GateProtect WMZ 2500 firewall (hardware) Datasheet

Feature overview V8.6

- xUTM Appliances

March 2010

xUTM appliances by gateProtect combine state-of-the-art security and network features such as firewalls, bridging, VLAN, single sign-on, traffic shaping, QoS, IPSec/SSL (X.509), IDS/IPS, web filtering, virus filtering, real-time spam detection, HTTPs proxy, and VPN Crypto acceleration in a single unified system.

With its unique, patented eGUI ® technology (ergonomic Graphic User Interface) gateProtect‘s xUTM appliances increase the effective IT security in your business, set new standards in improving maintenance efficiency, and lower the resulting operating costs.

Highly flexible, gateProtect xUTM appliances are perfectly suited to business networks of any size.

Feature Specifications

Firewall

- Stateful inspection

- Connection-tracking TCP/UDP/ICMP

- SPI and proxy combinable

- Time controlled firewall rules,

content filter and internet connection

- IP-ranges, IP-groups

- Layer7-filter

- Port-ranges

- Self- and predefined ports

- Supported protocols:

TCP, UDP, ICMP, GRE, ESP, AH

Management

- eGUI technology

- ISO 9241 certified

- visual feedback immediately supplied

for each setting

- self-explanatory functions

- overview of all active services

- overview of the whole network

- Layer and zoom function

- Languages: English, German, French, Italian

- Role-based firewall administration

- Role-based statistic-client

- SSH-CLI

- Desktop configuration saved / restored

separately from backup

- CLI on serial line

- Object oriented firewall configuration

LAN / WAN-support

- Ethernet 10/100/1000/10 000 Mbit/s

- Twisted-Pair / Fibre-Optics

- MTU changeable (Ethernet/DSL)

- PPPoE, PPTPoE

- ISDN

- PPP-PAP, PPP-CHAP authentication

- Inactivity timeout

- Forced disconnect time

- Cablemodem, xDSL

- Concurrent connections

- Backup-connections

- Connection availability check

- Loadbalancing

- Time controlled internet connections

- Manual and automatic DNS assignment

- Multiple dyn-DNS support

- Supports 8 different dyn-DNS-services

- Source based routing

- Routing protocols RIP, OSPF

User authentication

- Active Directory supported

- Active Directory groups integration

- OpenLDAP supported

- Local userdatabase

- Web-interface authentication

(port changeable)

- Windows-client authentication

- Authentication on domain login

- Single sign on with Kerberos

- Single- and multi login

- Login and logoff auditing

- User- and group statistics

DHCP

DHCP-relay

- DHCP-client

- DHCP-server (dynamic and fixed IP)

DMZ

- Port forwarding

- PAT

- Dedicated DMZ-links

- DMZ-wizard

- Proxy supported (SMTP)

VLAN

- Max. 4094 VLAN per interface possible

- 802.1q ethernet header tagging

- Combinable with bridging

Bridge-mode

- OSI-layer 2 firewall-function

- Spanning tree (bride-ID, port-cost)

- Unlimited bridges

- Unlimited interfaces per bridge

- Combinable with VPN-SSL

Traffic shaping

- Up- and download shapeable

- Multiple internet connection separately

shapeable

- All services separately shapeable

- Maximum and guaranteed bandwidth

adjustable

- QoS with TOS-flags supported

- QoS inside VPN connection supported

Proxies

- HTTP (transparent or intransparent)

