D-Link DFL-80 Ethernet VPN Firewall Manual Building Networks for People
Contents Package Contents ................................................................................3 Introduction............................................................................................4 Software Management ..........................................................................6 Troubleshooting .................................................................................134 Technical Specifications ....................................................................
Package Contents Contents of Package: D-Link DFL-80 Firewall Manual and Warranty on CD Quick Installation Guide AC power adapter (5V, 3A) Note: Using a power supply with a different voltage rating than the one included with the DFL-80 will cause damage and void the warranty for this product. If any of the above items are missing, please contact your reseller.
Introduction The DFL-80 provides six 10/100Mbit Ethernet network interface ports which are (4) Internal/LAN, (1) External/WAN, and (1) DMZ port. It also provides an easily operated software WebUI which allows users to set system parameters or monitor network activities using a web browser. DFL-80 security feature Some functions that are available in the firewall are: Packet Filter, Proxy Server, Intruder Alarm, Packet Monitor Log, Inbound/Outbound Policy, etc.
Hardware Description DMZ Port: Use this port to connect to the company’s server(s), which needs direct connection to the Internet (FTP, SNMP, HTTP, DNS). External Port (WAN): Use this port to connect to the external router, DSL modem, or Cable modem. Internal Ports (LAN): Use this port to connect to the internal network of the office. Reset: Reset the DFL-80 to the original default settings. DC Power: connect one end of the power supply to this port, the other end to the electrical wall outlet.
Software Management DFL-80 management tool: Web User Interface The main menu functions are located on the left-hand side of the screen, and the display window will be on the right-hand side. The main functions include 12 items, which are: Administrator, Configuration, Address, Service, Schedule, Policy, VPN, Virtual Server, Log, Alarm, Statistics, and Status.
Logging In Connect the Administrator’s PC to the Internal (LAN) port of the DFL-80 Firewall. Make sure there is a link light for the connection. The DFL-80 has an embedded web server used for management and configuration. Use a web browser to display the configurations of the firewall (such as Internet Explorer 6(or above) or Netscape 6(or above) with full java script support). The default IP address of the firewall is 192.168.1.1 with a subnet mask of 255.255.255.0.
Administration The DFL-80 Firewall Administration and monitoring control is set by the System Administrator. The System Administrator can add or modify System settings and monitoring mode. The sub Administrators can only read System settings but not modify them. In Administration, the System Administrator can: (1) Add and change the sub Administrator’s names and passwords; (2) Back up all Firewall settings into local files. (3) Set up alerts for intruder invasions.
Administration (continued) Firewall Administration setup On the left hand menu, click on Administration, and then select Admin below it. The current list of Administrator(s) shows up. Settings of the Administration table: Administrator Name: The username of Administrators for the firewall. The user admin cannot be removed. Privilege: The privileges of Administrators (Admin or Sub Admin) The username of the main Administrator is Admin with read/write privilege.
Administration (continued) Adding a new Sub Administrator: Step 1. In the Administration window, click the New Sub Admin button to create a new Sub Administrator. Step 2. In the Add New Sub Administrator window: ! Sub Admin Name: Enter the username of new Sub Admin. ! Password: Enter a password for the new Sub Admin. ! Confirm Password: Enter the password again. Step 3. Click OK to add the user or click Cancel to cancel the addition.
Administration (continued) Changing the Sub-Administrator’s Password: Step 1. In the Administration window, locate the Administrator name you want to edit, and click on Modify in the Configure field. Step 2. The Modify Administrator Password window will appear. Enter in the required information: ! Password: enter original password. ! New Password: enter new password ! Confirm Password: enter the new password again. Step 3. Click OK to confirm password change or click Cancel to cancel it.
Settings The Administrator may use this function to backup firewall configurations and export (save) them to an “Administrator” computer or anywhere on the network; or restore a configuration file to the device; or restore the firewall back to default factory settings. Entering the Settings window: Click Setting in the Administrator menu to enter the Settings window. The Firewall Configuration settings will be shown on the screen.
Exporting DFL-80 Firewall settings: Step 1. Under Firewall Configuration, click on the Download button next to Export System Settings to Client. Step 2. When the File Download pop-up window appears, choose the destination place in which to save the exported file. The Administrator may choose to rename the file if preferred. Importing Firewall settings: Step 1. Under Firewall Configuration, click on the Browse button next to Import System Settings.
Restoring Factory Default Settings: Step 1. Select Reset Factory Settings under Firewall Configuration. Step 2. Click OK at the bottom-right of the screen to restore the factory settings. Enabling E-mail Alert Notification: Step 1. Select Enable E-mail Alert Notification under E-Mail Settings. This function will enable the Firewall to send e-mail alerts to the System Administrator when the network is being attacked by intruders or when emergency conditions occur. Step 2.
To-Firewall Packets Log Once this function is enabled, every packet passing through the Firewall will be recorded for the administrator to trace. Firewall Reboot Once this function is enabled, the firewall will be reboot. Step 1. Click Setting in the Administration menu to enter the settings window. Step 2. To reboot the Firewall, Click Reboot. Step 3. A confirmation pop-up box will appear. Step 4. Follow the confirmation pop-up box, click OK to restart firewall or click Cancel to discard.
Date/Time Admins can configure the Firewall’s date and time by either syncing to an Internet Network Time Server (NTP) or by syncing to your computer’s clock. Follow these steps to sync to an Internet Time Server. Step 1. Enable synchronization by checking the box. Step 2. Click the down arrow to select the offset time from GMT. Step 3. Enter the Server IP Address or Server name with which you want to synchronize. Step 4.
Software Update Under Software Update, the admin may update the DFL-80’s software with a newer software. The admin can visit http://support.dlink.com to get an available updated software.
Interface In this section, the Administrator can set up the IP addresses for home or office network. The Administrator may configure the IP addresses of the Internal (LAN) network, the External (WAN) network, and the DMZ network. The netmask and gateway IP addresses are also configured in this section. Entering the Interface menu: Click on Configuration in the left menu bar. Then click on Interface below it. The current settings of the interface addresses will appear on the screen.
The IP Address of the Internal Interface and the DMZ Interface are private IP addresses only. If the new Internal IP Address is not 192.168.1.1, the Administrator needs to set the IP Address on the computer to be on the same subnet as the Firewall and restart the System to make the new IP address effective. For example, if the Firewall’s new Internal IP Address is 172.16.0.1, then enter the new Internal IP Address 172.16.0.1 in the URL field of browser to connect to Firewall.
