1.98k likes | 2.1k Views
`. Course Outline. NetDefend Family Overview & Strategy NetDefendOS Feature Introduction UTM Feature & NetDefend Subscription. NETDEFEND FAMILY OVERVIEW & STRATEGY. DSC-Security. NetDefend Family Overview & Strategy. NetDefend Family Overview & Strategy.
E N D
Course Outline NetDefend Family Overview & Strategy NetDefendOS Feature Introduction UTM Feature & NetDefend Subscription
NETDEFEND FAMILY OVERVIEW & STRATEGY DSC-Security
NetDefend Family Overview & Strategy NetDefend Family Overview & Strategy • D-Link NetDefand Family Introduction • NetDefendOS Introduction
D-Link NetDefend Family Introduction NetDefend Family Overview & Strategy After this section, you should be capable to express: All NetDefend Family D-Link VPN client DS-601/605 How to introduce NetDefend IPS Firewall? How to introduce NetDefend UTM Firewall? The competitiveness of NetDefend Firewall Family NetDefend Firewall selling point.
NetDefend Family Overview & Strategy Product Line Overview NetDefend VPN Firewall / UTM Family SOHO Small Business Medium Business Enterprise DFL-260 DFL-860 DFL-1660 DFL-2560 DFL-210 DFL-800 DFL-1600 DFL-2500 VPN Remote Client Software DS-601 / 605
D-Link VPN Client Introduction-DS-601/605 NetDefend Family Overview & Strategy VPN Client DS-601/605 Software installable on Windows NT,98 SE, ME, 2000 or XP platform. DS-601: For single user license. DS-605: For 5 users licenses. For remote users’ VPN connection from home/outside the office. Support Tunnel and Transport mode for easy communication between client and gateway. Certified interoperability with whole series of D-Link NetDefend IPS/UTM Firewalls and VPN router to ensure users seamless connection environment.
DS-601/605 Q&A NetDefend Family Overview & Strategy VPN Client DS-601/605 • What version does NOT DS-601/605 support? (Multiple Choice) • a. XP • b. Vista • c. 2000 • d. MAC OS • How many user license does DS-605 provide? • a. 1 • b. 3 • c. 5 • d. 7 • What is major difference between DS-601 and DS-605? • a. License • b. Specification • c. support service level • d. OS platform • 4. Which model can DS-601/605 establish VPN connection with? (Multiple Choice) • a. DFL-800 • b. DFL-M510 • c. DI-804 HV • d. DSA-5100
NetDefend Family Overview & Strategy NetDefendOS NetDefendOS Introduction • Platform Compatibility: DFL-210/260/800/860/1600/2500 • After this section, you should be capable to express: • 1. What is NetDefendOS? • 2. What management User Interface does NetDefendOS provide? • 3. What is ICSA Labs? • 4. What is ICSA firewall certified?
NetDefend Family Overview & Strategy NetDefendOS NetDefendOS Introduction The hardware of D-Link Firewalls DFL-210/260/800/860/1600/2500 is driven and controlled by NetDefendOS. Designed as a dedicated firewall operating system, NetDefendOS features high throughput performance with high reliability while at the same time implementing the key elements of IPS/UTM firewall. From the administrator's perspective the conceptual approach of NetDefendOS is to visualize operations through a set of logical building blocks or objects, which allow the configuration of the product in an almost limitless number of different ways. This granular control allows the administrator to meet the requirements of the most demanding network security scenario. NetDefendOS provides two types of management interfaces: Command Line Interface (CLI): The Command Line Interface, accessible locally via serial console port or remotely using the Secure Shell (SSH) protocol, provides the most fine-granular control over all parameters in NetDefendOS. Web User Interface: The Web User Interface provides a user-friendly and intuitive graphical management interface, accessible from a standard web browser.
