• February 24, 2025, 10:31:10 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Dlink dfl-210 centralized content filtering  (Read 6456 times)

rexix

  • Level 1 Member
  • *
  • Posts: 5
Dlink dfl-210 centralized content filtering
« on: May 10, 2010, 01:18:44 PM »
hi, my problem is as follows:

- There is a headquarters and a remote host.
- The remote host must have the same restrictions on internet filtering headquarters. This centrally.
- The remote host is a router that is connected by a tunnel IPSEC-VPN DLINK DFL-210 Firewall.
- The need is to establish that I do for the teams to remote headquarters may have the same restrictions as the main venue, bone, static routes? proxy setting?..

thank you very much...

Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: Dlink dfl-210 centralized content filtering
« Reply #1 on: May 10, 2010, 07:17:12 PM »
DFL is L3 router and can publish routes only thru DHCP, but cannot publish proxy settings and other policies.

You can route all remote traffic to IPsec tunnel and manage it on your (HQ) side.
Logged
BR, Alexandr Danilov

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Dlink dfl-210 centralized content filtering
« Reply #2 on: May 11, 2010, 08:32:16 AM »
Well depending on how those restrictions are implemented the right answer could be a number of different solutions.  I am not even certain having read your mail if the DFL-210 is the HQ or remote side.

So, let's try it this way, how are these restrictions imposed at HQ and how would you like to have them imposed at the remote location?
Logged
non progredi est regredi

rexix

  • Level 1 Member
  • *
  • Posts: 5
Re: Dlink dfl-210 centralized content filtering
« Reply #3 on: May 14, 2010, 09:00:29 AM »
hi, as I can route all http traffic to a site to another through the IPSEC tunnel?
Static routes?
Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: Dlink dfl-210 centralized content filtering
« Reply #4 on: May 14, 2010, 10:19:53 AM »
First, change your IPsec tunnel network to all-nets on main office's side (on main DFL it will be local network, on branch - remote).

On "main" DFL make rule NAT ipsec/ipsec_remote_net wan/all-nets http

On "branch" DFL
- change in rule Allow lan/lannet ipsec/ipsec_remote_net destination network to all-nets
- add new routing table (ex, thru_ipsec) with just one route ipsec all-nets 100
- add new routing rule lan/lannet wan/all-nets, service http, forward thru_ipsec, return main

Last rule will change route to ipsec interface for all HTTP traffic from LAN.
Logged
BR, Alexandr Danilov

rexix

  • Level 1 Member
  • *
  • Posts: 5
Re: Dlink dfl-210 centralized content filtering
« Reply #5 on: May 18, 2010, 06:57:12 PM »
hi, my problem is that I not have at branches DFL. I have linksys routers in branch offices with which I IPSEC tunnel to the main branch of the DFL.
because I have no need for a device in the branch so complete.
Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: Dlink dfl-210 centralized content filtering
« Reply #6 on: May 18, 2010, 07:46:19 PM »
It's impossible to implement your configuration with SOHO devices at branches. Even it can handle IPsec, it cannot route all traffic to IPsec.

Another way can be to use PPTP and setup PPTP connection type, but it's not good idea because PPTP is not secure.
Logged
BR, Alexandr Danilov