Ping: Select this to allow the external network to ping the IP Address of the Firewall. This will allow people from the Internet to be able to ping the Firewall. If set to enable, the DFL-80 will respond to echo request packets from the external network. WebUI: Select this to allow the DFL-80 WEBUI to be accessed from the WAN network. This will allow the WebUI to be configured from a user on the Internet. Keep in mind that the DFL-80 always requires a username and password to enter the WebUI.
Ping: Select this to allow the external network to ping the IP Address of the Firewall. This will allow people from the Internet to be able to ping the Firewall. If set to enable, the DFL-80 will respond to echo request packets from the external network. WebUI: Select this to allow the DFL-80 WEBUI to be accessed from the WAN network. This will allow the WebUI to be configured from a user on the Internet. Keep in mind that the DFL-80 always requires a username and password to enter the WebUI.
Multiple NAT Multiple NAT allows the local port to set multiple subnetworks and connect with the internet through different external IP Addresses. For instance: the lease line of a company applies several real IP Addresses 168.85.88.0/24, and the company is divided into the R&D department, the service and sales department, the procurement department, and the accounting department. The company can distinguish each department by different subnetworks for convenient management. The settings are as follows 1.
Multiple NAT settings Click Multiple NAT in the Configuration menu to enter Multiple NAT window. Multiple NAT Global port interface IP Address: Global port IP Address. Local port interface IP Address: Local port IP Address and Subnet Mask. Modify: Modify the settings of Multiple NAT. Click Modify to modify the parameters of Multiple NAT or click Delete to delete settings.
Add Multiple NAT Step 1. Click Multiple NAT in the Configuration menu to enter Multiple NAT window. Step 2. Click the Add button below to add Multiple NAT. Step 3. Enter the IP Address in the appropriate column of the new window. External Interface IP: WAN IP address to be used for the Multiple NAT session. Alias IP of Internal Interface: LAN IP address to be used for the Multiple NAT session. Netmask: LAN netmask to be used for the multiple NAT session. Step 4.
Modify Multiple NAT Step 1. Click Multiple NAT in the Configuration menu to enter Multiple NAT window. Step 2. Find the IP Address you want to modify and click Modify Step 3. Enter the new IP Address in Modify Multiple NAT window. Step 4. Click the OK button below to change the setting or click Cancel to discard changes. Delete Multiple NAT Step 1. Click Multiple NAT in the Configuration menu to enter Multiple NAT window. Step 2. Find the IP Address you want to delete and click Delete. Step 3.
Hacker Alert The Administrator can enable the DFL-80’s intruder alert functions in this section. When abnormal conditions occur, the Firewall will send an e-mail alert to notify the Administrator, and also display warning messages in the Event window of Alarm. Auto Detect functions: ! Detect SYN Attack: Select this option to detect TCP SYN attacks that intruders send to server computers continuously to block or cut down all the connections of the servers.
! ! ! ! ! ! ! ! Detect UDP Flood: Select this option to detect UDP flood attacks. A UDP flood attack is similar to an ICMP flood attack. After enabling this function, the System Administrator can enter the number of UDP packets per second that is allow to enter the network/firewall. Once the UDP packets exceed this limit, the activity will be logged in Alarm and an email alert is sent to the Administrator. The default UDP flood threshold is set to 1000 Pkts/Sec .
Route Table In this section, the Administrator can add static routes for the networks. Entering the Route Table screen: Click Configuration on the left side menu bar, then click Route Table below it. The Route Table window appears, in which current route settings are shown. Route Table functions: ! Interface: Destination network, internal or external networks. ! Destination IP: IP address of destination network. ! NetMask: Netmask of destination network.
Adding a new Static Route: Step 1. In the Route Table window, click the New Entry button. Step 2. In the Add New Static Route window, enter new static route information. Step 3. In the Interface pull-down menu, select the network to connect (Internal, External or DMZ). Step 4. Click OK to add the new static route or click Cancel to cancel. Removing a Static Route: Step 1. In the Route Table window, find the route to remove and click the corresponding Remove option in the Configure field. Step 2.
Modifying a Static Route: Step 1. In the Route Table menu, find the route to edit and click the corresponding Modify option in the Configure field. Step 2. In the Modify Static Route window, modify the necessary routing addresses. Step 3. Click OK to apply changes or click Cancel to cancel it.
DHCP In the section, the Administrator can configure DHCP (Dynamic Host Configuration Protocol) settings for the Internal (LAN) network. Entering the DHCP window: Step 1. Click Configuration on the left hand side menu bar, then click DHCP below it. The DHCP window appears in which current DHCP settings are shown on the screen.
Enabling DHCP Support: Step 1. In the Dynamic IP Address window, click Enable DHCP Support. Step 2. Domain Name: The Administrator may enter the name of the Internal network domain if preferred. Step 3. Domain Name Server: Enter in the IP address of the DNS Server to be assigned to the Internal network. Step 4. Client IP Address Range 1: Enter the starting and the ending IP address dynamically assigning to DHCP clients. Step 5.
Entering the DNS Proxy window: Click on Configuration in the menu bar, then click on DNS Proxy below it. The DNS Proxy window will appear. Below is the information needed for setting up the DNS Proxy: • Domain Name: The domain name of the server • Virtual IP Address: The virtual IP address respective to DNS Proxy • Configure: Modify or remove each DNS Proxy policy Adding a new DNS Proxy: Step 1: Click on the New Entry button and the Add New DNS Proxy window will appear.
Modifying a DNS Proxy: Step 1: In the DNS Proxy window, find the policy to be modified and click the corresponding Modify option in the Configure field. Step 2: Make the necessary changes needed. Step 3: Click OK to save changes or click on Cancel to cancel modifications. Removing a DNS Proxy: Step 1: In the DNS Proxy window, find the policy to be removed and click the corresponding Remove option in the Configure field.
Dynamic DNS The Dynamic DNS (require Dynamic DNS Service) allows you to alias a dynamic IP address to a static hostname, allowing your device to be more easily accessed by specific name. When this function is enabled, the IP address in Dynamic DNS Server will be automatically updated with the new IP address provided by ISP. Click Dynamic DNS in the Configuration menu to enter Dynamic DNS window. How to use dynamic DNS.
