Your SlideShare is downloading. ×
VPN Firewall Brick 80
VPN Firewall Brick 80
VPN Firewall Brick 80
VPN Firewall Brick 80
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

VPN Firewall Brick 80

1,063

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,063
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. VPN Firewall Brick™ 80 Security, VPN, and QoS Gateway The VPN Firewall Brick™ 80 gives you peerless capabilities for delivering service level-assured advanced security, IP VPN, and bandwidth management services to enterprises' regional and branch office sites. This carrier-grade IP services platform stretches your investment dollars with the industry’s best price/performance and lowest total ownership costs. And it offers service-enhancing, revenue-building features no competitive product can match. Applications Benefits • Advanced security services • Best price/performance—less than half the per-Mbps price of major competitors • Site-to-site and remote access VPN services • Lowest cost of ownership—one configuration supports • Bandwidth management services multiple IP services with no additional or recurring • Mobile data services licensing fees; VLAN and virtual firewall support for up to 80 customers at no additional cost; management • Secure intranets and extranets efficiencies reduce staffing and administrative expenses Features • Flexible deployment options—premises or network- based services with shared or dedicated hardware • Integrates firewall, VPN, QoS, VLAN, and virtual environments firewall capabilities in one configuration • Economical growth path—migrate to advanced security • 190 Mbps firewall performance; 11 Mbps 3 DES and VPN services with no added infrastructure performance; 200 simultaneous VPN tunnels; 4,094 investments VLANs; 80 virtual firewalls • No-touch CPE—no need for costly network • Intrinsically secure, transparent Layer-2 bridge reconfigurations, truck-rolls, or onsite support • Central staging and secure remote management via • Enhanced user experiences—best-in-class bandwidth Lucent Security Management Server (LSMS) software; management with customer-level, user-level, and manages thousands of VPN Firewall Bricks™ and server-level QoS control Lucent IPSec Client users from one console • Assured business continuity—native high availability, • Unsurpassed security services: advanced distributed carrier-class reliability denial of service attack protection; high-speed content security (command blocking, URL filtering, virus • Scalable, carrier-grade management—centrally manage scanning); strong authentication; real-time up to 1,000 VPN Firewall Bricks™ and 10,000 Lucent monitoring, logging, and reporting IPSec Client users • High-availability architecture—no single point of failure • Industry’s only firewall, VPN, and QoS gateway with no advisories or reported vulnerabilities
  • 2. VPN Firewall Brick™ 80 Technical Specifications 1.Processor/Memory 8.Layer-7 Application Support AMD K6-2 350 MHz with 64MB RAM Application Filter architecture supports Layer-7 protocol inspection for command validation, dynamic channel pinholes 2.LAN Interfaces and application layer address translation. Application filters (4) 10/100 Base-TX Ethernet (RJ-45) include http, ftp, tftp, H.323/H.323 RAS, Oracle SQL*Net, Net BIOS, DHCP Relay 3.Other Ports SVGA video, DB9 serial, external floppy, PS/2 keyboard 9.Firewall Attack Detection and Protection Generalized flood protection extensible to new flood attacks as 4.Performance discovered with patent-pending Intelligent Cache Management Concurrent sessions – 30,000 SYN flood protection to specifically protect inbound servers, New sessions/second – 2,500 e.g. Web servers, from inbound TCP SYN floods Rules – 30,000 (shared among all virtual firewalls) Strict TCP validation to ensure TCP session state enforcement, Max clear text throughput – validation of sequence and acknowledgement numbers, 180 Mbps (1518 byte TCP packets) rejection of bad TCP flag combinations. 190 Mbps (1518 byte UDP packets) Initial Sequence Number (ISN) rewriting for weak TCP stack Max PPS throughput – 95,000 pps (64 byte UDP packets) implementations Max 3DES throughput with software encryption – Fragment flood protection with Robust Fragment Reassembly, 11 Mbps (1518 byte TCP packets) ensures no partial or overlapping fragments are transmitted Generalized IP Packet Validation including detection of 5.Virtualization malformed packets such as ping of death, land attack, tear Maximum number of virtual firewalls – 80 drop attack. Drops bad IP options as well as source route options Number of VLANs supported – 4,094 VLAN domains – up to 16 per VLAN trunk 10.Content Security VPN Firewall Brick™ partitions – allows for virtualization of Lucent Proxy Agent integrates load-shared content security customer IP address range, including support for overlapping IP services for: addresses Application protocol command blocking – HTTP, SMTP, FTP 6.Modes of Operation URL blocking – with 8e6 Technologies’ X-Stop™ Xserver Bridging and/or routing on all interfaces Virus scanning – with Trend Micro’s InterScan™ VirusWall Anti- Virus Security Suite All features supported with bridging IP routing with static routes 11.QoS/Bandwidth Management 802.1Q VLAN tagging supported inbound and outbound on Classified by Physical Port, Virtual Firewall, Firewall Rule, any combination of ports Session Layer-2 VLAN bridging Bandwidth Guarantees – Into and out of Virtual Firewall, NAT (Network Address Translation) allocated