gateprotect firewalls - spezialized line - rohde & … · gateprotect firewalls specialized...
TRANSCRIPT
Prod
uct F
lyer
| 02
.01
gateprotect FirewallsSpecialized Line – Easy to CustomizeWe designed the next-generation firewalls of the Specialized Line for complex IT environments requiring a high level of protection. They can be perfectly integrated into industrial process networks or very large office net-works via their routing functionalities and the easy and fast integration of special protocols.
Additional firewalls and other network components can be securely integrated via IPsec or OpenVPN (client-to-site or site-to-site). Even complex networks can be built using Network Address Translation, VLAN handling and policy-based routing based on different packet destinations and attributes.
The Specialized Line features further dedicated check mechanisms: Via the integrated SSL proxy and depending on the applicable security regulations, administrators can examine even encrypted data flows.
The state-of-the-art DPI engine ¸PACE2 (Deep Packet Inspection) enables the detection and examination of highly specific protocols. Protocol decoding allows the administrator to allow or block individual functions based on specific protocol attributes. Protocols can be quickly adapted and integrated according to customer require-ments. By using the web-based ¸Command Center, the IT administrator can monitor a complex array of fire-walls with ease and in real-time.
Specialized Line GP-S 1600 GP-S 1700 GP-S 1800 GP-S 1900 GP-S 2000Network InterfacesPorts 8xGE copper +
2 modules8xGE copper +2 modules
2xGE copper +8 modules
2xGE copper +8 modules
2xGE copper +8 modules
System PerformanceFirewall throughput (Mbit/s) 8.000 (UDP) 12.000 (UDP) 23.000 (UDP) 28.400 (UDP) 40.000 (UDP)
VPN throughput (Mbit/s) 1.000 1.600 3.600 4.500 4.700
UTM throughput (Mbit/s) 1.700 2.300 6.500 8.650 9.100
IDS/IPS throughput (Mbit/s) 1.700 2.300 7.000 9.400 10.000
Concurrent sessions 200.000 250.000 375.000 500.000 500.000
New sessions per second 60.000 74.000 150.000 200.000 220.000
PowerInput voltage (V) 100-240 100-240 90-264 90-264 90-264
Power consumption (W) 2x300 2x300 2x800 2x800 2x800
EnvironmentOperating temperature (°C) 0-40 0-40 0-40 0-40 0-40
Relative humidity (%) 5-90 5-90 5-90 5-90 5-90
RSCS_firewallspecialized_flyer_en_3607-3700-32_v0201.indd 1 07.09.2017 14:56:20
3607
.370
0.32
02.
01 P
DP
1 e
nRohde & Schwarz Cybersecurity GmbH
Muehldorfstrasse 15 | 81671 Munich, Germany
Info: +49 30 65884-223
Email: [email protected]
www.cybersecurity.rohde-schwarz.com
Rohde & Schwarz GmbH & Co. KG
www.rohde-schwarz.com
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG
Trade names are trademarks of the owners
PD 3607.3700.32 | Version 02.01 | September 2017 (sch)
gateprotect Firewalls – Specialized Line
Data without tolerance limits is not binding | Subject to change
© 2016 - 2017 Rohde & Schwarz Cybersecurity GmbH | 81671 Munich, Germany
3607370032
Feature Specifications: Specialized Line
Feature Highlights: Specialized Line
Unified Threat ManagementWebfilter ❙ URL and content filter ❙ Customizable rules for users ❙ Blacklists/whitelists ❙ Import/export of URL lists ❙ Category-based website blocking
(individually definable) ❙ Online scan technology ❙ HTTP(S) scanning
Application control ❙ Layer 7 packet filter (DPI) ❙ Filters applications (e.g. Facebook,