Add Dynamic DNS settings Step 1: Click Dynamic DNS in the Configuration menu to enter Dynamic DNS window. Step 2: Click Add button. Step 3: Click the information in the column of the new window. ! ! ! ! Service providers Select service providers. Register to the service providers’ website. WAN IP Address IP Address of the WAN port. Automatically fill in the external IP Check to automatically fill in the external IP. ! User Name Enter the registered user name.
Modify Dynamic DNS Step 1: Click Dynamic DNS in the Configuration menu to enter Dynamic DNS window. Step 2: Find the item you want to change and click Modify. Step 3: Enter the new information in the Modify Dynamic DNS window. Step 4: Click OK to change the settings or click Cancel to discard changes. Delete Dynamic DNS Step 1: Click Dynamic DNS in the Configuration menu to enter Dynamic DNS window. Step 2: Find the item you want to change and click Delete.
Address The DFL-80 Firewall allows the Administrator to set Interface addresses of the Internal network, Internal network group, External network, External network group, DMZ and DMZ group. What is the Address Table? An IP address in the Address Table can be an address of a computer or a sub network. The Administrator can assign an easily recognized name to an IP address. Based on the network it belongs to, an IP address can be an internal IP address, external IP address or DMZ IP address.
Adding a new Internal Address: Step 1. In the Internal window, click the New Entry button. Step 2. In the Add New Address window, enter the settings of a new internal network address. Step 3. Click OK to add the specified internal network or click Cancel to cancel the changes. Modifying an Internal Address: Step 1. In the Internal window, locate the name of the network to be modified. Click the Modify option in its corresponding Configure field. The Modify Address window appears on the screen immediately.
Removing an Internal Address: Step 1. In the Internal window, locate the name of the network to be removed. Click the Remove option in its corresponding Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the address or click Cancel to discard changes. Internal Group Entering the Internal Group window: The Internal Addresses may be combined together to become a group. Click Internal Group under the Address menu to enter the Internal Group window.
Adding an Internal Group: Step 1. In the Internal Group window, click the New Entry button to enter the Add New Address Group window. Step 2. In the Add New Address Group window: ! Available Address: list the names of all the members of the internal network. ! Selected Address: list the names to be assigned to the new group. ! Name: enter the name of the new group in the open field. Step 3.
Modifying an Internal Group: Step 1. In the Internal Group window, locate the network group desired to be modified and click its corresponding Modify option in the Configure field. Step 2. A window displaying the information of the selected group appears: ! Available Address: list names of all members of the Internal network. ! Selected Address: list names of members which have been assigned to this group. Step 3.
Removing an Internal Group: Step 1. In the Internal Group window, locate the group to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the group or click Cancel to discard changes. External Entering the External window: Click External under the Address menu to enter the External window. The current setting information, such as the name of the External network, IP and Netmask addresses will show on the screen.
Adding a new External Address: Step 1. In the External window, click the New Entry button. Step 2. In the Add New Address window, enter the settings for a new external network address. Step 3. Click OK to add the specified external network or click Cancel to discard changes. Removing an External Address: Step 1. In the External table, locate the name of the network to be removed and click the Remove option in its corresponding Configure field. Step 2.
External Group Entering the External Group window: Click the External Group under the Address menu bar to enter the External window. The current settings for the external network group(s) will appear on the screen.
Adding an External Group: Step 1. In the External Group window, click the New Entry button and the Add New Address Group window will appear. Step 2. In the Add New Address Group window the following fields will appear: ! Name: enter the name of the new group. ! Available Address: List the names of all the members of the external network. ! Selected Address: List the names to assign to the new group. Step 3.
Editing an External Group: Step 1. In the External Group window, locate the network group to be modified and click its corresponding Modify button in the Configure field. Step 2. A window displaying the information of the selected group appears: n Available Address: list the names of all the members of the external network. n Selected Address: list the names of the members that have been assigned to this group. Step 3.
Removing an External Group: Step 1. In the External Group window, locate the group to be removed and click its corresponding Modify option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the group or click Cancel to discard changes. DMZ Entering the DMZ window: Click DMZ under the Address menu to enter the DMZ window. The current setting information such as the name of the internal network, IP, and Netmask addresses will show on the screen.
Adding a new DMZ Address: Step 1. In the DMZ window, click the New Entry button. Step 2. In the Add New Address window, enter the settings for a new DMZ address. Step 3. Click OK to add the specified DMZ or click Cancel to discard changes. Modifying a DMZ Address: Step 1. In the DMZ window, locate the name of the network to be modified and click the Modify option in its corresponding Configure field. Step 2. In the Modify Address window, fill in new addresses. Step 3.
Removing a DMZ Address: Step 1. In the DMZ window, locate the name of the network to be removed and click the Remove option in its corresponding Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the address or click Cancel to discard changes. DMZ Group Entering the DMZ Group window: Click DMZ Group under the Address menu to enter the DMZ window. The current settings information for the DMZ group appears on the screen.
Adding a DMZ Group: Step 1. In the DMZ Group window, click the New Entry button. Step 2. In the Add New Address Group window: ! Available Address: List names of all members of the DMZ. ! Selected Address: list names to assign to a new group. Step 3. Name: Enter a name for the new group. Step 4. Add members: Select the names to be added from the Available Address list, and click the Add>> button to add them to the Selected Address list. Step 5.
Modifying a DMZ Group: Step 1. In the DMZ Group window, locate the DMZ group to be modified and click its corresponding Modify button in the Configure field. Step 2. A window displaying information about the selected group appears: ! Available Address: list the names of all the members of the DMZ. ! Selected Address: list the names of the members that have been assigned to this group. Step 3.
Removing a DMZ Group: Step 1. In the DMZ Group window, locate the group to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the group.
Service In this section, network services are defined and new network services can be added. There are three sub menus under Service which are: Pre-defined, Custom, and Group. The Administrator can simply follow the instructions below to define the protocols and port numbers for network communication applications. Users then can connect to servers and other computers through these available network services.
Pre-defined Entering the Pre-defined window: Click Service on the menu bar on the left side of the window. Click Predefined under it. A window will appear with a list of services and their associated Port numbers. Note: This list cannot be modified. Custom Entering the Custom window: Click Service on the menu bar on the left side of the window. Click Custom under it. A window will appear with a table showing all services currently defined by the Administrator.
