Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. INGATE FIREWALL 1200 You want to connect your enterprise locations together using the most efficient person-to-person IP communications. At the same time, even your smallest branch office or telecommuter needs the protection of an enterprise grade firewall. Ingate’s Firewalls are the first SIP-capable enterprise firewalls, making Ingate the solution for companies that want the benefits of SIP-based communi- cations including presence, instant messaging, audio/video conferencing and VoIP. The Ingate Firewall 1200 is specifically designed to offer full firewall protection for small companies and branch or home office LAN while allowing the use of SIP-based communications. Ingate Firewalls are designed to be cost-efficient, easy to use and scalable to meet the dynamic needs of today's enterprises. Firewall SIP Capabilities G SIP server with both SIP Proxy and SIP Registrar included G Works both as in-coming and out-going proxy G No location server required on LAN for incoming SIP requests G Support for DNS SRV records G Stateful or stateless operation is used based on the nature of the SIP request The Ingate Firewall 1200 – a Fully Featured Small G Parallel issue of requests to multiple destinations Office Firewall G Session timer G Record routing The Ingate Firewall 1200 offers the full set of features standard on G Via hiding all Ingate Firewalls, including VPN and complete support for SIP. G TLS support for encrypted SIP signaling Ingate Firewalls are designed to provide complete firewall security with minimal effort or risk. The Ingate Firewall 1200 offers a conve- niently small footprint that allows the small office or home office to have the feature set of a larger machine. As with all Ingate products led the Ingate Firewall 1200 can handle up to 40 simultaneous sess- security feature updates are free of charge and security administrators sions in a VoIP application or 400 registered users (assuming 0.1 can configure the firewall to automatically detect available updates via Erlang per user). the Web. Firewall features The first SIP-capable Enterprise Firewalls The Ingate Firewall 1200 supports both stateful inspection and pack- Ingate's Firewalls are the first of their kind. The range of Ingate et filtering. In addition to the unique SIP proxy, the Ingate Firewall Firewalls is designed to cover the needs of the entire enterprise 1200 contains proxies for all standard protocols, including TCP, market and have everything necessary for SIP traversal, including a UDP, FTP and DHCP. The Ingate Firewall 1200 also supports SIP registrar and a SIP proxy. They also handle SIP clients such as Network Address Translation (NAT) and Port Address Translation telephones or a PC-based client like MSN Messenger (part of (PAT) in combination with all other features. The DHCP client Windows®XP) on a LAN using Network Address Translation (NAT) allows the Ingate Firewall 1200 to receive a dynamic IP address from to reach private IP addresses. Ingate's truly unique support for SIP an external DHCP server. This feature is particularly useful for small over TLS also solves the security concerns often associated with the or home offices where the network provider does not assign perma- use of realtime communications applications by allowing encryption nent IP addresses. of the SIP signalling. As instant messages are sent over the SIP signa- ling, this feature will also bring the additional benefit of protecting the Ingate VPN message content for an instant message. SIP is brought seamlessly and A Virtual Private Network (VPN) can be installed as an extension securely to the enterprise with the addition of a single piece of hard- module to the Ingate Firewall 1200. The Ingate VPN can communi- ware: the Ingate Firewall. cate with any VPN clients, firewalls and other products supporting the IPSec and IKE protocols. The Ingate VPN uses 3DES encryp- The Ingate Firewall 1200 includes a SIP software module that allows tion, supports authentication using MD5 and SHA1 and uses X.509 for a limited number of SIP clients to be registered with the firewall. certificates. To further serve users of our products, Ingate maintains As needs increase, the module is easily extended for additional users a list of the VPN clients on the market that are compatible with the though the purchase of software license upgrades. When fully enab- Ingate VPN. Ingate Systems AB Ingate Systems Inc. Box 10013 7 Farley Road For information about products, sales or partnerships, contact: Stockholm-Globen Hollis NH Headquarters: +46 (0)8-600 77 50 U.S.: 1-603-883-6569 SE-121 26 Sweden 03049 USA E-mail:
  2. 2. Management User Interface The management interface for the Ingate Firewall 1200 is a Web- Technical Specifications for Ingate Firewall 1200 based graphic user interface (GUI) that has proven very popular Processor VIA C3 among users of Ingate Firewalls. The management interface that is common across the Ingate range of firewalls enables efficient, cen- Operating System Linux 2.4 tralized management of all firewall assets throughout an enterprise. Interfaces (10/100 Mbit/s) 2 The GUI leads the administrator step by step through the user- Throughput (Mbit/s) 55 friendly configuration and management process, reducing the risk of errors that often occur during setup. Ingate customers and the media Dimensions WxDxH (mm, inch) 220x254x44mm have cited our easy to use management interface as one of the hall- 8.66"x10"x1.75" marks of Ingate products. Environment – op (Temp, Humidity) 5-45°C, 5-95% Environment – storage (Temp, Hum) 0-70°C, 5-95% Management Security Certifications CE, FCC, UL In order to maintain the highest levels of security, the Ingate Firewall 1200 can be set up to be configured Management from designated computers or subnets. Automatic check for new release Yes The management connection can use Web GUI Yes Secure Socket Layer (SSL) encryption, Internet DHCP Client Yes and RADIUS to provide maximum secu- rity through identification and authenti- SNMP Yes cation. Mass configuration option Planned January 2003 Syslog Yes E-mail events Yes Firewall Functionality Stateful inspection Yes Packet filtering Yes DHCP Proxy Yes Proxies for TCP, UDP and FTP Yes NAT/PAT Yes Home workstation QoS (bandwidth limitation and priority) Yes Authentication RADIUS VPN Functionality Encryption 3DES Authentication algorithms MD5, SHA1 X.509-certificates Yes Branch office Mobile workstation SIP Functionality Headoffice SIP Proxy Yes Logging/Alarm SIP Registrar Yes The Ingate Firewall 1200 comes with comprehensive logging and SIP traffic out&in without extra proxy Yes alarm functionality. Some logging can be done locally and stored on SIP traffic to private IP addresses Yes the flash memory of the unit while more extensive logging can be (NAT/PAT) stored remotely. Log files are searchable on a variety of parameters TLS encryption Yes and can be exported for use in a dedicated log analysis application. When alarms are raised they can be sent to the administrator via e- SIP connection set up (SIP+RTP) 0.15 s mail or a syslog server. RTP-data delay (10mbps/100mbps 0.19/0.08 ms network) Internet, the LAN and firewalls Number of concurrent RTP sessions 40 Every business has a Local Area Network (LAN) with Internet Registred SIP users included 1 access. To maintain privacy and security on the LAN, it is protected and separated from the public Internet by a firewall. Current firewalls Max registered SIP users (appr) 400 are designed to allow communication from computers on the LAN, inside the firewall, to servers on the Internet. They also allow sharing initiates realtime messaging, voice, data and video. Born of the of one single public IP address for enterprises having their own Internet community, SIP is superior to the older H.323 protocol in hidden and private IP addresses on the LAN. Today, there are new terms of the functionality and scalability performance required by and more efficient methods of Internet communications, including today's networks. In addition, SIP enables interoperability, allowing presence, instant messaging (IM), conferencing and VoIP. However, realtime communications between all service providers. Industry these applications require a firewall that handles the SIP protocol. experts predict that SIP will become the standard protocol, and pro- viders agree. Microsoft®, AOL, WorldCom, AT&T, MSN, Yahoo!, SIP for Person-to-Person IP Communications Cisco Systems, Pingtel and CommWorks are among those developing SIP (Session Initiation Protocol) is the IETF (Internet Engineering and marketing SIP-based products and services. The problem? Task Force) signaling protocol that is becoming for person-to-person Existing network firewalls prevent SIP communications. Ingate has IP communication what HTTP is for the Web. The SIP protocol the solution.