GateProtect WMZ 2500 firewall (hardware)

Feature overview V8.6 - xUTM Appliances
March 2010
xUTM appliances by gateProtect combine state-of-the-art security and network features such as
firewalls, bridging, VLAN, single sign-on, traffic shaping, QoS, IPSec/SSL (X.509), IDS/IPS, web
filtering, virus filtering, real-time spam detection, HTTPs proxy, and VPN Crypto acceleration in a
single unified system.
With its unique, patented eGUI® technology (ergonomic Graphic User Interface) gateProtect‘s xUTM
appliances increase the effective IT security in your business, set new standards in improving maintenance efficiency, and lower the resulting operating costs.
Highly flexible, gateProtect xUTM appliances are perfectly suited to business networks of any size.
Feature Specifications
Firewall
- Stateful inspection
- Connection-tracking TCP/UDP/ICMP
- SPI and proxy combinable
- Time controlled firewall rules,
content filter and internet connection
- IP-ranges, IP-groups
- Layer7-filter
- Port-ranges
- Self- and predefined ports
- Supported protocols:
TCP, UDP, ICMP, GRE, ESP, AH
Management
- eGUI technology
- ISO 9241 certified
- visual feedback immediately supplied
for each setting
- self-explanatory functions
- overview of all active services
- overview of the whole network
- Layer and zoom function
- Languages: English, German, French, Italian
- Role-based firewall administration
- Role-based statistic-client
- SSH-CLI
- Desktop configuration saved / restored separately from backup
- CLI on serial line
- Object oriented firewall configuration
LAN / WAN-support
- Ethernet 10/100/1000/10 000 Mbit/s
- Twisted-Pair / Fibre-Optics
- MTU changeable (Ethernet/DSL)
- PPPoE, PPTPoE
- ISDN
- PPP-PAP, PPP-CHAP authentication
- Inactivity timeout
- Forced disconnect time
- Cablemodem, xDSL
- Concurrent connections
- Backup-connections
- Connection availability check
- Loadbalancing
- Time controlled internet connections
- Manual and automatic DNS assignment
- Multiple dyn-DNS support
- Supports 8 different dyn-DNS-services
- Source based routing
- Routing protocols RIP, OSPF
User authentication
- Active Directory supported
- Active Directory groups integration
- OpenLDAP supported
- Local userdatabase
- Web-interface authentication
(port changeable)
- Windows-client authentication
- Authentication on domain login
- Single sign on with Kerberos
- Single- and multi login
- Login and logoff auditing
- User- and group statistics
DHCP
- DHCP-relay
- DHCP-client
- DHCP-server (dynamic and fixed IP)
Clarity · Perfection · Security
DMZ
- Port forwarding
- PAT
- Dedicated DMZ-links
- DMZ-wizard
- Proxy supported (SMTP)
VLAN
- Max. 4094 VLAN per interface possible
- 802.1q ethernet header tagging
- Combinable with bridging
Bridge-mode
- OSI-layer 2 firewall-function
- Spanning tree (bride-ID, port-cost)
- Unlimited bridges
- Unlimited interfaces per bridge
- Combinable with VPN-SSL
Traffic shaping
- Up- and download shapeable
- Multiple internet connection separately
shapeable
- All services separately shapeable
- Maximum and guaranteed bandwidth
adjustable
- QoS with TOS-flags supported
- QoS inside VPN connection supported
High availability
- Active-passive HA
- Synchronisation on single / multiple
