Forcepoint Stonesoft Next Generation Firewall



Similar documents
Forcepoint Stonesoft Next Generation Firewall

McAfee Next Generation Firewall

Stonesoft 5.5. Firewall/VPN Reference Guide. Firewall Virtual Private Networks

F IREWALL/VPN REFERENCE GUIDE

McAfee Next Generation Firewall (NGFW) Administration Course

McAfee NGFW Reference Guide for Firewall/VPN Role 5.7. NGFW Engine in the Firewall/VPN Role

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Forcepoint Stonesoft Management Center

StoneGate Reference Guide

Stonesoft 5.4. Firewall Reference Guide. Firewall Virtual Private Networks

F IREWALL/VPN REFERENCE GUIDE

Move over, TMG! Replacing TMG with Sophos UTM

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

Government of Canada Managed Security Service (GCMSS) Annex A-1: Statement of Work - Firewall

NETASQ MIGRATING FROM V8 TO V9

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

Gigabit SSL VPN Security Router

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

INTRODUCTION TO FIREWALL SECURITY

UTM FIREWALL SPECS HARDWARE SPECIFICATIONS

Simple security is better security Or: How complexity became the biggest security threat

Implementing Cisco IOS Network Security

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

IINS Implementing Cisco Network Security 3.0 (IINS)

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

Unified Services Routers

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Web Request Routing. Technical Brief. What s the best option for your web security deployment?

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers

Cisco ASA, PIX, and FWSM Firewall Handbook

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

McAfee NGFW Reference Guide for IPS and Layer 2 Firewall Roles 5.7. NGFW Engine in the IPS and Layer 2 Firewall Roles

Proof of Concept Guide

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

(d-5273) CCIE Security v3.0 Written Exam Topics

VMware vcloud Networking and Security Overview

Chapter 9 Firewalls and Intrusion Prevention Systems

Secure remote access to your applications and data. Secure Application Access

Networking for Caribbean Development

Understanding the Cisco VPN Client

Cyberoam Next-Generation Security. 11 de Setembro de 2015

USG6300 Next-Generation Firewall

USG6600 Next-Generation Firewall

Administrator's Guide

Firewalls und IPv6 worauf Sie achten müssen!

TRITON AP-ENDPOINT STOP ADVANCED THREATS AND SECURE SENSITIVE DATA FOR ROAMING USERS

How To Set Up A Cisco Safesa Firewall And Security System

TABLE OF CONTENTS NETWORK SECURITY 2...1

APV9650. Application Delivery Controller

Security Gateway 10er Serie

Cisco RV 120W Wireless-N VPN Firewall

Gigabit Multi-Homing VPN Security Router

Huawei Eudemon200E-N Next-Generation Firewall

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

Results of Testing: Juniper Branch SRX Firewalls

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

SVN5800 Secure Access Gateway

Internet Privacy Options

Wireless Controller DWC-1000

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Tagesordnung WIN/IP-Forum

Zscaler Internet Security Frequently Asked Questions

Chapter 4: Security of the architecture, and lower layer security (network security) 1

VPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

FortiOS Handbook IPsec VPN for FortiOS 5.0

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Network protection and UTM Buyers Guide

Astaro Gateway Software Applications

VMware vcloud Air Networking Guide

Foreword Introduction Product Overview Introduction to Network Security Firewall Technologies Network Firewalls Packet-Filtering Techniques

FIREWALLS & CBAC. philip.heimer@hh.se

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS NETWORK SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Unified Services Routers

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

The Hillstone and Trend Micro Joint Solution

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Basic Network Configuration

FortiOS Handbook - IPsec VPN VERSION 5.2.2

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

McAfee Next Generation Firewall

Introduction of Quidway SecPath 1000 Security Gateway

Network Security Fundamentals

SourceFireNext-Generation IPS

Virtualized Network Services SDN solution for enterprises

Introducing IBM s Advanced Threat Protection Platform

HP VSR1000 Virtual Services Router Series

QUOTATION FOR UTM 4/26(1)/2009/EDP-HO 06/08/2015

ProSecure Unified Threat. UTM Series. Unified Gateway Security for Smart IT Networks Without Compromise

