1 Configuration examples for the D-Link NetDefend Firewall series DFL-210/800/1600/2500 Scenario: How to configure Bandwidth Management Last update: Overview In this document, the notation Objects->Address book means that in the tree on the left side of the screen Objects first should be clicked (expanded) and then Address Book. Most of the examples in this document are adapted for the DFL-800. The same settings can easily be used for all other models in the series. The only difference is the names of the interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan interfaces are named lan1, lan2 and lan3 not just lan. The screenshots in this document is from firmware version If you are using a later version of the firmware, the screenshots may not be identical to what you see on your browser. To prevent existing settings to interfere with the settings in these guides, reset the firewall to factory defaults before starting.
2 3How to configure Bandwidth Management Details for this scenario: - The WAN1 and WAN2 are using static IP with different ISP xdsl circuits. Both circuits bandwidth are 1Mbps (in this case, assume 1Mb=1000Kb). - From LAN to WAN1 HTTP, HTTPS, POP3 and other services connect to Internet. - WAN1: For inbound and outbound HTTP and HTTPS, the maximum bandwidth is 500Kb. - WAN1: For inbound and outbound POP3, the guaranteed bandwidth is 300Kb (maximum bandwidth is 1000Kb). - WAN1: For other inbound and outbound service, the maximum bandwidth is 200Kb. - From LAN to WAN2 SMTP, FTP and VoIP services connect to Internet. - WAN2: For inbound and outbound SMTP, the guaranteed bandwidth is 500Kb (the maximum bandwidth is 1000Kb) - WAN2: For inbound and outbound FTP, the maximum bandwidth is 250Kb. - WAN2: For inbound and outbound VoIP, the guaranteed bandwidth is 250Kb.
3 1. Addresses Go to Objects ->Address book -> InterfaceAddresses: Edit the following items: Change lan_ip to Change lannet to /24 Change wan1_ip to Change wan1net to /24 Change wan2_ip to Change wan2net to /24 Add a new IP4 Host/Network: Name: wan1-gw IP Address: Add a new IP4 Host/Network: Name: wan2-gw IP Address: Ethernet interfaces Go to Interfaces -> Ethernet: Edit the wan1 interface. Leave IP Address as wan1_ip and Network as wan1net. Select wan1-gw as Default Gateway.. 3. Services Go to Objects -> Services: Add a new TCP/UDP Service: Name: voip Type: TCP Source: Destination: (enter the TCP port number for the VoIP service)
4 4. Rules Go to Rules -> IP Rules -> lan_to_wan1. Delete the pre-created rules. Add a new IP Rule: In the General tab: Name: allow_http_https Action: NAT Service: http-all Address filter: Source interface: lan Source network: lannet Destination interface: wan1 Destination network: all-nets Add two more rules in the same way as the previous rule: Name Action Service SourceIf SourceNet DestIf DestNet allow_pop3 NAT pop3 lan lannet wan1 all-nets allow_standard NAT all_services lan lannet wan1 all-nets Go to Rules -> IP Rules: Add a new folder called lan_to_wan2.
5 In the new folder, create three new rules: allow_smtp, allow_ftp and allow_voip. Name Action Service SourceIf SourceNet DestIf DestNet allow_smtp NAT smtp lan lannet wan2 all-nets allow_ftp NAT ftp- lan lannet wan2 all-nets passthrough allow_voip NAT voip lan lannet wan2 all-nets 5. Routing Go to Routing -> Policy-based Routing Tables: Add a new Policy-based Routing table: Name: r-wan2 Ordering: Default. In the new table, add a new Route: Interface: wan2 Network: all-nest Gateway: wan2-gw
6 Metric: 0. Go to Routing -> Policy-based Routing Policy. Add a new Policy-based Routing Rule: Name: pbr-smtp Forward Table: r-wan2 Return Table: <main> Service: smtp Address Filter: Source interface: lan Source network: lannet Destination interface: wan1 Destination network: all-nets. Create three more Policy-based Routing Rules in the same way as the previous one. Name Forward Return Service SourceIf SourceNet DestIf DestNet pbr-ftp r-wan2 <main> ftp- lan lannet wan1 all-nets passthrough pbr-voip r-wan2 <main> voip lan lannet wan1 all-nets pbr-all <main> r-wan2 all_services wan2 all-nets any all-nets The first three rules we created (pbr-smtp, pbr-ftp and pbr-voip) directs SMTP, FTP, and VoIP traffics from LAN to be forwarded through WAN2 according to the PBR table r-wan2, and the return traffics will be routed by the main routing table. The last rule says that all traffics coming from ISP2 will be forwarded by the main routing table, and the return traffics will be routed back to ISP2 by r-wan2.