in bits/second PAT (Port Address Translation) Bandwidth Limits - Into and out of Virtual Firewall, allocated in Policy-based NAT and PAT (per rule) bits/second, packets/session, sessions/second Supports virtual IP addresses for both address translation and ToS/DiffServ marking and matching VPN tunnel endpoints 12.Firewall User Authentication DHCP-assignable interface/VLAN addresses Browser-based authentication allows authentication of any user DHCP Relay capabilities protocol Dynamic registration of mobile VPN Firewall Brick™ address for Built-in internal database – user limit 10,000 centralized remote management Local passwords, RADIUS, SecurID 7.Services Supported User assignable RADIUS attributes Bootp, http, irc, netstat, pop3, snmp, tftp, pptp, dns, https, kerberos, nntp, rip, ssh, who, RADIUS, eigrp, ident, ldap, ntp, 13.VPN rip2, syslog, shell, X11, exec, gmp, login, ospf, rlogin, telnet, Maximum number of dedicated VPN tunnels – 200 talk, H.323, ftp, imap, mbone, ping, rsh, traceroute, lotus Manual Key, IKE, PKI (X.509) notes, VoIP, Gopher, IPSec, netbios, pointcast, smtp, sql*net 3DES (168-bit), DES (56-bit) Any IP protocol (user definable) SHA-1 and MD5 authentication/integrity Any IP protocol + layer 4 ports (user definable) Replay attack protection Support for non-IP protocols as defined by DSAP/Ethertype Remote access VPN Site-to-site VPN IPSec NAT Traversal (UDP encapsulated IPSec) LZS compression Spliced and nested tunneling 2
  • 3. 14.VPN Authentication 20.Dimensions (W x L x H) Local passwords, RADIUS, SecurID, X.509 digital certificates 11.1” x 7.5” x 2”28 cm x 19 cm x 5 cm with Entrust CA Weight: 3.1 lbs (1.4 kg) PKI Certificate requests (PKCS 12) Shipping Weight: 7.5 lbs (3.4 kg) Automatic LDAP certificate retrieval 21.Cooling 15.High Availability CPU fan VPN Firewall Brick™ to VPN Firewall Brick™ active/passive failover with full synchronization 22.Operating Altitude 400 millisecond device failure detection and activation 10,000 ft (3,048 meters) Session protection for firewall and VPN 23.Environmental Link failure detection Operating Alarm notification on failover Temperature: 0 to 40º C Encryption and authentication of session synchronization traffic Shock: 2.5g at 15 – 20 ms on any axis Self-healing synchronization links Humidity: 5–95% at 40º C (non-condensing) Lucent Proxy Agent load sharing supports high availability for content security services Vibration: 5g at 2 – 200Hz on any axis Non-Operating 16.Diagnostic Tools Temperature: 0 to 70º C Out of band debugging and analysis via serial Shock: 35g at 15 – 20 ms on any axis port/modem/terminal server Humidity: 5–95% at 40º C (non-condensing) Centralized, secure remote console to any VPN Firewall Brick™ Vibration: 5g at 2 – 200Hz on any axis supporting Ping, Traceroute, packet trace with filters Remote VPN Firewall Brick™ bootstrapping 24.Power Real-time log viewer analysis tool External AC to DC Power Supply: rated 40W Max Switching mode, 100–250V AC, 50–60Hz, 1.0A 17.3-Tier Management Architecture Consumption: 0.27A typical at 115VAC Centralized, carrier-grade, active/active management architecture with Lucent Security Management Server (LSMS) 25.Safety Listings software USA – UL 1950 Secure VPN Firewall Brick™ to LSMS communications with Canada – CSA 22.2 No. 950 Diffie-Helman and 3DES encryption, SHA-1 authentication and integrity and digital certificates for VPN Firewall Brick™/LSMS EU – EN/IEC 60950 authentication Japan – CB Scheme IEC 60950 Up to 100 simultaneous administrators securely managing all 26.EMC Certifications aspects of up to 1,000 VPN Firewall Bricks™ FCC Part 15, Class A Secure, reliable, redundant real-time alarms, logs, reports EN 55022, Class A 18.Certifications VCCI, Class A ICSA V3.0A Firewall Certified, ICSA V1.0B IPSec Certified AS 3548, Class A CNS 13438/CISPR22, Class A 19.Mean Time Between Failure EN 300 386-2: 1997, Class 1 and 2 85,000 Hrs VPN Firewall Brick™ 80 Back Panel 3
  • 4. Lucent Proxy Agent 1.Software Requirements Solaris 8 2.Hardware Requirements Sun workstation 333 MHz Pentium Pro processor (minimum) 512 MB system memory (minimum), higher recommended CD-ROM drive 1 Ethernet 10/100 card 3.Supported Applications Virus scanning URL screening Application-layer protocol command recognition and filtering Application-layer command line length enforcement Unknown protocol command handling Extensive session-oriented logging for application-layer commands and replies Hostile mobile code blocking (JAVA, ActiveX) 4.Protocols support HTTP, SMTP, FTP Ordering Information 1.VPN Firewall Brick™ 80 with External 3.25” Floppy Drive Part Number 300269560 To learn more, contact your 2.Lucent Security Management Server dedicated Lucent Technologies See LSMS data sheet for ordering details representative, authorized reseller, 3.Lucent Proxy Agent or sales agent. You can also visit Included in LSMS software our Web site at www.lucent.com. 4.Lucent IPSec Client This document is provided for planning purposes only and does not create, See Lucent IPSec Client data sheet for ordering details modify, or supplement any warranties which may be made by Lucent Technologies relating to the products and/or services described herein. The publication of information contained in this document does not imply freedom from patent or other protective rights of Lucent Technologies or other third parties. VPN Firewall Brick is a trademark of Lucent Technologies Inc. Copyright © 2002 Lucent Technologies Inc. All rights reserved VPN v2.05/03

×