SVN5800 Secure Access Gateway



Similar documents
USG6600 Next-Generation Firewall

USG6300 Next-Generation Firewall

HUAWEI Secospace USG6600 Next-Generation Firewall Datasheet

Huawei Eudemon200E-N Next-Generation Firewall

HUAWEI USG6000 Next-Generation Firewall V100R001. Product Description. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Gigabit SSL VPN Security Router

Huawei Remote Access Security Solution for Enterprise Networks. -Secure and Stable Platforms for Network Interconnection and Data Interaction

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Quidway SVN3000 Security Access Gateway

Gigabit Content Security Router

SVN3000 Security Access Gateway SSL/IPSec VPN Access Gateway

QuickSpecs. Models. Features and benefits Application highlights. HP 7500 SSL VPN Module with 500-user License

Gigabit Multi-Homing VPN Security Router

UTT Technologies offers an effective solution to protect the network against 80 percent of internal attacks:

Simple security is better security Or: How complexity became the biggest security threat

DPtech ADX Application Delivery Platform Series

Eudemon1000E Series Firewall HUAWEI TECHNOLOGIES CO., LTD.

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

Who s Endian?

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Gigabit Multi-Homing VPN Security Router

NR50. Niveo Professional Multi WAN load balancing VPN router

ALLNET ALL-VPN10. VPN/Firewall WLAN-N WAN Router

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Request for Quotation For the Supply, Installation, and Configuration of Firewall Upgrade Project

Configuration Guide BES12. Version 12.2

APV9650. Application Delivery Controller

Huawei Eudemon1000E-X series Firewall. Eudemon 1000E-X Series Firewall. Huawei Technologies Co., Ltd.

Radware s AppDirector and Microsoft Windows Terminal Services 2008 Integration Guide

Ensuring the security of your mobile business intelligence

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Barracuda SSL VPN Administrator s Guide

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

Dedicated Servers for Demanding Solutions

Introduction of Quidway SecPath 1000 Security Gateway

Huawei One Net Campus Network Solution

AC Wireless Dual Band ADSL2+ Modem Router. Highlights

Media Exchange really puts the power in the hands of our creative users, enabling them to collaborate globally regardless of location and file size.

Configuration Guide BES12. Version 12.1

Cisco RV 120W Wireless-N VPN Firewall

Steelcape Product Overview and Functional Description

MaaS360 Mobile Enterprise Gateway

AC 750. Wireless Dual Band ADSL2+ Modem Router. Highlights

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

MaaS360 Mobile Enterprise Gateway

Move over, TMG! Replacing TMG with Sophos UTM

Cisco Virtual Office Express

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

Cisco RV220W Network Security Firewall

VPN. Date: 4/15/2004 By: Heena Patel

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

A Guide to New Features in Propalms OneGate 4.0

Features of AnyShare

SSL VPN Technology White Paper

Huawei Network Edge Security Solution

EasyConnect. Any application - Any device - Anywhere. Faster, Simpler & Safer Networks

Huawei Traffic Cleaning Solution

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Configuration Guide BES12. Version 12.3

Configuration Guide. BES12 Cloud

Interwise Connect. Working with Reverse Proxy Version 7.x

Cisco RV215W Wireless-N VPN Router

AppDirector Load balancing IBM Websphere and AppXcel

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

ReadyNAS Remote White Paper. NETGEAR May 2010

How To Get A Wireless Router For Free From $99.99 On Amazon.Com (For A Limited Time) (For An Extra $99) ( For A Long Distance) (On A 2.99/99) For A Year

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

Web Request Routing. Technical Brief. What s the best option for your web security deployment?

Reverse Proxy for Trusted Web Environments > White Paper

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

msuite5 & mdesign Installation Prerequisites

Small, Medium and Large Businesses

NEFSIS DEDICATED SERVER

APV x600 Series. Application Delivery Controller APV1600, APV2600, APV4600, APV5600, APV6600, APV8600, APV9600

F-Secure Messaging Security Gateway. Deployment Guide

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

DrayTek Vigor High Performance Firewall Router. - VPN - Up to 200 concurrent tunnels. - Load Balancing & Failover between WAN ports

NETASQ MIGRATING FROM V8 TO V9

Data Sheet. VLD 500 A Series Viaedge Load Director. VLD 500 A Series: VIAEDGE Load Director

Mobile Access Software Blade

Workday Mobile Security FAQ

ReadyNAS Replicate. Software Reference Manual. 350 East Plumeria Drive San Jose, CA USA. November v1.0

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Appliance Comparison Chart

Exam : 1Y Citrix Access Gateway 8.0 Enterprise Edition: Administration. Title : Version : DEMO

Implementing Core Cisco ASA Security (SASAC)

FortiAuthenticator TM User Identity Management and Single Sign-On

AC Wireless Dual Band Gigabit Router. Highlights

Repeater. BrowserStack Local. browserstack.com 1. BrowserStack Local makes a REST call using the user s access key to browserstack.

