_02221753.jpg)
click pentru a vedea toate pozele
Nortel Alteon Switched Firewall (ASF)
Overview
The Alteon Switched Firewall (ASF) is a multi-component solution managed as a single system.
The system reflects a tight integration of two key components – an Alteon Switched Firewall Accelerator and up to six Alteon Switched Firewall Directors. The software is a combination of the Alteon Switched Firewall OS, providing session acceleration and switching functionality and the market-leading Firewall–1NG with Application Intelligence software from Check Point. The modular architecture allows unmatched scalability – from small installations up to data centre security in one product line. The Alteon Switched Firewall Director performs policy checking for every new connection request, manages the connection table and specifies the rules for handling packets in a session. After a connection is established, the Alteon Switched Firewall Director passes its connection table to the Alteon Switched Firewall Accelerator. The Switched Firewall Accelerator applies the firewall rules at wire speed to subsequent packets within an existing connection. As a result, up to 90% of traffic is accelerated as these packets bypass the core firewall logic on the Switched Firewall Director. This unique acceleration technology, only found on the Alteon Switched Firewall System, makes it one of the leading high–performance firewalls on the market.
Key Points
• Transparent deployment into existing Check Point firewall infrastructures leveraging Check Point’s advanced firewall and security management services Layer 2 stealth/bridge mode allows the ASF to be deployed in the core of large gigabit networks with no topology changes needed
• Overall simplification of firewall and hosting infrastructures in terms of deployment, day–to–day management and troubleshooting
• Operational costs are minimised because administrators no longer need to configure each firewall. The first firewall can be provisioned in less than 30 minutes with a
configuration wizard. The single system image replication and management capabilities of the Alteon Switched Firewall System makes adding new Alteon Switched Firewall Directors a plug and play operation, therefore offering unmatched scalability
• With its innovative architecture and plug and play provisioning of firewall resources, the Alteon Switched Firewall allows enterprises and service providers to lower capital expenditures and increase their return on investment. Capital expenditures are reduced due to a "pay as your traffic grows" flexible architecture
• Leverage existing staff skills, training and processes while deploying advanced Alteon Switched Firewall services
• The Alteon Switched Firewall provides the best price/throughput ratio on the market
making it the best choice for performance–hungry networks High availability allows automatic fail–over to other firewalls in the cluster
• Discrete switch and firewall fail–over eliminates single points of failure
• Plug and play provisioning allows additional Switched Firewall Directors to be
auto–detected upon power–on and automatically configured for license, IP address and security policies
• Scalable, allowing up to 6 Switched Firewall Directors per Switched Firewall Accelerator in high availability mode for easy expansion
• Small footprint of only 3RU for the base Alteon Switched Firewall system
• A single GUI is used to manage both the Switched Firewall Accelerator and the Switched Firewall Director
• Switch and director logs centrally monitored
• VLAN and 802.1Q tagging support allowing for over 200 DMZs or virtual firewalls
• Organisations need not trade off performance for security
The ASF is ideal for any enterprise and/or service provider looking to protect their networks. Additional benefits can be achieved when deploying VoIP and streaming services that require minimal firewall latency and overall network jitter.Features and
Benefits
• Integrated, market leading Check Point FW–1 NG firewall software with performance
enhancements
• Switched based session acceleration enables tremendous improvement in firewall
performance
• Total compatibility with Check Point NAT and the added feature of offloading CPU
intensive/NAT functions to the Switched Firewall Accelerator
• Highest performing Check Point firewall on the market, with 4.2Gbps throughput and 500,000 simultaneous accelerated sessions
Alteon Firewall 5100 (ASF 5100-Series)
Overview
The Alteon Firewall 5100 (ASF 5100) series are a stand-alone range of firewalls best suited for deployment in small to medium-sized enterprises. These firewall products complement the accelerated product line by providing deployment and price flexibility. The ASF 5100 series firewall runs Check Point Firewall-1 NG with Application Intelligence software, providing a stateful inspection engine that supports all the well known Check Point features and capabilities. In addition, the ASF 5100 can be upgraded to support the
full range of the accelerated Switched Firewall features and enhanced scalability by adding a Firewall Accelerator and upgrading to Switched Firewall Director software.