- Support for Radius-server, AD-server,

local user-database

- HTTPS, FTP,POP3,SMTP,SIP

- Integrated URL-/ content-filter

- Integrated antivirus-filter

- Integrated spam-filter

- Time-controlled

Antivirus

- HTTP, HTTPS, FTP, POP3, SMTP

- Scans compressed data and archives

- Scans ISO 9660-files

- Exceptions definable

- Manual and automatic updates

Web-filter

- URL-filter

- Content-filter

- Block rules up to user-level

- Black-/ white-lists

- Im- / export of URL-lists

- File-extension blocking

- Category-based website-blocking

- Self definable categories

- Scan-technology with online-database

- Transparent HTTP-proxy support

- Intransparent HTTP-proxy support

Antispam

- Online-scanner

- Scan-level adjustable

- Real-time-detection-center

- Black- / white-email-sender-lists

- Mail-filter

- Black- / white-email-recipients-lists

- Automatically reject emails

- Automatically delete emails

- AD-email-addresses import

High availability

- Active-passive HA

- Synchronisation on single / multiple

dedicated links

- Manually switch roles

IDS/IPS

- Snort scan-engine

- 5000+ IDS-pattern

- Security-level adjustable

- Rule groups selectable

- Exceptions definable

- Email on IDS events

- DoS, DDoS, portscan protection

- Invalid network packet protection

Backup

- Remote backup creation

- Small backup files (kb)

- Remote backup restore

- Restore backup on installation

- Automatic and time based creation

of backups

- Automatic upload of backups on FTP-

or SCP-Server

- Auto-install-USB-stick with backup

integrated

Monitoring

- System-Info

- CPU- / memory usage

- Long-term-statistic

- HDD-status (partitions, usage, RAID)

- Network status (interfaces, routing, traffic, errors)

- Process-monitoring

- VPN-monitoring

- User-authentication-monitoring

Logging, reporting

- Email notification

- Logging to multiple syslog-servers

- Categorized messages

- Report in admin-client (with filter)

- Export report to CSV-files

SNMP

- SNMPv2c

- SNMP-traps

- Auditing of:

- CPU / Memory

- HDD / RAID

- Ethernet-interfaces

- Internet-connections

- VPN-tunnel

- Users

- Statistics, updates

- DHCP

- HA

Statistics

- IP and IP-group statistic

- Separate services

- Single user / groups

- TOP-lists (surfcontrol)

- IDS-statistics

- Traffic-statistics

- Antivirus- / antispam-statistics

- Defence statistics

- Export statistic to CSV-files

VPN

- VPN-wizard

- Certificate-wizard

IPSec

- Site-to-site

- Client-to-Site (Road warrior)

- Tunnel-Mode

- IKEv1, IKEv2

- PSK

- X.509-certificates

- 3DES, AES (128, 192, 256)

Blowfish (128, 192, 256)

- DPD (Dead Peer Detection)

- NAT-T

- Compression

- PFS (Perfect Forward Secrecy)

- MD5, SHA1, SHA2 (256, 384, 512)

- Diffi Hellman group

(1, 2, 5, 14, 15, 16,17,18)

- export to One-Click-Connection

- XAUTH, L2TP

SSL

- Site-to-site

- Client-to-Site (Road warrior)

- Routing-Mode-VPN

- Bridge-Mode-VPN

- X.509-certificates

- TCP/UDP port changeable

- Compression

- specify WINS- and DNS-servers

- 3DES, AES (128, 192, 256)

CAST5, Blowfish

- Export to One-Click-Connection

PPTP

- Windows-PPTP compatible

- Specify WINS- and DNS-servers

- MSCHAPv2

X.509 certificates

- CRL

- OCSP

- Templates

- Multi CA support

- Multi host-cert. support

VPN-client

- IPSec-client

- SSL-client (OpenVPN)

- NAT-T

- AES (128, 192, 256), 3DES

CAST, Blowfish

- X.509 certificates

- PSK

- One-Click-Connection

- Log-export

Command center

- eGUI technology, ISO 9241 certified

- Monitor 500+ firewalls

- Active configuration of 500+ firewalls

- VPN connections centrally creatable

- Single- and group-backup

- Plan automatic backup in groups

- Single- and group update & licensing

- Create and apply templates on multiple

firewalls

- Certificate based 4096 bit encrypted

connections to the firewalls

- Display settings of all firewalls

- Role based command center user

management

- VPN-monitoring

Clarity · Perfection · Security

Feature overview V8.6

- xUTM Appliances

March 2010

Specifications GPO 75 GPO 125 GPA 250

Interfaces

10/100 Ethernet Ports

10/100/1000 GBE Ports

SFP (Mini GBIC) Ports

VPN - Crypto acceleration chip

System Performance*

Firewall throughput (Mbps)