Adding a new Service: Step 1: In the Custom window, click the New Entry button and a new service table appears. Step 2: In the new service table: ! Service Name: This will be the name referencing the new service. ! Protocol: Enter the network protocol type to be used, such as TCP, UDP, or Other (please enter the number for the protocol type). ! Client Port: Enter the range of port number of new clients. ! Server Port: Enter the range of port number of new servers.
Modifying Custom Services: Step 1. In the Custom table, locate the name of the service to be modified. Click its corresponding Modify option in the Configure field. Step 2. A table showing the current settings of the selected service appears on the screen Step 3. Enter the new values. Step 4. Click OK to accept editing; or click Cancel. Removing Custom Services: Step 1. In the Custom window, locate the service to be removed. Click its corresponding Remove option in the Configure field. Step 2.
Group Accessing the Group window: Click Service in the menu bar on the left hand side of the window. Click Group under it. A window will appear with a table displaying current service group settings set by the Administrator.
Adding Service Groups: Step 1. In the Group window, click the New Entry button. In the Add Service Group window, the following fields will appear: ! Available Services: List all the available services. ! Selected Services: List services to be assigned to the new group. Step 2. Enter the new group name in the group Name field. This will be the name referencing the created group. Step 3.
Modifying Service Groups: Step 1. In the Group window, locate the service group to be edited. Click its corresponding Modify option in the Configure field. Step 2. In the Mod (modify) group window the following fields are displayed: ! Available Services: Lists all the available services. ! Selected Services: List services that have been assigned to the selected group. Step 3. Add new services: Select services in the Available Services list, and then click the Add>> button to add them to the group. Step 4.
Removing Service Groups: Step 1. In the Group window, locate the service group to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the selected service group or click Cancel to cancel removing.
Schedule The DFL-80 Office Firewall allows the Administrator to configure a schedule for policies to take affect. By creating a schedule, the Administrator is allowing the Firewall policies to be used at those designated times only. Any activities outside of the scheduled time slot will not follow the Firewall policies therefore will likely not be permitted to pass through the Firewall. The Administrator can configure the start time and stop time periods in a day.
Adding a new Schedule: Step 1: Click on the New Entry button and the Add New Schedule window will appear. Step 2: Schedule Name: Fill in a name for the new schedule. Period 1: Configure the start and stop time for the days of the week that the schedule will be active. Step 3: Click OK to save the new schedule or click Cancel to cancel adding the new schedule.
Removing a Schedule: Step 1: In the Schedule window, find the policy to be removed and click the corresponding Remove option in the Configure field. Step 2: A confirmation pop-up box will appear, click on OK to remove the schedule.
Policy This section provides the Administrator with facilities to set control policies for packets with different source IP addresses, source ports, destination IP addresses, and destination ports. Control policies decide whether packets from different network objects, network services, and applications are able to pass through the Firewall. What is Policy? The DFL-80 uses policies to filter packets.
Outgoing This section describes steps to create policies for packets and services from the Internal (LAN) network to the External (WAN) network. Entering the Outgoing window: Click Policy on the left hand side menu bar, then click Outgoing under it. A window will appear with a table displaying currently defined Outgoing policies. The fields in the Outgoing window are: ! Source: Source network addresses that are specified in the Internal section of Address menu, or all the Internal (LAN) network addresses.
Adding a new Outgoing Policy: Step 1: Click on the New Entry button and the Add New Policy window will appear. Step 2: Source Address: Select the name of the Internal (LAN) network from the drop down list. The drop down list contains the names of all internal networks defined in the Internal section of the Address menu. To create a new source address, please go to the Internal section under the Address menu. Destination Address: Select the name of the External (WAN) network from the drop down list.
Modifying an Outgoing policy: Step 1: In the Outgoing policy section, locate the name of the policy desired to be modified and click its corresponding Modify option under the Configure field. Step 2: In the Modify Policy window, fill in new settings. Note: To change or add selections in the drop-down list for source or destination address, go to the section where the selections are setup.
Removing the Outgoing Policy: Step 1. In the Outgoing policy section, locate the name of the policy desired to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation dialogue box, click OK to remove the policy or click Cancel to cancel removing. Enabled Monitoring function: Log: If Logging is enabled in the outgoing policy, the DFL-80 will log the traffic and event passing through the Firewall.
Alarm: If Logging is enabled in the outgoing policy, the DFL-80 will log the traffic alarms and event alarms passing through the Firewall. The Administrator can click Alarm on the left menu to get the logs of flow and event alarms of the specified policy. Note: The Administrator can also get information on alarm logs from the Alarm window. Please refer to the section entitled “Alarm” for more information.
Incoming This chapter describes steps to create policies for packets and services from the External (WAN) network to the Internal (LAN) network including Mapped IP and Virtual Server. Enter Incoming window: Step 1: Click Incoming under the Policy menu to enter the Incoming window. The Incoming table will display current defined policies from the External (WAN) network to assigned Mapped IP or Virtual Server.
Adding an Incoming Policy: Step 1: Under Incoming of the Policy menu, click the New Entry button. Step 2: Source Address: Select names of the external networks from the drop down list. The drop down list contains the names of all external networks defined in the External section of the Address menu. To create a new source address, please go to the Internal section under the Address menu. Destination Address: Select names of the internal networks from the drop down list.
Modifying Incoming Policy: Step 1: In the Incoming window, locate the name of policy desired to be modified and click its corresponding Modify option in the Configure field. Step 2: In the Modify Policy window, fill in new settings. Step 3: Click OK to save modifications or click Cancel to cancel modifications. Removing an Incoming Policy: Step 1: In the Incoming window, locate the name of policy desired to be removed and click its corresponding Remove in the Configure field.
External To DMZ & Internal to DMZ This section describes steps to create policies for packets and services from the External (WAN) networks to the DMZ networks. Please follow the same procedures for Internal (LAN) networks to DMZ networks. Enter “External To DMZ” or “Internal To DMZ” selection: Click External To DMZ under Policy menu to enter the External To DMZ window. The External To DMZ table will show up displaying currently defined policies.
Adding a new External To DMZ Policy: Step 1: Click the New Entry button and the Add New Policy window will appear. Step 2: Source Address: Select names of the external networks from the drop down list. The drop down list contains the names of all external networks defined in the External section of the Address menu. To create a new source address, please go to the Internal section under the Address menu. Destination Address: Select the name of the DMZ network from the drop down list.
