CS-2001 UTM Content Security Gateway The innovation of the Internet has created a tremendous worldwide opportunities for e-business and information sharing, however, it also brings network security problems. The request of information security becomes the primary concern for the enterprises. To fulfill the demand, PLANET introduces the UTM Content Security Gateway CS-2001, the next generation of CS-2000, to support the enterprises build up the secure network protection. For further IP compatibility, it supports IPv6 as well. The CS-2001 adopts Heuristics Analysis to filter spam and virus mails, and its auto-training system can increase the identify rate of spam. The built-in 500GB Hard Disk can store the spam mail in quarantine. The Anti-Virus application has dual virus scan engines - Clam and Sophos to detect viruses, worms and other threats from E-mails and Internet. It helps the administrators to monitor the mail status easily by providing mail reports by Daily, Weekly, Monthly and Yearly. Besides filtering spam and virus mail, the CS-2001 presents the IDP and firewall functions to defense hackers and blaster attacks from Internet or Intranet. The comprehensive functions in one device provide enterprises security solutions and better secure environment than ever. The CS-2001 supports most of popular security features including Content Blocking to block specific URL, Scripts, IM/P2P program, Authentication, IPSec, PPTP VPN server/Client, SSL VPN, QoS, High Availability, Inbound Load-Balancing and etc. Furthermore, it provides higher performance with all Gigabit Ethernet interfaces which offer faster speeds for your network applications. The user defined interfaces provide flexible requirement for the network nowadays, and multiple WAN interfaces enable the CS-2001 to support Outbound/Inbound load balance and WAN fail-over features. As the result, the VPN not only can configure Trunk mode but also provide VPN fail-over and load balance features which is a VPN redundant mechanism to keep the VPN always alive. Applications UTM Content Security Gateway PLANET UTM Content Security Gateway, CS-2001, is a specially designed security gateway with virus and spam filtering features. As the gatekeeper of corporate security network, the CS-2001 prevents corporate intranet from being infected by virus and its network resource being occupied by useless spam mails. Furthermore, IDP, User Authentication and Content Filter features of the security gateway offer the corporate intranet highly secure protection. The CS2001 also provides the IPSec, SSL VPN, and PPTP VPN solutions for secure data delivery via VPN tunnel. Branch Office Vendor Firewall Gateway Firewall Gateway PC 001101010 001101010 ADSL Modem Modem Internet IPSec VPN Tunnel IPSec VPN Tunnel PC b/g Access Point Laptop ADSL 001101010 Modem Attack Virus Access Point Spam SSL VPN Tunnel Firewall CS-2001 Firewall DMZ PC b/g ADSL 2/2+ ADSL 100Base-TX UTP 1000Base-T UTP Laptop Finance-Server PC Headquarters Data Sheet 1 Web-Server Mail-Server b/g Home 2.4GHz 802.11b/g CS-2001 Key Features All Gigabit user defined Interface IDP The CS-2001 not only supports all Gigabit Ethernet interfaces to provide higher performance but is also able to be defined the interface role for your network environment. IPv6 Built-in IDP function can detect the intrusions and prevent the network from Hacker attacks, Anomaly Flow and Signatures from the Internet. The CS-2001 provides three kinds of the signatures to complete the intrusion detection system, and users can select to configure “Anomaly”, “Pre-defined” and “Custom” according to the current environment request. IPv6 is designed to success the IPv4 version. The CS-2001 implements the new IP version for further compatibility of network environment. Policy-Based Firewall Anti-Spam Filtering Multiple defense layers (Spam Fingerprint, Blacklist & Whitelist, Bayesian Filtering, Spam Signature, Graylist, Checking sender account and IP address in RBL), and Heuristics Analysis help to block over 95% of spam mails. Customizable notification options and spam mail report are provided