NetDefend Family Overview & Strategy NetDefendOS NetDefendOS Introduction NetDefendOS Benefit NetDefendOSis a proprietary, close architecture, it has less OS vulnerability, and more reliability comparing with other competitors who use window OS, Linux or others open source. NetDefendOS Certified by ICSA labs: D-Link’s NetDefend IPS Firewall has passed the strictest firewall certification in “ICSA Labs – Corporate Firewalls”. The D-Link IPS NetDefend Firewalls have to pass a series of rigorous tests, including system installation and configuration, setting security policies, system management, system logging, event testing, port security and more. Not only did the NetDefend Firewall passes these tests, but it also earned praise from ICSA Labs’ Network Security Labs for unique features in the web administration interface that allow administrators to safely make changes to the firewall’s configuration remotely D-Link Certified in ICSA Labs: https://www.icsalabs.com/icsa/product.php?tid=fghhf456fgh
NetDefend Family Overview & Strategy NetDefend IPS Firewall NetDefend IPS Firewall Introduction DFL-2500 DFL-1600 DFL-800 DFL-210 Enterprise Medium Business Small Business Branch Office Performance 80 Mbps 150 Mbps 320 Mbps 600 Mbps
High Performance & Cost Efficiency NetDefend Family Overview & Strategy NetDefend IPS Firewall DFL- 210 Targets SOHO • Firewall Throughput: 80Mbps • VPN Performance: 25Mbps (3DES/AES) • 1 Ethernet WAN Port, 4 Ethernet LAN Ports, 1 Configurable DMZ Ethernet Port DFL- 800 Targets Small Business • Firewall Throughput: 150Mbps • VPN Performance: 60Mbps (3DES/AES) • 2 Ethernet WAN Ports, 7 Ethernet LAN Ports, 1 Configurable DMZ Ethernet Port
NetDefend Family Overview & Strategy NetDefend IPS Firewall High Performance & Cost Efficiency DFL- 1600 Targets Medium Business • Firewall Throughput: 320Mbps • VPN Performance: 120Mbps (3DES/AES) • 6 User-Configurable Gigabit Ports DFL- 2500 Targets Enterprise • Firewall Throughput: 600Mbps • VPN Performance: 300Mbps (3DES/AES) • 8 User-Configurable Gigabit Ports
Features of DFL – 210 / 800 / 1600 / 2500 NetDefend Family Overview & Strategy NetDefend IPS Firewall Integrated Functions Fault Tolerance • Firewall Protection • Proactive Security With ZoneDefense Mechanism • Content Filtering/Intrusion Detection • Parental Access Control • User Authentication • Instant Message/P2P Blocking • Denial of Service (DoS) Protection • Virtual Private Network (VPN) Security • Bandwidth Management • WAN Traffic Fail-Over • Active/Passive Modes for High Availability Bandwidth Management • WAN Traffic Bandwidth Management • Multi-WAN Interfaces for Traffic Load Sharing • Outbound Traffic Load Balancing* • Policy-Based Routing Content Filtering • URL/E-Mail Filtering • Java Script/Active X/Cookie Filtering • IM/P2P Program Filtering • Firmware upgraded feature.
DFL-210 Competitors on the Market NetDefend Family Overview & Strategy NetDefend IPS Firewall Small Business Competitors • SonicWALL TZ170 • Fortinet Fortigate 60 • WatchGuard SOHO 6 • Juniper NetScreen 5GT • ZyXELL ZyWALL 5 / 35 • Cisco 501 • Firmware upgraded feature.
DFL-800 Competitors on the Market NetDefend Family Overview & Strategy NetDefend IPS Firewall Small Business Competitors • Cisco PIX 506E • ZyXELL ZyWALL 70 • WatchGuard Firebox X500 • Fortinet Fortigate 100A • Juniper NetScreen 25 • Firmware upgraded feature.
DFL-1600 Competitors on the Market NetDefend Family Overview & Strategy NetDefend IPS Firewall Medium Business Competitors • SonicWALL 3060 • Fortinet Fortigate 200A • WatchGuard Firebox X2500 • Fortinet Fortigate 300A • Juniper NetScreen 204 • Cisco PIX 525E • Firmware upgraded feature.
DFL-2500 Competitors on the Market NetDefend Family Overview & Strategy NetDefend IPS Firewall Enterprice Competitors • Fortinet Fortigate 500A • Juniper NetScreen 208 • Firmware upgraded feature.
