3COM H3C SECBLADE ADVANCED VPN FIREWALL MODULE



Similar documents
Gigabit Content Security Router

Gigabit Multi-Homing VPN Security Router

Unified Services Routers

Gigabit SSL VPN Security Router

Introduction of Quidway SecPath 1000 Security Gateway

Unified Services Routers

Unified Services Routers

20 GE + 4 GE Combo SFP G Slots L3 Managed Stackable Switch

Gigabit Multi-Homing VPN Security Router

Network Security Firewall

Cisco RV180 VPN Router

Cisco RV220W Network Security Firewall

Cisco RV 120W Wireless-N VPN Firewall

Load Balance Router R258V

UTT Technologies offers an effective solution to protect the network against 80 percent of internal attacks:

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Cisco RV220W Network Security Firewall

Cisco SR 520-T1 Secure Router

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Cisco RV215W Wireless-N VPN Router

1- and 2-Port Fast Ethernet High-Speed WAN Interface Cards for Cisco 1841, 2800, and 3800 Series Integrated Services Routers

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

TP-LINK. JetStream 28-Port Gigabit Stackable L3 Managed Switch. Overview. Datasheet T3700G-28TQ.

EdgeMarc 4508T4/4508T4W Converged Networking Router

Cisco RV110W Wireless-N VPN Firewall

USG6600 Next-Generation Firewall

How To Set Up A Cisco Rv110W Wireless N Vpn Network Device With A Wireless Network (Wired) And A Wireless Nvv (Wireless) Network (Wireline) For A Small Business (Small Business) Or Remote Worker

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers

USG6300 Next-Generation Firewall

Integrated Services Router with the "AIM-VPN/SSL" Module

Wireless Controller DWC-1000

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

SSVVP SIP School VVoIP Professional Certification

Cisco RV110W Wireless-N VPN Firewall

Nortel Switched Firewall 5100 Series

SVN5800 Secure Access Gateway

High Performance 10Gigabit Ethernet Switch

Data Sheet. DPtech Anti-DDoS Series. Overview

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

NR50. Niveo Professional Multi WAN load balancing VPN router

Datasheet. Advanced Network Routers. Models: ERPro-8, ER-8, ERPoe-5, ERLite-3. Sophisticated Routing Features

Huawei Eudemon200E-N Next-Generation Firewall

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Cisco VPN 3000 Concentrator Series

Quidway AR 18-1X Series Router Datasheet

EX 3500 ETHERNET SWITCH

APV9650. Application Delivery Controller

Request for Quotation For the Supply, Installation, and Configuration of Firewall Upgrade Project

Networking 4 Voice and Video over IP (VVoIP)

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

HP VPN Firewall Module Family

(d-5273) CCIE Security v3.0 Written Exam Topics

Ethernet Link SGI-4844F

EdgeRouter Lite 3-Port Router. Datasheet. Model: ERLite-3. Sophisticated Routing Features. Advanced Security, Monitoring, and Management

NLoad Balancing Stackable Switch

Cisco ASA, PIX, and FWSM Firewall Handbook

PRODUCT DETAILS 3Com Switch 4500 Family 1 de 9 03/03/2008 9:43

INDIAN INSTITUTE OF TECHNOLOGY BOMBAY MATERIALS MANAGEMENT DIVISION : (+91 22) (DR)

Barracuda Link Balancer

Gigabit Multi-Homing VPN Security Gateway

Optimal Network Connectivity Reliable Network Access Flexible Network Management

VRGIII N Series Triple Play Gateway

Assuring Your Business Continuity

Cisco Enhanced High-Speed WAN Interface Cards

Integrated Services Router with the "AIM-VPN/SSL" Module

ECB1220R. Wireless SOHO Router/Client Bridge

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

QuickSpecs. Models HP U200-A UTM Appliance

Magnum Network Software DX

Models HP U200-A UTM Appliance

Network Access Security. Lesson 10

Recommended IP Telephony Architecture

Securing Networks with PIX and ASA

TK C -25 C 95% RH EMC TK701G TK701U TK704G TK704U TK704W. TK-Series Cellular Router

RuggedCom Solutions for

TABLE OF CONTENTS NETWORK SECURITY 2...1

Dialogic I-Gate 4000 Session Bandwidth Optimizer Core

QuickSpecs. Models. Features and benefits Configuration. HP VCX x3250m2 IP Telecommuting Module. HP VCX x3250m2 IP Telecommuting Module Overview