VPN IPSec throughput (Mbps)

UTM throughput (Mbps)

IDS/IPS throughput (Mbps)

Concurrent sessions

New sessions pr. Second

Dimensions

H x W x D (mms)

Gross Weights (kgs)

Power

Input Voltage

Consumption (W) - full load / rating

Total Heat Dissipation - full load / rating

Redundant Power Supply

Environmental

Operating Temperature (°C)

Storage Temperature (°C)

Relative Humidity (Non condensing)

44 x 252 x 154

2,9

AC 100V-240V

30 / 75

102 / 256

-

0 ~ 40

-20 ~ 75

10 ~ 85%

-

-

4

-

200

50

-

-

50 000

1 500

-

-

4

-

200

70

35

90

150 000

2 500

44 x 252 x 154

2,9

AC 100V-240V

30 / 75

102 / 256

-

0 ~ 40

-20 ~ 75

10 ~ 85%

-

-

-

4

800

120

90

160

300 000

5 000

44 x 440 x 270

5,5

AC 100V-240V

35 / 78

119 / 266

-

0 ~ 40

-20 ~ 75

10 ~ 85%

Specifications GPX 800 GPX 1000

GPA 400

-

-

6

-

1 400

190

140

320

500 000

8 000

44 x 440 x 270

5,5

AC 100V-240V

35 / 78

119 / 266

-

0 ~ 40

-20 ~ 75

10 ~ 85%

GPZ 2500

Interfaces

10/100 Ethernet Ports

10/100/1000 GBE Ports

SFP (Mini GBIC) Ports

VPN - Crypto acceleration chip

Redundant - HDD (Raid)

Redundant - Power supply

System Performance*

Firewall throughput (Mbps)

VPN IPSec throughput (Mbps)

UTM throughput (Mbps)

IDS/IPS throughput (Mbps)

Concurrent sessions

New sessions pr. Second

Dimensions

H x W x D (mms)

Gross Weights (kgs)

Power

Input Voltage (V)

Consumption (W) - full load / rating

Total Heat Dissipation (BTU) - full load / rating

Redundant Power Supply

Environmental

Operating Temperature (°C)

Storage Temperature (°C)

Relative Humidity (Non condensing)

Clarity · Perfection · Security

-

8

Yes

-

-

3 500

1 000

500

830

1 000 000

16 000

88 x 426 x 506

7,8

AC 100-240

118 / 275

402 / 939

-

0 ~ 40

-20 ~ 75

10 ~ 85%

-

10

2

Yes

Yes

Yes

5 000

1 500

700

1 200

1 300 000

20 000

88 x 426 x 506

12,5

AC 100-240

199 / 375

678 / 1280 yes

0 ~ 40

-20 ~ 75

10 ~ 85%

-

12

6

Yes

Yes

Yes

9 000

2 500

1 100

2 500

2 500 000

30 000

88 x 426 x 506

12,5

AC 100-240

199 / 375

678 / 1280 yes

0 ~ 40

-20 ~ 75

10 ~ 85%

* System performance depends on activated proxies, IDS, application level and number of active VPN connections.

We do not offer an express or implied warranty for the correctness /up-to-dateness of the information contained here (which may be change at any time). Future products or functions will be made available at the appropriate time.

©2010 gateProtect AG

Germany. All rights reserved.

GPA 600

-

8

-

Yes

1 800

500

200

520

600 000

10 000

44 x 440 x 270

5,6

AC 100V-240V

35 / 78

119 / 266

-

0 ~ 40

-20 ~ 75

10 ~ 85%