Modifying an External to DMZ policy: Step 1: In the External To DMZ window, locate the name of policy desired to be modified and click its corresponding Modify option in the Configure field. Step 2: In the Modify Policy window, fill in new settings. Step 3: Click OK to do save modifications. Removing an External To DMZ Policy: Step 1: In the External To DMZ window, locate the name of policy desired to be removed and click its corresponding Remove option in the Configure field.
DMZ To External & DMZ To Internal This section describes steps to create policies for packets and services from DMZ networks to External (WAN) networks. Please follow the same procedures for DMZ networks to Internal (LAN) networks. Entering the DMZ To External window: Click DMZ To External under Policy menu and the DMZ To External table appears displaying currently defined DMZ To External policies.
Adding a DMZ To External Policy: Step 1: Click the New Entry button and the Add New Policy window will appear. Step 2: Source Address: Select the name of the DMZ network from the drop down list. The drop down list will contain names of DMZ networks defined in DMZ section of the Address menu. To add a new source address, please go to the DMZ section under the Address menu. Destination Address: Select the name of the external network from the drop down list.
Modifying a DMZ To External policy: Step 1: In the DMZ to External window, locate the name of policy desired to be modified and click its corresponding Modify option in the Configure field. Step 2: In the Modify Policy window, fill in new settings. Note: To change or add selections in the drop-down list, go to the section where the selections are setup.
Removing a DMZ To External Policy: Step 1. In the DMZ To External window, locate the name of policy desired to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation dialogue box, click OK. VPN The DFL-80 Firewall’s VPN (Virtual Private Network) is set by the System Administrator. The System Administrator can add, modify or remove VPN settings.
Autokey IKE This chapter describes steps to create a VPN connection using Autokey IKE. Autokey IKE (Internet Key Exchange) provides a standard method to negotiate keys between two security gateways. For example, with two firewall devices, IKE allows new keys to be generated after a set amount of time has passed or a certain threshold of traffic has been exchanged. Accessing the Autokey IKE window: Click IPSec Autokey under the VPN menu to enter the Autokey IKE window.
Adding the Autokey IKE: Step 1. Click the New Entry button and the VPN Auto Keyed Tunnel window will appear. Step 2: ! Preshare Key: The IKE VPN must be defined with a Preshared Key. The Key may be up to 128 bytes long. ! ESP/AH: The IP level security, AH and ESP, were originally proposed by the Networking Group focused on IP security mechanisms, IPSec. The term IPSec is used loosely here to refer to packets, keys, and routes that are associated with these headers.
Modifying an Autokey IKE: Step 1: In the Autokey IKE window, locate the name of policy desired to be modified and click its corresponding Modify option in the Configure field. Step 2: In the Modify Policy window, fill in new settings. Step 3: Click OK to save modifications. Connecting the VPN connection: Once all the policy is created with the correct settings, click on the Connect option in the Configure field. The Status field will change to indicate Connecting.
Removing Autokey IKE: Step 1. Locate the name of the Autokey IKE desired to be removed and click its corresponding Delete option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the Autokey IKE or click Cancel to cancel deleting.
PPTP Server Entering the PPTP Server window Step 1. Select VPN > PPTP Server. ! PPTP Server- Click Modify to select Enable or Disable. ! Client IP Range- 192.66.255.1-254 Displays the IP address range for PPTP Client connection. ! User Name- Displays the PPTP Client user’s name for authentication. ! Client IP- Displays the PPTP Client’s IP address for authentication. ! Uptime- Displays the connection time between PPTP Server and Client.
Modifying PPTP Server Design Step 1. Select VPN > PPTP Server. Step 2. Click Modify after the Client IP Range. Step 3. In the Modify Server Design Window, enter appropriate settings. ! ! Disable PPTP- Check to disable PPTP Server. ! Auto-Disconnect if idle … minutes- Configure this device to disconnect to the PPTP Server when there is no activity for a predetermined period of time. To keep the line always connected, set the number to 0. ! Enable PPTP- Check to enable PPTP Server. 1.
Adding PPTP Server Step 1. Select VPN > PPTP Server. Click New Entry. Step 2. Enter appropriate settings in the following window. ! User name: Specify the PPTP client. This should be unique. ! Password: Specify the PPTP client password. ! Remote Client Single Machine: Check to connect to single computer. Multi-Machine: Check to allow multiple computers connected to the PPTP server. :Enter the PPTP Client IP address. IP Address: Netmask: Enter the PPTP Client Sub net mask.
Modifying PPTP Server Step 1. Step 2. Step 3. Step 4. 88 Select VPN > PPTP Server. In the PPTP Server window, find the PPTP server that you want to modify. Click Configure and click Modify. Enter appropriate settings.
Removing PPTP Server Step 1. Select VPN > PPTP Server. Step 2. In the PPTP Server window, find the PPTP server that you want to modify. Click Configure and click remove. Step 3. Click OK to remove the PPTP server or click Cancel to exit without removal.
PPTP Client Entering the PPTP Client window Step 1. Select VPN > PPTP Client. ! Server Address: Displays the PPTP Server IP addresses.. ! User Name: Displays the PPTP Client user’s name for ! ! ! ! 90 authentication. Client IP: Displays the PPTP Client’s IP address for authentication. Uptime: Displays the connection time between PPTP Server and Client. Status: Displays current connection status between PPTP Server and PPTP client.
Adding a PPTP Client Step 1. Select VPN > PPTP Client. ! User name: Specify the PPTP client. This should be unique. ! Password: Specify the PPTP client password. ! Server Address: Enter the PPTP Server’s IP address. ! ! ! ! Remote Server: Single Machine: Check to connect to single computer. Multi-Machine: Check to allow multiple computers connected to the PPTP server. IP Address: Enter the PPTP Client IP address. Netmask: Enter the PPTP Client Sub net mask.
Modifying PPTP Client Step 1. Select VPN > PPTP Client. Step 2. In the PPTP Client window, find the PPTP server that you want to modify. Click Configure and click Modify. Step 3. Enter appropriate settings. Step 4.
Removing PPTP Client Step 1. Select VPN > PPTP Client. Step 2. In the PPTP Client window, find the PPTP client that you want to modify. Click Configure and click remove. Step 3. Click OK to remove the PPTP client or click Cancel to exit without removal.
