WATCHGUARD FIREBOX VCLASS

Transcription

1 FIREBOX VCLASS

2 WATCHGUARD FIREBOX VCLASS ENTERPRISE-LEVEL SECURITY The Firebox Vclass brings high-speed network security to enterprise-class businesses, remote offices, service providers, and data centers. Firebox Vclass combines, firewall security, VPN support, intrusion prevention functionality, and powerful traffic management with Fast Ethernet and Gigabit Ethernet connections. Our intelligent security ASIC architecture delivers scalable support for up to 40,000 VPN tunnels. An install wizard and device discovery utility shortens installation time to minutes. Firebox Vclass appliances include an intuitive, multi-platform Java-based GUI management console for flexible and effective centralized management. All Firebox Vclass models are fully IPSec-compliant, with built-in core software and management tools that provide consistent network infrastructure security. Every Firebox Vclass appliance includes comprehensive management and monitoring software, a one-year limited hardware warranty, and a renewable initial term of our innovative LiveSecurity Service, proactive support that keeps your system current and armed against the latest threats. FIREBOX VCLASS SECURITY FEATURE HIGHLIGHTS Intrusion prevention through application layer (layer 7) traffic inspection, firewall security at layers 3 and 4, powerful throughput rates of 20 Mbps to 1.1 Gbps VPN, support for up to 40,000 VPN tunnels. and networking features including QoS and Server Load Balancing, combine to make Firebox Vclass a powerful, enterprise-class security appliance. HIGH PERFORMANCE ASIC PROCESSOR INTRUSION PREVENTION FUNCTIONALITY SCALABLE TO 40,000 VPN TUNNELS SECURE, CENTRALIZED JAVA-BASED MANAGEMENT GIGABIT ETHERNET INTERFACES SUPPORT THROUGH LIVESECURITY SERVICE INTRUSION PREVENTION WatchGuard has been building intrusion prevention technology into our security appliances since Today we offer a mature, integrated set of intrusion prevention functions with our Firebox Vclass appliances. Intrusion Prevention is a vital part of layered network security to reduce network and data vulnerability, and increase the ROI of any security solution. Our built-in intrusion prevention functionality is managed from the same award-winning system that supports our firewall and VPN technology. Application Layer (Layer 7) Inspection via proxies. Complete data packets, including header and payload, are thoroughly inspected, and dangerous content discarded additional security without performance compromise. Firebox Vclass models include HTTP and SMTP proxies. Malicious Source IP Address Blocking prevents intruders from making further connection attempts for a user-defined period of time. Protocol Anomaly Detection enforces protocol standards. Packet Reassembly ensures entire packet contents are inspected. Built-in Intrusion Prevention Technology eliminates the need for additional hardware or software. Integrates Intrusion Prevention with existing Intrusion Detection (passive detection) systems for active protection against hostile actions. FIREWALL SECURITY Dynamic Stateful Packet Filtering monitors network traffic and denies or allows it based on the active security policy. Network Address Translation (NAT) hides internal IP address information from the outside world for added security, simplifies management of IP addresses and reduces the need for public IP addresses. Firebox Vclass models support Static, Dynamic, Virtual IP NAT and IPSec NAT-Traversal. Predefined Firewall Services simplify configuration and administration. Firebox Vclass models include more than 70 predefined firewall services. VPN SUPPORT VPN Tunnel Switching reduces the complexity of creating and managing VPN tunnels and policies, using hub and spoke topology. VPN Tunnel Management provides central management with extensive real-time viewing options for instant traffic analysis of VPN tunnel networks.