AC 750. Wireless Dual Band ADSL2+ Modem Router. Highlights

McAfee Network Security Platform A uniquely intelligent approach to network security

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Chapter 4: Security of the architecture, and lower layer security (network security) 1

Cisco RV220W Network Security Firewall

Transcription:

The development of networks allows enterprises to provide remote access to branch offices, partners, customers, mobile employees, and home offices so that they can access application and data resources, such as OA, ERP, CRM, and SCM, on enterprise intranet. The access networks are complex. Some access networks, such as branch office and partner networks, can be managed by the enterprise. Some access networks, such as home, public Wi-Fi, and 3G networks, are geographically dispersed and out of the control of the enterprise. Moreover, the devices that access the enterprise intranet are diversifying. In addition to traditional terminals, such as desktop computer and laptops, smart devices are increasingly used to access enterprise networks. To facilitate business processing, enterprises must ensure that legitimate users can easily access information resources on the intranet from various devices on various networks, without compromising intranet security. SVN5800 products are the latest secure access gateway products, which are built on a carrier-class hardware platform, secure real-time embedded operating system, and many years of experience in communication and networking development and design. SVN5800 products meet demanding international certification standards to provide security solutions, such as remote access, mobile working, branch office interconnection, cloud access, and multimedia tunnel access. SVN5800 series secure access gateways 6-1

Product Features and Benefits Anywhere Access Agile Access Secure Access Anywhere Access Powerful access capability Support up to 100,000 concurrent users. This capacity is industry leading. The SVN5800 series secure access gateways use a hardware platform that has a brand new architecture, dedicated multi-core platform, and multiple CPUs for parallel processing. Cross-OS support The SVN5800 series secure access gateways support Android, Windows, ios, Mac OS, Linux, Symbian, and BlackBerry operating systems. Full VPN support The SVN5800 series secure access gateways support SSL, IPSec, GRE, L2TP, and MPLS VPN types. SSL VPN IPSec VPN L2TP over IPSec GRE over IPSec MPLS VPN 6-2

Secure Access Diverse authentication types USB Key SMS Radius Digital Certificate Token VPNDB Device ID CAPTCHA LDAP AD The SVN5800 series supports authentication types, such as local password (VPNDB), AD/LDAP, RADIUS, digital certificate, token, USB key, short message service (SMS), device ID, and CAPTCHA. Therefore, the SVN5800 series allows you to combine multiple authentication factors so that users must pass the authentication of all configured authentication types to improve security. You can also configure multiple authentication types and allow users to gain VPN access if they pass any one of the configured authentication types. Fine-grained security control P2P Http IM Video The SVN5800 series provides fine-grained access control based on application, IP address, port, and URL and is able to identify over 6000 application protocols. The application-based access control allows you to permit the traffic of some applications, such as ERP and web, but limit or block the traffic of other applications, such as video and social networking applications. Such access control allows you to implement fine-grained traffic control to ensure that enterprise bandwidth resources are productively used. 6-3

Comprehensive protection The SVN5800 can check the security state of devices to determine whether to limit the resources accessible to the user or prevent the user from logging to the SVN to ensure that only secure devices can access the enterprise intranet. After the user logs out, the SVN5800 can delete access history, such as temporary files and cookies, to avoid data loss. The SVN5800 series can also identify and prevent tens of attacks based on the traffic features and DDoS attack methods to ensure that user devices are not exploited to launch attacks. Leading virtualization technologies Up to 512 virtual SSL VPN gateways can be created on an SVN5800 secure access gateway. The virtual gateways are independent from each other and can be used by different enterprises of different departments of an enterprise. The virtual gateway technology maximizes device efficiency, minimizes hardware cost, and improve return on investment. A Staff of Department A vsvn A SVN B Staff of Department B vsvn B Agile Access Flexible access methods The SVN5800 supports secure access methods, such as Web proxy, file sharing, port forwarding, network extension, and multimedia tunnel. Web Proxy Port Forwarding File Sharing Network Extension Multimedia Tunnel 6-4