Secure Network Foundation 1.1 Design Guide for Single Site Deployments

Government of Canada Managed Security Service (GCMSS) Annex A-1: Statement of Work - Firewall

20 GE PoE-Plus + 4 GE PoE-Plus Combo SFP + 2 GE SFP L2 Managed Switch, 370W

Product Brief. Nortel Switched Firewall 6000 Series Accelerated VPN-Firewall. Switched Firewall defined

Cisco ACE 4710 Application Control Engine

VMware vcloud Networking and Security Overview

WS 2000 Wireless Switch. System Reference

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

24 GE + 2 GE SFP L2 Managed Switch

Enterprise LAN Switches. Key Features. Key Benefits. Switch 4500 Series

Cisco Intrusion Detection System Services Module (IDSM-2)

Cisco SRW2024P 24-Port Gigabit Switch: WebView/PoE Cisco Small Business Managed Switches

Layer 3 Network + Dedicated Internet Connectivity

Optimal Network Connectivity Reliable Network Access Flexible Network Management

Cisco Integrated Services Routers Performance Overview

APV x600 Series. Application Delivery Controller APV1600, APV2600, APV4600, APV5600, APV6600, APV8600, APV9600

Transcription:

DATA SHEET 3COM H3C SECBLADE ADVANCED VPN FIREWALL MODULE High-performance enterprise-class VPN firewall offering integrated protection of the network core SecBlade VPN Firewall Module OVERVIEW Enterprise organizations of all sizes are having their networks attacked at an unprecedented rate. Attacks can result in network outages; they can claim valuable bandwidth from productivity applications like Voice over IP (VoIP); they may even perpetrate the theft of company data and the personal and financial information of employees and customers. To defend against such attacks, enterprises need a comprehensive security solution, including the advanced threat protection offered by the SecBlade Advanced VPN Firewall for the 3Com Switch 8800 and Switch 7900E modular LAN platforms. It delivers advanced threat protection for the network core helping prevent business disruptions, revenue loss and damage to an organization s reputation caused by security breaches. Built on the latest state-of-the-art multi-core CPU platform, this firewall module enables advanced network protection at multi-gigabit speeds. It combines built-in protection against denial of service and hacking attacks with virtual private network (VPN) support, zonal and virtual stateful packet inspection firewall, application bandwidth management, audio/video IP multicast routing, peer-to-peer traffic control and email attachment filtering. With these advanced security capabilities built on top of the same operating system that powers all 3Com enterprise switching and routing platforms, a rich networking feature set with ease of integration and lowest total cost of ownership is assured. This advanced security module helps safeguard the network from attacks and misuse, while delivering policy-based multisite connectivity for real-time business-critical applications such as VoIP, video and collaboration tools. High-availability features help ensure wire-speed traffic flow even in the event of network or internal device error or loss of power to the primary device.

