Transcript
NETASQ F500-3 or F500-4 Firewall Box NETASQ F500 firewall Box: optimum protection and modularity for structures of up to 500 users.
• 3 or 4 Ethernet interfaces • ASQ attack detection
The F500 is the VPN and firewall box adapted to entities with fewer than
• User authentication
500 stations: SMEs, SMIs, branch offices, administrative offices, groups of
• Internal PKI
companies, etc... It is specifically designed for companies which believe
• Easy to install and manage
that security is important. Like all products in the NETASQ range the F500
• User-friendly graphic interface
is solid and easy to manage; it combines an intuitive, user-friendly interface with the ASQ technology, the complete equipment for analysing connections and managing hacking. In addition, the powerful NETASQ REPORTER and NETASQ LOG ANALYZER*, log analysis tools, make it easy to manage activity on the network at the firewall level.
• ADSL, RNIS, RTC connection management • IPSec multi-algorithm VPN and certificates management • IPsec interoperability with market standards • Time and day scheduling of filtering rules
The 4-port version (F500-4) can be integrated into various types of secured network architectures because of its modularity.
• Real-time alarm notification • Transparent/hybrid mode
The F500 also meets the requirements of multi-site structures as it can be
• Advanced use of logs
used both as the central site of the VPN tunnel or as an extremity (branch
• Graphic analysis of network activity
or agency). * The NETASQ LOG ANALYZER is an optional product.
• Management of load balancing and routing by source
NETASQ F500-3 or F500-4 Firewall Box
Extended security and attack detection features: ASQ • ASQ technology • Stateful Inspection filtering with enhanced filtering rules* • Detection of attacks based on packet format: spoofing, ‘misformed’ packets (Land, Xmas, ...), remote analysis (Queso, Nmap, ...), DNS hacking (label recursion attack...) • Detection of attacks based on connection context: fragments (Oversize/Overlapped, Jolt/Teardrop, Nestea, ...) • Attack detection based on global context: flooding (TCP, UDP, ICMP, SYN Flooding, Pong, Smurf, ...), address spoofing, port scanning, ... • Management of potential unidentified hacking • Fully secure system* Authentication • Authentication management at the filtering, VPN, remote access and URL filtering levels • Embedded LDAP directory • External LDAP and RADIUS compatibility • Authentication methods: - login/password via HTTP or HTTPS - certificates via HTTPS - SRP via JAVA applet • Internal PKI management with x509 certificates Filtering features • From physical to application layers - OSI 7 (interfaces, IP addresses, protocols, application) • Group management (groups of machines, networks, services, ...) • 5 actions available for each rule (pass, block, authenticate, reset, ...) • 4 options available for each rule (log, alarm, count, flow limitation) • URL filtering** (through URL or Proxy). Websense™ and X-Stop™ compatibility. Network features • 3 or 4 10/100 Mbits/s autosense ports • DSL connection management (PPTP and PPPOE) • RTC/ISDN Hayes compatible modems supported • Static routes management • Transparent mode (interfaces with same IP address) • Transparent/advanced hybrid mode • VLAN management • Bandwidth management • Proxies management • DSL links redundancy management (high availability and load balancing) • Routing by source management Address translation and redirection • Network Address Translation (1 and 2-way static/dynamic NAT) • Port Address Translation (PAT) • Load sharing VPN features • PPTP management (40 and 128 bit MPPE**) • IPsec remote access management (remote users) • IPsec gateways management (gateway to gateway management) • Manual, pre-shared key (PSK) or PKI management • IPsec UDP tunneling support • Wide choice of algorithms (DES, 3DES, BlowFish, CAST, AES, ...) • 64-bit VPN is free of charge • IPsec interoperability with market norms • Remote VPN client** High availability • Data exchange via serial or Ethernet link • High availability flow encryption in AES
NETASQ • 3, rue Archimède • 59650 Villeneuve d'Ascq • France Tel.: + 33 320 619 630 • Fax: +33 320 619 639 Website: www.netasq.com • E-mail:
[email protected]
Alarms, logs and monitoring Netasq Monitor: real-time, multi-firewall monitor • Real-time alarm display • Real-time display of connections, throughput and bandwidth • Real-time display of users connections and transferred data Netasq Reporter and Netasq Log Analyzer**: advanced log and statistics analysis tools • Remote download and storage of logs (from one or more firewalls) • Log and statistics display and analysis • Advanced graphical analysis tools • Extended statistics • Tree-structure log display and ability to define selection filters • Webtrends compatibility • Alarm reporting through mail, real-time monitor or syslog server
Configuration Netasq Remote Manager: remote firewall management tool • User-friendly graphic interface • Windows compatible • Multi-firewall configuration and administration capabilities • Configuration and system backups • Remote and secure firewall and GUI update • Secure remote access (SSL encryption and SRP authentication) through TCP/IP • Configuration help guide + Wizards • Several administration levels • Firewall list management • Configuration imports and backups * Technologies developed by Netasq R&D laboratory ** Optional features
Performances Throughput: Encrypted flows:
127 Mbits/s AES + SHA1: 28 Mbits/s AES only: 41 Mbits/s SHA1 only: 49 Mbits/s
Material specifications RS-232 serial port 3 or 4 RJ45 10/100 Mbits/s autosense interfaces Processor: 750 Mhz Storage: 40 Go hard disk Memory: 128 Mo RAM Dimensions (mm): 410 x 44.5 x 445 - Rackable (1 U and 19”) Weight: 7.5 kgs Power supply: 85 to 264 VAC, 200 W Control connection: RS 232 - VT100 emulation Mini-din keyboard + VGA screen
Environment Working temperature: Storage:
5° to 35 °C -30° to 65 °C
This document is not a contract. In order to further enhance the quality of its products, the manufacturer reserves itself the right to alter them without prior notice. All trademarks quoted are the property of the authors.
Technical features
