain area in a
  network.

96
A Typical Scenario of VLAN

• NetDefendOS Feature Introduction
• VLAN

97
NetDefendOS Provides Cost-Effective VLAN Solution
for SMB

• NetDefendOS Feature Introduction
• VLAN

D-Link NetDefend IPS/UTM Firewalls
98
How NetDefendOS Supports VLAN

• NetDefendOS Feature Introduction
• VLAN

• NetDefendOS is fully compliant with the IEEE
  802.1Q specification for Virtual LANs. On a
  protocol level, Virtual LANs work by adding a
  Virtual LAN identifier (VLAN ID) to the Ethernet
  frame header. The VLAN ID is a number from 0 to
  4095 and is used to identify a specific Virtual
  LAN. In this way, Ethernet frames can belong to
  different Virtual LANs, but still share the same
  physical media.
• The Virtual LAN support in NetDefendOS works by
  defining one or more Virtual LAN interfaces. Each
  Virtual LAN interface is interpreted as a logical
  interface by the system.
• Ethernet frames received by the system are
  examined for a VLAN ID. If a VLAN ID is found,
  and a matching Virtual LAN interface has been
  defined, the system will consider that interface
  to be the receiving interface for the frame
  before further processing takes place.
• Virtual LANs are useful in several different
  scenarios, for instance, when filtering is needed
  between different Virtual LANs in an
  organization, or when the number of interfaces
  needs to be expanded.

99
Competitive Analysis VLAN Feature Comparison

• NetDefendOS Feature Introduction
• VLAN

• The D-Link NetDefend VLAN Feature Comparison
• SonicWALL
• ZyXEL
• WatchGuard
• Cisco
• Juniper
• Fortinet

100
DFL-210

• NetDefendOS Feature Introduction
• VLAN

Small-to-Medium Business Segment D-Link SonicWALL SonicWALL ZyXEL ZyXEL WatchGuard Firebox WatchGuard Firebox
Features / Competitors DFL-210 TZ 18010 Node Lic / 25 Node Lic TZ 190 ZyWALL 5 ZyWALL 35 X Edge 5 X Edge 15
Max. No. of VLAN 8 Not Available Not Available Not Available Not Available Not Available Not Available
Small-to-Medium Business Segment D-Link Cisco Cisco Juniper Juniper Fortinet Fortinet
Features / Competitors DFL-210 PIX 501 PIX 506E 5XT 5GT FortiGate-60 FortiGate-100A
Max. No. of VLAN 8 Not Available 2 3 3 10 (Bundled) 25, 50, 100, 250 (via Lic Upgrade) 10 (Bundled) - 25, 50, 100, 250 (via Lic Upgrade)
101
DFL-260

• NetDefendOS Feature Introduction
• VLAN

Small-to-Medium Business Segment D-Link SonicWALL ZyXEL ZyXEL WatchGuard Firebox WatchGuard Firebox WatchGuard Firebox
Features / Competitors DFL-260 Pro 1260 Standard / Enhanced ZyWALL 5 UTM ZyWALL 35 UTM X Edge X10e X Edge X20e X Edge X20e
Max. No. of VLAN 8 Not Available / 25 Not Available Not Available Not Available Not Available Not Available
Small-to-Medium Business Segment D-Link Cisco Juniper Juniper Fortinet Fortinet
Features / Competitors DFL-260 N/A 5XT 5GT FortiGate-60/60A FortiGate-100A
Max. No. of VLAN 8 N/A 3 3 10 (Bundled) 25, 50, 100, 250 (via Lic Upgrade) 10 (Bundled) - 25, 50, 100, 250 (via Lic Upgrade)
102
DFL-800

• NetDefendOS Feature Introduction
• VLAN

Small-to-Medium Business Segment D-Link SonicWALL SonicWALL ZyXEL WatchGuard Firebox WatchGuard Firebox
Features / Competitors DFL-800 Pro 1260 Standard / Enhanced Pro 2040 Standard / Enhanced ZyWALL 70 X Core X500Standard / Advanced X Core X700Standard / Advanced
Max. No. of VLAN 16 Not Available / 25 Not Available / 25 Not Available Not Available Not Available
Small-to-Medium Business Segment D-Link Cisco Cisco Juniper Juniper Fortinet Fortinet
Features / Competitors DFL-800 PIX 506E PIX 515E(R, DMZ) / (UR, FO, FO-AA) NetScreen-25 NetScreen-50 FortiGate-100A FortiGate-200A
Max. No. of VLAN 16 2 10 / 25 16 16 10 (Bundled) 25, 50, 100, 250 (via Lic Upgrade) 10 (Bundled) - 25, 50, 100, 250 (via Lic Upgrade)
103
DFL-860

• NetDefendOS Feature Introduction
• VLAN

Small-to-Medium Business Segment D-Link SonicWALL SonicWALL ZyXEL WatchGuard WatchGuard
Features / Competitors DFL-860 Pro 1260 Standard / Enhanced Pro 2040 Standard / Enhanced ZyWALL 70 UTM X Core X500Standard / Advanced X Core X700Standard / Advanced
Max. No. of VLAN 16 Not Available / 25 Not Available / 25 Not Available Not Available Not Available
Small-