Key Points
• The price/performance ratio of the ASF 5100 is unparalleled
• Provides a cohesive upgrade path, allowing simple and cost effective scalability to
accelerated multi gigabit performance
• High availability of mission-critical applications using VRRP
• VLAN tagging allows hundreds of secure subnets to be created
• Secured by Check Point FW-1 NG, the industry leader in network security
• Small form factor - only one rack unit Features and Benefits
• Check Point FW-1 NG with application intelligence - the core of the ASF 5100 series
firewall, is the stateful inspection engine used by Check Point FW-1 NG, the industry leader in policy-based traffic filtering. This provides the most comprehensive protection against hundreds of network attacks. ASF 5100 series firewall supports the full Check Point FW-1 NG feature set, such as application-layer protection, network address translation (NAT) anti-spoofing and smart defence VLAN tagging - the ASF 5100 series firewall supports VLAN tagging (IEEE 802.1Q). This allows the firewall to discreetly protect up to 242 different user groups within one or more network subnets. This provides security administrators with the ability to create secure DMZs without impacting network
performance
• High availability - through VRRP, two ASF 5100 series firewalls can provide activestandby redundancy. While both firewalls are active for different traffic streams, each
can automatically take on the traffic load of the other device in the event one firewall fails
• Plug-and-play provisioning - the provisioning wizard enables quick and simple installation of another ASF 5100 firewall, ensuring firewall performance scalability
• Scalability to multi-gigabit throughput - the ASF 5100 series firewalls can be upgraded to multi-gigabit performance levels and advanced features, including active-active high availability. This requires the deployment of a Switched Firewall Accelerator
The ASF 5100 series can be thought of as a "starter kit," enabling enterprises to initially
deploy the Alteon stand-alone firewall products and scale to the higher performance, load
balancing and high availability features available by adding a Switched Firewall Accelerator and additional Firewall Directors, as the network grows. As a stand-alone solution, the Alteon Firewall 5100 series is ideal for any enterprise looking for a Check Point stateful inspection firewall to protect their networks, serving as a perimeter solution for regional/branch offices or as a security gateway safeguarding traffic within the corporate LAN.
Contivity
Secure IP Services Gateway
Overview
Contivity Secure IP Services Gateways are a next generation family of products delivering security and IP services in a single integrated platform. Contivity Secure IP Services Gateways provide advanced IP routing, firewall, bandwidth management, encryption, authentication and data integrity for secure tunnelling across managed IP networks and the Internet. Designed for the enterprise edge – the intersection of an enterprise’s private and public IP networks – Contivity is optimised to leverage the cost advantages of the Internet while providing secure communications across the public infrastructure. With a comprehensive set of software-based IP services, Contivity allows enterprises to deploy services, as and when needed with the activation of software license keys – all without costly hardware upgrades or network downtime. Service providers similarly can deliver new revenue-generating IP and security services without disruptions to existing customer-based or carrier infrastructure.
Key Points
• Security is built into the Contivity DNA with secure routing technology (SRT). Contivity
devices are designed with security in mind – both in the secure transmission of data, as
well as the inherent security of the device and its management
• A single integrated hardware device that provides routing, firewall, bandwidth management, encryption, authentication and data integrity for secure tunnelling across managed IP networks and the Internet. One box provides a full range of features for
building high-performance, scalable, secure IP VPNs
• Mix and match IP services capability – Contivity’s secure IP services, including
advanced routing, full VPN capabilities and stateful firewall, can be purchased and implemented independently, as and when needed with the flexible and simple activation of software license keys
• Cost savings – using the Internet or a managed IP service as the wide area transport allows connections to be local to users
• Standards based – Contivity interoperates with existing routing, authentication, directory and security services. Standards based IP routing services enables Contivity to
be integrated into an existing router network or to be deployed on its own to build a highly
redundant and flexible, secure network
• Highly scalable portfolio – from low-end Contivity 1000 to high-end Contivity 5000 –
Contivity can address the smallest branch site or largest headquarters with every environment in between. Contivity also makes it easy to scale the network, allowing for fully-meshed network connectivity Contivity can also leverage the service provider’s backbone for a consistent level of performance and SLAs. Additional provider services may be available