7 6. Traffic shaping Go to Traffic Shaping -> Pipes. Add a new Pipe: Name: wan1-std-in Pipe Limits: Set Highest to 300 Set Total to Add a new Pipe called wan1-std-out using the same settings. Add a new Pipe: Name: wan2-std-in Pipe Limits: Set Highest to 500 Set Total to 1000 Add a new Pipe called wan2-std-out using the same settings. Add a new Pipe: Name: http-in Pipe Limits: Set Total to 500 Add a new Pipe called http-out using the same settings.
8 Add a new Pipe: Name: ftp-in Pipe Limits: Set Total to 250 Add a new Pipe called ftp-out using the same settings. Add a new Pipe: Name: voip-in Pipe Limits: Set Highest to 250 Add a new Pipe called voip-out using the same settings. The list of pipes should now look like this:
9 Go to Traffic Shaping - > Pipe Rules. Add a new Pipe Rule. In the General tab: Name: wan1-http Service: http-all Address filter: Source interface: lan Source network: lannet Destination interface: wan1 Destination network: all-nets In the Traffic Shaping tab: Pipe Chains: Add http-out and wan1-std-out to the Forward Chain. Add http-in and wan1-std-in to the Return Chain.
10 Precedence: Select Use Fixed Precedence and Medium. Add a new Pipe Rule. In the General tab: Name: wan1-pop3 Service: pop3 Address Filter: Source interface: lan Source network: lannet Destination interface: wan1 Destination network: all-nets In the Traffic Shaping tab: Pipe Chains: Forward Chain: wan1-std-out Return Chain: wan1-std-in Select Use fixed precedence and Highest. Add one more rule with the same address filter settings in the same way as the previous two: Name Service Forward Return Precedence wan1-all all_services wan1-std-out wan1-std-in Fixed Low
11 Add three more rules with the following address filter settings: Source interface: lan Source network: lannet Destination interface: wan2 Destination network: all-nets Name Service Forward Return Precedence wan2-smtp smtp wan2-std-out wan2-std-in Fixed Highest wan2-ftp ftp-passthrough ftp-out ftp-in Fixed wan2-std-out wan2-voip voip voip-out wan2-std-out wan2-std-in voip-in wan2-std-in Medium Fixed Highest The following image shows the six rules that we now have created. All rules should have lan as source interface, lannet as source network and all-nets as destination network. The first three rules should have wan1 as destination interface and the last three wan2 as destination interface. Save and activate the configuration.
How to set up Inbound Load Balance under Drop-in Mode Background Customers often wonder whether Drop-in Mode and Inbound Load Balance can co-exist. The good news is yes they can. The purpose of this how-to
Ecessa Proxy VoIP Manual Table of Contents Introduction...1 Configuration Overview...2 VoIP failover requirements...2 Import VoIP Authentication...3 Add a user manually...3 Setup...3 Hosted setup...3 Example
Bandwidth Management Gateway BM-500 User s Manual Copyright Copyright (C) 2004 PLANET Technology Corp. All rights reserved. The products and programs described in this User s Manual are licensed products
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
CudaTel Tech Bulletin: Best Practices for Emergency Routing Description: This document describes recommended best practices for configuring the CudaTel Communication Server for 911 emergency call routing.
