NetDefend UTM Firewall 1660

DFL‑1660

  • Stato del prodotto: Obsoleto
PROJECT ITEM ONLY, please contact us to tell us about your project
  • Suitable for large networks with up to 1200 users
  • Comprehensive IPS signature database (17,000+) for protection against zero-day attacks
  • Stream-based virus scanning that does not require any caching
  • Millions of URLs indexed globally for Web Content Filtering
  • Hardware acceleration for high performance/high throughput
  • Hardware-based data encryption and authentication for IPSec, PPTP, and L2TP in Client/Server mode
  • WAN Link load-balancing and fault-tolerance
  • D-Link End-to-End Security (E2ES) in conjunction with D-Link xStack switches
  • 6 configurable Gigabit Ethernet interfaces
  • 1-year free subscriptions to UTM services included*
  • Traffic bandwidth management with policy based shaping
  • No per-user license fee, for reduced total cost of ownership
  • *registration required


The DFL-1660 UTM Firewall offers large organisations a comprehensive defense against virus attacks, unauthorised intrusions and harmful content, as well as Virtual Private Network (VPN) services. Through robust security features, flexible configuration and no hidden fees, it offers a high return on investment to businesses that demand high performance at competitive prices.


Unified Threat Management
The DFL-1660 integrates an Intrusion Detection and Prevention System (IDP/IPS), gateway Anti-Virus (AV) and Content Filtering/Web URL Filtering (WCF) for superior Layer 7 content inspection protection.
Optional service subscriptions are available to keep each of these defenses updated in real time1.
1 1-year IPS/AV free subscriptions included (registration required)


Robust Intrusion Prevention
The DFL-1660 adopts a unique IPS technology, component-based signatures, that is built to recognise and protect against all varieties of known and unknown attacks and which can address all critical aspects of an attack or potential attack including payload, NOP sled, infection and exploits. In terms of signature coverage, the IPS database includes attack information and data from a global attack sensor-grid and exploits collected from public sites such as the National Vulnerability Database and Bugtrax.
The DFL-1660 delivers high quality IPS signatures by constantly creating and optimising NetDefend signatures via the D-Link Auto-Signature Sensor System. Without overloading the appliance, these signatures ensure a high ratio of detection accuracy and the lowest ratio of false positives.


Stream-based virus scanning
The DFL-1660 scans files of any size, using a stream-based virus scanning technology that does not require any caching. This scanning method increases inspection performance while eliminating network bottlenecks. The appliance uses virus signatures from the respected antivirus company Kaspersky Labs to provide users with reliable and accurate antivirus signatures, as well as prompt signature updates. Viruses and malware consequently can be effectively blocked before they reach the network's desktops or mobile devices.


Web Content Filtering
Web Content Filtering (WCF) helps administrators monitor, manage and control employee usage of the Internet. The DFL-1660 implements multiple global index servers with millions of URLs and real-time website information to enhance performance capacity and maximise service availability. The firewall uses highly granular policies and explicit black lists/white lists to allow or disallow access to certain types of websites for any combination of users, interfaces and IP networks. They can strip potential malicious objects, such as Java applets, JavaScripts/VBScripts, ActiveX objects and cookies to actively handle the Internet content.


Geared for High Performance and High Availability
Within an industrial chassis, the DFL-1660 offers an impressive set of hardware features that include a high-speed processor, a large database and a powerful firewall engine that can handle up to 600,000 concurrent sessions. The DFL-1660 includes multiple user-configurable Gigabit ports for flexible, scalable and cost effective network deployments with fail-over and outbound load balancing. In addition, two DFL-1660 firewall can be installed in parallel for redundancy: the passive one serving as back-up in case of the failure of the active one (High Availability).


Proactive Network Security
The DFL-1660 includes a special feature called ZoneDefense - a mechanism that operates seamlessly with D-Link xStack switches to perform proactive network security. ZoneDefense automatically quarantines infected computers on the network and prevents them from flooding the network with malicious traffic.


Powerful VPN Performance
The DFL-1660 offers an integrated VPN Client and Server. This allows remote offices to securely connect to a head office or mobile users working remotely to safely connect to the office network. The firewall’s hardware-based VPN engine can support and manage a large number of VPN configurations. It supports IPSec, PPTP, and L2TP protocols in Client/Server mode and can handle pass-through traffic as well. Advanced VPN configuration options include: DES/3DES/AES/Twofish/Blowfish/CAST-128 encryption, Manual or IKE/ISAKMP key management, Quick/Main/Aggressive Negotiation modes, and VPN authentication support using either an external RADIUS server or a large user database that supports up to 3,000 accounts.


Traffic Shaping and Load Sharing
The DFL-1660 provides advanced traffic shaping technology, allowing administrators to prioritise and differentiate network traffic and set bandwidth limits. Furthermore, the DFL-1660 supports Server Load Balancing (SLB), which allows network service demands to be shared among multiple servers, thus improving application performance and scalability.


