Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Security

Intrusion Detection and Protection is an aspect of the DFL-CPG310 Firewall that increases the Security of your network. In addition to its CheckPoint-developed Stateful Packet Inspection Firewall, the DFL-CPG-310 offers greater levels of security intelligence through its SmartDefend Intrusion Detection and Protection. As you can see in Figure 6, SmartDefend allows for detection of a wide array of specific network attacks, such as Denial of Service, Ping of Death, Worms, and numerous other threats. As I'll discuss in the pricing section, keeping the DFL's security software up to date is a subscription-based service.

IDS/IPS
Click to enlarge image
 

Figure 6: SmartDefend IDS/IPS options

The Firewall in the DFL-CPG310 has pre-built options to simplify port forwarding to Web, FTP, Telnet, Email, PPTP/VPN, Microsoft NBT (NetBIOS over TCP/IP), and VoIP (H.323) servers. Standard features, such as the ability to define a DMZ Host, are also available.

It is interesting that D-Link chose to have a pre-built configuration for H.323 VOIP signaling, when SIP VOIP signaling is more common. Nevertheless, building a rule to forward SIP signaling (port 5060) or other TCP/UDP ports can easily be done with the Firewall Rule Wizard.

When you build a Firewall rule, the DFL-CPG310 provides QoS options to allocate bandwidth for specific traffic, a nice feature, especially for VOIP. As you can see in Figure 7, the bandwidth options for port forwarding are Default, Urgent, Important, and Low Priority.

QoS options
Click to enlarge image

Figure 7: Firewall rule QoS bandwidth options

Understanding these options involves the DFL-CPG310's Traffic Shaper, which requires configuring the speed of your WAN connection. Using a network speed test on www.speakeasy.net, my WAN speed came in at 1829Kbps Up and 5367Kbps Down. I used these numbers on the WAN Interface configuration page (see Figure 8) to set an Upstream rate of 1750Kbps and Downstream rate of 5000Kbps, per the manual's recommendation to use settings below actual.

Traffic shaper
Click to enlarge image

Figure 8: Setting the connection speed for traffic shaping

The DFL's QoS settings use relative weight bandwidth allocation based on the Traffic Shaper configuration. Those settings and their weight are Default=10, Urgent=15, Important=20, and Low Priority=5. Thus, traffic assigned a priority of Important (20) will be allocated twice as much bandwidth as Default (10). If you upgrade to the PowerPack, you can configure the QoS settings to utilize more flexible QoS parameters, such as DSCP classifications or your own custom configuration. I'll touch on the PowerPack option under the Pricing section.

Additional subscription-based security features of the DFL-CPG310 include Antivirus and Web Filtering. The Antivirus feature allows for scanning and blocking of email at the gateway level, monitoring SMTP, POP3, and IMAP packets. The Web Filtering feature enables control of web surfing, providing over 30 different categories of web sites to screen, as you can see in Figure 9.

Web filter
Click to enlarge image

Figure 9: Web Filtering configuration

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi,I am trying to configure secondary WAN. My setup is with Load balanced option.I have both WAN connected. As soon as I disconnect the WAN from WAN p...
Hello, Question: the firewall is enabled on my AC86U by default...But, do I need this enabled if if have no filter rules?"Enable the firewall to prot...
Hate to make another thread but was doing some tests after setting up static IP's etc before disabing WiFi, which does NOT work. 2.4GHz is gone, BUT I...
I have an Asus rt ac 88 u with media streaming set up on it using express VPN s DNS servers.Along came TPGs NBN and their tp link v 1600 ,which I'm le...
Hello, I had RT-AC5300 and now considering RT-AX88U. How many IPTV ports does AX88U support? For example, AC5300 had 1 and GT-AC5300 had 2.Thank you! ...

Don't Miss These

  • 1
  • 2
  • 3