I'm a fan of admin menus that run down the left and across the top of the screen. This type of menu structure seems more intuitive, with high-level choices on the left and sub-choices across the top. I find this easier to navigate than those with expandable menus on the left or across the top.
Figure 4: Welcome screen
Of the 37 configuration choices on the DFL-CPG310, the first one is a simple Welcome screen as above in Figure 4, and the last two are a Help button and a Logout button. That leaves 34 screens to navigate for configuration, which I've summarized in the matrix shown in Table 1. Note that additional menu options are added as features are enabled, such as when USB Printers are connected.
Table 1: Chart of configuration screens
There is a general NetDefend Wizard for configuring the WAN, NTP, Wireless, Product Key, and enabling subscription based security options, as well as individual Wizards for setting up the Internet, Wireless, Firewall Rules, Site-to-Site VPNs and the SmartDefense IDS/IPS settings. I was disappointed that the NTP settings don't allow for daylight savings, leaving the router's time off by an hour from March to November.
Manually configuring the DFL-CPG310 for basic operation only takes a few minutes. I installed the D-Link at a small business with seven computers connected to a simple Layer 2 switch, using a basic DHCP Ethernet setting for WAN access.
Remote access can be enabled via HTTPS and can be restricted to a VPN interface, a specific IP range, or fully allowed. SSH (Figure 5 below) is available for secure command line access to the router, if desired.
Figure 5: Secure command line via SSH
The wireless radio supports 802.11b/g/super g connections. The security choices for the wireless radio are pretty typical, with support for WEP and WPA/WPA2 security, hiding the SSID and enabling MAC filtering. I had no problem connecting my Dell laptop with an Intel Pro/Wireless 3945A/B/G card to the DFL-CPG310 configured for WPA security with a hidden SSID and MAC filtering enabled.
The wireless network is a separate subnet from the wired subnet, running on the 192.168.252.0 /24 subnet with its own DHCP service. From a security standpoint, this is good. It enables greater control of the network through the use of separate subnets for the wired and wireless nodes.
Optionally, the DFL-CPG310 can provide greater wireless security by requiring the use of the VPN client to authenticate to the Wireless LAN. I'll touch on the VPN Client software in more detail shortly.