Lots of features for a good price and straightforward to configure.
Poor content filtering.
A good firewall for the price with accomplished security tools, although any enterprise looking for an appliance that does more should look elsewhere.
For the price, D-Link squeezes a lot of features into its Linux-based DFL-1100 appliance, including a SafeNet PCI VPN accelerator card and four Fast Ethernet ports.
The appliance itself is based on a 300MHz processor, 256MB RAM and a 64MB Compact Flash card, which houses the software.
The network ports are setup and externally labelled in the traditional LAN, WAN and DMZ set up, with the fourth port configurable to be a LAN or DMZ, or to connect to another DFL-1100.
In this mode you can create a cluster of two firewalls, which keeps your network protected in the event that one of the firewalls should fail.
Installation and configuration is simple thanks to the appliance's DHCP server and web management. The firewall comes with a default policy governing how traffic can flow between each port.
Be careful of the default policy though, as it allows all traffic from the LAN to the WAN, so you'll probably want stricter settings. Rules are very powerful, though, and you can apply traffic shaping and bandwidth control to help ease the load on your network.
The content filtering is slightly disappointing. It will block ActiveX and Java script, but it only blocks websites by URL and URL keywords, which you have to provide.
This means that the appliance is not really suitable for a branch office, where you are likely to want content filtering and anti-virus built in as well.
Policies can also have intrusion detection turned on, although there is no way to update the engine from inside the firewall, so you're better off sticking with alternative systems.
Finally, the VPN is straightforward to configure and comes licensed for up to 1,000 VPN tunnels. Support for Dynamic DNS services is useful if you're using dynamically allocated IP addresses from your ISP.
A powerful firewall for the money, its core security tools are accomplished. However, the poor range of other tools, such as content filtering mean it is not suitable for installations where you need more than a firewall.
Readers will also be interested to know that the DFL-700 has a similar range of tools for a much cheaper price.