Web proxy: When a remote user sends the SVN5800 a request for a web page hosted on the intranet, the SVN5800 forwards the request to the web server on the intranet, and sends the web page returned by the server to the user. The content of the web page is transmitted through SSL-encrypted tunnels to ensure data integrity. File sharing: The file systems on the intranet are put on the web so that users can user their browser to create and view folders and upload, download, rename, and delete files, just as they do on file systems. The SVN supports the SMB/CIFS and NFS protocols to provide secure remote access to Windows and Linux file systems, respectively. Port forwarding: Uses SSL to protect TCP applications and controls the access to these applications. A control is installed on the client to relay TCP/UDP services, encrypt data flows using SSL, and transmit the data flows to the SVN. Then, the SVN decrypts and parses the data flows and transmits the data flows to corresponding application servers, ensuring application security. Network extension: Provides remote access to network layer applications and resources by using Layer 3 SSL VPN (L3VPN) or IPSec Layer 3 VPN (IPSec L3VPN). Multimedia tunnel: By integrating the multimedia tunnel client component, multimedia clients can encrypt multimedia content using SSL tunnels, which have inherent advantages in traversing NAT and firewalls. Intelligent ISP link selection If multiple ISP links exist, the SVN5800 series can intelligently select an optimal ISP link to avoid the delay caused by cross-carrier routes. If geographically dispersed secure access gateways are deployed, the SVN5800 allows clients to constantly probe gateway distribution and quality to select the fastest SVN gateway to access. Service mobility* The SVN5800 in the agile campus solution ensures that users can have the same network permissions, policies, and access experience regardless of users' location and IP addresses. SVN user rate limiting: Bandwidth thresholds for SVN users are centrally configured on the controller. After SSL VPN users are authenticated, the controller delivers the bandwidth thresholds to users. VIP access: If the users connected to a gateway reach the maximum capacity and a VIP user attempts to access the SVN, the SVN logs out some common users to ensure the access of the VIP user. VIP traffic forwarding: User priorities are mapped to traffic priorities to ensure that the traffic of higherpriority users is forwarded preferentially. 6-5

Manager (VIP user) Priority access Bandwidth guarantees Priority forwarding traffic Access guarantees Bandwidth Allocation Campus Controller Synchronization User Policy Operation Finance Staff (High-priority user) FW SVN ERP Low priority access Bandwidth limiting Web Guest (Low-priority user) Specifications Device specifications Model SVN5830 SVN5850 SVN5860 SVN5880 Maximum number of concurrent SSL VPN users Maximum number of concurrent SSL VPN connections IPSec VPN throughput Concurrent IPSec VPN connections Maximum number of virtual gateways 6000 12,000 40,000 50,000 / 100,000* 15,000 30,000 150,000 150,000 3 Gbit/s 3 Gbit/s 18 Gbit/s 18 Gbit/s 4000 4,000 15,000 15,000 256 256 512 512 I/O Fixed ports 8GE+4SFP 4*10GE+16GE+8SFP Expansion slots 2WSIC 5WSIC Expansion card types WSIC: 2x10GE (SFP+) + 8xGE (RJ45), 8xGE (RJ45), 8xGE (SFP), 4xGE (RJ45) BYPASS Device Specifications Form Factor 1U 3U Dimensions (H x W x D) mm Weight (fully configured) 43.6 x 442 x 421 130.5 x 442 415 10 KG 22 KG HDD Optional, 300 GB hot-swappable single hard disk Optional, 300 GB hot-swappable dual hard disks (RAID1) 6-6

Model SVN5830 SVN5850 Redundant power supply Optional AC power supply 100 V to 240 V Maximum power 170 W SVN5860 SVN5880 Standard 350 W o o o 700 W o Operating environment Temperature: 0 C to 45 C (without hard disk)/ 5 C to 40 C (with hard disk), humidity: 10% to 90% Non-operating environment (storage environment) Temperature: 40ºC to 70ºC, humidity: 5% to 95% (non-condensing) Functions SSL VPN Supports Web proxy, file sharing, port forwarding, network extension, and multimedia tunnel*. Supports access to resources, such as Web, Client/Server application program, and multimedia resources, in IPv4 or IPv6 VPN types SSL VPN, IPSec VPN, GRE VPN, L2TP VPN, MPLS VPN Supports authentication methods, such as local password (VPNDB), AD, RADIUS, LDAP, SecurID, X.509 digital certificate, USB key, SMS, device ID, and CAPTCHA User authentication authentication. Supports hierarchical authentication, single sign-on (SSO), and software keyboard. 6-7

Model SVN5830 SVN5850 SVN5860 SVN5880 Authentication control Supports role-based, external group mapping, and dynamic authorization based on the security level of the terminals Provides fine-grained access control based on application, IP address, port, and URL and is able to identify over 6000 application protocols Supported operating systems Supports Android, Windows, Mac OS, ios, Linux, Symbian, and BlackBerry OS. Terminal security Supports terminal/host security check, cache cleaning, terminal ID binding, and DDoS attack defense at application and network layers*. Virtual gateway Supports multiple virtual gateways on one physical gateway to allow for service and network virtualization and independent authentication, authorization, services, and resources management Agile feature Bandwidth management, intelligent ISP link selection Network security Supports access control, NAT, and attack defense. Network protocols Supports IPv4 and IPv6 Deployment and availability Supports transparent, routing, and hybrid deployment modes and active/active and active/standby high availability (HA) * The product information may contain the product functions provided in future. For the actual product specifications, contact Huawei local sales office. 6-8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information