NetDefend Family Overview & Strategy NetDefend IPS Firewall NetDefend IPS Firewall Q&A • Which segment do NetDefend Firewalls fulfill?(Multiple Choice ) • a. Home • b. SOHO • c. Telecom • d. SMB • Which model do NetDefend Firewall provide gigabit interface? (Multiple Choice ) • a. DFL-800 • b. DFL-210 • c. DFL-1600 • d. DFL-2500 • What is the competitor for DFL-210? • a. Fortinet Fortigate 60 • b. WatchGuard Firebox X500 • c. Juniper NetScreen 25 • d. Cisco PIX 515 • 4. What is the competitor for DFL-800? • a. Fortinet Fortigate 60 • b. WatchGuard Firebox X500 • c. Juniper NetScreen 204 • d. Cisco PIX 506
NetDefend Family Overview & Strategy NetDefend IPS Firewall NetDefend IPS Firewall Q&A 5. What is the competitor for DFL-1600? a. Fortinet Fortigate 300A b. WatchGuard Firebox X500 c. Juniper NetScreen 204 d. SonicWALL Pro 2040 6. What is the competitor for DFL-2500? a. Fortinet Fortigate 400A b. WatchGuard Firebox X2500 c. Juniper NetScreen 208 d. SonicWALL Pro 3060 7. Which model does support port configurable? a. DFL-210 b. DFL-800 c. DFL-1600 d. DFL-2500 e. All of Above
NetDefend Family Overview & Strategy NetDefend IPS Firewall NetDefend IPS Firewall Q&A 8. What feature does NOT NetDefend DFL-210 Firewall support? a. Traffic Shaping b. Server load balancing c. IPS d. Policy based routing 9. What model can support HA? (Multiple Choice ) a. DFL-210 b. DFL-800 c. DFL-1600 d. DFL-2500 10. What model can NOT support ZoneDefense? a. DFL-210 b. DFL-800 c. DFL-1600 d. DFL-2500
NetDefend Family Overview & Strategy NetDefend IPS Firewall NetDefend IPS Firewall Q&A 11. Which detail is WRONG for firewall/VPN throughput? a. DFL-210 80/25 Mbps b. DFL-800 150/80 Mbps c. DFL-1600 320/120 Mbps d. DFL-2500 600/300Mbps 12. What kind of user authentication does firewall support? a. LDAP b. RADIUS c. Active Directory d. All of above 13 How many user license does DFL-210 support? a. 100 b. 200 c. 300 d. Unrestricted user licenses
NetDefend Family Overview & Strategy NetDefend IPS Firewall NetDefend IPS Firewall Q&A 14. Which model is for branch office? a. DFL-210 b. DFL-800 c. DFL-1600 d. DFL-2500 15. Which model is for small business? a. DFL-210 b. DFL-800 c. DFL-1600 d. DFL-2500 16. What is NetDefend Firewall ‘s advantage? a. Firewall and VPN throughput b. Joint defense with switch c. Comprehensive feature set d. Flexible interface module 17. Which feature can integrate Switch into security solution from gateway to endpoint? a. Web Contend Filtering b. Anti-Virus c. Intrusion Prevention System d. ZoneDefense
NetDefend Family Overview & Strategy NetDefend UTM Firewall Firewall VPN Application Control WebContent Filtering Antivirus IPS NetDefend UTM Product Overview Stemming from NetDefendOS Adopting the same kernel certified by ICSA Labs, NetDefend UTM Firewall also integrates innovative technologies from world leading IPS, AV and WCF partners. NetDefend UTM Firewall Portfolio • Targets at SMBs and Enterprises to enable protections against all varieties of network threats simultaneously in real time. • Positions at high throughput and high performance UTM Firewalls with Truly Hardware Acceleration • Incorporates leading technologies of IPS, Antivirus and Web Content Filtering from well-known vendors
NetDefend Family Overview & Strategy NetDefend UTM Firewall NetDefend UTM Firewall Introduction • NetDefend UTM firewall DFL-260/860 series is D-Link’s brand new Unified Threat Management (UTM) Firewall solution which further integrates IPS, Anti-Virus and Web Content Filtering, providing more secure and productive networking for SMBs. • All hardware design of NetDefend UTM Firewall such as housing, Ethernet interface and Web GUI are same as NetDefend IPS firewall, additionally, NetDefend UTM Firewall equips with hardware acceleration for speeding up IPS and Anti-Virus scanning performance, outranges Cisco, WatchGuard, SonicWALL, Juniper and Fortinet in the same market segment. DFL- 260 Targets SOHO DFL- 860 Targets Small Business • Firewall Throughput: 80Mbps • VPN Performance: 25Mbps • IPS Performance: 25Mbps • Anti-Virus Performance: 25Mbps • Web Content Filtering: 30+ Categories • Firewall Throughput: 150Mbps • VPN Performance: 60Mbps • IPS Performance: 50Mbps • Anti-Virus Performance: 50Mbps • Web Content Filtering: 30+ Categories