dedicated links
- Manually switch roles
IDS/IPS
- Snort scan-engine
- 5000+ IDS-pattern
- Security-level adjustable
- Rule groups selectable
- Exceptions definable
- Email on IDS events
- DoS, DDoS, portscan protection
- Invalid network packet protection
Backup
- Remote backup creation
- Small backup files (kb)
- Remote backup restore
- Restore backup on installation
- Automatic and time based creation
of backups
- Automatic upload of backups on FTP or SCP-Server
- Auto-install-USB-stick with backup
integrated
Proxies
- HTTP (transparent or intransparent)
- Support for Radius-server, AD-server,
local user-database
- HTTPS, FTP,POP3,SMTP,SIP
- Integrated URL-/ content-filter
- Integrated antivirus-filter
- Integrated spam-filter
- Time-controlled
Monitoring
- System-Info
- CPU- / memory usage
- Long-term-statistic
- HDD-status (partitions, usage, RAID)
- Network status (interfaces, routing, traffic,
errors)
- Process-monitoring
- VPN-monitoring
- User-authentication-monitoring
Antivirus
- HTTP, HTTPS, FTP, POP3, SMTP
- Scans compressed data and archives
- Scans ISO 9660-files
- Exceptions definable
- Manual and automatic updates
Logging, reporting
- Email notification
- Logging to multiple syslog-servers
- Categorized messages
- Report in admin-client (with filter)
- Export report to CSV-files
Web-filter
- URL-filter
- Content-filter
- Block rules up to user-level
- Black-/ white-lists
- Im- / export of URL-lists
- File-extension blocking
- Category-based website-blocking
- Self definable categories
- Scan-technology with online-database
- Transparent HTTP-proxy support
- Intransparent HTTP-proxy support
SNMP
- SNMPv2c
- SNMP-traps
- Auditing of:
- CPU / Memory
- HDD / RAID
- Ethernet-interfaces
- Internet-connections
- VPN-tunnel
- Users
- Statistics, updates
- DHCP
- HA
Antispam
- Online-scanner
- Scan-level adjustable
- Real-time-detection-center
- Black- / white-email-sender-lists
- Mail-filter
- Black- / white-email-recipients-lists
- Automatically reject emails
- Automatically delete emails
- AD-email-addresses import
Statistics
- IP and IP-group statistic
- Separate services
- Single user / groups
- TOP-lists (surfcontrol)
- IDS-statistics
- Traffic-statistics
- Antivirus- / antispam-statistics
- Defence statistics
- Export statistic to CSV-files
VPN
- VPN-wizard
- Certificate-wizard
IPSec
- Site-to-site
- Client-to-Site (Road warrior)
- Tunnel-Mode
- IKEv1, IKEv2
- PSK
- X.509-certificates
- 3DES, AES (128, 192, 256)
Blowfish (128, 192, 256)
- DPD (Dead Peer Detection)
- NAT-T
- Compression
- PFS (Perfect Forward Secrecy)
- MD5, SHA1, SHA2 (256, 384, 512)
- Diffi Hellman group
(1, 2, 5, 14, 15, 16,17,18)
- export to One-Click-Connection
- XAUTH, L2TP
SSL
- Site-to-site
- Client-to-Site (Road warrior)
- Routing-Mode-VPN
- Bridge-Mode-VPN
- X.509-certificates
- TCP/UDP port changeable
- Compression
- specify WINS- and DNS-servers
- 3DES, AES (128, 192, 256)
CAST5, Blowfish
- Export to One-Click-Connection
PPTP
- Windows-PPTP compatible
- Specify WINS- and DNS-servers
- MSCHAPv2
X.509 certificates
- CRL
- OCSP
- Templates
- Multi CA support
- Multi host-cert. support
VPN-client
- IPSec-client
- SSL-client (OpenVPN)
- NAT-T
- AES (128, 192, 256), 3DES
CAST, Blowfish
