Keeping You Business ‘On’ - iBusiness Security Appliance series Jun 2005 updated Usage Suggestion This presentation document containing competition information is ideally created for the purpose of pre-sell training to the audience of Billion’s sales representatives, authorized sales agents, authorized distributors, or multiple tiered re-sellers when pre-selling education is needed. The Products disclosure of this entire documentation to end-usersVoIP may not be encouraged. Today’s Business Issues What to do with Communications • Internet as imperative tool to business productivity • Convergence of varying business applications • Growing dispersing workforce, suppliers, business partners • Total Cost of Ownership • Secure Corporate Network Access • Protection against potential treats and attacks High Internet Availability Innovative Access Methods Collaboration & Management Cost-Effective Solution VPN & Remote Advanced Security Billion’s BiGuard Series High Internet Availability Innovative Access Methods Collaboration & Management Cost-Effective Solution VPN & Remote Advanced Security BiGuard series - iBusiness Security Appliance - addresses SMB’s issues in today’s business environments: 9 Efficient router-based Internet security appliances for SME 9 Industry competitive methodologies of distributing data traffic and management 9 Solutions for head offices, branch offices, and remote users (mobile workers, external partners, suppliers…etc.) 9 Low-cost unit, all-in-one, compact gateways 9 VPN solutions of head-office gateway, branch office gateway, remote client 9 Rich Firewall features series keep your business always ‘online’ BiGuard Solutions Bandwidth Management – Quality of Service The state-of-the-art bandwidth management mechanism enables network administrator to set up bandwidth policy based on IP, services, and Mac addresses. The flexible design allows the user to set up guaranteed bandwidth, max bandwidth, and bandwidth priority. Load Balancing BiGuard 30’s Dual WAN ports enable Outbound and Inbound Load Balancing designed for cost- effective management of two ISP connections. Fail Over backup BiGuard30’s Dual WAN ports is designed to assures the availability of Internet access. In case the 1st ISP connection fails, the backup ISP connection will be automatically established. Firewall Integrated with most advanced firewall features, such as Stateful Packet Inspection, Denial of Service prevention, and firewall access policy VPN Solutions include office-to-office VPN connection and remote access VPN connection. The high throughput is designed with the capability of newest encryption decryption technology which enables secure communications with corporate employees and external business partners. Remote Client Access The BiGuard VPN client software enables the mobile users to easily and safely connect to corporate network and access corporate resource just like inside the office. BiGuard 30 Key Features iBusiness Security Gateway SMB • For central sites to establish office network and connect with branch offices, remote dial up and tele-workers • For small and medium sized business demanding for application-based network solutions at low-capital investment • Load Balancing for bandwidth optimization and network resilience 9DNS Inbound and outbound load balancing 9Protocol binding 9VPN load balance (*) • Automatic Fail Over for network redundancy 9auto fail over 9VPN fail over(*) • Policy-based traffic management • Quality of Service control for bandwidth management and traffic prioritization • Support up to 30 IPSec VPN connections • VPN throughput is up to 30 Mbps+ • Rich Firewall security • E-mail alert and logs of attack • Rack-mounted support • 30-day FREE trial of BiGuard IPSec VPN Client (1-user) included (*) For future release BiGuard 30 Hardware Specification Physical Interface 9WAN: 2-port 10/100M auto-sensing & auto-crossover switch 9LAN: 8-port 10/100M auto-sensing & auto-crossover switch 9Factory default reset button 9Power Jack Physical Specification 9Housing : Metal and Rack-mounted 9Dimensions: 250mm x 166mm x 35mm (9.84” x 6.54” x 1. 