Features and Benefits
Remote Access:
• Cost effective remote access services with the ability to leverage the Internet with a variety of access options – from 56 Kbits to multimegabit supporting dedicated telecommuters and travelling employees
Branch to Branch:
• Leverage the Internet for WAN connectivity to remote or branch office locations –
cheaper than frame relay
• Provide secure tunnel connections for branch locations
• Simultaneously allow secure dial-in user connections to branches
• Create branch tunnels on demand
• Create a routed tunnel mesh between branches/Extranet
• Flexibility, highly secure, ubiquitous access to B2B partner sites/resources
• Contivity can consolidate VPN, firewall, routing, policy and QoS services in one platform that greatly reduces the cost of operations
• Time to market – set-up partners with access in hours not weeks or months
• Improved security, performance, management over simple HTTPs/SSL
• Transparency – VPN deploys seamlessly into existing networks and interoperates with existing routers, firewalls and directory (authentication) services
• Reduced cost – eliminates costly private lines in favour of lower cost IP access Contivity 100
• 5 branch tunnels
• Fixed configuration
• Pentium–class 300 MHZ processor
• 16MB memory
• 8MB flash memory
Interfaces:
• Dual 10/100 Ethernet ports
• Serial port (out–of–band or PPP)
• Single and dual analogue ports
• ISDN
• Dual or triple Ethernet
• Contivity 100 software
Contivity 600
• 50 user/branch tunnels
• 1 PCI slot
• 300 MHZ Celeron processor
• 128MB memory
Interfaces:
• Dual 10/100 Ethernet ports
• T1/V.35/X.21
• ISDN/V.90 (future)
• xDSL (future)
• HDD
• Same software functionality as
Contivity enterprise switches
• Stateful firewall (optional)
• Client termination (optional)
• Contivity 600 software
Contivity 1010
• 5 to 30 tunnels
• Memory: 128 MB RAM; 32 MB Flash
LAN/WAN interfaces:
• 2 10/100Base–T Ethernet ports (RJ–45)
• Management/console port (DB–9)
Software: Standard
• Contivity secure routing technology software with 5 VPN tunnels and IP routing (RIPv2)
• Contivity VPN client software for Microsoft Windows with unlimited distribution license
Optional licenses
• VPN upgrade to 30 VPN tunnels
• Stateful firewall
• Advanced routing (OSPF, VRRP, bandwidth management) Contivity 1050
• 5 to 30 tunnels
• Memory: 128 MB RAM; 32 MB Flash
LAN/WAN interfaces:
• 1 10/100Base–T Ethernet (RJ–45)
• 4–port 10/100 Ethernet switch (RJ–45)
• Management/console port (DB–9)
Software: Standard
• Contivity secure routing technology software with 5 VPN tunnels and IP routing (RIPv2)
• Contivity VPN client software for Microsoft Windows with unlimited distribution license
Optional licenses
• VPN upgrade to 30 VPN tunnels
• Stateful firewall
• Advanced routing (OSPF, VRRP, bandwidth management) Contivity 1100
• 5 to 30 tunnels
• Memory: 128 MB RAM;32 MB Flash
• Two PCI expansion slots
LAN/WAN interfaces:
Standard
• 1 10/100Base–T Ethernet (RJ–45)
• 4–port 10/100 Ethernet switch (RJ–45)
• Management/console port (DB–9)
Optional
• Additional 10/100Base–T Ethernet
• V.35/X.21 WAN card
• T1 (CSU/DSU) WAN card ISDN BRI WAN card
• V.90 dial modem
Software: Standard
• Contivity secure routing technology software with 5 VPN tunnels and IP routing (RIPv2)
• Contivity VPN client software for Microsoft Windows with unlimited distribution license
Optional licenses
• VPN upgrade to 30 VPN tunnels
• Stateful firewall
• Advanced routing (OSPF, VRRP, bandwidth management)
Contivity 1700
• Up to 500 tunnels
• 1 open PCI slot
• 850 MHZ processor
• 128MB – 256MB memory
• FDD/HDD
• Contivity secure routing technology software with 5 VPN tunnels and IP routing (RIPv2)
Interfaces:
• Dual 10/100 Ethernet ports
• V.35/X.21 WAN card
• T1 (CSU/DSU) WAN card
• 10/100 Ethernet card
• ISDNBRI WAN card
• Contivity VPN upgrade to 500 VPN tunnels (optional)
• VPN client software (unlimited licence)
• Stateful firewall (optional)
• Advanced routing (optional)
• Netscape LDAP (optional)
• Contivity 1700 software
Contivity 2700
• Up to 2000 tunnels
• 3 open PCI slot
• 1.33GHz processor
• 256MB – 512MB memory
• FDD/HDD
• Contivity secure routing technology software with 5 VPN tunnels and IP routing (RIPv2)
Interfaces:
• 10/100 Ethernet LAN card
• V.35/X.21 WAN card
• T1 (CSU/DSU) WAN card
• HSSI WAN card
• 10/10 Ethernet card
• ISDN BRI WAN card
• Encryption card (optional)
• VPN client software (unlimited licence)
• Contivity VPN upgrade to 2000 VPN tunnels (optional)
• Stateful firewall (optional)
• Advanced routing (optional)
• Netscape LDAP (optional)
• Contivity 2700 software
Contivity 5000
• 5000 user/branch tunnels
• 6 open PCI slot
• Dual Pentium 2.2GMHZ processors
• 512 MB – 1.5 GIG memory
• FDD
• Dual/redundant HDD
Interfaces:
• Dual 10/100 Ethernet ports
• V.35/X.21 WAN card
• 10/100 Ethernet card
• ISDN BRI WAN card
• HSSI WAN card
• Dual redundant power supplies
• VPN client software (unlimited licence)
• Stateful firewall (optional)
• Advanced routing (optional)
• Netscape LDAP (optional)
• Contivity 4600 software