I nt er netload Bal anc i nggui de Peplink Balance Internet Load Balancing Solution Guide http://www.peplink.com Copyright 2010 Peplink Internet Load Balancing Instant Improvement to Your Network Introduction
Configuration Example Use NAT for Public Access to Servers with Private IP Addresses on the Private Network Example configuration files created with WSM v11.7.2 Revised 5/10/2013 Use Case In this use case,
Voice User Guide Model No. SPA3102 Copyright and Trademarks Specifications are subject to change without notice. Linksys is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates
Elfiq Link Balancer (Link LB) Quick Web Configuration Guide Elfiq Operating System (EOS) - Version 3.5.0 and higher Document Version 2.0 -January 2012 Elfiq Networks (Elfiq Inc.) www.elfiq.com 1. About
Interquartz 9339HS VoIP Phone Quick Start User Guide Rev 3a 1/16 9339HS VoIP Phone Quick Start Up Guide The 9339HS VoIP (Voice over Internet Protocol) Phone provides a cost-saving solution for small business/home
Series ADSL 2/2+ Gateway with 802.11g Wireless Compact Guide Version 3.40 March 2004 Table of Contents 1 Introducing the Prestige...3 2 Hardware...4 2.1 Rear Panel Connections...4 2.2 The Front Panel LEDs...5
Prestige 660HW Series ADSL 2+ 4-Port Gateway with 802.11g Wireless Prestige 660H Series ADSL 2+ 4-Port Gateway Compact Guide Version 3.40 September 2004 Table of Contents 1 Introducing the Prestige...4
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis
Linksys SPA2102 Router Configuration Guide Dear 8x8 Virtual Office Customer, This Linksys guide provides instructions on how to configure the Linksys SPA2102 as a router. You only need to configure your
SIP Trunking using the Optimum Business Sip Trunk Adaptor and the 3CX PBX v12.5 Table of Contents 1. Overview 3 2. Prerequisites 3 3. PBX Configuration 3 4. Creating Extensions 4 5. VoIP Provider Setup
Chapter 6 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your RangeMax Dual Band Wireless-N Router WNDR3300. You can access these features by selecting the
Allworx OfficeSafe Operations Guide Release 6.0 No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopy,
Easy-to-use VoIP telephone VoIP OnSIP VoIP Start Kit User s manual Allwin Tech.Co.,LTD 2007 All rights reserved. Quick guide to the manual Thank you for purchasing AllWin Tech s VoIP Telephone Start Kit.
Iomega EZ Media and Backup Center User Guide Table of Contents Setting up Your Device... 1 Setup Overview... 1 Set up My Iomega StorCenter If It's Not Discovered... 2 Discovering with Iomega Storage Manager...
Mediatrix 4400 Digital Gateway VoIP Trunking with a Legacy PBX June 21, 2011 Proprietary 2011 Media5 Corporation Table of Contents Table of Contents... 2 Introduction... 3 Mediatrix 4400 Digital Gateway
MODEL ATC-2004 TCP/IP TO RS-232/422/485 CONVERTER User s Manual 1.1 Introduction The ATC-2004 is a 4 Port RS232/RS485 to TCP/IP converter integrated with a robust system and network management features
Bandwidth Management Gateway BM-525 User s Manual Copyright Copyright 2006 by PLANET Technology Corp. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored
The Wingu guide to creating your first cloud server. This guide explains how to create your very first server in the Wingu cloud by using our easy to use cloud dashboard. 1. Login to the dashboard by pointing
ii Copyright 2006 Comcast Communications, Inc. All Rights Reserved. Comcast is a registered trademark of Comcast Corporation. Comcast Business IP Gateway is a trademark of Comcast Corporation. The Comcast