2 3COM H3C SECBLADE ADVANCED VPN FIREWALL MODULE KEY BENEFITS ENHANCED FIREWALL SECURITY SecBlade VPN Firewalls provide enhanced stateful packet inspection firewall filtering, which is currently undergoing ICSA certification, to ensure comprehensive protection. Granular firewall rules allow network and security administrators to control traffic down to individual IP addresses, with finegrain control of all security services. This advanced firewall capability significantly enhances security compared to more static router- or switch-based access control lists. Security is maximized with built in protection against key denial of service and hacking attacks, while business continuity is assured with enhanced support for dynamic application specific filtering of key network protocols, including; FTP, HTTP, SMTP, RTSP, SIP and H.323 (including Q.931, H.245 and RTP/RTCP). FLEXIBLE SECURITY ZONE AND VIRTUAL FIREWALL CONTAINMENT The flexible high-performance multi-core architecture of the SecBlade module enables both multiple zones and multiple separate firewall instances to be created on the same device. With multiple security zones created for wired/wireless, employee/guest LANs and DMZs, for example, more granular security policies are possible than with traditional firewall devices. Traffic between these security zones can be fully inspected and prioritized using stateful packet and application inspection for maximum security and control. Centralized deployment of a single device offering multiple virtual firewalls in the same form-factor can greatly simplify security deployment within an organization and significantly lower total cost of ownership through streamlined training, simplified deployment and management, as well as reduced power consumption compared to multiple discrete devices. COMPREHENSIVE SITE-TO-SITE AND REMOTE ACCESS SECURITY While most security implementations do not address security within a VPN connection, SecBlade VPN modules take a uniquely comprehensive approach to VPN-based security by providing the ability to look inside VPN IPSec tunnels for attacks. This thorough inspection prevents propagation of exploits between sites and can also be used to provide protection from security risks that occur when laptop users terminate VPN connections while traveling. Attacks that once gained access via a VPN tunnel are now eliminated by this approach, offering complete security protection, ensuring that remote VPN clients or branch offices cannot be used to propagate threats into the LAN. Another unique feature is prioritization of bi-directional traffic inside the VPN tunnel, enabling high-quality secure VoIP services and optimizing other site-to-site applications. APPLICATION PRIORITIZATION AND OPTIMIZATION Policy-based prioritization ensures QoS for business-critical applications and latency-sensitive services such as VoIP, video or collaboration tools helps ensure network traffic adheres to policies set by management, and can improve user productivity. SIP/H323 application layer gateway provides the ability to identify, prioritize and protect mission-critical and stateful traffic shaping applications, such as VoIP. Traffic shaping inside VPN tunnels prioritizes site-to-site voice traffic across VPN tunnels, saving costs on long-distance phone calls and leveraging centralized business applications. Support for PIM-DM multicast routing enables nextgeneration applications such as distance-based learning, between sites over IPSec VPN real-time training and conferencing and, at the same time, helps to preserve precious WAN bandwidth

3 3COM H3C SECBLADE ADVANCED VPN FIREWALL MODULE APPLICATION BLOCKING AND WEB FILTERING SecBlade VPN modules enforce usage policies by blocking or rate limiting applications such as instant messaging (IM) and peer-to-peer (P2P) file sharing that are not essential to business, which can waste bandwidth and reduce productivity. Web content keyword filtering can help restrict access to nonbusiness content, boosting employee productivity and helping reduce legal liability and security threats related to offensive or harmful web content. ATTACK PROTECTION Standard firewalls can be vulnerable to today's sophisticated internet attacks. The SecBlade Advanced VPN Firewall includes advanced protection technology to stop well-known hacking and denial of service attacks from breaking through perimeter defenses. To further mitigate the chance of security breaches, SecBlade modules include built-in filters to control or block the use of potentially high risk traffic including peer-to-peer, Active-X and email attachments. ADVANCED VPN High-performance and low-latency allows the Internet to be used as a secure connectivity mechanism for IPSec VPN siteto-site connections and remote user connectivity. The ability to inspect VPN tunnels offers complete security protection, ensuring that remote VPN clients or branch offices cannot be used to propagate attacks into the LAN. NETWORK TRANSPARENCY No IP or MAC address and no changes needed to network configuration simplifies installation, saves time and helps eliminate the risk of hackers discovering devices on the network. ENTERPRISE-CLASS HIGH AVAILABILITY Dual-chassis failover protects against loss of connectivity due to hardware failure, with automatic configuration and state table synchronization to simplify administration and remove scope for security policy inconsistencies. Dual-WAN failover helps prevent loss of connectivity due to ISP WAN link failure and, with the inclusion of load-balancing, enables increased WAN bandwidth for remote sites while both links are active.

Slot LINK ACT LINK ACT Slot LINK ACT LINK ACT 4 3COM H3C SECBLADE 3COM ADVANCED WIRELESS VPN LAN FIREWALL MOBILITY MODULE SYSTEM SAMPLE DEPLOYMENT Flexible Security Control The SecBlade VPN Firewall Module enables flexible segmentation of the network. Zonal and Virtual Firewall capabilities ensure maximum control of information exchanged between different resources on the network. H3C SecPath F1000-A SecPathF1000-A VPN FirewallSecurityPlatform Business Partner SecBlade VPN Firewall Module installed in switch. Wireless PC PDA / VoWiFi Phone Internet 3Com Switch 8800 Enterprise Headquarters SecBlade VPN Firewall Module installed in switch. H3C SecPath F1000-A SecPathF1000-S VPN FirewallSecurityPlatform SmallandMedium Branches 3ComSwitchS7906 Medium Branch Static VPN tunnel Dynamic VPN tunnel Secure Information Access and Sharing The SecBlade Advanced VPN Firewall Module and the SecPath Advanced VPN Firewall ensure organizations can securely share information across public networks with remote locations, mobile workers and business partners.