Monitoring and Management
The DFL-1660 can be remotely managed via a web-based interface or CLI through the RS-232 console port or a Secure Shell (SSH) connection. It includes flexible features to monitor and maintain a healthy and secure network, such as e-mail alerts, system log and real-time statistics. These features, along with the ability for firmware upgrade, ensure that your firewall can provide and maintain maximum performance and security for your network.


3rd party certification

The DFL-1660 has passed rigorous testing by ICSA Labs, to achieve both Corporate-Level Firewall Certification and IPSec 1.3 Enhanced Certification. These are recognised worldwide as the benchmark for network security industry excellence. Testing is performed against an industry-approved set of criteria and is periodically reviewed to ensure that the vendor has continued to develop a secure product that meets all the criteria. In addition, the DFL-1660 has passed the Virtual Private Network Consortium (VPNC) AES Interoperability test, ensuring that the firewall is generally interoperable with other IPsec systems when using the AES encryption algorithm.


D-Link Green Certified
The DFL-1660 has attained D-Link Green certification. It is built with an 80 PLUS internal power supply offering greater efficiency, thus providing a longer equipment life and ultimately a reduced cost of ownership. Additionally, 80 PLUS power supplies help prevent pollution by limiting energy consumption, and run at a lower temperature to reduce cooling costs.

D-Link Green certified devices comply with The European Union’s RoHS (Restriction of Hazardous Substances) and WEEE (Waste Electrical and Electronic Equipment) directives. Together, these features make D-Link Green firewall products the environmentally responsible choice.
 

L'aspetto del prodotto reale può differire dall'immagine visualizzata in questa pagina.

Specifiche tecniche

Hardware
  • 6 configurable Gigabit ports
  • Console port (RS-232)
  • Front panel LCD
  • 2 USB ports (reserved)


Performance
  • Firewall throughput: up to 1.2 Gbps1,2
  • VPN throughput: up to 350 Mbps1,3
  • IPS throughput: up to 400 Mbps1,4
  • AV throughput: up to 225 Mbps1,4
  • Up to 600,000 concurrent sessions
  • Up to 4,000 policies


UTM
  • Intrusion Prevention System (IPS)
  • Anti-Virus protection (AV)
  • Web Content Filtering (WCF)
  • Anti-Spam (for SMTP protocol only) based on real-time DNSBL/Open Relay database server
  • DoS/DDoS protection


Firewall
  • DoS/DDoS protection
  • Content filters (URL keyword blocking, Java/ActiveX/Cookie/VB blocking, IM/P2P blocking)
  • PPPoE, NAT, PAT, Transparent mode
  • Policy Based Routing (PBR)
  • OSPF dynamic routing
  • Application Layer Gateway (ALG)
  • ZoneDefense mechanism (Proactive Network Security)


VPN
  • Up to 2,500 dedicated VPN tunnels
  • IPSec NAT traversal
  • Encryption: DES, 3DES, AES, Blowfish, Twofish, CAST-128
  • User authentication via RADIUS server, Microsoft IAS, LDAP* or internal database (up to 3,000 accounts)


Traffic shaping and load balancing

  • Policy based traffic shaping
  • Guaranteed bandwidth, maximum bandwidth, priority bandwidth
  • Outbound load-balancing
  • Server Load Balancing (SLB)
  • Dynamic bandwidth balancing


High Availability (HA)
  • WAN failover
  • Active/passive modes
  • Device / Link failure detection


Logging and management

  • Internal log
  • External log (Syslog)
  • VPN tunnel monitor
  • Web-based configuration (http/https), CLI
  • SNMP v1, v2c


D-Link Green™

  • Efficient 80 PLUS certified internal power supply
  • RoHS compliant
  • WEEE compliant


1 Actual performance may vary depending on network conditions and activated services.
2 Maximum firewall plain text throughput based on RFC2544 testing methodologies
3 VPN throughput measured using UDP traffic at 1420 byte packet size adhering to RFC 2544.
4 IPS and Anti-Virus performance test based on HTTP protocol with a 1MB file attachment run on the IXIA IxLoad. Testing is done with multiple flows through multiple port pairs.

Supporto

Versione Data Tipo Dimensioni file
Datasheet (English) - PDF 2.61mb Download
Versione Descrizione Data Tipo Dimensioni file
User Manual (English) User Manual (English) - PDF 8.78mb Download
Versione Descrizione Data Tipo Dimensioni file
2.0 QIG 03/03/2013 PDF 3.16mb Download
Versione Descrizione Data
Firmware v2.27.03.25 all 2.27.03.25 Firmware v2.27.03.25 all 09/12/2011 Download
Versione Descrizione Data
DEU_CLI_Guide_RevA CLI Reference Guide (English) 10/11/2010 Download
DEU_Log_Reference_RevA Log Reference Guide (English) 10/11/2010 Download
DEU_CE_A1_EN_FR_RevA Certificate of Declaration A1 (English/French) 05/01/2010 Download