Prod

uct F

lyer

| 02

.01

gateprotect FirewallsSpecialized Line – Easy to CustomizeWe designed the next-generation firewalls of the Specialized Line for complex IT environments requiring a high level of protection. They can be perfectly integrated into industrial process networks or very large office net-works via their routing functionalities and the easy and fast integration of special protocols.

Additional firewalls and other network components can be securely integrated via IPsec or OpenVPN (client-to-site or site-to-site). Even complex networks can be built using Network Address Translation, VLAN handling and policy-based routing based on different packet destinations and attributes.

The Specialized Line features further dedicated check mechanisms: Via the integrated SSL proxy and depending on the applicable security regulations, administrators can examine even encrypted data flows.

The state-of-the-art DPI engine ¸PACE2 (Deep Packet Inspection) enables the detection and examination of highly specific protocols. Protocol decoding allows the administrator to allow or block individual functions based on specific protocol attributes. Protocols can be quickly adapted and integrated according to customer require-ments. By using the web-based ¸Command Center, the IT administrator can monitor a complex array of fire-walls with ease and in real-time.

Specialized Line GP-S 1600 GP-S 1700 GP-S 1800 GP-S 1900 GP-S 2000Network InterfacesPorts 8xGE copper +

2 modules8xGE copper +2 modules

2xGE copper +8 modules

2xGE copper +8 modules

2xGE copper +8 modules

System PerformanceFirewall throughput (Mbit/s) 8.000 (UDP) 12.000 (UDP) 23.000 (UDP) 28.400 (UDP) 40.000 (UDP)

VPN throughput (Mbit/s) 1.000 1.600 3.600 4.500 4.700

UTM throughput (Mbit/s) 1.700 2.300 6.500 8.650 9.100

IDS/IPS throughput (Mbit/s) 1.700 2.300 7.000 9.400 10.000

Concurrent sessions 200.000 250.000 375.000 500.000 500.000

New sessions per second 60.000 74.000 150.000 200.000 220.000

PowerInput voltage (V) 100-240 100-240 90-264 90-264 90-264

Power consumption (W) 2x300 2x300 2x800 2x800 2x800

EnvironmentOperating temperature (°C) 0-40 0-40 0-40 0-40 0-40

Relative humidity (%) 5-90 5-90 5-90 5-90 5-90

RSCS_firewallspecialized_flyer_en_3607-3700-32_v0201.indd 1 07.09.2017 14:56:20

3607

.370

0.32

02.

01 P

DP

1 e

nRohde & Schwarz Cybersecurity GmbH

Muehldorfstrasse 15 | 81671 Munich, Germany

Info: +49 30 65884-223

Email: cybersecurity@rohde-schwarz.com

www.cybersecurity.rohde-schwarz.com

Rohde & Schwarz GmbH & Co. KG

www.rohde-schwarz.com

R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG

Trade names are trademarks of the owners

PD 3607.3700.32 | Version 02.01 | September 2017 (sch)

gateprotect Firewalls – Specialized Line

Data without tolerance limits is not binding | Subject to change

© 2016 - 2017 Rohde & Schwarz Cybersecurity GmbH | 81671 Munich, Germany

3607370032

Feature Specifications: Specialized Line

Feature Highlights: Specialized Line

Unified Threat ManagementWebfilter ❙ URL and content filter ❙ Customizable rules for users ❙ Blacklists/whitelists ❙ Import/export of URL lists ❙ Category-based website blocking

(individually definable) ❙ Online scan technology ❙ HTTP(S) scanning

Application control ❙ Layer 7 packet filter (DPI) ❙ Filters applications (e.g. Facebook,

YouTube, BitTorrent etc.) ❙ Blacklists/whitelists ❙ Protocol validation ❙ R&S®PACE 2 (Protocol and

Application Classification Engine) ❙ Decoder: TCP, IMAP, SMTP, POP, ❙ Telnet, OSCAR, Yahoo (YMSG),