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Voice over IP Security

Transcription:

Datasheet Forcepoint Stonesoft Next Generation Firewall FORCEPOINT STONESOFT NEXT GENERATION FIREWALL PROTECTS ENTERPRISE NETWORKS WITH HIGH-PERFORMANCE INTELLIGENCE AWARE SECURITY SUPPORTED BY REAL-TIME UPDATES. THIS ENABLES STONESOFT TO DELIVER THE INDUSTRY S BEST DEFENSE AGAINST ADVANCED EVASIONS, ALONG WITH COMPLETE NEXT-GENERATION FIREWALL PROTECTION WHEN AND WHERE YOU NEED IT AT REMOTE SITES, BRANCH OFFICES, DATA CENTERS, AND THE NETWORK EDGE. Forcepoint Stonesoft Next Generation Firewall (NGFW) starts with a solid foundation of protection, including granular application control, an intrusion prevention system (IPS), built-in virtual private network (VPN), and deep packet inspection, all in an efficient, extensible, and highly scalable unified design. Then we add powerful anti-evasion technologies that decode and normalize network traffic before inspection and across all protocol layers to expose and block the most advanced attack methods. BLOCK SOPHISTICATED DATA BREACH ATTACKS Large data breaches continue to plague businesses and organizations across industry verticals. Now you can fight back with application layer exfiltration protection. This new solution enables Stonesoft NGFW to selectively and automatically block network traffic originating from PCs, laptops, servers, file shares, and other endpoint devices based on highly granular endpoint contextual data. Application layer exfiltration protection is the only solution that goes beyond typical next-generation firewalls to prevent attempted ex-filtration of sensitive data from endpoints via unauthorized programs, web applications, users, and communications channels. SUPERIOR FLEXIBILITY KEEPS PACE WITH YOUR CHANGING SECURITY NEEDS A unified software core enables Stonesoft NGFW to easily change security roles, from firewall/ VPN to IPS to layer 2 firewall, in dynamic business environments. The unified software core also serves to optimize the data plane, providing a significant performance advantage regardless of security role or number of active security features. For even more flexibility, Stonesoft NGFW can be deployed in a wide variety of formats as a physical appliance, software solution, virtual appliance, or as virtual contexts on a physical appliance. HIGH SCALABILITY AND AVAILABILITY SECURES YOUR BUSINESS-CRITICAL APPLICATIONS Today s businesses demand fully resilient network security solutions. Forcepoint Stonesoft NGFW delivers high scalability and availability in three powerful ways: Native active-active clustering: Up to 16 nodes can be clustered together, providing superior performance and resiliency when running demanding security applications, such as deep packet inspection and VPNs. Transparent session failover: Provides industry-leading availability and serviceability of security systems. Stonesoft NGFW even supports transparent failover for multiple software and hardware versions within the same cluster. Multi-Link: Extends high availability coverage to network and VPN connections. Provides the confidence of non-stop security along with high performance for every deployment. UNMATCHED PROTECTION KEEPS YOUR BUSINESS IN BUSINESS Every day attackers get better at penetrating enterprise networks, applications, data centers, and endpoints. Once inside, they can steal intellectual property, customer information, and other sensitive data, causing irreparable damage to businesses and reputations. 1

Some attackers use advanced evasion techniques (AETs) that are able to bypass most of today s security network devices. AETs deliver malware piecemeal across network layers or protocols using techniques such as masking and obfuscation. Once inside networks, threats are reassembled where they can hide, exfiltrating sensitive data for days, months, or even years. Forcepoint Stonesoft NGFW applies layered threat discovery techniques to network traffic, identifying applications and users at a granular level so that security policies can be applied according to business rules. Then it performs specialized deep packet inspection, including advanced techniques such as full stack normalization and horizontal data stream-based inspection. These techniques fully normalize traffic flows, enabling Stonesoft NGFW to expose AETs and traffic anomalies that evade other next-generation firewalls. Only after traffic has been fully normalized can it be properly inspected across all protocols and layers for threats and malware. And only Stonesoft NGFW has been successfully tested against more than 800 million AETs. KEY BENEFITS The best protection for your business and digital assets Blocks endpoint data exfiltration attempts Adapts easily to your security needs Scales effortlessly as your business grows Optimizes productivity of employees and customers Lowers TCO for security and network infrastructure KEY FEATURES Intelligence-aware security controls Application layer exfiltration protection Advanced evasion prevention Unified software core design Many options for security and network infrastructure Powerful centralized management Built-in IPsec and SSL VPN 2

FORCEPOINT STONESOFT NEXT GENERATION FIREWALL SPECIFICATIONS SUPPORTED PLATFORMS Appliances Software Appliance Virtual Appliance Supported Roles Virtual Contexts (NGF License only) Multiple hardware appliance options, ranging from branch office to data center installations X86-based systems VMware ESX, Oracle VM, and KVM support With NGF License: Firewall/VPN (layer 3), IPS mode (layer 2), layer 2 firewall With FWL License: Firewall/VPN (layer 3) Virtualization to separate logical contexts (FW, IPS, or L2FW) with separate interfaces, addressing, routing, and policies FIREWALL/VPN FUNCTIONAL ROLE General User Authentication High Availability ISP Multi-Homing IP Address Assignment Address Translation Routing Dynamic Routing IPv6 SIP CIS Redirection Stateful and stateless packet filtering, circuit-level firewall with TCP proxy protocol agent Internal user database, LDAP, Microsoft Active Directory, RADIUS, TACACS+ Active-active/active-standby firewall clustering up to 16 nodes Stateful failover (including VPN connections) VRRP Server load balancing Link aggregation (802.3ad) Link failure detection Multi-Link: high availability and load balancing between multiple ISPs, including VPN connections, Multi-Link VPN link aggregation, QoS-based link selection FW clusters: static, IPv4, IPv6 FW single nodes: static, DHCP, PPoA, PPoE) IPv6 (static, SLAAC) Services: DHCP Server and DHCP relay for IPv4 IPv4, IPv6 Static NAT, source NAT with port address translation (PAT), destination NAT with PAT Static IPv4 and IPv6 routes, policy-based routing, static multicast routing IGMP proxy, RIPv2, RIPng, OSPFv2, OSPFv3, BGP, PIM-SM Dual stack IPv4/IPv6, ICMPv6, DNSv6 Allows RTP media streams dynamically, NAT traversal, deep inspection, interoperability with RFC3261-compliant SIP devices HTTP, FTP, SMTP protocols redirection to content inspection server (CIS) 3

STONESOFT NEXT GENERATION FIREWALL SPECIFICATIONS continued IPsec VPN Protocols IKEv1, IKEv2, and IPsec with IPv4 and IPv6 Encryption AES-128, AES-256, AES-GCM-128, AES-GCM-256, Blowfish, DES, 3DES 1 Message Digest Algorithms AES-XCBC-MAC, MD5, SHA-1, SHA-2-256, SHA-2-512 Diffie-Hellman DH group 1, 2, 5, 14, 19, 20, 21 Authentication Other Site-to-Site VPN Mobile VPN RSA, DSS, ECDSA signatures with X.509 certificates, pre-shared keys, hybrid, XAUTH, EAP IPCOMP deflate compression NAT-T Dead peer detection MOBIKE Policy-based VPN, route-based VPN (GRE, IP-IP, SIT) Hub and spoke, full mesh, partial mesh topologies Stonesoft Multi-Link fuzzy-logic-based dynamic link selection Stonesoft Multi-Link modes: load sharing, active/standby, link aggregation VPN client for Microsoft Windows Automatic configuration updates from gateway Automatic failover with Multi-Link Client security checks Secure domain logon SSL VPN (NGF LICENSE ONLY) Client-Based Access Portal-Based Access Supported platforms: Android 4.0, Mac OS X 10.7, and Windows Vista SP2 (and newer versions) OWA and Intranet access via SSL VPN portal through a browser 4