Content filtering URL Blocking The Administrator may setup URL Blocking to prevent Internal network users from accessing a specific website on the Internet. Any web request coming from an Internal network computer to a blocked website will receive a blocked message instead of the website. Entering the URL blocking window: Click on URL Blocking under the Configuration menu bar. Click on New Entry. Adding a URL Blocking policy: Step 1: After clicking New Entry, the Add New Block String window will appear.
Modifying a URL Blocking policy: Step 1: In the URL Blocking window, find the policy to be modified and click the corresponding Modify option in the Configure field. Step 2: Make the necessary changes needed. Step 3: Click on OK to save changes or click on Cancel to cancel modifications. Removing a URL Blocking policy: Step 1: In the URL Blocking window, find the policy to be removed and click the corresponding Remove option in the Configure field.
Blocked URL site: When a user from the Internal network tries to access a blocked URL, the error below will appear. General Blocking To let Popups, ActiveX, Java, or Cookies in or keep them out. Step 1: Click Content Filtering in the menu. Step 2: General Blocking detective functions. ! ! ! ! Popup filtering: Prevent pop-up boxes from appearing. ActiveX filtering: Prevent ActiveX packets. Java filtering: Prevent Java packets. Cookie filtering: Prevent Cookie packets.
Virtual Server The DFL-80 VPN Firewall separates an enterprise’s Intranet and Internet into internal networks and external networks respectively. Generally speaking, in order to allocate enough IP addresses for all computers, an enterprise assigns each computer a private IP address, and converts it into a real IP address using the Firewall’s NAT (Network Address Translation) function.
Mapped IP Internal private IP addresses are translated through NAT (Network Address Translation). If a server is located in the internal network, it has a private IP address, and outside users cannot connect directly to internal servers’ private IP address. To connect to an internal network server, outside users have to first connect to a real IP address of the external network, and the real IP is translated to a private IP of the internal network.
Adding new IP Mapping: Step 1. In the Mapped IP window, click the New Entry button the Add New Mapped IP window will appear. ! External IP: select the external public IP address to be mapped. ! Internal IP: enter the internal private IP address or DMZ IP address which will be mapped 1-to-1 to the external IP address. Step 2. Click OK to add new IP Mapping or click Cancel to cancel adding. Modifying a Mapped IP: Step 1.
Removing a Mapped IP: Step 1. In the Mapped IP table, locate the Mapped IP desired to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up window, click OK to remove the Mapped IP or click Cancel to cancel. Virtual Server Virtual server is a one-to-many mapping technique, which maps a real IP address from the external interface to private IP addresses of the internal network.
Adding a Virtual Server: Step 1. Click an available virtual server from Virtual Server in the Virtual Server menu bar to enter the virtual server configuration window. In the following, Virtual Server is assumed to be the chosen option: Step 2. Click the click here to configure button and the Add new Virtual Server IP window appears and asks for an IP address from the external network. Step 3. Select an IP address from the drop-down list of available external network IP addresses. Step 4.
When Disable appears in the drop-down list, no Virtual Server can be added.
Modifying a Virtual Server IP Address: Step 1. Click the virtual server to be modified Virtual Server under the Virtual Server menu bar. A new window appears displaying the IP address and service of the specified virtual server. Step 2. Click on the Virtual Server’s IP Address button at the top of the screen. Step 3. Click OK to save new IP address or click Cancel to cancel modification.
Removing a Virtual Server: Step 1. Click the virtual server to be removed in the corresponding Virtual Server option under the Virtual Server menu bar. A new window displaying the virtual server’s IP address and service appears on the screen. Step 2. Click the Virtual Server’s IP Address button at the top of the screen. Step 3. Select Disable in the drop-down list in. Step 4. Click OK to remove the virtual server. Setting the Virtual Server’s services: Step 1.
! External Service Port: Select the service from the pull down list that will be provided by the Virtual Server. Note: The services in the drop-down list are all defined in the Pre-defined and Custom section of the Service menu. Step 3. Enter the IP address of the internal network server(s), to which the virtual server will be mapped. Up to four IP addresses can be assigned at most. Step 4. Click OK to save the settings of the Virtual Server.
Modifying the Virtual Server configurations: Step 1. In the Virtual Server window’s service table, locate the name of the service desired to be modified and click its corresponding Modify option in the Configure field. Step 2. In the Virtual Server Configuration window, enter the new settings. Step 3. Click OK to save modifications or click Cancel to cancel modification. Note: A virtual server cannot be modified or removed if it has been assigned to the destination address of any Incoming policies.
Removing the Virtual Server service: Step 1. In the Virtual Server window’s service table, locate the name of the service desired to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the service or click Cancel to cancel removing. Log The DFL-80 VPN Firewall supports traffic logging and event logging to monitor and record services, connection times, and the source and destination network address.
How to use the Log The Administrator can use the log data to monitor and manage the DFL-80 and the networks. The Administrator can view the logged data to evaluate and troubleshoot the network, such as pinpointing the source of traffic congestions. Traffic Log The Administrator queries the Firewall for information, such as source address, destination address, start time, and Protocol port, of all connections.
Traffic Log: The table in the Traffic Log window displays current System statuses: ! Time: The start time of the connection. ! Source: IP address of the source network of the specific connection. ! Destination: IP address of the destination network of the specific connection. ! Protocol & Port: Protocol type and Port number of the specific connection. ! Disposition: Accept or Deny. Downloading the Traffic Logs: The Administrator can backup the traffic logs regularly by downloading it to the computer.
Clearing the Traffic Logs: The Administrator may clear on-line logs to keep just the most updated logs on the screen. Step 1. In the Traffic Log window, click the Clear Logs button at the bottom of the screen. Step 2. In the Clear Logs pop-up box, click OK to clear the logs or click Cancel to cancel it.
Event Log When the DFL-80 Firewall detects events, the Administrator can get the details, such as time and description of the events from the Event Logs. Entering the Event Log window: Click the Event Log option under the Log menu and the Event Log window will appear. The table in the Event Log window displays the time and description of the events. ! Time: Time when the event occurred. ! Event: Description of the event.
Downloading the Event Logs: Step 1. In the Event Log window, click the Download Logs button at the bottom of the screen. Step 2. Follow the File Download pop-up window to save the event logs into a specific directory on the hard drive. Clearing the Event Logs: The Administrator may clear on-line event logs to keep just the most updated logs on the screen. Step 1. In the Event Log window, click the Clear Logs button at the bottom of the screen. Step 2.