NetDefend Family Overview & Strategy UTM/IPS Firewall Key Competency You already learned a lot of IPS and UTM firewall features in previous slides. The followings are IPS/UTM firewall key advantages to compete with our competitors in the market UTM/IPS Firewall Key Competency • NetDefend IPS/UTM Firewall delivers rich advanced features in friendly and easy configuration, enables the stability, flexibility and scalability of IT infrastructure, makes it a cost-effective solution for Small to Medium Business (SMB). • Emerging network threats and Zero-Day attacks drive the market demand toward seeking a more robust security mechanism. Built with advanced IPS signatures technology and powered by Kaspersky anti-virus solution (only UTM Firewall), NetDefend IPS/UTM Firewall is the efficient and effective solution to stop various network threats and attacks for SMBs. • NetDefend UTM Firewall delivers with High Port Density, and built-in Multiple WAN Ports and WAN / LAN / DMZ Port Configurable enables customers scale their infrastructure on their own demands.
NetDefend Family Overview & Strategy UTM/IPS Firewall Key Competency • NetDefend UTM Firewall offers High Network Throughputs and High Network Performance for customers, providing up to 80 / 150 Mbps Firewall Throughput, and 25 / 60 Mbps IPSec VPN Throughput, in respective with DFL-260 / 860. • NetDefend UTM Firewall enables WAN Load Balance, WAN Fail-over, and Server Load Balance to provide customers continuous Internet connection and smooth network services mechanism. • NetDefend UTM Firewall provides advanced Traffic Shaping Technology, which allows prioritize and differentiate network traffic according to the service precedence. For Mission-critical service, the bandwidth can always be guaranteed and optimized, meanwhile for the minor service, the bandwidth can be adjusted dynamically upon network traffic condition. • NetDefend UTM Firewall features not only an intuitive and object-orienteduser interface that can be easily configured via a web console, but also a Command-Line Interface (CLI) with full function sets for advanced users. User can easily configure or perform the administrative functions of the firewalls.
NetDefend Family Overview & Strategy UTM/IPS Firewall Key Competency • Multiple Encryption Methods are implemented on NetDefend UTM Firewall, including DES, 3DES, AES, Twofish, Blowfish and CAST-128, to provide secure VPN connections for SMB and enterprises. • NetDefend UTM Firewall features Built-in IPS and Anti-Virus proactive engine, commit customers to effectively detect and prevent hybrid network threats with low false-positive rate. • ZoneDefense integrates D-Link NetDefend Firewall and xStack Switch to enable the Proactive Network Security mechanism. Whenever network virus or worm attacks are detected by the Firewall, ZoneDefense triggers and notifies D-Link Switches automatically, in real time the infected hosts are disconnected to further stop mutual infection among internal hosts.
NetDefend Family Overview & Strategy NetDefend UTM Firewall High Performance of NetDefend UTM Firewall NetDefend UTM Firewall equip with a hardware accelerator for layer 7 content inspection, which increase IPS and Anti-Virus high performance of NetDefend UTM Firewall than other competitors. We also compare IPS and Anti-Virus performance with a famous security provider J company’s UTM firewall in next slides for your reference.
