• February 23, 2025, 10:07:00 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: ask about dlink firewalls  (Read 5979 times)

mohmawoed

  • Level 1 Member
  • *
  • Posts: 5
ask about dlink firewalls
« on: January 05, 2012, 06:42:20 AM »
- How to determine number of client can support by using dlink firewall ??
- what is the difference between normal firewall and E category (ex : DFL-860 & DFL-860E )
- What is advanced IPS ????
- what's happen to IPS , WCF and AV procedures when trail or linces finished ??

Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: ask about dlink firewalls
« Reply #1 on: January 05, 2012, 11:40:52 AM »
>How to determine number of client can support by using dlink firewall ??
There is no special limitation by clients (it can be by number of ARP on interface), but each DFL has own connections limit and maximum routing speed (VPN speed much less)
Approx. values
- DFL-210/260 - 10000 connections - 80 mbit/sec
- DFL-800/860 - 20000 connections - 150 mbit/sec
- DFL-260E - 25000 connections - 80~150 mbit/sec (by different datasheets)
- DFL-860E - 50000 connections - 150~200 mbit/sec
Also, 2xx models have 3 free physical interfaces, 8xx - 4 + different number of VLANs
So, you need to select device in according with your situation

>what is the difference between normal firewall and E category (ex : DFL-860 & DFL-860E )
Generally, "non E" models are EOL
If to say about difference, 860 has hardware AV/IDS/IPS + 1-year normal subscription, which increase price
860E has hardware AV/IDS/IPS, but no subscription - you can purchase if you need
It covers only 2xx/8xx models - DFL-1600 is old series, DFL-1660 - new
Also, "E" models have new design - build in power supply, port based VLAN function, modern functions like SSL VPN or IPv6
So, "E" models are better than old ones

>What is advanced IPS
Additional signatures

>what's happen to IPS , WCF and AV procedures when trail or linces finished ??
Since 2.25, trial signatures are removing after trial period
But, for licensed (purchased) - it will be kept, but not updated anymore
Logged
BR, Alexandr Danilov

juanjo

  • Level 2 Member
  • **
  • Posts: 52
Re: ask about dlink firewalls
« Reply #2 on: January 07, 2012, 03:15:10 AM »
Quote from: danilovav on January 05, 2012, 11:40:52 AM
>How to determine number of client can support by using dlink firewall ??
There is no special limitation by clients (it can be by number of ARP on interface), but each DFL has own connections limit and maximum routing speed (VPN speed much less)
Approx. values
- DFL-210/260 - 10000 connections - 80 mbit/sec
- DFL-800/860 - 20000 connections - 150 mbit/sec
- DFL-260E - 25000 connections - 80~150 mbit/sec (by different datasheets)
- DFL-860E - 50000 connections - 150~200 mbit/sec
Also, 2xx models have 3 free physical interfaces, 8xx - 4 + different number of VLANs
So, you need to select device in according with your situation

>what is the difference between normal firewall and E category (ex : DFL-860 & DFL-860E )
Generally, "non E" models are EOL
If to say about difference, 860 has hardware AV/IDS/IPS + 1-year normal subscription, which increase price
860E has hardware AV/IDS/IPS, but no subscription - you can purchase if you need
It covers only 2xx/8xx models - DFL-1600 is old series, DFL-1660 - new
Also, "E" models have new design - build in power supply, port based VLAN function, modern functions like SSL VPN or IPv6
So, "E" models are better than old ones

>What is advanced IPS
Additional signatures

>what's happen to IPS , WCF and AV procedures when trail or linces finished ??
Since 2.25, trial signatures are removing after trial period
But, for licensed (purchased) - it will be kept, but not updated anymore

SuperDanilovav  ;) ;)
Logged

mohmawoed

  • Level 1 Member
  • *
  • Posts: 5
Re: ask about dlink firewalls
« Reply #3 on: January 08, 2012, 08:25:32 PM »
thanks .... :)
Logged

chechito

  • Level 3 Member
  • ***
  • Posts: 193
Re: ask about dlink firewalls
« Reply #4 on: February 22, 2012, 05:52:09 PM »
in my opinion the advertised speeds have to been taken with a grain of salt.

The advertised performance its measured in compliant with some rfc´s but in lab controlled environment in favorable conditions.

In real world situation you can get a fraction of the performance advertised.

By example a dfl 210 (the lower end model) with ids, wcf, alg and av applied to nated http traffic easily get cpu at 90% limiting forwarding performance to somewhere between 2 and 4 megabit far less than 10 megabit av performance advertised.

off course this is a worst case scenario but remember us that dfl firewalls offer really good performance for the money but have their limits.

by example In real world situation dfl 800 with 35m bit of traffic mixed between plain text and vpn 3des gets around 50% cpu use wich easily gets up if 3des its changed for aes 256

The best practice its to keep an eye monitoring performance using snmp utilities to catch performance problems before they affect the bussiness, and identify if you need an upgrade in time.

personally i went from dfl 210 to dfl 800 and going soon to dfl1660 for a network with increasing traffic.
Logged