Lucent Technologies VPN Firewall Brick 20 User's Manual
Contents
1. URL screening Application layer protocol command recognition and filtering Application layer command line length enforcement Unknown protocol command handling Extensive session oriented logging for application layer commands and replies Hostile mobile code blocking Java ActiveX URL blocking with 8e6 Technologies X Stop Xserver Virus scanning with Trend Micro s InterScan VirusWall Anti Virus Security Suite QoS Bandwidth Management Classified by Physical Port Virtual Firewall Firewall Rule Session Bandwidth Guarantees Into and out of Virtual Firewall allocated in bits second Bandwidth Limits Into and out of Virtual Firewall allocated in bits second packets session sessions second ToS DiffServ marking and matching 12 Firewall User Authentication Browser based authentication allows authentication of any user protocol Built in internal database user limit 10 000 Local passwords RADIUS SecurlD User assignable RADIUS attributes 13 VPN Maximum number of dedicated VPN tunnels 55 Manual Key IKE PKI X 509 3DES 168 bit DES 56 bit SHA 1 and MD5 authentication integrity Replay attack protection Remote access VPN Site to site VPN IPSec NAT Traversal UDP encapsulated IPSec LZS compression Spliced and nested tunneling 14 VPN Authentication Local passwords RADIUS SecurlD X 509 digital certificates with Entrust CA PKI Certificate requests PKCS 12 Automatic LD2. 0 000 shared among all virtual firewalls Max clear text throughput 125 Mbps 1518 byte TCP packets 140 Mbps 1518 byte UDP packets Max PPS throughput 40 000 pps 64 byte UDP packets Max 3DES throughput with software encryption 3 Mbps 1518 byte TCP packets 5 Virtualization Maximum number of virtual firewalls 20 Number of VLANs supported 4 094 VLAN domains up to 16 per VLAN trunk VPN Firewall Brick partitions allows for virtualization of customer IP address range including support for overlapping IP addresses 6 Modes of Operation Bridging and or routing on all interfaces All features supported with bridging IP routing with static routes 802 1Q VLAN tagging supported inbound and outbound on any combination of ports Layer 2 VLAN bridging NAT Network Address Translation PAT Port Address Translation Policy based NAT and PAT per rule Supports virtual IP addresses for both address translation and VPN tunnel endpoints DHCP assignable interface VLAN addresses DHCP Relay capabilities Dynamic registration of mobile VPN Firewall Brick address for centralized remote management PPPoE 7 Services Supported Bootp http irc netstat pop3 snmp tftp pptp dns https kerberos nntp rip ssh who RADIUS eigrp ident ldap ntp rip2 syslog shell X11 exec gmp login ospf rlogin telnet talk H 323 ftp imap mbone ping rsh traceroute lotus notes VoIP Gopher IPSec net
3. AP certificate retrieval 15 High Availability VPN Firewall Brick platform to VPN Firewall Brick platform active passive failover with full synchronization 400 millisecond device failure detection and activation Session protection for firewall and VPN Link failure detection Alarm notification on failover Encryption and authentication of session synchronization traffic Self healing synchronization links Lucent Proxy Agent load sharing supports high availability for content security services 16 Diagnostic Tools Out of band debugging and analysis via serial port modem terminal server Centralized secure remote console to any VPN Firewall Brick unit supporting Ping Traceroute packet trace with filters Remote VPN Firewall Brick platform bootstrapping Real time log viewer analysis tool 17 3 Tier Management Architecture Centralized carrier class active active management architecture with Lucent Security Management Server LSMS software Secure VPN Firewall Brick platform to LSMS communications with Diffie Helman and 3DES encryption SHA 1 authentication and integrity and digital certificates for VPN Firewall Brick platform LSMS authentication Up to 100 simultaneous administrators securely managing all aspects of up to 1000 VPN Firewall Brick units Secure reliable redundant real time alarms logs reports 18 Certifications ICSA V3 0A Firewall Certified ICSA V1 0B IPSec Certified National Security Age
4. VPN Firewall Brick 20 Security VPN and QoS Gateway The VPN Firewall Brick 20 platform offers a readily affordable CPE Applications e Advanced security services e Site to site and remote access VPN services e Bandwidth management services e Mobile data services e Shared Internet connectivity e Secure intranets and extranets Features e Integrates firewall VPN QoS VLAN and virtual firewall capabilities in one configuration e 140 Mbps firewall performance 3 Mbps 3 DES performance 55 simultaneous VPN tunnels 4 094 VLANs 20 virtual firewalls e Intrinsically secure transparent Layer 2 bridge e Central staging and secure remote management via Lucent Security Management Server LSMS software manages thousands of VPN Firewall Brick units and Lucent IPSec Client users from one console e Innovative security services advanced distributed denial of service attack protection high speed content security command blocking URL filtering virus scanning strong authentication real time monitoring logging and reporting e High availability architecture no single point of failure e No advisories or reported vulnerabilities solution for delivering service level assured advanced security IP VPN and bandwidth management services to small office and home office locations This carrier class IP services platform stretches investment dollars with low price performance and total ownership costs and deliver
