This is where all the administration settings are configured, and the first section is for administrative users.

For security reasons, it may be better to run the management web GUI on non-standard ports. Also note that if web-based user authentication is enabled, ports 80 and 443 will be taken; the management web GUI has to use other ports.

• HTTP Port - The unsecure admin access port.
• HTTPS Port - The secure admin access port

The first column show the access levels, Administrator and Read-only. An Administrator user can add, edit and remove rules, change settings of the DFL-200 and so on. The Read-only user can only look at the configuration. The second column shows the users in each access level.

• Ping - If enabled, specifies who can ping the interface IP of the DFL-200. Default if enabled is to allow anyone to ping the interface IP.
• Admin - If enabled allows all users with admin access to connect to the DFL-200 and change configuration, can be HTTPS or HTTP and HTTPS.
• Read-Only - If enabled allows all users with read-only access to connect to the DFL-200 and look at the configuration, can be HTTPS or HTTP and HTTPS. If there is no Admin access specified on an interface and only read-only, admin users can still connect but will be in read-only mode.
• SNMP - Specifies if SNMP should be allowed or not on the interface, the DFL-200 only supports read-only access.

On the LAN or DMZ interface settings it's possible to configure the IP addresses of the interfaces.

• IP Address - The IP address of the LAN or DMZ interface. This is the address that may be used to ping the firewall, and used as gateway IP on either network.
• Subnet Mask - Size of the internal or DMZ network.

If you are using Static IP you have to fill in the IP address information provided to you by your ISP. All fields are required except the Secondary DNS Server. You should probably not use the numbers displayed in these fields, they are only used as an example.

• IP Address - The IP address of the WAN interface. This is the address that may be used to ping the firewall, remote management and as source address for dynamically translated connections.
• Subnet Mask - Size of the external network.
• Gateway IP - Specifies the IP address of the default gateway used to reach the Internet.
• Primary and Secondary DNS Server - The IP addresses of your DNS servers, only the Primary DNS is required.

If you are using DHCP there is no need to enter any values in any of fields.

Use the following procedure to configure the DFL-200 external interface to use PPPoE (Point-to-Point Protocol over Ethernet). This configuration is required if your ISP uses PPPoE to assign the IP address of the external interface. You will have to fill in the username and password provided by your ISP.

• Username - The login or username supplied by your ISP.
• Password - The password supplied by your ISP.
• Service Name - When using PPPoE some ISPs require you to fill in a Service Name.
• Primary and Secondary DNS Server - The IP addresses of your DNS servers, these are optional and are often provided by the PPPoE service.

PPTP over Ethernet connections are used in some DSL and cable modem networks.

You need your account details, and possibly also IP configuration parameters of the actual physical interface that the PPTP tunnel runs over. Your ISP should supply this information.

• Username - The login or username supplied by your ISP.
• Password - The password supplied by your ISP.
• PPTP Server IP - The IP of the PPTP server that the DFL-200 should connect to.

Before PPTP can be used to connect to you ISP the physical (WAN) interface parameters need to be supplied, it's possible to use either DHCP or Static IP, this depends on the type of ISP used and this information should be supplied by them.

If using static IP, this information needs to be filled in.

• IP Address - The IP address of the WAN interface. This IP is used to connect to the PPTP server.
• Subnet Mask - Size of the external network.
• Gateway IP - Specifies the IP address of the default gateway used to reach the Internet.

The ISP Telstra BigPond uses BigPond for authentication; the IP is assigned with DHCP.

• Username - The login or username supplied to you by your ISP.
• Password - The password supplied to you by your ISP.

To improve the performance of your Internet connection, you can adjust the maximum transmission unit (MTU) of the packets that the DFL-200 transmits from its external interface. Ideally, you want this MTU to be the same as the smallest MTU of all the networks between the DFL-200 and the Internet. If the packets the DFL-200 sends are larger, they get broken up or fragmented, which could slow down transmission speeds.

Trial and error is the only sure way of finding the optimal MTU, but there are some guidelines that can help. For example, the MTU of many PPP connections is 576, so if you connect to the Internet via PPPoE, you might want to set the MTU size to 576. DSL modems may also have small MTU sizes. Most Ethernet networks have an MTU of 1500.

Note: If you connect to your ISP using DHCP to obtain an IP address for the external interface, you cannot set the MTU below 576 bytes due to DHCP communication standards.

The Routes configuration section describes the firewall’s routing table. DFL-200 uses a slightly different way of describing routes compared to most other systems. However, we believe that this way of describing routes is easier to understand, making it less likely for users to cause errors or breaches in security.

• Interface - Specifies which interface packets destined for this route shall be sent through.
• Network - Specifies the network address for this route.
• Gateway - Specifies the IP address of the next router hop used to reach the destination network. If the network is directly connected to the firewall interface, no gateway address is specified.
• Local IP Address - The IP address specified here will be automatically published on the corresponding interface. This address will also be used as the sender address in ARP queries. If no address is specified, the firewalls own interface IP address will be used.
• Proxy ARP - Specifies that the firewall shall publish this route via Proxy ARP.

One advantage with this form of notation is that you can specify a gateway for a particular route, without having a route that covers the gateway’s IP address or despite the fact that the route that covers the gateway’s IP address is normally routed via another interface.

The difference between this form of notation and the most commonly used is that there, you do not specify the interface name in a separate column. Instead, you specify the IP address of each interface as a gateway.

Note: The firewall does not Proxy ARP routes on VPN interfaces.

Logging, the ability to audit decisions made by the firewall, is a vital part in all network security products. The D-Link DFL-200 provides several options for logging its activity. The D-Link DFL-200 logs its activities by sending the log data to one or two log receivers in the network. No log data is stored on the firewall itself.

All logging is done to Syslog recipients. The log format used for Syslog logging is suitable for automated processing and searching. To use Syslog fill in your first Syslog server as Syslog server 1, if you have two Syslog servers you have to fill in the second one as Syslog server 2. You must fill in at least one Syslog server for logging to work. You can also specify what facility to use by selecting the appropriate Syslog facility. Local0 is the default facility.

The D-Link DFL-200 specifies a number of events that can be logged. Some of those events, for instance, start-up and shutdown events, are mandatory, and will always generate log entries. Others, for instance to log when allowed connections are opened and closed, is configurable. It's also possible to have E-mail alerting for IDS/IDP events to up to three email addresses.

The Time settings page will give you the option to either set the system time by syncing to an Internet Network Time Server (NTP) or by entering the system time by hand.