NetDefend Family Overview & Strategy NetDefend UTM Firewall • High IPS performance with hardware accelerator. • UTM firewall throughput is Triple higher than J company XX 20. • For more detail will be introduced in IPS Feature chapter *Test Criteria: 5 concurrent users download 10 MB file by HTTP protocol
NetDefend Family Overview & Strategy NetDefend UTM Firewall • Super fast Anti-Virus scanning by hardware accelerator. • Scanning capability is Triple faster than J company XX 20. • D-Link ONLY spends 8 seconds to finish 10MB file transmission, but J company needs to speed 30 seconds. • For more detail will be introduced in Anti-Virus Feature chapter *Test Criteria: 5 concurrent users download 10 MB file by HTTP protocol
NetDefend Family Overview & Strategy NetDefend UTM Firewall • Huge and comprehensive IPS signature database. • IPS database is 10x larger than J company XX 20.
NetDefend Family Overview & Strategy NetDefend UTM Firewall • Double more performance for Anti-Virus scanning. • Triple performance for Intrusion Prevention System. • Providing 8000+ signatures to cover most intrusion attacks and high IPS performance 52 Mbps compete with J company who is using few IPS signatures (#808) and poor performance (13 Mbps). * Value is based on real traffic. For more detail will be introduced in IPS and Anti-Virus Feature chapter.
NetDefend Family Overview & Strategy NetDefend UTM Firewall • Streaming Based Technology speeds up 2X UTM performance for Anti-Virus scanning. • No File size limitation, supporting large file scanningfor Anti-Virus. • No current Session Limited, keep high performancewith uses increased. • Other competitors as J company, implement Proxy Mode that have to store file, and then scan it, the bottleneck of file size and connection number are limited by device memory size. For more detail will be introduced in IPS and Anti-Virus Feature chapter
NetDefend Family Overview & Strategy NetDefend UTM Firewall Competitive Comparison & Analysis DFL-260 Juniper 5GT Fortigate 60 SonicWALL TZ 190 ZyWall 5 UTM UTM Performance • Firewall Throughput: 80Mbps • VPN Throughput: 25Mbps • Hardware Based IPS • Hardware Based Anti-Virus • Firewall Throughput: 75Mbps • VPN Throughput: 20Mbps • Software Based IPS • Software Based Anti-Virus • Firewall Throughput: 70Mbps • VPN Throughput: 20Mbps • Software Based IPS • Software Based Anti-Virus • Firewall Throughput: 90Mbps • VPN Throughput: 30+Mbps • Software Based IPS • Software Based Anti-Virus • Expensive optional license charge is required ! • Firewall Throughput: 65Mbps • VPN Throughput: 25Mbps • Hardware Based IPS • Hardware Based Anti-Virus Price
NetDefend Family Overview & Strategy NetDefend UTM Firewall Competitive Comparison & Analysis SonicWALL Pro 2040 Juniper SSG 20 DFL-860 Fortinet 200A WatchGuard X550e • Firewall Throughput: 150Mbps • VPN Throughput: 60Mbps • Hardware Based IPS • Hardware Based Anti-Virus UTM Performance • Firewall Throughput: 160Mbps • VPN Throughput: 40Mbps • Software Based IPS • Software Based IPS ZyWall 70 • Firewall Throughput: 100Mbps • VPN Throughput: 40Mbps • Hardware Based IPS • Hardware Based Anti-Virus • Firewall Throughput: 150Mbps • VPN Throughput: 70Mbps • Poor IPS& AV performance • Firewall Throughput: 200Mbps • VPN Throughput: 50Mbps • Software Based IPS • Software Based Anti-Virus • Expensive optional license charge is required ! • Firewall Throughput: 125Mbps • VPN Throughput: 20Mbps • Software Based IPS • Software Based Anti-Virus Price