Log Report The Log Report Step 1. Click Log > Log Report. :When the Log Mail files ! Enable Log Mail Configuration: accumulated up to 300Kbytes, router will notify administrator by email with the traffic log and event log. Note: Before enabling this function, you have to enable E-mail Alarm in Administrator. ! Enable Syslog Settings: :If you enable this function, system will transmit the Traffic Log and the Event Log simultaneously to the server which supports Syslog function.
Enable Log Mail Support & Syslog Message Log Mail Configuration /Enable Log Mail Support Step 1. First, go to Admin –Select Enable E-mail Alert Notification under E-Mail Settings. Enter the e-mail address to receive the alarm notification. Click OK. Step 2. Go to Log #Log Report. Check to enable Log Mail Support. Click OK. System Settings/Enable Syslog Message Step 1. Check to enable Syslog Message. Enter the Host IP Address and Host Port number to receive the Syslog message. Step 2.
Alarm In this chapter, the Administrator can view traffic alarms and event alarms that occur and the firewall has logged. Firewall has two alarms: Traffic Alarm and Event Alarm. Traffic alarm: In control policies, the Administrator set the threshold value for traffic alarm. The System regularly checks whether the traffic for a policy exceeds its threshold value and adds a record to the traffic alarm file if it does.
Traffic Alarm Entering the Traffic Alarm window: Click the Traffic Alarm option below Alarm menu to enter the Traffic Alarm window. The table in the Traffic Alarm window displays the current traffic alarm logs for connections. ! Time: The start and stop time of the specific connection. ! Source: Name of the source network of the specific connection. ! Destination: Name of the destination network of the specific connection. ! Service: Service of the specific connection.
Clearing the Traffic Alarm Logs: Step 1. In the Traffic Alarm window, click the Clear Logs button at the bottom of the screen. Step 2. In the Clear Logs pop-up box, click OK to clear the logs or click Cancel to cancel. Downloading the Traffic Alarm Logs: The Administrator can back up traffic alarm logs regularly and download it to a file on the computer. Step 1. In the Traffic Alarm window, click the Download Logs button on the bottom of the screen. Step 2.
Event Alarm Entering the Event Alarm window: Click the Event Alarm option in the Alarm menu to enter the Event Alarm window. The table in the Event Alarm window displays current traffic alarm logs for connections. 118 ! Time: Log time. ! Event: Event descriptions.
Clearing Event Alarm Logs: The Administrator may clear on-line logs to keep the most updated logs on the screen. Step 1. In the Event Alarm window, click the Clear Logs button at the bottom of the screen. Step 2. In the Clear Logs pop-up box, click OK. Downloading the Event Alarm Logs: The Administrator can back up event alarm logs regularly by downloading it to a file on the computer. Step 1. In the Event Alarm window, click the Download Logs button at the bottom of the screen. Step 2.
Statistics In this chapter, the Administrator queries the DFL-80 VPN Firewall for statistics of packets and data which passes across the Firewall. The statistics provides the Administrator with information about network traffics and network loads. What is Statistics Statistics are the statistics of packets that pass through the Firewall by control policies setup by the Administrator.
Status In this section, the DFL-80 displays the status information about the Firewall. Status will display the network information from the Configuration menu. The Administrator may also use Status to check the DHCP lease time and MAC addresses for computers connected to the Firewall. Interface Status Entering the Interface Status window: Click on Status in the menu bar, then click Interface Status below it. A window will appear providing information from the Configuration menu.
ARP Table Entering the ARP Table window: Click on Status in the menu bar, then click ARP Table below it. A window will appear displaying a table with IP addresses and their corresponding MAC addresses. For each computer on the Internal, External, and DMZ network that replies to an ARP packet, the DFL-80 will list them in this ARP table.
DHCP Clients Entering the DHCP Clients window: Click on Status in the menu bar, then click on DHCP Clients below it. A window will appear displaying the table of DHCP clients that are connected to the DFL-80. The table will list host computers on the Internal network that obtain its IP address from the Firewall’s DHCP server function.
Glossary DHCP (Dynamic Host Configuration Protocol) When a computer with no fixed IP address starts up, it asks the DHCP server for a temporary IP address. The DHCP server allocates an IP address, which falls within the same sub-network as the server and does not conflict with other computers on the network, to the client.
Subnet Mask Subnet Mask is used to segment a network into 2, 4, 8, etc sub-networks. For example, take a Class B network with network number 172.16.0.0 and subnet mask 255.255.244.0. The first two numbers represents network number after segmentation. The first 3 bits of the third number is the Subnet Number. There are 2^3= 8 sub networks. The remaining five bits plus the eight bits of fourth number, thirteen bits in total, are the networks addresses available for each sub-network.
User Datagram Protocol (UDP Protocol) User Datagram Protocol is a transport layer protocol in the TCP/IP protocol stack. UDP uses application program to pack user data into packets, and IP transfer these packets into their destination. Under UDP, applications can exchange messages with least costs. UDP is an unreliable, connectionless protocol. Unreliable means that this protocol has no specification to exchange datagram with guaranteed delivery, but it does transfer data correctly over network.
Firewall The firewall has three basic functions: 1. 2. 3. Restrict data to enter at a control point. Restrict data to flow out at a control point. Keep attackers away from servers. Firewall protects: 1. Software data 2. Hardware data 3. Company’s reputation Firewall’s standard interfaces are 1. External (WAN) network also known as Untrusted Network 2. Internal (LAN) network also known as Trusted Network 3. DMZ network also known as De-Militarized Network Add-on values of firewall are: 1.
IP Spoofing Data packets sent is from a fake source address. If the firewall’s policy does not restrict these packets from passing through, they could be used to attack internal servers easily. Network Address Translation NAT is the translation of IP addresses between internal or private networks and the public IP addresses on the Internet. There are three IP address blocks that have been assigned as private IP address space: 10.0.0.0 – 10.255.255.255 172.16.0.0 – 172.31.255.255 192.168.0.0 – 192.168.255.
Address Group The usual way to setup different packet IP filters for the same policy is to create one policy for each filter. If there are 10 IP addresses then 10 policies have to be created. Address Group is used to simplify this kind of procedures. The administrator creates a new group name in External Groups of Address menu and adds all the related IP addresses into that group. After the group is created, the group name will be shown in Address Table.