for administrators. Varied actions to spam mails include Delete, Deliver, Forward and Store in the quarantine. It also has built-in auto-training system to improve the identify rate of spam mails substantially. QoS Network packets can be classified based on IP address, IP subnet and TCP/UDP port number and offer guarantee of maximum bandwidth with three levels of priority. Anti-Virus Protection User Authentication Built-in dual virus scan engines can detect viruses, worms and other threats from email transfer and can scan mission-critical content protocols, SMTP and POP3 in real time to provide maximum protection. It provides customizable notification options and virus mail report for administrators. Varied actions to virus mails include Delete, Deliver, Forward and Store in the quarantine. Web-Based authentication allows users to be authenticated by web browser. User database can be configured on CS-2001 and it also supports the authenticated database through external RADIUS, POP3 and LDAP server. Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS The CS-2001 can filter the virus from various protocols. The virus pattern can be updated automatically or manually. WAN Backup The CS-2001 can monitor each WAN link status and automatically activate backup links when a failure is detected. The detection is based on the configurable target Internet address. Outbound Load Balancing VPN Connectivity The CS-2001 supports several VPN features -- IPSec VPN, SSL VPN and PPTP server/client. The VPN Tunnel with DES / 3DES / AES encryption and SHA-1 / MD5 authentication provides secure network traffic over public Internet. VPN Wizard helps the administrators to configure VPN settings easily. The network sessions are assigned based on the user configurable load balancing modes including “Auto”, “Round-Robin”, “By Traffic”, “By Session” and “By Packet”. Users can also configure IP or TCP/UDP type of traffic and assign which one of the two WAN ports for connection. Inbound Load Balancing SSL VPN SSL VPN allows users to easily establish VPN connections for transferring the data by SSL encryption via web browser without the need of any software or hardware installation. The CS-2001 provides the Inbound Load Balancing for enterprises internal server. The Inbound Load Balancing can reduce the server loading and system crash risks in order to improve the server working efficiency. VPN Trunk Multiple NAT VPN trunk function provides VPN load balance and VPN fail-over feature to keep the VPN connection more reliable. Multiple NAT allows local ports to be set in multiple subnets and connect to the Internet through different WAN IP addresses. Content Filtering VLAN The CS-2001 can block network connection based on URLs, Scripts (The Pop-up, Java Applet, cookies and Active X), P2P (eDonkey, Bit Torrent, WinMX and more), Instant Messaging (MSN, Yahoo Messenger, ICQ, QQ, Skype and Google Talk) and Download / Upload. If there are update versions of P2P or IM software in client side, the CS-2001 will detect the difference and update the Content Filtering pattern to renew the filtering mechanism. The CS-2001 provides IEEE 802.1Q Tagged VLAN and the VLAN groups which allows administrator to install the network flexibly. Data Sheet 2 The built-in Policy-Based firewall prevents many well-known hacker attacks including SYN attack, ICMP flood, UDP flood, Ping of Death, and etc. The access control function specifies WAN or LAN users to use authenticated network services only on specified time. High Availability The CS-2001 provides the High Availability function and the redundant system to keep the network traffic active when the device crash down. PLANET Technology Corporation 11F, No. 96, Min Chuan Road, Hsin Tien, Taipei, Taiwan, R.O.C. Tel: 886-2-2219-9518 Fax: 886-2-2219-9528 Email: firstname.lastname@example.org www.planet.com.tw VoIP Gateway: vip.planet.com.tw PLANET reserves the right to change specifications without prior notice. All brand names and trademarks are property of their respective owners. Copyright © 2008 PLANET Technology Corp. All rights reserved. CS-2001 