Summary: NetDefend UTM Firewall Selling Point NetDefend Family Overview & Strategy NetDefend UTM Firewall Adopting the same kernel certified by ICSA Labs, NetDefend UTM Firewall also integrates innovative technologies from world leading IPS, AV and WCF partners. • High throughput, high performance with truly Hardware Acceleration. • Fast file transmission speed for Anti-Virus scanning capability. • Comprehensive IPS signature database (8000+). • No file size and connection limitation for Anti-Virus scanning. Other competitors can not prevent virus hidden in over specific file size and not able to support large concurrent sessions. • Well-Known Anti-Virus database by Kaspersky • Triggering ZoneDefense by IPS and Anti-Virus* to real-time protect virus or network worm outbreak. • NetDefend Center website provides great value information for network security * Support in future release
NetDefend Family Overview & Strategy NetDefend UTM Firewall NetDefend UTM Firewall Q&A • Which NetDefend UTM Firewall are available now? (Multiple Choice ) • a. DFL-260 • b. DFL-860 • c. DFL-1660 • d. DFL-2560 • What new feature does NetDefend firewall support after firmware version 2.20? • a. IPS • b. Anti-Virus • c. Web Content Filtering • d. Anti-SPAM • Why can D-Link UTM Firewall reach high performance? • a. Embed hardware accelerator • b. Anti-Virus Engine by Kaspersky • c. New CPU processor • d. New software core • 4. What is the IPS and Anti-Virus performance of DFL-860? • a. 30/30 Mbps • b. 50/50 Mbps • c. 45/45 Mbps • d. 60/60 Mbps
NetDefend Family Overview & Strategy NetDefend UTM Firewall NetDefend UTM Firewall Q&A 5. What is the IPS and Anti-Virus performance of DFL-260? a. 20/20 Mbps b. 40/20 Mbps c. 30/30 Mbps d. 35/35 Mbps 6. How many MB is file size limitation of UTM Firewall for anti-virus? a. 3 MB b. 5MB c. 10 MB d. No limitation 7. Who is the anti-virus signature vendor? a. Trendmicro b. Symantec c. McAfee d. Kaspersky 8. How many number of IPS signatures is in UTM database? a. 3000+ b. 6000+ c. 8000+ d. 5000+
NetDefend Family Overview & Strategy NetDefend UTM Firewall NetDefend UTM Firewall Q&A 9. What is major difference between UTM firewall and IPS firewall? a. UTM firewall has VPN, but IPS firewall has not b. UTM firewall has Anti-Virus and WCF, but IPS firewall does not c. UTM firewall has IPS and Anti-Virus, but IPS firewall has IPS and WCF d. UTM firewall has WCF and Anti-Virus, but IPS firewall has IPS and Anti-Virus. 10. What is D-Link UTM’s advantages? a. Performance b. Signature number c. scanning file size d. ZoneDefense (exclude DFL-260) e. all of above
NetDefend Family’s Competency NetDefend Family Overview & Strategy Competitive Comparison & Analysis • Following is our advantage: • Sufficient features • Solution oriented • Outstanding performance • Affordable price • How to fight with our major competitors? • Fortinet • SonicWALL • Juniper • ZyXEL
NetDefend Family Overview & Strategy Competitive Comparison & Analysis Compare with Fortinet
NetDefend Family Overview & Strategy Competitive Comparison & Analysis Compare with SonicWALL
NetDefend Family Overview & Strategy Competitive Comparison & Analysis Compare with Juniper
NetDefend Family Overview & Strategy Competitive Comparison & Analysis Compare with ZyXEL
NETDEFENDOS FEATURE INTRODUCTION DCS-Security
Key Features in NetDefendOS NetDefendOS Feature Introduction Routing Features Route Failover Virtual Private Network (VPN) Virtual Local Area Network (VLAN) High Availability (HA) Traffic Management User Authentication ZoneDefense
Routing Features in NetDefendOS NetDefendOS Feature Introduction Routing Features Platform Compatibility: DFL-210/260/800/860/1600/2500 After this section, you should be capable to express: 1. What is static routing? 2. What is the PBR (Policy Based Route)? 3. What could we achieve when using this feature? 4. What is load sharing? 5. What is the key component of load sharing? 6. What is dynamic routing? 7. What is the difference between dynamic and static routing?
Static Route & Route Failover NetDefendOS Feature Introduction Routing Features Internet Red Line Green Line ISP1 ISP2 LAN Net