5. bios pointcast smtp sql net Any IP protocol user definable Any IP protocol layer 4 ports user definable Support for non IP protocols as defined by DSAP Ethertype 8 Layer 7 Application Support Application Filter architecture supports Layer 7 protocol inspection for command validation dynamic channel pinholes and application layer address translation Application filters include http ftp tftp H 323 H 323 RAS Oracle SQL Net Net BIOS DHCP Relay DNS GTP SIP 9 Firewall Attack Detection and Protection Generalized flood protection extensible to new flood attacks as discovered with patent pending Intelligent Cache Management SYN flood protection to specifically protect inbound servers e g Web servers from inbound TCP SYN floods Strict TCP Validation to ensure TCP session state enforcement validation of sequence and acknowledgement numbers rejection of bad TCP flag combinations Initial Sequence Number ISN rewriting for weak TCP stack implementations Fragment flood protection with Robust Fragment Reassembly ensures no partial or overlapping fragments are transmitted Generalized IP Packet Validation including detection of malformed packets such as ping of death land attack tear drop attack Drops bad IP options as well as source route options 10 Content Security Lucent Proxy Agent integrates load shared content security services for Application protocol command blocking HTTP SMTP FTP Virus scanning
6. for planning 1 VPN Firewall Brick 20 platform purposes only and does not create Part Number 300323748 modify or supplement any warranties which may be made by Lucent Technologies relating to the products 2 External 3 25 Floppy Drive Part Number 300318953 and or services described herein The publication of information 3 Lucent Security Management Server contained in this document does not See LSMS data sheet for ordering details imply freedom from patent or other protective rights of Lucent Technologies 4 Lucent Proxy Agent or other third parties Included in LSMS software VPN Firewall Brick is a registered 5 Lucent IPSec Client trademark of Lucent Technologies Inc See Lucent IPSec Client data sheet for ordering details ActiveX is a trademark of Microsoft corporation InterScan is a registered trademark of Trend Micro Inc Java is a trademark of Sun Microsystems Inc Pentium is a registered trademark of Intel Corporation Solaris is a trademark of Sun Microsystems Inc Sun is a registered trademark of Sun Microsystems Inc UL is a registered trademark of Underwriter s Laboratories X Stop is a trademark of Log On Data Corp Copyright 2004 Lucent Technologies Inc All rights reserved VPN v4 04 04 Lucent Technologies Bell Labs Innovations
7. ncy EAL2 Government Protection Profile Certified EAL4 in progress 19 Mean Time Between Failure 127 000 Hrs 20 Dimensions W x L x H 6 2 x 8 6 x 1 3 16 cm x 22 cm x 3 cm 21 Cooling Passive heatsink 22 Operating Altitude Up to 13 123 ft 4 000 m 23 Environmental Operating Temperature 0 to 40 C Shock 2 5g at 15 20 ms on any axis Relative Humidity 5 95 Vibration 5g at 2 200Hz on any axis Non Operating Temperature 0 to 70 C Shock 35g at 15 20 ms on any axis Relative Humidity 5 95 Vibration 5g at 2 200Hz on any axis 24 Power External AC to DC Power Supply rated 25W Max Switching mode 100 240V AC 50 60Hz Consumption 0 19A typical at 115VAC 25 Safety Listings USA UL 1950 Canada CSA 22 2 No 950 EU EN IEC 60950 Japan CB Scheme IEC 60950 26 EMC Certifications USA FCC Part 15 Class B Canada IC ES003 EU EMC Directive Japan VCCI VPN Firewall Brick 20 platform Back Panel Lucent Proxy Agent 1 Software Requirements Solaris 8 2 Hardware Requirements Sun workstation 333 MHz Pentium Pro processor minimum 512 MB system memory minimum higher recommended To learn more contact your CD ROM drive dedicated Lucent Technologies 1 Ethernet 10 100 card representative authorized reseller or sales agent You can also visit our Web site at www lucent com security Ordering Information z p This document is provided
8. s service enhancing revenue building features Benefits e Low price performance less than the per Mbps price of major competitors e Low cost of ownership one configuration supports multiple IP services with no additional or recurring licensing fees VLAN and virtual firewall support for up to 20 customers at no additional cost management efficiencies reduce staffing and administrative expenses e Flexible deployment options premises or network based services with shared or dedicated hardware environments e Economical growth path migrate to advanced security and VPN services with no added infrastructure investments No touch CPE no need for costly network reconfigurations truck rolls or onsite support Enhanced user experiences efficient bandwidth management with customer level user level and server level QoS control Assured business continuity native high availability carrier class reliability Scalable carrier class management centrally manage up to 1 000 VPN Firewall Brick units and 10 000 Lucent IPSec Client users Lucent Technologies Bell Labs Innovations VPN Firewall Brick Platform 20 Technical Specifications 1 Processor Memory Rise mP6 120 MHz with 64MB RAM 2 LAN Interfaces 3 10 100 Base TX Ethernet RJ 45 3 Other Ports SVGA video DB9 serial external floppy PS 2 keyboard 4 Performance Concurrent sessions 3 000 New sessions second 300 Rules 3
Download Pdf Manuals
Related Search