Specification Product UTM Content Security Gateway Model Hardware CS-2001 Ethernet Console Hard Disk Hardware Watch-Dog Software Management Operation Mode Routing Protocol Concurrent Sessions New session per sec. Email Capacity per Day (mail size 1098 bytes) Firewall Performance SSL VPN Performance IPSec VPN Performance (With 3DES) Multiple subnet VPN Tunnels (Connection/Configure) Content Filtering IDP Anti-Virus Anti-Spam QoS User Authentication Logs Data Sheet 3 Web (English, Traditional Chinese, Simplified Chinese) DMZ_Transparent, DMZ_NAT, NAT Static Route, RIPv2, OSPF, BGP 1,000,000 10,000 2,000,000 1.6Gbps incoming and outgoing 80Mbps 100Mbps Policy-Based access control Stateful Packet Inspection (SPI) NAT / NAPT Max. 64 multiple subnets With VLAN id feature can assign multiple subnets VLAN trunk support Firewall Security VPN Function Undefined Ethernet Port 4 x 10/100/1000Base-T RJ-45, Auto-Negotiation, Auto MDI / MDI-X 1 x RS-232 (9600, 8, N, 1) 500 GB Auto reboot when detecting system fail 200 / 1000 IPSec, SSL VPN, PPTP server and client DES, 3DES and AES encrypting SHA-1 / MD5 authentication algorithm Remote access VPN (Client-to-Site) and Site to Site VPN URL Blocking Script Blocking (Popup, Java Applet, cookies and Active X) IM blocking (MSN, Yahoo Messenger, ICQ, QQ, Skype, Google Talk and more) P2P blocking (eDonkey, Bit Torrent, WinMX and more) Download and Upload blocking Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS Automatic or manual update virus and signature database Anomaly: Syn Flood, UDP Flood, ICMP Flood and more Pre-defined: Backdoor, DDoS, DoS, Exploit, NetBIOS and Spyware Custom: User defined based on TCP, UDP, ICMP or IP protocol Yearly, Monthly, Weekly and Daily Report support Virus scan engine: Two scan engines - Sophos and Clam Email attachment virus scanning by SMTP, POP3 Inbound scanning for internal and external Mail Server Action of infected mail: Delete, Deliver to the recipient, forward to an account and store in quarantine Automatic or manual update virus database Inbound scanning for external and internal Mail Server Supports Spam Fingerprint, Bayesian, Signature, RBL and Graylist filtering, checking sender account and IP to filter the spam mail Black list and white list support auto training system Action of spam mail: Delete, Deliver to the recipient, forward to an account and store in quarantine Yearly, Monthly, Weekly and Daily Report support Policy-Based bandwidth management Guarantee and maximum bandwidth with 3 priority levels Classify traffics based on IP, IP subnet, TCP/UDP port Built-in user database with up to 500 entries Supports local database, RADIUS, POP3 and LDAP authentication Traffic Log, Event Log and Connection Log Log can be saved from web, backup by e-mail or syslog server PLANET Technology Corporation 11F, No. 96, Min Chuan Road, Hsin Tien, Taipei, Taiwan, R.O.C. Tel: 886-2-2219-9518 Fax: 886-2-2219-9528 Email: email@example.com www.planet.com.tw VoIP Gateway: vip.planet.com.tw 01-08 C-POE-100SK PLANET reserves the right to change specifications without prior notice. All brand names and trademarks are property of their respective owners. Copyright © 2008 PLANET Technology Corp. All rights reserved. CS-2001 Accounting Report Statistics Others Record Inbound and Outbound traffic’s utilization by Source IP, Destination IP and Service Backup Accounting Report for Outbound and Inbound traffic WAN Ports traffic statistic and policies statistic with graph display Dynamic DNS NTP support Multiple Server load balancing Outbound / Inbound load balancing High Availability SNMP v1, v2, v3 Ordering Information CS-2001 Data Sheet 4 12-10 UTM Content Security Gateway ( Multiple WAN, LAN, DMZ ) PLANET Technology Corporation 11F, No. 96, Min Chuan Road, Hsin Tien, Taipei, Taiwan, R.O.C. Tel: 886-2-2219-9518 Fax: 886-2-2219-9528 Email: firstname.lastname@example.org www.planet.com.tw C-CS-2001 PLANET reserves the right to change specifications without prior notice. All brand names and trademarks are property of their respective owners. Copyright © 2010 PLANET Technology Corp. All rights reserved.