Preview only show first 10 pages with watermark. For full document please download

Vpn Firewall Brick 150

   EMBED

Share

Transcript

VPN Firewall Brick® 150 Security, VPN, and QoS Gateway Deliver service level-assured advanced security, IP VPN, and bandwidth management services to enterprise regional and branch office sites. The carrier-class, VPN Firewall Brick® 150 IP services platform stretches investment dollars and lowers total ownership costs by offering a low price/high-performance solution with service-enhancing, revenuebuilding features. Applications • Advanced security services • Site-to-site and remote access VPN services • Bandwidth management services • Web/application hosting • Mobile data services • Voice over IP (VOIP) Features Benefits • Unsurpassed security services — leverages state-of-theart Bell Labs security technology for optimum performance • Low price/high-performance — significantly lower price/Mbps than major competitors • Low cost of ownership — one configuration supports multiple IP services with no additional or recurring licensing fees; VLAN and virtual firewall support for up to 150 customers at no additional cost; management efficiencies reduce staffing and administrative expenses • Integrates high-speed firewall, VPN, QoS, VLAN, and virtual firewall capabilities in one configuration • Flexible deployment options — premises or network based services with shared or dedicated hardware environments • 330 Mbps firewall performance; 127 Mbps 3 Data Encryption Standard (3DES) VPN performance; 1,000 simultaneous VPN tunnels; 4,094 VLANs; 150 virtual firewalls • Economical growth path — migrate to advanced security and VPN services with no added infrastructure investments • Advanced Encryption Standard (AES) encryption (via hardware) is available when using LSMS 8.0 or higher • No-touch Customer Premises Equipment (CPE) — no need for costly network reconfigurations, truck-rolls, or onsite support • Hardware assisted encryption with built-in accelerator chip • Intrinsically secure, transparent Layer-2 bridge • Enhanced user experiences — best-in-class bandwidth management with customer-level, user-level, and server-level QoS control • Central staging and secure remote management via • Assured business continuity — native high availability, Lucent Security Management Server (LSMS) software; carrier-class reliability manages thousands of VPN Firewall Brick® units and • Scalable, carrier-grade management — central IPSec Client users from one console management of up to 1,000 VPN Firewall Brick® units • Advanced distributed denial of service attack protection, and 10,000 Lucent IPSec Client users high-speed content security (command blocking, URL filtering, virus scanning), strong authentication, realtime monitoring, logging, and reporting • High-availability architecture: No single point of failure VPN Firewall Brick® 150 Technical Specifications 1.Processor/Memory 650MHz Celeron Processor with 128 MB of RAM 2.LAN Interfaces (4) 10/100base TX Ethernet Ports 3.Other Ports SVGA video, DB9 serial, Parallel, USB (2) 8.Layer-7 Application Support Application Filter architecture supports Layer-7 protocol inspection for command validation, dynamic channel pinholes and application layer address translation. Application filters include http, ftp, tftp, H.323/H.323 RAS, Oracle SQL*Net, Net BIOS, DHCP Relay, DNS, GTP, SIP 9.Firewall Attack Detection and Protection Generalized flood protection extensible to new flood attacks as 4.Performance discovered with patent-pending Intelligent Cache Management SYN flood protection to specifically protect inbound servers, Concurrent sessions – 245,000 e.g. Web servers, from inbound TCP SYN floods New sessions/second – 20,000 Strict TCP validation to ensure TCP session state enforcement, Rules – 30,000 (shared among all virtual firewalls) validation of sequence and acknowledgement numbers, Max clear text throughput – 334 Mbps (1514 byte UDP packets) rejection of bad TCP flag combinations 94,000 pps (78 byte UDP packets) Initial Sequence Number (ISN) rewriting for weak TCP stack Max 3DES throughput with hardware encryption acceleration – implementations 127 Mbps (1460 byte UDP packets without LZS compression) Fragment flood protection with Robust Fragment Reassembly, 44,000 pps (78 byte, UDP packets) ensures no partial or overlapping fragments are transmitted Hardware Assisted Encryption – Encryption Accelerator module Generalized IP Packet Validation including detection of malformed packets such as ping of death, land attack, tear drop 5.Virtualization attack. Drops bad IP options as well as source route options Maximum number of virtual firewalls – 150 Number of VLANs supported – 4,094 10.Content Security Lucent VLAN domains – up to 16 per VLAN trunk Proxy Agent integrates load-shared content security services for: VPN Firewall Brick® partitions – allows for virtualization of Application protocol command blocking – HTTP, SMTP, FTP customer IP address range, including support for overlapping Virus scanning IP addresses URL screening 6.Modes of Operation Application-layer protocol command recognition and filtering Bridging and/or routing on all PPPoE interfaces Application-layer command line length enforcement All features supported with bridging Unknown protocol command handling IP routing with static routes Extensive session-oriented logging for application-layer commands and replies 802.1Q VLAN tagging supported inbound and outbound on any combination of ports Hostile mobile code blocking (JAVA, ActiveX) Layer-2 VLAN bridging URL blocking – with 8e6 Technologies’ X-Stop™ Xserver Network Address Translation (NAT) Virus scanning – with Trend Micro’s InterScan™ VirusWall Anti-Virus Security Suite Port