Kirjeldus
Enterprise-Class Firewall Security Unified Threat Management Powerful VPN Performance UTM Services Robust Intrusion Prevention Stream-Based Virus Scanning Web Content Filtering NetDefend UTM Subscription Powerful VPN Engine Professional Intrusion Prevention System (IPS) Real-Time Antivirus Inspection (AV) Fast, Efficient Web Content Filtering Acceleration Engine for Unified Threat Management Licensed for Unlimited Users WAN Link Load-Balancing and Fault-Tolerance
NetDefend UTM Firewalls provide complete advanced security features to manage, monitor, and maintain a healthy and secure network. Network management features include: Remote Management, Bandwidth Control Policies, URL Black/White Lists, Access Policies, and SNMP. For network monitoring, these firewalls support e-mail alerts, system logs, consistency checks and real-time statistics.
NetDefend UTM Firewalls integrate an intrusion detection and prevention system, gateway antivirus, and content filtering for superior Layer 7 content inspection protection. An acceleration engine increases throughput, while the real-time update service keeps the IPS information, antivirus signatures, and URL databases current . Combined, these enhancements help to protect the office network from appl ication exploits, network worms, malicious code attacks, and provide everything a business needs to safely manage employee Internet access.
NetDefend UTM Firewalls offer an integrated VPN Client and Server. This allows remote offices to securely connect to a head office or a trusted partner network. Mobile users working from home or remote locations can also safely connect to the office network to access company data and e-mail. NetDefend UTM Firewalls have hardware-based VPN engines to support and manage a large number of VPN configurations. They support IPSec, PPTP, and L2TP protocols in Client/Server mode and can handle pass-through traffic as well. Advanced VPN configuration options include: DES/3DES/
AES/Twofish/Blowfish/CAST-128 encryption, Manual or IKE/ISAKMP key management, Quick/Main/Aggressive Negotiation modes, and VPN authentication support using either an external RADIUS server or a large user database.
Maintaining an effective defense against the various threats originating from the Internet requires that all three databases used by the NetDefend UTM Firewalls are kept up-to-date. In order to provide a robust defense, D-Link offers optional NetDefend Firewall UTM Service subscriptions which include updates for each aspect of defense: Intrusion Prevention Systems (IPS), Antivirus and Web Content Filtering (WCF). NetDefend UTM Subscriptions ensure that each of the firewall's service databases are complete and effective.
The NetDefend UTM Firewalls employ component-based signatures, a unique IPS technology which recognizes and protects against all varieties of known and unknown attacks. This system can address all critical aspects of an attack or potential attack including payload, NOP sled, infection, and exploits. In terms of signature coverage, the IPS database includes attack information and data from a global attack sensor-grid and exploits collected from public sites such as the National Vulnerability Database and Bugtrax. The NetDefend UTM Firewalls constantly create and optimize NetDefend signatures via the D-Link Auto-Signature Sensor System without overloading existing security appliances. These signatures ensure a high ratio of detection accuracy and a low ratio of false positives.
The NetDefend UTM Firewalls examine files of any size, using a stream-based virus scanning technology which eliminates the need to cache incoming files. This zero-cache scanning method not only increases inspection performance but also reduces network bottlenecks. NetDefend UTM firewalls use virus signatures from Kaspersky Labs to provide systems with reliable and accurate antivirus protection, as well as prompt signature updates. Consequentially, viruses and malware can be effectively blocked before they reach the desktops or mobile devices.
Web Content Filtering helps administrators monitor, manage, and control employee Internet usage. The NetDefend UTM Firewalls implement multiple global index servers with millions of URLs and real-time website data to enhance performance capacity and maximize service availability. These firewalls use granular policies and explicit black/white lists to control access to certain types of websites for any combination of users, interfaces and IP networks. The firewall can actively handle Internet content by stripping potential malicious objects, such as Java Applets, JavaScripts/VBScripts, ActiveX objects, and cookies.