38”) Power Requirement 9Input: 12V DC, 1A Front Panel Back Panel BiGuard 10 Key Features iBusiness Security Gateway Small Office • For small office network to connect with headquarter and tele-workers • For small and medium sized business demanding for application-based network solutions at lowcapital investment •10 simultaneous IPSec VPN connections • VPN throughput is up to 20 Mbps+ • Quality of Service control for bandwidth management and traffic prioritization • Robust Firewall security • E-mail alert and logs of attack • Rack-mounted support • 30-day FREE trial of BiGuard IPSec VPN Client (1user) included BiGuard 10 Hardware Specification Physical Interface 9WAN: 1-port 10/100M auto-sensing & auto-crossover switch 9LAN: 8-port 10/100M auto-sensing & auto-crossover switch 9Factory default reset button 9Power Jack Physical Specification 9Housing : Metal and Rack-mounted 9Dimensions: 250mm x 166mm x 35mm (9.84” x 6.54” x 1. 38”) Power Requirement 9Input: 12V DC, 1A Front Panel Back Panel BiGuard 2 Key Features iBusiness Security Gateway Home Office • For home offices or mobile users to dial up and connect with corporate network, or for very small offices to be connected with head offices. • For business requiring application-based network solutions at low-capital investment • Support up to 2 IPSec VPN connections • VPN throughput is up to 4 Mbps+ • 8-port Switch makes no need of buying extra device when expanding extra server/client • Quality of Service control for bandwidth management and traffic prioritization • Robust Firewall security to protect against hackers’ attack • E-mail alert and logs of attack • 30-day FREE trial of BiGuard IPSec VPN Client (1-user) included BiGuard 2 Hardware Specification Physical Interface 9WAN: 1-port 10/100M auto-sensing & auto-crossover switch 9LAN: 8-port 10/100M auto-sensing & auto-crossover switch 9Factory default reset button 9Power Jack Physical Specification 9Housing : Plastic and stand able ( Default is lie ) 9Dimensions: 265mm x 176mm x 44mm (10.43” x 6.93” x 1.73”) Power Requirement 9Input: 12V DC, 1A Front Panel Back Panel BiGuard Gateway Feature Overlook BiGuard 30 BiGuard 10 BiGuard 2 SMB Small Office Home Office CPU Intel Xscale IXP422 Intel Xscale IXP422 Intel Xscale IXP420 LAN 8 8 8 WAN 2 1 1 Flash 8M 8M 8M Memory ( SDRAM ) 32M 32M 32M Firewall V V V Content Filtering V V V VPN Accelerator Hardware Hardware Software VPN throughput 30Mbps 20Mbps 4Mbps IP Sec VPN Tunnels 30 10 2 Quality of Service V V V Hardware Accelerator V V - Auto Fail-over V - - Load Balance V - - Protocol Binding V - - Rack-mounted V V - iBusiness Security Appliance Product & Features Market Segment BiGuard IPSec VPN Client Software What is BiGuard VPN Client Window-based software that is implemented with IPSec VPN solution to allow a remote site to establish a secure connection over the Internet to corporate network Who needs Billion VPN Client Software 9 For remote users, mobile workers, branch offices to build up VPN connections to corporate networks 9 For end-users using Billion VPN-enabled devices to expand remote VPN access for point-to-point connections Optimize collaboration with business partners and officemates BiGuard IPSec VPN Client Software Key Features BENEFITS • Use USB Stick to store VPN Security elements • IPSec VPN tunneling with DES/3DES/AES encryption • IKE Key management • Point-to-Point Tunnel • • • • VPN Configuration Wizard Multiple Profiles Supports all Microsoft OS Support all Billion VPN-enabled devices, such as BiGuard, BiPAC 85xx, BiPAC 75xx series, BiPAC 7402, and BiPAC 7402G Portability Scalability Strong Encryption Easy to use Flexible Configuration Management Compatibility 930-day FREE trial available inside BiGuard series of packages 9Free trial download available to distributors for pre-selling BiGuard IPSec VPN Client Software USB Stick Feature How to store Security elements into an USB Stick? Once you plug in an USB Stick for the first time, the "AutoDetect" feature will prompt for copy or full removal of security elements from computer onto the stick. How the “Auto-open VPN tunnel” feature works from an USB Stick? 