3 Mobile User VPN with VPN authentication gives enterprise remote users secure IPSec-compliant VPN connections and a personal firewall with configurable access rules and security levels. PKI Authentication authenticates VPN traffic and remote users using an industry-standard authentication method. NETWORKING Multi-Tenant Managed Security for Service Providers allows secure, centralized creation and management of security policies for up to 200 tenants with Firebox V200, V100 and V80 using VLAN technology. Firebox V60 and V60L support 10 tenants. VLAN Tagging tells switches to communicate and create VLANs. Firebox Vclass appliances tag VLAN Ethernet packets so a device receiving a tagged packet can determine to which VLAN the packet belongs. Quality of Service (QoS) Port Shaping meters traffic for smooth flow and reduces packet loss by configuring ports to accommodate the varying abilities of network devices. Not available on Firebox V200 QoS Traffic Shaping prioritizes traffic according to importance and reduces packet loss. Not available on Firebox V200. High Availability Active/Passive allows you to install a second, standby Firebox Vclass appliance for failover protection in the event the primary appliance fails for any reason. High Availability Active/Active (optional for Firebox V100 and V80, included with V200) lets you install a second, active Firebox appliance for redunancy protection and increased throughput. Both units must be the same model. Dynamic Routing algorithms compare available traffic options, adjust routing patterns in the network, and dynamically select the best route to a destination. Network Diagnostic tools such as Tcpdump, Traceroute, Netstat, Ping, and ARP help simplify management. Server Load Balancing distributes traffic across multiple servers for smooth network operation. DESKTOP SECURITY Mobile User VPN with VPN authentication gives enterprise remote employees secure 3DES VPN IPSec communications. Personal Firewall gives mobile users configurable access rules and security levels for protection against attacks through remote-to-corporate VPN tunnels. McAfee VirusScan ASaP from WatchGuard and McAfee Security. Your Firebox Vclass comes with a limited number of McAfee VirusScan ASaP licenses. Additional licenses are available from your reseller. SERVICES LiveSecurity Service keeps your security system up-to-date. Every Firebox Vclass includes a renewable subscription to our LiveSecurity Service, backed by worldclass security experts, technical support representatives, and trainers. You receive threat alerts and responses, software updates, support flashes, editorials, technical support, and online self-help tools. LiveSecurity Service Gold (optional) is available to all Firebox Vclass LiveSecurity subscribers. This program offers expanded service levels including 24/7 technical support, target one-hour maximum response time, and direct access to our Priority Support Team. Limited Hardware Warranty Extension Program (optional) allows you to extend your original limited hardware warranty. WatchGuard Training (optional) offers a broad spectrum of online and classroom courses, certification programs, and publications. FIREBOX VCLASS MANAGEMENT Firebox Vcontroller TM management software for individual Firebox Vclass appliances includes an intuitive Java -based GUI and a powerful command line interface (CLI). Vcontroller management software comes with every Firebox Vclass model. The Install Wizard simplifies Firebox Vclass installation. Monitoring, Logging, and Alarms cover an extensive array of system activities. Logs may be sent to a log file server for archiving or analysis by third parties such as WebTrends. Device Discovery provides a simple step-by-step process to locate and configure all appliances within the same subnet range as the management console. Policy Checker ensures that policies are implemented in the correct order, preventing inadvertent overrides. Optional WatchGuard Central Policy Manager (CPM) simplifies policy deployment and analysis for multiple Firebox Vclass installations by allowing you to manage your entire infrastructure from a central console. A powerful, highly scalable global management platform for large enterprises, data centers, and service providers, WatchGuard CPM features drag-anddrop VPN configuration, simplified management of meshed VPN topologies, consistent global policy deployment, and realtime monitoring.

4 WATCHGUARD ENTERPRISE NETWORK SECURITY LiveSecurity Service HEADQUARTERS WatchGuard CPM centralized management features include real-time monitoring, global policy distribution and drag-and-drop deployment. CENTRAL POLICY MANAGER SECURITY ADMIN INSET: QoS VPN HTTP TELNET SMTP FTP WEIGHTED FAIR QUEUEING DIFFSERVE TOS MARKING L 2/3 Switch FIREBOX V100 Router BRANCH OFFICE HA ACTIVE/ACTIVE LOAD SHARING Corporate Servers L 2/3 Switch FIREBOX V100 Router File Server File Server L 2/3 Switch Web Servers DMZ 1 REMOTE USER PROTECTED BY SERVERLOCK IPSEC VPN CLIENT PERSONAL FIREWALL ANTI-VIRUS SOFTWARE INTERNET SITE TO SITE VPN TOPOLOGY FIREBOX V80 Router Load Balancing for up to 16 servers Servers DMZ 2 Cable/xDSL modem FIREBOX V10 REMOTE SITE ENCRYPTED TRAFFIC