123456789012345678901234567890121234 123456789012345678901234567890121234 123456789012345678901234567890121234 123456789012345678901234567890121234 HUB 123456789012345678901234567890121234 123456789012345678901234567890121234 123456789012345678901234567890121234 123456789012345678901234567890121234 123456789012345678901234567890121234 Net ID = 192.168.1.
Mapped IP Both Mapped IP and Virtual Server use IP mapping mechanism to allow outside users access internal servers through the firewall. They are different in following ways: ! Virtual Server has Load balance feature, and Mapped IP does not. ! Virtual Server has a one-to-many mapping relationship to physical servers and Mapped IP is mapped to physical servers in one-to-one fashion. A virtual server can be mapped to only one service, such as SMTP, HTTP or FTP.
Schedule Schedule is used to set up different time intervals conveying different policies. A policy only works in specified time interval, and is automatically disabled outside the specified time interval. A specific schedule can be set to repeat every week or just happen once. Service TCP protocol and UDP protocol provided different services. Each service has a TCP port number and a UDP port number, such as TELNET(23), FTP(21), SMTP(25), POP3(110), etc.
Virtual Server The Firewall separates an enterprise’s Intranet and Internet into internal networks and external networks respectively. Generally speaking, in order to allocate enough IP addresses for all computers, an enterprise assigns each computer a private IP address, and converts it into a real IP address through the firewall’s NAT (Network Address Translation) function.
Trouble-Shooting Q: How to upgrade the DFL-80’s software? A: The DFL-80’s software and system parameters are all stored in the Flash Memory. The Flash Memory is re-writable and re-readable. Users can contact the distributors to obtain the newest version of software.
Q: What is the difference in privileges of admin and sub admin? A: The DFL-80 sets the system administrator’s name and password to admin. When the administrator sets up the system the first time, the installation wizard asks administrators to change the password for admin (user name ‘admin’ can not be changed). In the admin menu under Administration, the admin may add or change the name and password of sub admin.
restart the computer to activate new IP address. Run Browser and enter http://192.168.1.1 in URL field to access Firewall WebUI. Step 2: Browser will ask or the user’s name and password enter ‘admin’ and password. Step 3: Then WebUI will request the user to change password. Change it and record the new password. The user name is still ‘admin’. Step 4: Set new Internal IP Address (enterprise’s private IP address) and External IP Address (allocated by ISP provider).
Q: Can Admin modify the internal and external interface IP addresses anytime? A: No, because the names in the address table are set according to the IP addresses of internal and external interface cards, and the source address and destination address of policies are set according to address table. The IP addresses of the DFL-80’s internal interface and external interface are foundations of administration policies.
Setup Examples Example 1: Allow the Internal network to be able to access the Internet Example 2: The Internal network can only access Yahoo.com website Example 3: Outside users can access the internal FTP server through Virtual Servers Example 4: Install a server inside the Internal network and have the Internet (External) users access the server through IP Mapping Example 1: Allow the Internal network to be able to access the Internet Step 1. Enter the Outgoing window under the Policy menu. Step 2.
Example 2: The Internal network can only access Yahoo.com website. Step 1. Enter the External window under the Address menu. Step 2. Click the New Entry button. Step 3. In the Add New Address window, enter relating parameters. Step 4. Click OK to end the address table setup. Step 5. Go to the Outgoing window under the Policy menu. Step 6. Click the New Entry button. Step 7. In the Add New Policy window, enter corresponding parameters. Click OK.
Example 3: Outside users can access the internal FTP server through Virtual Servers Step 1. Enter Virtual Server 1 under the Virtual Server menu. Step 2. Click the ‘click here to configure’ button. Step 3. Select an External IP address, then click OK. Step 4. Click the New Service button on the bottom of the screen. Step 5. Add the FTP service pointing to the internal server IP address. Click OK. Step 6. A new Virtual Service should appear. Step 7.
Step 8. In the Add New Policy window, set each parameter, then click OK. Step 9. An Incoming FTP policy should now be created. Example 4: Install a server inside the Internal network and have the Internet (External) users access the server through IP Mapping Step 1. Enter the Mapped IP window under the Virtual Server menu. Step 2. Click the New Entry button. Step 3. In the Add New IP Mapping window, enter each parameter, and then click OK.
Technical Specifications Standards IEEE 802.3 IEEE 802.3u IEEE 802.3x ANSI / IEEE 802.
Technical Specifications Physical Dimensions: L = 9.25 inches (233 mm) W = 6.5 inches (165 mm) H = 1.38 inches (35 mm) Modulation Techniques: IP Sec IP Authentication Header (AH) Internet Key Exchange (IKE) authentication and Key Management Authentication (MD5 / SHA-1) NULL/DES/3DES Encryption Algorithm and their use with IPSec IP Encapsulating Security Payload (ESP) Internet Security Association and Key PPTP Server / Client Weight: 2.0 lbs.
Contacting Technical Support You can find the most recent software and user documentation on the D-Link website. D-Link provides free technical support for customers within the United States for the duration of the warranty period on this product. U.S. customers can contact D-Link technical support through our web site, or by phone. Tech Support for customers within the United States: D-Link Technical Support over the Telephone: (877) 453-5465 24 hours a day, seven days a week.
Warranty and Registration (USA only) Subject to the terms and conditions set forth herein, D-Link Systems, Inc. (“D-Link”) provides this Limited warranty for its product only to the person or entity that originally purchased the product from: • • D-Link or its authorized reseller or distributor and Products purchased and delivered within the fifty states of the United States, the District of Columbia, U.S. Possessions or Protectorates, U.S. Military Installations, addresses with an APO or FPO.
• The customer must submit with the product as part of the claim a written description of the Hardware defect or Software nonconformance in sufficient detail to allow D-Link to confirm the same. • The original product owner must obtain a Return Material Authorization (“RMA”) number from the Authorized D-Link Service Office and, if requested, provide written proof of purchase of the product (such as a copy of the dated purchase invoice for the product) before the warranty service is provided.
LIABILITY OF D-LINK UNDER THIS WARRANTY IS LIMITED TO THE PURCHASE PRICE OF THE PRODUCT COVERED BY THE WARRANTY. THE FOREGOING EXPRESS WRITTEN WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ANY OTHER WARRANTIES OR REMEDIES, EXPRESS, IMPLIED OR STATUTORY. Governing Law: This Limited Warranty shall be governed by the laws of the State of California.