STONESOFT NEXT GENERATION FIREWALL SPECIFICATIONS continued INSPECTION Anti-Botnet Dynamic Context Detection Advanced Anti-Malware Sandboxing File Reputation Anti-Malware Engine Protocol-Specific Normalization/ Inspection/Traffic Handling 3 Protocol-Independent Fingerprinting Evastion and Anomaly Detection Custom Fingerprinting TLS Inspection Correlation DoS/DDoS Protection Reconnaissance Blocking Methods Traffic Recording Updates Decryption-based detection Message length sequence analysis Protocol, application, file type Policy-based file filtering Support for McAfee Advanced Threat Defense Classification from McAfee GTI cloud service or optionally from local McAfee Threat Information Exchange McAfee Anti-Malware engine. Scanned protocols: FTP, HTTP, HTTPS, POP3, IMAP, SMTP Ethernet, H.323, GRE, IPv4, IPv6, ICMP, IP-in-IP, IPv6 encapsulation, UDP, TCP, DNS, FTP, HTTP, HTTPS, IMAP, IMAPS, MGCP, Modbus/TCP, MSRPC, NetBios Datagram, OPC Classic, OPC UA, Oracle SQL Net,POP3, POP3S, RSH, RSTP, SIP, SMTP, SSH, SunRPC, NBT, SCCP, SMB, SMB2, SIP, TCP Proxy, TFTP Any TCP/UDP protocol Multilayer traffic normalization Vulnerability-based fingerprints Fully upgradable software-based inspection engine Evasion and anomaly logging Protocol-independent fingerprint matching Regular expression-based fingerprint language Custom application fingerprinting HTTPS client and server stream decryption and inspection TLS certificate validity checks Certificate domain name-based exemption list Local correlation, log server correlation SYN/UDP flood detection Concurrent connection limiting, interface-based log compression Protection against slow HTTP request methods TCP/UDP/ICMP scan, stealth, and slow scan detection in IPv4 and IPv6 Direct blocking, connection reset, blacklisting (local and distributed), HTML response, HTTP redirect Automatic traffic recordings/excerpts from misuse situations Automatic dynamic updates through Stonesoft Management Center Current coverage of approximately 4,700 protected vulnerabilities 5

FORCEPOINT NEXT GENERATION FIREWALL SPECIFICATIONS continued URL FILTERING Protocols Engine Database Safe Search HTTP, HTTPS Webroot category-based URL filtering, blacklist/whitelist More than 280 million top-level domains and sub-pages (billions of URLs) Support for more than 43 languages, 82 categories Safe search usage enforcing for Google, Bing, Yahoo, DuckDuckGo web searches MANAGEMENT & MONITORING Management Interfaces SNMP Monitoring Traffic Capturing High Security Management Communication Security Certifications Enterprise-level centralized management, logging and reporting system. See the Stonesoft Management Center datasheet for details. SNMPv1, SNMPv2c, and SNMPv3 Console tcpdump, remote capture through SMC 256-bit security strength in engine-management communication Common Criteria EAL4+, FIPS 140-2 crypto certificate, CSPN by ANSSI (First Level Security Certification USGv6) 1 Supported encryption algorithms depend on license used. 2 Firewall/VPN role only. 3 See firewall license-related limitations. CONTACT /contact ABOUT FORCEPOINT Forcepoint is a trademark of Forcepoint, LLC. SureView, ThreatSeeker, TRITON, Sidewinder, and Stonesoft are registered trademarks of Forcepoint, LLC. Raytheon is a registered trademark of Raytheon Company. All other trademarks and registered trademarks are property of their respective owners. [DATASHEET_NEXT_GEN_FIREWALL_EN] 100033.020216 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information