5 FIREBOX VCLASS PRODUCT LINE Firebox V200 Firebox V100 Firebox V80 Firebox V60 Firebox V60L Firebox V10 Recommended For User License Enterprise, Data Center, and ISP Environments 4RU Enclosure Multiple T3 or OC-3 Connections Multi-Gigabit Firewall with up to 40,000 VPN tunnels Unlimited Large Enterprises, Service Providers, and Data Centers Large Enterprises Large/Midsize Enterprises Midsize Enterprises Enterprise Telecommuting 1RU Enclosure 1RU Enclosure 1RU Enclosure 1RU Enclosure Desktop Enclosure Multiple T3 or OC-3 Connections Gigabit Firewall with up to 20,000 T3, Fast Ethernet, and OC-3 Connections Wire-Speed Firewall with up to 8,000 T3, Fast Ethernet, and OC-3 Connections Wire-Speed Firewall with up to 400 T3, Fast Ethernet Connections Wire-Speed Firewall with up to 150 DSL/Cable/ISDN Connections Firewall and VPN Remote Office Unlimited Unlimited Unlimited (upg. to 25 or unlimited) Firewall Throughput 2 Gbps VPN Throughput 1.1 Gbps Max Branch Office VPNs 40,000 1 Max Mobile User VPNs 40,000 1 Interfaces LiveSecurity Service 90-Day Mobile User VPN Licenses 20 2 High Availability - A/P 2 Fiber Gigabit Included McAfee VirusScan ASaP 5 Node License 2 Annual Subscription 600 Mbps 200 Mbps 200 Mbps 100 Mbps 75 Mbps 300 Mbps 155 Mbps 100 Mbps 50 Mbps 20 Mbps 20, , , , Fiber Gigabit 4 10/ / / / Day 90-Day 90-Day 90-Day 90-Day N/A Included Included Included Optional N/A 5 Node License 2 5 Node License 2 5 Node License 2 5 Node License 2 1 Node License 2 1 The total number of Branch Office plus Mobile User VPN tunnels. 2 Activate your WatchGuard security appliance through LiveSecurity Service to get this incredible value! Management (ALL MODELS) Features Install Wizard Device Discovery Security Policy Manager Policy Checker (Auditing) Network Diagnostic Tools Command Line Interface Active Tunnel Display Continuous Real-Time Graphs Notification Intrusion Prevention, Application Proxies Stateful Packet Filtering Branch Office VPN VPN Tunnel Switching * Mobile User VPN * Remote Access Authentication* High Availability, Active/Passive *** High Availability, Active/Active** Multi-Tenant Security * VLAN Support * Static, Dynamic, Virtual IP NAT* Dynamic Routing Traffic Shaping QoS Server Load Balancing * PKI Support PPPoE and DHCP Support Alarm Definition and Control Predefined Services Spoof Detection Port and Site Blocking Synflood Protection DDoS, DoS Prevention Hacker Defense *Not included for Firebox V10 Models **Optional for Firebox V100 and V80 only ***Optional for Firebox V60L Not available on Firebox V200

6 FIREBOX VCLASS CERTIFICATION WatchGuard s VPN and Firewall technologies comply with published standards, making our products easy to integrate into existing security solutions. The WatchGuard Firebox Vclass is certified to the ICSA Firewall and IPSec VPN standards. ABOUT WATCHGUARD WatchGuard is a leading provider of dynamic, comprehensive Internet security solutions designed to protect enterprises that use the Internet for e-business and secure communications. The Company is a pioneer in the creation of the plug-and-play Internet security appliance, the Firebox, and server security software. The Company's innovative LiveSecurity Service enables organizations and users to keep their security systems up-to-date, and its ServerLock and AppLock/Web software provide server content and application security to protect critical data and services against unauthorized or unintentional access or manipulation. The Company's RapidStream "Secured by Check Point" product line is specifically designed to address the enterprise customer's need for VPN performance, scalability, and flexibility in a Check Point appliance solution. For more information, please call or visit FOR MORE INFORMATION Please visit us on the Web at or contact your reseller for more information. ADDRESS: 505 Fifth Avenue South Suite 500 Seattle, WA WEB: information@watchguard.com U.S. SALES: INTERNATIONAL SALES: FAX: WatchGuard Technologies, Inc. All rights reserved. WatchGuard, RapidStream, Firebox, ServerLock, AppLock, Vcontroller and LiveSecurity are either registered trademarks or trademarks of WatchGuard Technologies, Inc. and/or its affiliates in the United States and/or other countries. Check Point is a trademark of Check Point Software Technologies Ltd. McAfee and VirusScan are registered trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. All other trademarks and tradenames are the property of their respective owners. Part No. WGCE