XMPP, HTTP, DNS, SIP, IRC, FTP, ICMP, SCADA (IEC104), SSL

Antivirus ❙ HTTP/S, FTP, POP3/S, SMTP/S ❙ Comprehensive protection by

renowned antivirus supplier ❙ User-defined exceptions

Antispam ❙ POP3/S, SMTP/S ❙ Scan levels definable ❙ GlobalView Cloud by using Recurrent

Pattern Detection (RPD) ❙ Blacklists/whitelists ❙ Automatically rejects/deletes emails

IDS/IPS ❙ 13,000+ signatures ❙ DoS/Portscan protection ❙ Individually customizable rules ❙ Options for security level and rule

groups ❙ Exceptions definable ❙ Scans all interfaces ❙ Protection against harmful network

packets

Proxies ❙ HTTP/S, FTP, POP3/S, SMTP/S, SIP ❙ Reverse proxy

VPN ❙ Site-to-site ❙ Client-to-site

X.509 certificates ❙ CRL ❙ OCSP ❙ Multi-CA support ❙ Multi-host certificate support

IPsec ❙ Full-tunnel mode ❙ IKEv1, IKEv2 ❙ PSK/certificates ❙ DPD (Dead Peer Detection) ❙ NAT-T ❙ XAUTH, L2TP ❙ Port configuration

SSL ❙ Routing-mode VPN ❙ Bridge-mode VPN ❙ TCP/UDP

LAN/WAN support ❙ Ethernet 10/100/1000/10,000 Mbit/s ❙ SFP/SFP+ ❙ MTU configurable (DSL) ❙ Multi-WAN (weighted policy-based

routing/failover) ❙ PPPoE ❙ Load balancing ❙ Multiple, dynamic DNS support ❙ DHCP ❙ DMZ

VLAN ❙ 4094 VLANs per interface ❙ 802.1q header tagging

Bridge Mode ❙ Layer 2 firewall function ❙ Unlimited number of interfaces per

bridge ❙ Compatible with VPN SSL

High availability ❙ Active/passive

Administration ❙ WebGUI – intuitive web interface ❙ Accessible with common browsers

and devices ❙ Object-oriented configuration ❙ Graphical usage concept with

additional table-based view

Firewall rules ❙ User-based ❙ IP addresses/subnets (single/group) ❙ Ports ❙ Protocols (layer 3 and 4) ❙ SSL inspection ❙ Time-controlled

Virtualization ❙ Supports different platforms:

VirtualBox, VMwarePlayer, ESXi, Hyper-V

❙ Flexible licensing model

Forensic Traffic Capture (FTC) ❙ Rule-based ❙ Profiles

Monitoring ❙ SNMPv2c, SNMPv3 ❙ System information

(CPU, HDD, RAM) ❙ System processes ❙ Network (interfaces, routing,

traffic, VPN) ❙ User authentication ❙ High availability

Traffic Shaping/QoS ❙ Maximum bandwidth configurable ❙ Internet connections and services

separately configurable

User authentication ❙ Active Directory, LDAP,

Novell eDirectory, RFC2307 NIS ❙ Authentication via web ❙ Local user administration ❙ Single sign-on (Kerberos) ❙ Multiple logins ❙ Captive portal

Reports, statistics, logging ❙ Statistics (IP addresses, user,

application control, interfaces, rules, domain, zones)

❙ Logging to external syslog servers (CEF)

❙ Recording for audits ❙ Rule-based alerts

Backup and restore ❙ Remote access ❙ Automatic and time-based backups ❙ Automatic upload (FTP, SCP)

Security ❙ Restriction to protocols classified as secure by Deep Packet Inspection (DPI)

❙ Fast integration of new protocols ❙ Individually customizable decoders ❙ Combines detection and decoding to create rules

Network ❙ Efficient and fast data exchange with multi-WAN routing

❙ High availability ❙ Ideally suited for the special requirements of a process network

Controls ❙ Intuitive web interface ❙ Supports tailored settings for the special requirements and clearly differentiated tasks

RSCS_firewallspecialized_flyer_en_3607-3700-32_v0201.indd 2 07.09.2017 14:56:20