July 10, 2006
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Well-designed interface makes complicated tasks easy.
- Weaknesses: Weak logging, and default admin connection is unsecured.
- Verdict: Offers an interesting mix of powerful features.
D-Link's DFL-2500 offers more network control than we expected, and does it at a good price for its class.
Strangely, the unit ships with all its ports configured to different network segments. This might be handy, but most will probably immediately reconfigure them. By default, only one port can connect to the management interface, and while this can be changed, it took a bit of trial and error to find it.
We were surprised that the HTTP connection to the management GUI makes no effort at all to secure the admin password - the login is passed in completely plain text over the wire. The unit does offer HTTPS connections, but the manual made no mention of this.
A pop-up wizard walks you through basic set-up. A nice touch is an automatic roll-back to the previous configuration if you fail to manually confirm that the interface is still accessible after any major configuration change.
To get the firewall working in a real environment, you need to spend time setting up definitions - networks, services, authentication groups and so on. These are all abstracted before being expressed in rules, so rules cannot be set up without a definition. This gets tiresome, but only because we are used to other products letting us skimp on what is, after all, much better practice. And the various pages all link together, making the process easy to use.
Apart from using syslog, we could find no way to log and report on the device's activities, which is astonishing. Like the role definitions, best practice suggests that managing logs elsewhere is a better idea, but this is an omission that may raise some eyebrows.
The unit can remotely manage other boxes via its Zone Defense feature - to create enterprise-wide blacklists in the event of an IDS trigger, for example.
As well as its filtering capabilities, this is actually a surprisingly flexible router too, with more traffic routing features than we would expect. This will be useful to some environments, although we would normally expect the box to be behind a real router anyway, so it might be redundant.
And the routing features do make the process of setting up some rules more complicated than they need to be.
The system provides IDS and you can create custom rules, but not your own signatures.
This well-priced unit has plenty of features and is very flexible. The interface has rough edges and you need a bit of network know-how to really use it to its full potential, but in the right hands this would be a very good solution indeed.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry