Clavister Security Gateway

Similar documents
CHAPTER 6 DESIGNING A NETWORK TOPOLOGY

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

VPN. Date: 4/15/2004 By: Heena Patel

MCSE SYLLABUS. Exam : Managing and Maintaining a Microsoft Windows Server 2003:

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

MICROSOFT CERTIFIED SYSTEMS ENGINEER Windows 2003 Track

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

VIA COLLAGE Deployment Guide

Building Remote Access VPNs

VIA CONNECT PRO Deployment Guide

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Top-Down Network Design

NETE-4635 Computer Network Analysis and Design. Designing a Network Topology. NETE Computer Network Analysis and Design Slide 1

Creating a VPN Using Windows 2003 Server and XP Professional

Gigabit Content Security Router

AC1200 Multi-Function Concurrent Dual-Band Gigabit Wi-Fi Router

Cisco Networking Professional-6Months Project Based Training

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Wireless Network Quality of Service WHITE PAPER

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Cisco RV 120W Wireless-N VPN Firewall

Cisco IOS Firewall. Scenarios

Tech-Note Bridges Vs Routers Version /06/2009. Bridges Vs Routers

Cisco RV220W Network Security Firewall

How to configure VPN function on TP-LINK Routers

Cisco RV110W Wireless-N VPN Firewall

Design and Implementation Guide. Apple iphone Compatibility

Exam Name: Cisco Sales Associate Exam Exam Type: Cisco Exam Code: Doc Type: Q & A with Explanations Total Questions: 50

Lucent VPN Firewall Security in x Wireless Networks

RAP Installation - Updated

Unified Services Routers

Security. Quick Sales Guide

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

Cisco RV220W Network Security Firewall

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

10 WIRELESS, REMOTE, AND WIDE AREA NETWORKING

How Virtual Private Networks Work

Cisco Small Business Managed Switches

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

ECB1220R. Wireless SOHO Router/Client Bridge

How To Set Up A Cisco Rv110W Wireless N Vpn Network Device With A Wireless Network (Wired) And A Wireless Nvv (Wireless) Network (Wireline) For A Small Business (Small Business) Or Remote Worker

Technical papers Virtual private networks

Cisco RV110W Wireless-N VPN Firewall

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

Grid and Multi-Grid Management

High Availability Branch Office VPN

Clavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements

Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services Course No.

Developing Network Security Strategies

BRC-W14VG-BT Wireless BitTorrent Download Router

Cisco Virtual Office Express

Configuring High Availability for Embedded NGX Gateways in SmartCenter

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

How To Configure L2TP VPN Connection for MAC OS X client

VPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide Copyright 2015 Peplink

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Check Point Security Administrator R70

Gigabit Multi-Homing VPN Security Router

WATCHGUARD FIREBOX VCLASS

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Cisco RV215W Wireless-N VPN Router

Designing a Windows Server 2008 Network Infrastructure

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

Gigabit Multi-Homing VPN Security Router

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Module 1: Overview of Network Infrastructure Design This module describes the key components of network infrastructure design.

Associate in Science Degree in Computer Network Systems Engineering

Protecting the Home Network (Firewall)

RAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009

How to configure VPN function on TP-LINK Routers

Network Design Best Practices for Deploying WLAN Switches

VPNBee manual VPNBee is a firewall by Gayatri Hitech but it is more a product of products rather than a single product.

Cisco IOS Advanced Firewall

WAN Failover Scenarios Using Digi Wireless WAN Routers

Unified Services Routers

Virtual Private Networks Solutions for Secure Remote Access. White Paper

Is Your Network Ready for the ipad?

Diploma in Network (LAN/WAN) Administration

Small, Medium and Large Businesses

DrayTek Vigor High Performance Firewall Router. - VPN - Up to 200 concurrent tunnels. - Load Balancing & Failover between WAN ports

Verizon Managed SD WAN with Cisco IWAN. October 28, 2015

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

ECB GHz Super G 108Mbps Access Point/Client Bridge/Repeater/WDS AP/

Preliminary Course Syllabus

Cisco Which VPN Solution is Right for You?

Table of Contents. Introduction

CompTIA Network+ (Exam N10-005)

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers

Configuration Example

MCITP MCITP: Enterprise Administrator on Windows Server 2008 (5 Modules)

Firewall Defaults and Some Basic Rules

Network Virtualization Network Admission Control Deployment Guide

- Introduction to PIX/ASA Firewalls -

Truffle Broadband Bonding Network Appliance

Transcription:

Clavister Security Gateway Security with your business in mind

Multiple DMZs and symmetric design Clavister firewall supports a high number of network interfaces. All of the appliances deploy real firewall interfaces that may be used as a DMZ or in order to further segment the internal network. SG30 series are the smallest in their class including a real DMZ. Normally, competitors in this range offer products which only include 2 firewall interfaces and a hub (Symantec, Cisco PIX 501 and 506 and Watchguard, for instance). In this cases, if a customer needs to offer public services, these systems create a virtual DMZ (virtual server) which surely delivers lower security and convenience warranties. The introduction of the Gigabit Module (Mini GBIC) in SG 4200 and SG 4400 series increase the flexibility of the Clavister Security Gateway offering the chance to segment networks, while keeping high performance. Clavister Firewall has among its own features that of being designed in a symmetric way. This means that it is possible to have all firewall and VPN functionalities on whatever interface, being this physical or virtual. Through our solution, for instance, it is possible to have VPN functionality on whatever interface, something which is not so often available through other firewall and VPN solutions. Quite often our competitors implementations allow the creation of a VPN tunnel only on the external interface and not on the DMZ or on the internal interface. Else, they put strict constraints on the functionality of some interfaces having a fixed role. This feature is very useful, for example, when WLAN are employed, as shown on the scheme in Figure 1. As it can be noticed in this case, the user wants to install a WLAN in the enterprise network. With Clavister solution it is possible to certify the access point on one of the firewall interfaces and equipping wireless PCs with VPN clients. In this way, wireless traffic is protected by IP- Sec and any vulnerability or wireless protocol restriction is therefore eliminated. Another application, as shown in Figure 2, is that of videosurveillance. In this case it is the flexibility itself, introduced by this concept of interfaces symmetry, that makes it the ideal object for protecting a DVR (Digital Video Recording) and safely integrating wireless.

Figura 1: a wireless enterprise network protected by a firewall, all the mobile accesses are authenticated and, protected by a VPN tunnel, they can end on whatever firewall interface Figura 2 : a video-surveillance application, mobile or remote users can access DVR in an IPSec tunnel protected modality. Besides, through the functionality of VPN user-authentication it is possible to authenticate and authorize the different users accessing the images.

The best choice for ISP. Virtual Routing and Virtual System With the new virtual capabilities of Clavister Security Gateway, IT security managers get a completely new set of tools for administering the most advanced network structure with a minimum of effort. Virtual Routing enables, for instance, routing of overlapping IP spans, convenient segmentation of security polices as well as seamless transport of datagrams between various interface types. Naturally, each Virtual Router can also maintain its own dynamic routing process. OSPF OSPF is a routing protocol that determines the best path for routing IP traffic over a network. One of its primary uses is in semi-large organizations in need of automatic updates of network topology changes. From release 8.5, Clavister Security Gateway is able to actively participate in OSPF exchanges. In addition, by using a highly granular dynamic routing ruleset, interactions with the OSPF AS and the gateway's routing tables can be tightly controlled. Multiple OSPF processes may be executed simultaneously, each interacting with different virtual routing tables. DHCP over IPSec This feature, present on the whole range of the Clavister products, makes it easier to manage VPNs and mobile users access. DHCP over IPSec functionality, allows to terminate the VPN on a Clavister gateway and to assign an address belonging to the protected network. This allows mobile clients or remote offices to have the same address range as the protected network. In this way, remote clients or offices are able to launch applications, share printing queues and really act as PCs belonging to the network protected by the VPN gateway. This function makes it therefore easier to deploy VPN solutions in franchising chains, where stores are connected to a head office on which they are depending for management software and printing. It also makes Wi-Fi networks implementation easier and it simplifies remote access management, allowing the mobile users to fully take advantage of their enterprise network. L2TP/PPTP client and server. The support of L2TP/PPTP allows any Clavister Security Gateway to act as a full-fledged L2TP and PPTP Network Server. In an enterprise environment, this enables secure remote access for roaming clients by using, for instance, the built-in VPN client distributed with the Microsoft Windows operating system. Combine the L2TP and PPTP support with Active Directory authentication, and Clavister Security Gateway becomes a highly integrated component in any large-scale Windows network. For service providers, the new L2TP and PPTP Network Server capabilities in combination with the virtual routing support opens up new possibilities for lowering operational costs and creating additional revenue streams.

VLAN Clavister Security Gateway is fully compliant with the IEEE 802.1Q specification for Virtual LANs. You can define and manage up to 4096 Virtual LANs. Each Virtual LAN interface is interpreted as a logical interface by the firewall, with the same filtering, traffic shaping and configuration capabilities as regular interfaces. VLANs support starts from the SG 33 appliance, in the table below the number of VLANs that you can define for each appliance. Clavister Gateway VLANs SG 33 4 SG 35 4 SG 220 32 SG 240 64 SG 3105 32 SG 3110 128 SG 3150 256 SG 4205 256 SG 4210 512 SG 4230 1024 SG 4250 2048 SG 4410 512 SG 4430 1024 SG 4450 2048 SG 4470 4096 With this functionality you can leave the VLANs routing to the firewall. Doing this, in a corporate scenario, Clavister firewall will be responsible for filtering and controlling the traffic between VLANs. You can also set traffic limits to the different VLANs optimizing the use of the resources.

Pay per use. Clavister has designed the Clavister X-PANSION LINES concept which not only does it make it possible to offer the award winning products at the best price / performance ratio and lowest TCO possible, but it also enables a highly balanced choice between current system requirements and financial resources. All this without compromising the natural need for increasing performance and functionality in the future, conceptualizing the slogan - Buy and Grow not buy and Throw. With Clavister X-PANSION LINES you can perform remote upgrade of the software license in few mouse clicks. This will let your customers grow as network needs increase. As shown in table the X-PANSION LINES concept allows you to double the firewall performance and increase VPN capabilities of the Security Gateway without changing the hardware platform. With Clavister X-PANSION LINES you can start out from the product that best matches your current needs. Upgrade your product to a larger model within the same series by only replacing the license file.

Clavister Security Gateway SG 31 Throughput : 50 Mbps Throughput VPN: 7 Mbps VPN Tunnels: 1 SG 220 Throughput : 100 Mbps Throughput VPN: 20 Mbps VPN Tunnels : 100 SG 3105 Throughput : 100 Mbps Throughput VPN: 30 Mbps VPN Tunnels : 150 SG 4205 Throughput : 400 Mbps Throughput VPN: 200 Mbps VPN tunnels: 150 SG 4410 Throughput : 500 Mbps Throughput VPN: 200 Mbps VPN tunnels: 750 License Upgrade SG 33 Throughput : 50 Mbps Throughput VPN: 7 Mbps VPN Tunnels: 25 SG 35 Throughput : 50 Mbps Throughput VPN: 7 Mbps VPN Tunnels: 50 SG 240 Throughput : 200 Mbps Throughput VPN: 20 Mbps VPN Tunnels:: 200 SG 3110 Throughput : 200 Mbps Throughput VPN:70 Mbps VPN Tunnels: 300 SG 3150 Throughput : 300 Mbps Throughput VPN:100 Mbps VPN Tunnels: 300 SG 4210 Throughput 500 Mbps Throughput VPN: 200 Mbps VPN Tunnels: 750 SG 4230 Throughput 1 Gbps Throughput VPN:300 Mbps VPN Tunnels: 1000 SG 4250 Throughput 2 Gbps Throughput VPN: 1 Gbps VPN Tunnels: 1500 SG 4430 Throughput 1 Gbps Throughput VPN:300 Mbps VPN Tunnels: 1000 SG 4450 Throughput 2 Gbps Throughput VPN: 1 Gbps VPN Tunnels: 1500 SG 4470 Throughput 4 Gbps Throughput VPN: 1,2 Gbps VPN Tunnels: 2000

Route Fail-Over Traditionally, connections provided by ISPs have been a single point of failure for corporate communications. With the introduction of route fail-over Clavister eliminates this single point of failure in a company s critical e-business operation. With route fail-over a company can connect the firewall to two different ISPs. This will make the firewall monitor the two ISP and in case of failure the firewall will use the next best instead of the failed one. Often route fail-over is also required in a wireless scenario. Usually wireless service providers need a security gateway for their customers who are able to manage a wireless connection and a wired connection used as a backup.

Third party reporting tools The Clavister Firewall management software includes tools for graphically monitoring firewall status parameters as well as extensive monitoring of network traffic. The firewall Log data can be analyzed using the advanced log analyzer tool integrated in the Firewall Manager and may also be exported using text format to any third-party application, such as Microsoft Excel or SQL server, for further analysis. Furthermore, NetIQ s WebTrends for Firewalls product suite, eiqnetworks' FirewallAnalyzer and SawMill are supported in order to generate graphical usage reports and graphs. SawMill was the latest Clavister integration with an advanced reporting tool. Sawmill was designed with ISPs/ASPs in mind. A quick look through Sawmill's features shows that it has everything an ISP/ASP needs to easily set up an automated, multi-user, multi- Please Recycle

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information