D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: rexix on May 10, 2010, 01:18:44 PM

Title: Dlink dfl-210 centralized content filtering
Post by: rexix on May 10, 2010, 01:18:44 PM

hi, my problem is as follows:

- There is a headquarters and a remote host.
- The remote host must have the same restrictions on internet filtering headquarters. This centrally.
- The remote host is a router that is connected by a tunnel IPSEC-VPN DLINK DFL-210 Firewall.
- The need is to establish that I do for the teams to remote headquarters may have the same restrictions as the main venue, bone, static routes? proxy setting?..

thank you very much...

Title: Re: Dlink dfl-210 centralized content filtering
Post by: danilovav on May 10, 2010, 07:17:12 PM

DFL is L3 router and can publish routes only thru DHCP, but cannot publish proxy settings and other policies.

You can route all remote traffic to IPsec tunnel and manage it on your (HQ) side.

Title: Re: Dlink dfl-210 centralized content filtering
Post by: Fatman on May 11, 2010, 08:32:16 AM

Well depending on how those restrictions are implemented the right answer could be a number of different solutions.  I am not even certain having read your mail if the DFL-210 is the HQ or remote side.

So, let's try it this way, how are these restrictions imposed at HQ and how would you like to have them imposed at the remote location?

Title: Re: Dlink dfl-210 centralized content filtering
Post by: rexix on May 14, 2010, 09:00:29 AM

hi, as I can route all http traffic to a site to another through the IPSEC tunnel?
Static routes?

Title: Re: Dlink dfl-210 centralized content filtering
Post by: danilovav on May 14, 2010, 10:19:53 AM

First, change your IPsec tunnel network to all-nets on main office's side (on main DFL it will be local network, on branch - remote).

On "main" DFL make rule NAT ipsec/ipsec_remote_net wan/all-nets http

On "branch" DFL
- change in rule Allow lan/lannet ipsec/ipsec_remote_net destination network to all-nets
- add new routing table (ex, thru_ipsec) with just one route ipsec all-nets 100
- add new routing rule lan/lannet wan/all-nets, service http, forward thru_ipsec, return main

Last rule will change route to ipsec interface for all HTTP traffic from LAN.

Title: Re: Dlink dfl-210 centralized content filtering
Post by: rexix on May 18, 2010, 06:57:12 PM

hi, my problem is that I not have at branches DFL. I have linksys routers in branch offices with which I IPSEC tunnel to the main branch of the DFL.
because I have no need for a device in the branch so complete.

Title: Re: Dlink dfl-210 centralized content filtering
Post by: danilovav on May 18, 2010, 07:46:19 PM

It's impossible to implement your configuration with SOHO devices at branches. Even it can handle IPsec, it cannot route all traffic to IPsec.

Another way can be to use PPTP and setup PPTP connection type, but it's not good idea because PPTP is not secure.