YouTube, BitTorrent etc.) ❙ Blacklists/whitelists ❙ Protocol validation ❙ R&S®PACE 2 (Protocol and
Application Classification Engine) ❙ Decoder: TCP, IMAP, SMTP, POP, ❙ Telnet, OSCAR, Yahoo (YMSG),
XMPP, HTTP, DNS, SIP, IRC, FTP, ICMP, SCADA (IEC104), SSL
Antivirus ❙ HTTP/S, FTP, POP3/S, SMTP/S ❙ Comprehensive protection by
renowned antivirus supplier ❙ User-defined exceptions
Antispam ❙ POP3/S, SMTP/S ❙ Scan levels definable ❙ GlobalView Cloud by using Recurrent
Pattern Detection (RPD) ❙ Blacklists/whitelists ❙ Automatically rejects/deletes emails
IDS/IPS ❙ 13,000+ signatures ❙ DoS/Portscan protection ❙ Individually customizable rules ❙ Options for security level and rule
groups ❙ Exceptions definable ❙ Scans all interfaces ❙ Protection against harmful network
packets
Proxies ❙ HTTP/S, FTP, POP3/S, SMTP/S, SIP ❙ Reverse proxy
VPN ❙ Site-to-site ❙ Client-to-site
X.509 certificates ❙ CRL ❙ OCSP ❙ Multi-CA support ❙ Multi-host certificate support
IPsec ❙ Full-tunnel mode ❙ IKEv1, IKEv2 ❙ PSK/certificates ❙ DPD (Dead Peer Detection) ❙ NAT-T ❙ XAUTH, L2TP ❙ Port configuration
SSL ❙ Routing-mode VPN ❙ Bridge-mode VPN ❙ TCP/UDP
LAN/WAN support ❙ Ethernet 10/100/1000/10,000 Mbit/s ❙ SFP/SFP+ ❙ MTU configurable (DSL) ❙ Multi-WAN (weighted policy-based
routing/failover) ❙ PPPoE ❙ Load balancing ❙ Multiple, dynamic DNS support ❙ DHCP ❙ DMZ
VLAN ❙ 4094 VLANs per interface ❙ 802.1q header tagging
Bridge Mode ❙ Layer 2 firewall function ❙ Unlimited number of interfaces per
bridge ❙ Compatible with VPN SSL
High availability ❙ Active/passive
Administration ❙ WebGUI – intuitive web interface ❙ Accessible with common browsers
and devices ❙ Object-oriented configuration ❙ Graphical usage concept with
additional table-based view
Firewall rules ❙ User-based ❙ IP addresses/subnets (single/group) ❙ Ports ❙ Protocols (layer 3 and 4) ❙ SSL inspection ❙ Time-controlled
Virtualization ❙ Supports different platforms:
VirtualBox, VMwarePlayer, ESXi, Hyper-V
❙ Flexible licensing model
Forensic Traffic Capture (FTC) ❙ Rule-based ❙ Profiles
Monitoring ❙ SNMPv2c, SNMPv3 ❙ System information
(CPU, HDD, RAM) ❙ System processes ❙ Network (interfaces, routing,
traffic, VPN) ❙ User authentication ❙ High availability
Traffic Shaping/QoS ❙ Maximum bandwidth configurable ❙ Internet connections and services
separately configurable
User authentication ❙ Active Directory, LDAP,
Novell eDirectory, RFC2307 NIS ❙ Authentication via web ❙ Local user administration ❙ Single sign-on (Kerberos) ❙ Multiple logins ❙ Captive portal
Reports, statistics, logging ❙ Statistics (IP addresses, user,
application control, interfaces, rules, domain, zones)
❙ Logging to external syslog servers (CEF)
❙ Recording for audits ❙ Rule-based alerts
Backup and restore ❙ Remote access ❙ Automatic and time-based backups ❙ Automatic upload (FTP, SCP)
Security ❙ Restriction to protocols classified as secure by Deep Packet Inspection (DPI)
❙ Fast integration of new protocols ❙ Individually customizable decoders ❙ Combines detection and decoding to create rules
Network ❙ Efficient and fast data exchange with multi-WAN routing
❙ High availability ❙ Ideally suited for the special requirements of a process network
Controls ❙ Intuitive web interface ❙ Supports tailored settings for the special requirements and clearly differentiated tasks
RSCS_firewallspecialized_flyer_en_3607-3700-32_v0201.indd 2 07.09.2017 14:56:20