- X.509 certificates
- PSK
- One-Click-Connection
- Log-export
Command center
- eGUI technology, ISO 9241 certified
- Monitor 500+ firewalls
- Active configuration of 500+ firewalls
- VPN connections centrally creatable
- Single- and group-backup
- Plan automatic backup in groups
- Single- and group update & licensing
- Create and apply templates on multiple
firewalls
- Certificate based 4096 bit encrypted
connections to the firewalls
- Display settings of all firewalls
- Role based command center user
management
- VPN-monitoring
Feature overview V8.6 - xUTM Appliances
March 2010
Specifications
GPO 75
GPO 125
GPA 250
GPA 400
GPA 600
Interfaces
10/100 Ethernet Ports
4
4
-
-
-
10/100/1000 GBE Ports
-
-
4
6
8
SFP (Mini GBIC) Ports
-
-
-
-
-
VPN - Crypto acceleration chip
-
-
-
-
Yes
System Performance*
Firewall throughput (Mbps)
200
200
800
1 400
1 800
VPN IPSec throughput (Mbps)
50
70
120
190
500
UTM throughput (Mbps)
-
35
90
140
200
IDS/IPS throughput (Mbps)
-
90
160
320
520
Concurrent sessions
50 000
150 000
300 000
500 000
600 000
New sessions pr. Second
1 500
2 500
5 000
8 000
10 000
44 x 252 x 154
44 x 252 x 154
44 x 440 x 270
44 x 440 x 270
44 x 440 x 270
2,9
2,9
5,5
5,5
5,6
AC 100V-240V
AC 100V-240V
AC 100V-240V
AC 100V-240V
AC 100V-240V
30 / 75
30 / 75
35 / 78
35 / 78
35 / 78
102 / 256
102 / 256
119 / 266
119 / 266
119 / 266
-
-
-
-
-
Dimensions
H x W x D (mms)
Gross Weights (kgs)
Power
Input Voltage
Consumption (W) - full load / rating
Total Heat Dissipation - full load / rating
Redundant Power Supply
Environmental
Operating Temperature (°C)
0 ~ 40 0 ~ 40 0 ~ 40 0 ~ 40 0 ~ 40 Storage Temperature (°C)
-20 ~ 75
-20 ~ 75
-20 ~ 75
-20 ~ 75
-20 ~ 75
Relative Humidity (Non condensing)
10 ~ 85%
10 ~ 85%
10 ~ 85%
10 ~ 85%
10 ~ 85%
Specifications
GPX 800
GPX 1000
GPZ 2500
Interfaces
10/100 Ethernet Ports
-
-
-
10/100/1000 GBE Ports
8
10
12
2
6
Yes
Yes
Yes
Redundant - HDD (Raid)
-
Yes
Yes
Redundant - Power supply
-
Yes
Yes
System Performance*
Firewall throughput (Mbps)
3 500
5 000
9 000
VPN IPSec throughput (Mbps)
1 000
1 500
2 500
UTM throughput (Mbps)
500
700
1 100
IDS/IPS throughput (Mbps)
830
1 200
2 500
1 000 000
1 300 000
2 500 000
16 000
20 000
30 000
88 x 426 x 506
88 x 426 x 506
88 x 426 x 506
7,8
12,5
12,5
AC 100-240
SFP (Mini GBIC) Ports
VPN - Crypto acceleration chip
Concurrent sessions
New sessions pr. Second
Dimensions
H x W x D (mms)
Gross Weights (kgs)
Power
Input Voltage (V)
AC 100-240
AC 100-240
Consumption (W) - full load / rating
118 / 275
199 / 375
199 / 375
Total Heat Dissipation (BTU) - full load / rating
402 / 939
678 / 1280
678 / 1280
-
yes
yes
Redundant Power Supply
Environmental
Operating Temperature (°C)
0 ~ 40 0 ~ 40 0 ~ 40 Storage Temperature (°C)
-20 ~ 75
-20 ~ 75
-20 ~ 75
Relative Humidity (Non condensing)
10 ~ 85%
10 ~ 85%
10 ~ 85%
Clarity · Perfection · Security
* System performance depends on activated proxies, IDS,
application level and number
of active VPN connections.
We do not offer an express
or implied warranty for the
correctness /up-to-dateness
of the information contained
here (which may be
change at any time). Future
products or functions will
be made available at the
appropriate time.
©2010 gateProtect AG
Germany. All rights reserved.