Link’s Unified Threat Management (UMT) firewall DFL-260 is targeted at small to medium-sized enterprises as well as SOHOs. As expected, D-Link provides a subscription model (12 months from the moment you activate) for keeping the firewall automatically updated and in fighting condition against the worst of what the internet has to offer. Three content inspection services are available to the subscriber: IPS, Anti-Virus and Web Content Filtering.

The IPS service attempts to match and deflect known and unknown attacks by their signatures. In theory, IPS is supposed to detect harmful payloads, infection and exploits before they happen. The Anti-Virus component adopts stream-based scanning. It uses signatures provided by the Kaspersky Lab, and it can check VPN tunnels too.

The Web Content Filter is used to control, monitor and filter internet usage. Things like Java applets, ActiveX objects and cookies can easily be stripped out. The administrator can also establish white and black lists to ban or allow access to web
sites for different combinations of users and IP networks.

Unfortunately, DFL-260 doesn’t support IP blacklisting by specified threshold or IPS. Mercifully, DFL-260 uses a hardware accelerator to increase IPS and AV performance. Although we couldn’t evaluate the effectiveness of this hardware,
we are prepared to believe that it makes a difference.

In terms of VPN, this firewall has just about everything one might need. It supports an integrated VPN client and server and has a dedicated hardware engine for driving large amounts of VPN configurations. The device supports IPSec, L2TP and PPTP, plus DES, 3DES, AES, and Blowfish for encryption. Up to 100 VPN tunnels can be used. There is also support for manual or IKE/ISAKMP key management/authentication via an external RADIUS server.

In terms of expansion and connectivity, DFL-260 is alright. It has four 10/100 Ethernet ports, one 10/100 port for WAN and another one for DMZ. It also features a serial port for all console hackers and administrators out there. DFL-260 supports 12,000 concurrent connections and up to 500 user policies. The official specification states that the overall firewall throughput is 80Mbit/s while VPN throughput is about 25Mbit/s. The figure for VPN assumes that 3DES or AES are used for encryption.
In comparison, its elder brother DFL-860 supports a 150Mbit/s firewall throughput, 60Mbit/s for VPN, 1,000 different user policies, 300 VPN tunnels and 25,000 concurrent sessions. It has seven Ethernet ports, two WAN ports and an extra DMZ port. The DFL-860 has a few other features which DFL-260 doesn’t, such as OSPF protocol for dynamic routing, but for a small office, and even a medium-sized one, it’s too much. A firewall like DFL-860 would be underused and too expensive. Hence, DFL-260 is positioned very well for its market. It must be noted though that the MTBF for DFL-860 is 36,879 hours, versus only 21,571 hours for DFL-260.DFL-260 obviously comes with an SPI firewall.

The DMZ port can be configured as another WAN interface with traffic load sharing and balancing. The web-based GUI looks slick and professional. It’s easy to navigate and is suitably intuitive. Real administrators, however, might prefer the power of the console, which is available, too.

DFL-260 is a robust firewall which works rather well. The optional subscription service for IPS, Anti-Virus scanning and Web Content Filtering is recommended if you decide to buy the device. Don’t forget to consider the cost of a yearly subscription when you calculate TCO. DFL-260 is a feature-rich device and, although some might wish that it supported D-Link’s ZoneDefense mechanism also, it’s impossible to have everything. D-Link has done a good job on this one.