9Plug in your USB Stick 9The “Auto-open VPN Tunnels when plug in” feature of the VPN Client will decrypt security elements from the USB Stick and open configured tunnels. No tunnel can be opened without an USB stick! Competition Landscape Feature & Price Comparison BiGuard 30 Billion Netgear BiGuard 30 FVS124G RV082 ZyWALL 35 Vigor 3300 series FVR9208 V - V V V V CPU Intel Xscale IXP422 200MHz 32-bit RISC tba tba tba Intel IXP425 (533M) LAN 8 4 8 4 4 8 WAN 2 2 2 2 1 (V3300B) 3 (V3300B+) 2 Flash 8M 4M tba tba 8M 16M Memory ( SDRAM ) 32M 16M tba tba 32M 32M Firewall throughput 90Mbps tba tba 90Mbps tba 100Mbps V V V V V V 30 Mbps+ 10 Mbps 30 Mbps 40 Mbps 30 Mbps 70 Mbps IP Sec VPN Tunnels 30 25 50 35 128 100 Quality of Service V - - - V V Hardware Accelerator V V - - V V Auto Fail-over V V V V V V Load Balance V V V V V V 30-day VPN Client trial incl. VPNC 1-user client S/W included - ICSA Dial-up backup ICSA VPNC $ 330 $ 170 $ 300 $ 600 - 800 Coming soon $ 920 Product & Features Rack-mounted Firewall & Content Filtering VPN throughput Certified & others Street Price (US$) VAT excl. (suggested retail price) Linksys ZyXEL Draytek QNO Feature & Price Comparison BiGuard 10 Brand Billion Netgear DrayTek ZyXEL Model BiGuard 10 FVS318 Vigor 2900 ZyWALL 10 / ZyWALL 10W Flash 8M 2M tba tba Memory ( SDRAM ) 32M 16M tba tba LAN / WAN 8/1 8/1 4/1 1/1 10 8 32 10 20 Mbps+ 1.2Mbps tba 16Mbps Firewall & Content Filtering V V V V Quality of Service V - V Rack-mounted V - - - 30-day VPN Client trial incl. VPNC certified, Kensington Lock slot for theft protection 1 USB port, print server included ICSA certified 802.11g compliant dial-up backup $ 190 $ 180 VPN tunnels VPN throughput Certified & others Street Price (US$) VAT excl. $ 240 (suggested retail price) V (ZyWALL 10W only) (all ZyWALL 10W only) $ 220 (Z10) $ 340 (Z10W) Feature & Price Comparison BiGuard 2 Brand Billion ZyXEL BiGuard 2 ZyWall 2 8/1 4/1 2 2 VPN throughput 4 Mbps+ 2.2Mbps Firewall throughput 90Mbps 12Mbps Quality of Service V - Dial-up backup - V 30-day VPN Client trial incl. ICSA Model Name LAN / WAN port VPN tunnels Others Street Price (US$) VAT excl. $186 (suggested retail price) $190 Feature & Price Comparison BiGuard IPSec VPN Client competitor Product Description & Package Content Street Price (US$), tax excl. Billion BiGuard IPSec VPN Client 1. 1-user Serial number selling - $48 (SRP) 2. Retail package - tba (30-day free trial included inside BiGuard series of packages) ZyXEL VPN client Software Safenet SoftRemote 1-user pack - $ 35 -70+ 5-user pack - $ 134 - 220 10-user pack - $ 266 - 270+ D-Link NETDEFEND VPN Remote Access Software DS-601 (1-user) - $41 DS-605 (5-user) - $ 150+ • Get 1 DS-605 FREE with buying a DFL-700, 2 DS-605 FREE for buying a DFL-1100 (UK promo) • DFL-700 / DFL-1100 : SMB / large enterprise VPN Firewall gateways Netgear ProSafe VPN Client Software (1-user lic incl. inside FVS124G : SMB 2-WAN load balance gateway) VPN01L - $ 45 - 50+ VPN 05L - $ 150 - 160+ Features Highlight Quality of Service Smooth and Responsive Net Connection gives you full control over traffic priority and bandwidth management Quality of Service Inbound/Outbound Bandwidth Management Scheduler Scheduler: used for scheduling packets for transmission on an outgoing interface based on the information received from Meter and the Classifier Meter Classifier WAN1 WAN2 Inbound Outbound Meter: communicate the drop priority to the scheduler and measures the temporal priorities of the output stream against configured parameters. Classifier: classifies incoming packets to and mark according to the settings (priority, guaranteed, maximum) LAN Scheduling, measuring and sorting the bandwidth of inbound and outbound traffic Quality of Service Policy Based Traffic Prioritization Guaranteed / High Priority VoIP Normal PCs maximal bandwidth (restricted access) Restricted PC Group of