The standard NetDefend UTM Subscription provides your firewall with UTM service updates for 12 months* starting from the day you activate or extend your service. The NetDefend UTM Subscription can be renewed regularly to provide your firewalls with the most up-to-date security service available from D-Link.
NetDefend Center: http://security.dlink.com.tw
Hardware-based data encryption and authentication for IPSec, PPTP, and L2TP in Client/Server mode enable fast and safe handling of VPN traffic.
Automatic updates from a comprehensive IPS signature database focus on attack payloads to protect the network against zero-day attacks.
The antivirus engine scans using the most complete, most up-to-date antivirus signature database. Streaming-based pattern matching provides the effective protection against viruses.
Multiple index server implementation, granular policies, black lists and active content handling enhance performance and effectiveness of web surfing control.
A powerful processor allows the firewall to carry out IPS and Antivirus scanning simultaneously without performance degradation.
Optional subscription services for IPS, Antivirus Scanning, and Web Content Filtering are priced per firewall rather than per user, thus reducing the total cost of ownership for licensing.
Multiple WAN ports support traffic load balancing and failover, thus guaranteeing Internet availability and bandwidth.
Põhiomadused
Liidesed
- 2 x 10/100Base-TX WAN porti
- 1 x 10/100Base-TX DMZ port3
- 7 x 10/100Base-TX LAN porti
Tootlikkus4 - Tulemüüri tootlikkus 150 Мbit/s
- VPN tootlikkus 45 Мbit/s
- Paralleelsete sessioonide arv 20 000
- Reeglite arv 1 000
Tulemüüri funktsioonid - РРРоЕ
- Läbipaistev režiim
- NAT, PAT
- Dünaamilise marsruutimise protokoll OSPF
- Reeglid kava järgi
- Application Layer Gateway (ALG)
- Zone-Defense tehnoloogia
Võrgufunktsioonid - DHCP klient/server
- DHCP relay
- Marsruutimine reeglite järgi
- IEEE 802.1Q VLAN
- IP Multicast: IGMP v1-v3, IGMP Snoooping
Virtuaalne privaatvõrk (VPN) - Krüpteerimine (DES / 3DES / AES / Twofish / Blowfish / CAST-128)
- 300 VPN-tunnelit
- PPTP/L2TP server
- Hub and Spoke
- IPSec NAT Traversal
Juhtimine - RS-232 konsool
- Web-liides HTTP, HTTPS
- Käsurealiides / SSH
- Tarkvara / konfiguratsiooni uuendamine
- Reserveerimine / taastamine
- «Usaldatav» sõlm eemalt juhtimiseks
- Tsentraliseeritud juhtimissüsteem2
Аutentimine - Sisseehitatud andmebaas
- Väline andmebaas: RADIUS, LDAP
- IP sidumine MAC-aadressiga
- XAUTH IPSec autentimiseks
Registreerimine ja monitooring - Sisene registreerimine
- Väline registreerimine: Syslog server
- Teatised emaili
- Sündmuste registreerimine
- SNMP v1, v2c
Koormuse reguleerimine - Väljamineva liikluse reguleerimine
- Reguleerimise algoritm: 2 tüüpi
- Liikluse ümbersuunamine kanali katkestusel
Läbilaskeriba juhtimine - Traffic Shaping reeglite järgi
- Garanteeritud läbilaskeriba
- Мaksimaalne läbilaskeriba
- Läbilaskeriba prioriteedi järgi
- WAN kanali reserveerimine
Intrusion Detection (IDS) - Automaatne šabloonide uuendamine
- DoS, DDoS rünnakutest kaitsmine
- Rünnakute ennetamine teatistega emaili
Sisu filtreerimine - HTTP tüüp: URL, võtmesõnad
- Skriptide tüüp: Java Cookie, ActiveX, VB
- E-maili tüüp: «Must» nimekiri, võtmesõnad
Sertifikaadid
Sidustooted
DFL-800-IPS-12 – Litsens IDS/IDP signatuuride uuendamiseks (12 kuud) DFL-800 jaoks