5 3COM H3C SECBLADE ADVANCED VPN FIREWALL MODULE SPECIFICATIONS For operation of the firewall module, the Switch 8800 must be running Comware v3 advanced software (3CR1752165V3), and the Switch S7900E must be running v 5.20 software, release 6306P03 (minimum) CONNECTORS 2 10/100/1000BASE-T and 2 10/100/1000BASE-T/ 1000BASE-X combo; 1 CompactFlash 1 serial (RJ-45) Hot swap insertion to any module slot FIREWALL 7900E: 6.5 Gbps performance 8800: 8.0 Gbps performance 256 security zones 256 virtual firewalls 4094 VLANs Time-based schedules User authentication ATTACK PREVENTION DoS/DDoS DNS query/syn/icmp/udp/arp flood SYN cookie proxy SQL injection filtering IP/MAC binding IP spoofing detection ARP reverse query checking Management interfaces disabled by default SESSIONS 2,000,000 concurrent connections 60,000 connections per second VIRTUAL PRIVATE NETWORK (VPN) IPSec VPN performance (168-bit DES): 2 Gbps 5,000 concurrent IPSec VPN tunnels 8,000 concurrent L2TP VPN tunnels 24,000 security associations Keying modes: manual key, IKE-PSK, IKE-X509 Encryption: DES, 3DES, AES-128, AES-192, AES-256 VPN client support: native IPSec, L2TP/IPSec, GRE, RSA SecurID two-factor authentication APPLICATION LAYER FILTERING Application layer gateway support for FTP, SMTP, HTTP, RTSP, H323 and SIP User-based Web HTTP URL content filtering via keyword, wildcard and regular URL matching Custom SMTP mail subject/content/attachment filtering via keyword and wildcard matching Java/Active-X detection and blocking P2P detection, blocking and throttling; by user and time TRAFFIC SHAPING Inbound and outbound rate limiting Policy-based shaping Committed access rates Traffic shaping inside VPN tunnels User-group based shaping Traffic prioritization via FIFO/PQ/CQ/WFQ/RTPQ/CBWFQ Congestion avoidance with WRED NETWORKING Deployment modes: IP transparent, routed, NAT, PAT Dynamic routing RIP v1 and 2, OSPF v2 including NSSA, BGP, policy 10,000 IP router interfaces 10,000 RIP/OSPF routes PPPoE, L2TP, IP assignment IEEE 802.1Q VLAN support Internal multi-scope DHCP server DHCP relay over VPN GRE tunneling IP multicast routing PIM-DM/SM IGMP v1, 2 and 3 IPv6 support: ICMPv6 HIGH AVAILABILITY VRRP Dual-module active-active/active-standby pair Dual-module automatic configuration synchronization Dual WAN links in active-standby fail-over pair Dual WAN links in active-active load-balancing pair Configurable load-balancing SYSTEM AND ADMINISTRATION Web interface via HTTP/HTTPS Command line interface via console, telnet, SSH RADIUS/TACACS+ server and local database authentication DNS support for dynamic IP allocation SNMP v1, 2c and 3 DIMENSIONS Height: 4.0 cm (1.6 in) Width: 39.9 cm (15.7 in) Depth: 34.7 cm (13.7 in) Weight: 3.5 kg (7.7 lb)