users or applications can be configured at different level of priority Auto Fail Over Keep your Net Connection always ON When the 1st Internet access fails, the 2nd connection will be auto established Auto Fail Over What is Auto Fail Over 9 9 Automatically detects the failure of the port and redirects traffic through the other activated port Assures the availability of Internet access - the backup ISP connection will be automatically established when the 1st ISP connection fails Why needs Auto Fail Over 9 To be ‘always online’ for Business Continuance 9 To have back-up in case of connection disruption or breakdown 9 To assure network redundancy, zero downtime, for improvement of Business Productivity and Customer Satisfaction How Auto Fail Over Works • Hardware connection detection 1st connection Auto detects the Ethernet ports and select the other port automatically to redirect the data traffic • Software detection Cable Modem 2nd connection ADSL Modem Inspect the specific server to identify whether the WAN connection is active or not BiGuard 30 Load Balancing Optimize the bandwidth and network availability Intelligently distribute the packets through the least-loaded connection Load Balancing What is Load Balancing 9 Technologies of layer-3,4 protocols with advanced algorithms which intelligently inspect several variables about the content of TCP/IP packet and current traffic load of each WAN port, then directs traffic to the best available, leastloaded connection 9 Leveraging 2 broadband connections, especially for applications of PPPoE, PPTP and cable lines Why needs Load Balance 9 9 9 9 Bandwidth and performance optimization For the best responsive servers Cost Effectiveness No single point of failure How Load Balancing Works • WAN 1 Balance traffic loading : WAN 2 9 By session (# of connections) WAN 1 45% Pocket 9 By traffic (# of packets) 9 By traffic weight of link capability WAN 1 : WAN 2 1:2 WAN 2 WAN 1 Uplink 512K Downlink 2M 192.168.2.2 192.168.2.3 load balance WAN1 22.214.171.124 ISP load balance 126.96.36.199 WAN2 WAN 2 55% Pocket ISP Uplink 1M Downlink 4M Load Balancing - Protocol Binding Protocol Binding 9 For certain users or applications, the data traffic is configured to go through specific WAN port Why Protocol Binding 9 Office productivity 9 Traffic management policy Set up Policy 9Packet Type : TCP, UDP 9Source IP : from IP address range 9Destination IP : to IP address range 9Port Range : service port range Policy Set-up Application Port Assignment Policy 1 : Sales email, http, video WAN Port 1 Policy 2 : R&D ftp, email, ICQ, MSN WAN Port 2 How Protocol Binding Works Dynamic Dedicated WAN 1 WAN 2 Virtual Private Network Secure and Safe Enable end-to-end secure tunnel over the Internet General VPN Setup server 3 server 2 server 1 Head Office Firewall 1. Branch Office to Headquarter VPN Tunnel BiGuard 2 BiGuard 30 home offices or teleworkers small offices Firewall modem ISP 2. Gateway to Gateway VP el n un T N ISP VPN Tunnel BiGuard 10 3. Client to Gateway modem ISP nel VPN Tun server modem nel VPN Tun 1. Branch Office to Headquarter SL & Auto Failover Firewall AD ca Load Balancing ble 3. Client to Gateway mobile users installed with BiGuard VPN Client BiGuard IPSec VPN Client Phase 1 Authentication Remote Gateway Pre-shared Key (the same as remote gateway’s Preshared key) BiGuard IPSec VPN Client Phase 2 IPSec Configuration VPN Client Address Address type Remote LAN address Subnet mask Auto open tunnel when USB stick plugged in Open tunnel Sales Support • For product sample, BiGuard product prices, pre-sell technical training, contact your Billion sales manager, or email to request at email@example.com • For marketing materials or support, email us at firstname.lastname@example.org • For more details about BiGuard product info, visit www.billion.com/product/biguard.htm • For VPN Client trial download, visit www.billion.com/partner/partner.php (ID/password required, open to Billion’s authorized distributors for pre-sell evaluation only) Question & Answer Thank You !