Address Translation (PAT) Policy-based NAT and PAT (per rule) 11.QoS/Bandwidth Management Supports virtual IP addresses for both address translation and Classified by Physical Port, Virtual Firewall, Firewall Rule, Session VPN tunnel endpoints Bandwidth Guarantees – Into and out of Virtual Firewall, DHCP-assignable interface/VLAN addresses allocated in bits/second DHCP Relay capabilities Bandwidth Limits - Into and out of Virtual Firewall, allocated Dynamic registration of mobile VPN Firewall Brick® addresses in bits/second, packets/session, sessions/second for centralized remote management ToS/DiffServ marking and matching 7.Services Supported 12.Firewall User Authentication Bootp, http, irc, netstat, pop3, snmp, tftp, pptp, dns, https, Browser-based authentication allows authentication of any kerberos, nntp, rip, ssh, who, RADIUS, eigrp, ident, ldap, ntp, user protocol rip2, syslog, shell, X11, exec, gmp, login, ospf, rlogin, telnet, Built-in internal database – user limit 10,000 talk, H.323, ftp, imap, mbone, ping, rsh, traceroute, lotus notes, VoIP, Gopher, IPSec, netbios, pointcast, smtp, sql*net Local passwords, RADIUS, SecurID User assignable RADIUS attributes Any IP protocol (user definable) Any IP protocol + layer 4 ports (user definable) Support for non-IP protocols as defined by DSAP/Ethertype 2 2 13.VPN Maximum number of dedicated VPN tunnels – 1,000 Manual Key, IKE, PKI (X.509) 3DES (168-bit), DES (56-bit) AES SHA-1 and MD5 authentication/integrity Replay attack protection Remote access VPN Site-to-site VPN IPSec NAT Traversal (UDP encapsulated IPSec) LZS compression Spliced and nested tunneling 14.VPN Authentication Local passwords, RADIUS, SecurID, X.509 digital certificates with Entrust CA PKI Certificate requests (PKCS 12) Automatic LDAP certificate retrieval 18.Certifications ICSA V4.0 Firewall Certified (pending), ICSA V1.0B IPSec Certified 19.Mean Time Between Failure 218,999 Hrs Telecordia SR-332 at Standard Reference Conditions. 20.Dimensions (W x L x H) 11” (W) x 7.18” (D) x 1.75” (H) (1U) 27.9 cm x 18.2 cm x 4.5 cm (1U) Rack, Wall, or Table Mountable Weight: 3 lbs. (1.4 Kg) Shipping Weight: 5 lbs. (2.3 Kg) 21.Cooling Chassis fan 22.Operating Altitude Up to 13,123 feet (4,000 m.) 15.High Availability 23.Environmental VPN Firewall Brick® to VPN Firewall Brick® active/passive Operating failover with full synchronization Temperature: 0 to 50 C. 400 millisecond device failure detection and activation Shock: 2.5g. at 15 – 20 ms on any axis Session protection for firewall and VPN Relative Humidity: 10 – 95% at 40 C. (non-condensing) Link failure detection Vibration: 5g. at 2 – 200 Hz on any axis Alarm notification on failover Encryption and authentication of session synchronization traffic Non-Operating Self-healing synchronization links Temperature: -20 to 70 C. Lucent Proxy Agent load sharing supports high availability Shock: 35g. at 15 – 20 ms on any axis for content security services Relative Humidity: 10 – 95% at 40 C. (non-condensing) Vibration: 5g at 2 – 200 Hz on any axis 16.Diagnostic Tools Out of band debugging and analysis via serial port/modem/terminal server Centralized, secure remote console to any VPN Firewall Brick® unit supporting Ping, Traceroute, packet trace with filters Remote VPN Firewall Brick® bootstrapping Real-time log viewer analysis tool 17.3-Tier Management Architecture Centralized, carrier-grade, active/active management architecture with Lucent Security Management Server (LSMS) software Secure VPN Firewall Brick® to LSMS communications with Diffie-Helman and 3DES and AES encryption, SHA-1 authentication and integrity and digital certificates for VPN Firewall Brick®/LSMS authentication Up to 100 simultaneous administrators securely managing all aspects of up to 1000 VPN Firewall Brick® units Secure, reliable, redundant real-time alarms, logs, reports 24.Power External AC to DC Power Supply: Rated 50W max. Input: CV mode, 100 – 240 VAC, 47 to 63 Hz, 64 watts Typical Consumption: 0.28A @ 115V, 0.14A @ 230V 25.Safety Listings USA/Canada: CSA Certified to UL®60950-1, First Edition and CAN/CSA C22.2 No. 60950-1-03 EU: CE, CB Scheme to EN/IEC 60950 26.EMC Certifications USA: FCC Part 15, Class B Canada: IC-ES003 EU: CE, EN 300-386-2; EN 55022, Class A Japan: VCCI, Class A 3 Lucent Proxy Agent 1.Software Requirements Solaris 8 2.Hardware Requirements Sun workstation 333 MHz Pentium Pro processor (minimum) 512 MB system memory (minimum), higher recommended CD-ROM drive 1 Ethernet 10/100 card Ordering Information 1.Firewall Brick® 150 Basic Part Number 300698289 2.Lucent Security Management Server Brick 150 Requires LSMS 7.2.317 or later. AES feature requires LSMS 8.0 or later. See LSMS data sheet for ordering details 3.Lucent Proxy Agent Included in LSMS software 4.Lucent IPSec Client See Lucent IPSec Client data sheet for ordering details To learn more about our comprehensive portfolio of security products, please contact your Lucent Technologies Sales Representative or visit our web site at www.lucent.com or www.lucent.com/security. This document is for planning purposes only, and is not intended to modify or supplement any Lucent Technologies specifications or warranties relating to these products or services. This publication of information in this document does not imply freedom from patent or other protective rights of Lucent Technologies or others. VPN Firewall Brick is a registered trademark of Lucent Technologies Inc. NEBS is a trademark of Telcordia Technologies, Inc. X-Stop is a trademark of Log-On Data Corp. InterScan is a registered trademark of Trend Micro, Inc. UL is a registered trademark of Underwriters Laboratories Inc. Copyright © 2004 Lucent Technologies Inc. All rights reserved VPN v1.0304