Clavister Virtual Stream

Similar documents
Clavister Virtual. VirtualSeries. Feature-rich next-generation firewall with excellent performance, perfect for the Cloud.

Clavister Virtual Core

Configuration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

Clavister E80. EagleSeries. Feature-rich, entry-level next-generation firewall in a slim form factor. clavister. Next-Generation Firewall Services

Clavister X8. LynxSeries. Rugged and durable next-generation firewall, with outstanding performance and scalability. clavister

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

UTT Technologies offers an effective solution to protect the network against 80 percent of internal attacks:

Configuring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products

Clavister W20. WolfSeries. Next-generation firewall with excellent scalability, performance and functionality. clavister

IPsec Details 1 / 43. IPsec Details

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

VPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

21.4 Network Address Translation (NAT) NAT concept

Clavister W5. WolfSeries. High performance next-generation firewall with excellent scalability and functionality. clavister

Clavister W3. WolfSeries. Next-generation firewall with excellent scalability, performance and functionality. clavister

Virtual Security Gateway Serie

Protocol Security Where?

IP Office Technical Tip

BorderWare Firewall Server 7.1. Release Notes

Cisco Wireless Security Gateway R2

Clavister E5. EagleSeries. Feature-rich, entry-level next-generation firewall in a slim form factor. clavister. Next-Generation Firewall Services

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

CIRA s experience in deploying IPv6

Gigabit Multi-Homing VPN Security Router

Implementing Cisco IOS Network Security

REQUEST FOR PROPOSAL FOR SUPPLY & INSTALLATION OF Firewall. Bill of Material

IP Office Technical Tip

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

Network Security. Lecture 3

Security Gateway 10er Serie

How To Industrial Networking

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Application Notes. How to Configure UTM with Apple OSX and ios Devices for IPsec VPN

IP Security. Ola Flygt Växjö University, Sweden

Network Security Firewall

Cisco RV220W Network Security Firewall

GregSowell.com. Mikrotik VPN

Cisco RV220W Network Security Firewall

Gigabit Multi-Homing VPN Security Router

Nortel VPN Router Software Release V6_05.300

The BANDIT Products in Virtual Private Networks

Cisco RV 120W Wireless-N VPN Firewall

Case Study for Layer 3 Authentication and Encryption

IINS Implementing Cisco Network Security 3.0 (IINS)

Cisco Integrated Services Routers Performance Overview

Cisco RV180 VPN Router

Introduction of Quidway SecPath 1000 Security Gateway

Fortinet Network Security NSE4 test questions and answers:

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

VPN SECURITY POLICIES

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

Astaro User Portal: Getting Software and Certificates Astaro IPsec Client: Configuring the Client...14

Chapter 4 Virtual Private Networking

"Charting the Course...

TABLE OF CONTENTS NETWORK SECURITY 2...1

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

IPsec VPN Application Guide REV:

Service "NCPCLCFG" is not running In this case, increase the WaitForConfigService setting until the problem is circumvented

Using IKEv2 on Juniper Networks Junos Pulse Secure Access Appliance

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Recommended IP Telephony Architecture

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Funkwerk UTM Release Notes (english)

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

Firewall. FortiOS Handbook v3 for FortiOS 4.0 MR3

Endian UTM Virtual Appliance

Securing Networks with PIX and ASA

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Government of Canada Managed Security Service (GCMSS) Annex A-1: Statement of Work - Firewall

Understanding the Cisco VPN Client

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Unified Services Routers

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

VPN. Date: 4/15/2004 By: Heena Patel

WiNG 5.X How To. Policy Based Routing Cache Redirection. Part No. TME Rev. A

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

How To Learn Cisco Cisco Ios And Cisco Vlan

Chapter 8 Virtual Private Networking

F5 Configuring BIG-IP Local Traffic Manager (LTM) - V11. Description

Using IPSec in Windows 2000 and XP, Part 2

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

NEN Community REANNZ. Design Statement: NEN Edge Device

Barracuda Link Balancer

SonicWALL Global Management System Configuration Guide Standard Edition

Keying Mode: Main Mode with No PFS (perfect forward secrecy) SA Authentication Method: Pre-Shared key Keying Group: DH (Diffie Hellman) Group 1

Unified Services Routers

Branch Office VPN Tunnels and Mobile VPN

Data Sheet. NCP Secure Enterprise Client Windows. Next Generation Network Access Technology

Interconnecting Cisco Networking Devices Part 2

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

NETASQ MIGRATING FROM V8 TO V9

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Vodafone MachineLink 3G. IPSec VPN Configuration Guide

Gigabit SSL VPN Security Router

Transcription:

clavister VirtualSeries Clavister Virtual Stream Powerful firewall with massive performance, perfect for virtualized telecom networks FEATURES AT-A-GLANCE The perfect solution for modern Telecom solutions Up to 40 Gbps of firewall performance for virtual security solutions NFV/SDN Ready for accelerated deployment and management Supports Intel SR-IOV for optimal performance Clavister Virtual Stream Series is our telecom-graded virtualized firewall powered by Clavister cos Stream with support for both VMware vsphere and KVM. Thanks to its multi-core architecture and capability to utilize the latest technologies from Intel, Clavister Virtual Stream Series delivers extreme performance, making it the fastest virtual security gateway on the market today. With high-performance and a feature-set tailored for telecom scenarios make the VSS ideal for a wide range of use-cases including for example in: Centralized LTE SEG in Evolved Packet Core (vepc or EPC) Replacing proprietary hardware with COTS systems. Distributed LTE SEG in RAN (vran or RAN) Run the Clavister VSS on dedicated COTS hardware in the access network. Firewall and LTE SEG in Edge Cloud Run one or several Clavister Virtual Security Series on shared virtualized infrastructures, known as small-cell gateways. The power of virtualization enables the Clavister Virtual Stream Series to be used in a wide range of deployment scenarios, both centralized on dedicated hardware resources, as well as distributed edge cloud applications where it coexists with other virtual machines on shared hardware resources. Where to Buy Clavister For more information about where to buy Clavister products, visit www.clavister.com/partners. Additional resources and customer testimonials can be found at www.clavister.com/resources. CLAVISTER VIRTUAL STREAM SERIES 1

Performance* and Capacity Clavister VS3 Clavister VS5 Clavister VS7 Clavister VS9 Firewall Performance (plaintext throughput) 5 Gbps 10 Gbps 20 Gbps 40 Gbps IPsec VPN Performance (large packets) 2,5 Gbps 5 Gbps 10 Gbps 20 Gpbs Maximum Concurrent Connections 1,000,000 2,500,000 5,000,000 10,000,000 Maximum Concurrent IPsec VPN Tunnels 2,000 3,000 5,000 10,000 Maximum Number of Users Unrestricted Unrestricted Unrestricted Unrestricted Maximum Number of Routing Tables (Virtual Routers) 50 100 200 1,000 Connectivity Clavister VS3 Clavister VS5 Clavister VS7 Clavister VS9 Ethernet Interfaces Up to 3 Up to 5 Up to 7 Up to 10 Interfaces for Management / High Availability (HA) n/a n/a n/a n/a Configurable Internal / External / DMZ Ports n/a n/a n/a n/a RS-232 Console Ports n/a n/a n/a n/a Link Aggregation IEEE 802.1AX-2008 (Static/LACP) Maximum Number of VLAN Interfaces IEEE 802.1Q 256 512 1,024 2,048 Support for High Availability (HA) Service-VLAN Interfaces IEEE 802.1ad (Q-in-Q) Product Specific Specification Clavister VS3 Clavister VS5 Clavister VS7 Clavister VS9 Form Factor Software Supported Virtual Platforms VMware ESXi, KVM * Actual performance may vary depending on network conditions, number of activated services and host hardware capabilities. Product Features Firewall Stateful Firewall IP Policies IP Session Tracking TCP Sequence Number Tracking ICMP and ICMPv6 Echo Sequence Number Tracking Ingress Filtering / IP Spoofing Protection Access Rules Strict Reverse Path Forwarding (RPF) Feasible RPF by using Interface Equivalence Address and Port Translation Policy-Based Dynamic NAT (Source) Symmetric NAT NAT Pools Static Source Translation Static Destination Translation (Virtual IP / Port Forward) NAT Hairpinning Connectivity Ethernet Interfaces VLAN Interface, IEEE 802.1Q Service-VLAN Interfaces, IEEE 802.1ad (Q-in-Q) Configurable MTU Routing Static Routing Policy-Based Routing (PBR) Virtual Routing (VR) Multiple Routing Tables Asymmetric Routing Source-Based Routing Route Failover Route Monitoring Methods IPv6 Router Advertisement Dynamic Routing Route Import Filtering / Route Export Filtering OSPFv2 Routing Process (RFC2328) OSPFv2 RFC1583 Compatibility Mode OSPFv2 over VPN Interface IP Address Assignment Static ALLOW, DROP and REJECT Stateful, Stateless 1GbE, 10GbE ARP, ND, ICMP Echo, ICMPv6 Echo /, multiple 2 CLAVISTER VIRTUAL STREAM SERIES

DHCPv4 Client Ethernet, VLAN, Service-VLAN IKE Config Mode IPsec tunnels Multiple Addresses per Interface Multiple IPv6 Addresses per Interface Network Services DHCPv4 Server, multiple DHCP Server Custom Options IP Pool Address Resolution Protocol (ARP) ARP Publish Static ARP Entries Proxy ARP Neighbor Discovery (ND) ND Publish Static ND Entries Proxy ND Path MTU Discovery Bandwidth Management (QoS) DSCP Forwarding DSCP Copy to Outer Header VLAN, IPsec Static DSCP Assignment VLAN, IKE, IPsec, Traffic Shaping Dynamic DSCP Assignment Traffic Shaping ECN Propagation to Inner Header IPsec Traffic Shaping Policy-Based DSCP-Based Traffic Limits Traffic Guarantees Traffic Prioritization IPsec VPN Key Exchange Manual, IKEv1, IKEv2 Roaming Client Tunnels Hub-and-Spoke VPN Subnet-to-Subnet VPN NAT Traversal (NAT-T) Dial-on-Demand Routes to Remote Network Manual, Automatic Receive Interface Filtering Virtual Routing (VR) User Data, IKE, ESP Policy-Based Routing (PBR) User Data, IKE, ESP Asymmetric Routing Configurable MTU IPsec Pass-through IKE IKE Encryption AES-128-CBC, AES-192-CBC, AES-256-CBC, 3DES-CBC IKE Authentication / Integrity HMAC-SHA-1-96, HMAC-MD5-96, AES-XCBC-MAC-96 Diffie-Hellman (DH) Groups 1, 2, 5, 14, 15, 16, 17, 18 IKE Identity IP, FQDN, E-mail, X.500 Distinguished-Name (DN) Rekey IKEv1, IKEv2, IPsec SA Lifetime Seconds Perfect Forward Secrecy (PFS) Dead Peer Detection (DPD) IKE Config Mode Client, Server IKE Negotiation over IKE Traffic Selectors IPsec Security Association (SA) Granularity Net DSCP Assignment Static IKEv1 Authentication Pre-Shared Keys (PSK), X.509 Certificates, XAUTH Phase 1 Main Mode, Aggressive Mode Phase 2 Quick Mode Initial Contact Notification IKEv2 Authentication Pre-Shared Keys (PSK), X.509 Certificates, EAP Pseudo-Random Function (PRF) SHA-1, MD5, AES-XCBC CLAVISTER VIRTUAL STREAM SERIES 3

Reauthentication Certificates Self-Signed Certificates Certificate Authority (CA) Issued Certificates, e.g. VeriSign, Entrust Certificate Requests PKCS#1, PKCS#3, PKCS#7, PKCS#10 Certificate Revocation List (CRL) Protocols LDAP, HTTP CRL Distribution Points (CDP) From Certificate, Static CRL Fail-Mode Behavior Conditional, Enforced Certificate Management Protocols CMPv2 IPsec IPsec Protocols ESP IPsec Modes Tunnel IPsec Encryption AES-128-CBC, AES-192-CBC, AES-256-CBC, 3DES-CBC, NULL IPsec Authentication / Integrity HMAC-SHA-1-96, HMAC-MD5-96, AES-XCBC-MAC-96 IPsec Outer Protocol IPsec Inner Protocol IPsec Pre-Fragmentation IPsec Post-Fragmentation Don t Fragment (DF) Bit Copy to Outer Header, Static DSCP Assignment Copy to Outer Header, Static ECN Propagation to Inner Header Replay Attack Prevention (Anti-Replay) Traffic Flow Confidentiality (TFC) Inbound User Authentication Local User Database, multiple RADIUS Authentication Protocols PAP, CHAP, EAP RADIUS EAP Header Verification EAP-SIM, EAP-AKA/AKA, EAP-MD5 XAUTH IKEv1 Authentication Security Management SSH/SCP Management Password, Pre-Shared Keys (PSK) Command Line Interface (CLI) Access Levels Admin, Auditor Remote Fail-Safe Configuration Local Console (RS-232) Scripting (CLI) Packet Capture (PCAP), with filters System Upgrade SSH/SCP. From version 2.10.00 and later. System and Configuration Backup SSH/SCP SNTP Time Sync Configurable Time Zone Location, UTC offset Automatic Daylight Saving Time (DST) Adjustment Monitoring Syslog, multiple servers Real-Time Log (CLI), filter Log Settings per Policy SNMPv2c Polling / Traps / Real-Time Performance Monitoring CLI, SNMP Key Metrics Monitoring, e.g. CPU Load and Memory Hardware Key Metrics Monitoring Fan Speeds, CPU and System Temperatures, Voltages, PSU Status, etc High Availability Active Node with Passive Backup Shared Virtual IP Firewall Connection State Synchronization IKE and IPsec State Synchronization User State Synchronization Configuration Synchronization Device Failure Detection Dead Interface Detection ARP, ND Average Failover Time < 800 ms Specifications subject to change without further notice. CID: 9150-0040-24 (2015/11) 4 CLAVISTER VIRTUAL STREAM SERIES

About Clavister Clavister (NASDAQ: CLAV) is a leading security provider for fixed, mobile and virtual network environments. Its award-winning solutions give enterprises, cloud service providers and telecoms operators the highest levels of protection against threats, with unmatched reliability. Clavister s performance in the security sector was recognized with the Product Quality Leadership Award from Frost & Sullivan. The company was founded in Sweden in 1997, with its solutions available globally through its network of channel partners. To learn more, visit www.clavister.com. Where to Buy www.clavister.com/partners Contact www.clavister.com/contact WE ARE NETWORK SECURITY Clavister AB, Sjögatan 6 J, SE-891 60 Örnsköldsvik, Sweden Phone: +46 (0)660 29 92 00 Fax: +46 (0)660 122 50 Web: www.clavister.com Copyright 2016 Clavister AB. All rights reserved. The Clavister logo and all Clavister product names and slogans are trademarks or registered trademarks of Clavister AB. Other product names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies. Information in this document is subject to change without prior notification.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information