6 3COM H3C SECBLADE ADVANCED VPN FIREWALL MODULE SPECIFICATIONS (CONTINUED) ENVIRONMENTAL REQUIREMENTS Operating temperature: 0 to 45 C (32 to 113 F) Storage temperature: -20 to 80 C (-4 to 176 F) Humidity: 10% to 95% non-condensing RELIABILITY (MTBF @25 C) 56 years (490,000 hours) EMISSIONS / AGENCY APPROVALS FCC Part 15 Class B EN 55022 Class B ICES-003 Class B VCCI Class B EN 61000-3-2 EN 61000-3-3 IMMUNITY Product conforms to EN 55024 SAFETY AGENCY CERTIFICATIONS UL 60950-1 IEC 60950-1 EN 60950-1 CAN/CSA-C22.2 No. 60950-1-03 STANDARDS AND PROTOCOLS IEEE standards IEEE 802.1Q (VLANs) IEEE 802.3 Ethernet IEEE 802.3i (10BASE-T) IEEE 802.3u (Fast Ethernet) IEEE 802.3ab (1000BASE-T) IEEE 802.1D (STP) IEEE 802.1p (CoS) IEEE 802.1s (MSTP) IEEE 802.1w (RSTP) IEEE 802.1X (Security) IEEE 802.3x (Flow Control) IEEE 802.3z (1000BASE-X) RFC standards RFC 0768 (User Datagram Protocol) RFC 0791 (Internet Protocol) RFC 792, 950, 1256 (Internet Control Message Protocol) RFC 0793 (Transmission Control Protocol) RFC 0854 (Telnet Protocol Specification) RFC 0856 (Telnet Binary Transmission) RFC 1157 (Simple Network Management Protocol) RFC 1213 (Management Information Base for Network Management of TCP/IP-based internets: MIB-II) RFC 2082 (RIP-2 MD5 Authentication) RFC 2453 (RIP Version 2) RFC 1058 (Routing Information Protocol) RFC 2328 (OSPF Version 2) RFC 1771 (Border Gateway Protocol 4) RFC 2236 (Internet Group Management Protocol, Version 2) RFC 3376 (Internet Group Management Protocol, Version 3) RFC 1531 (Dynamic Host Configuration Protocol) RFC 1533 (DHCP Options and BOOTP Vendor Extensions) RFC 1534 (Interoperation Between DHCP and BOOTP) RFC 2131 (Dynamic Host Configuration Protocol) RFC 2132 (DHCP Options and BOOTP Vendor Extensions) RFC 2403 (Use of HMAC-MD5-96 within ESP and AH) RFC 2404 (Use of HMAC-SHA-1-96 within ESP and AH) RFC 2405 (ESP DES-CBC Cipher Algorithm With Explicit IV) RFC 2409 (The Internet Key Exchange) RFC 2410 (Null Encryption Algorithm and Its Use With IPsec) RFC 3526 (More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)) RFC 2516 (Method for Transmitting PPP Over Ethernet (PPPoE)) RFC 2661 (Layer Two Tunneling Protocol "L2TP") RFC 2784 (Generic Routing Encapsulation) RFC 3022 (Network Address Translation) RFC 3164 (Syslog) RFC 3193 (Securing L2TP using IPsec) RFC 2933 (Internet Group Management Protocol MIB) RFC 4109 (Algorithms for Internet Key Exchange version 1) RFC 4301 (Security Architecture for the Internet Protocol) RFC 4302 (IP Authentication Header) RFC 4303 (IP Encapsulating Security Payload) RFC 3768 (Virtual Router Redundancy Protocol (VRRP)) PACKAGE CONTENTS Module User documentation WARRANTY One Year Limited Hardware Warranty Limited Software Warranty for 90 days Refer to www.3com.com/warranty for details

7 3COM H3C SECBLADE ADVANCED VPN FIREWALL MODULE

8 3COM H3C SECBLADE ADVANCED VPN FIREWALL MODULE ORDERING INFORMATION PRODUCT DESCRIPTION Switch S8800/S9500 SecBlade VPN Firewall Module Switch S7900E/S7500E SecBlade VPN Firewall Module Transceivers 3Com 1000BASE-SX SFP 3Com 1000BASE-LX SFP 3Com 1000BASE-T SFP 3Com 1000BASE-LH70 (70 km) SFP 3Com Global Services 3Com Network Health Check, Installation Services, and Express Maintenance 3Com University Courses 3COM SKU 0231A827 0231A832 3CSFP91 3CSFP92 3CSFP93 3CSFP97 www.3com.com/services_quote www.3com.com/3comu Visit www.3com.com for more information about 3Com solutions. 3Com Corporation, Corporate Headquarters, 350 Campus Drive, Marlborough, MA 01752-3064 3Com is publicly traded on NASDAQ under the symbol COMS. Copyright 2009 3Com Corporation. All rights reserved. 3Com, the 3Com logo, and H3C are registered trademarks of 3Com Corporation or one of its subsidiaries in various countries worldwide. All other company and product names may be trademarks of their respective companies. While every effort is made to ensure the information given is accurate, 3Com does not accept liability for any errors or mistakes which may arise. All specifications are subject to change without notice. 401129-002 03/09

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information