Amer Networks Clavister E20 Clavister E20 Security Firewall Spec Sheet
Add to my manuals
10 Pages
Amer Networks Clavister E20 is a next-generation firewall that provides comprehensive and powerful enterprise-grade firewall services. It offers True Application Control, Content Security Services, User Identity Awareness, multiple WAN Links, and Uptime Technologies to ensure uninterrupted network connectivity. Additionally, it has traditional security features like stateful firewall with deep-packet inspection. With its high performance and simplicity, it's suitable for remote/branch offices and as customer premise equipment (CPE) in MSSP scenarios.
advertisement
clavister
EagleSeries
Clavister E20
Feature-rich, entry-level next-generation firewall in a slim form factor
FEATURES AT-A-GLANCE
Cost-effective next-generation firewall for remote-/branch offices and as CPE in
MSSP scenarios
Next-generation firewall and UTM services, including Clavister True Application Control and User Identity Awareness
Built-in support for both IPsec and SSL
VPN offers easy to use remote connectivity
Centralized Management and reporting comes included in the Clavister Security
Subscriptions and ensures efficient administration also in large network with many devices
High-end network infrastructure features, such as QoS/Traffic Management and
WAN Load Balancing, are all included
The Clavister E20 is the perfect entry-level next-generation security appliances, built to deliver comprehensive and powerful enterprise-grade firewall services. Perfectly suited as a customer premise equipment (CPE) in MSSP scenarios or offering enterprise-class security for small branch offices and remote locations. The Clavister E20 is ideal in solutions where multiple firewalls are deployed, often over geographically dispersed areas, and where there is a strong need for a centrally managed, scalable network security solution.
Next-Generation Firewall Services
True Application Control
Do not be fooled by the small package, this is a real next-generation firewall, providing powerful throughput even when using the advanced security features. It proves that you can get next-generation firewall functionality without having to buy the biggest box on the market. Clavister E20 fully supports True Application Control – one of our next-generation firewall security services.
Enabling True Application Control will help you to manage applications used in your network more safely. With added security you lower your overall risk exposure and as a result, costly security incidents and downtime can be avoided. It also gives you valuable insight in which applications are used by which user, and can therefore prioritize business critical application and increase your overall business productivity.
Clavister SSL Inspection for Application Control provides a high performance and non-intrusive way to identify and control even SSL encrypted applications.
True Application Control is included in the Clavister Security Subscription
(CSS) service.
CLAVISTER EAGLE SERIES 1
Connectivity Choices
The Clavister E20 is equipped with a flexible switch block with four 1GbE (RJ45) interfaces, plus two 1GbE (RJ45) interfaces. This means that you have a wide range of connectivity options when setting up your Clavister E20.
Desktop or Rack Mounted – Your Choice
Since it is designed to be placed anywhere, even in your office environment, we made it look stunning so it can fit right in with your other equipment. You also have the option to use the included rack mount kit should you decide you rather mount the Clavister E20 in a rack. Your product, your choice.
Multiple WAN Links
The Clavister E20 supports multiple WAN Links.
This could be extremely important in the case of using the Clavister E20 in remote office locations, where premium high-speed Internet links can be hard to find and/or expensive to us.
Multiple WAN Links enables you to connect multiple Internet Service Providers (ISPs) to ensure optimal Internet access, even in the case when one ISP service fails. By utilizing multiple
Internet links at the same time, you can route outgoing traffic to the link with the most free capacity and/or with the lowest latency.
Content Security Services
Having a regular firewall is not enough to prevent attacks from happening on your network. As attacks become more severe and the threat landscape becomes more dynamic, additional measures need to be in place to protect your network.
Clavister offers best-of-breed content security services that adds an additional layer of defense, including:
Intrusion Detection and Prevention
Network centric Anti-Virus / Malware
Web Content Filtering / Categorization
Anti-Spam
These content security services protect your network from advanced threats your firewall alone cannot stop. The Content Security Services are included in the Clavister Security Subscription (CSS) service.
User Identity Awareness
User Identity Awareness (UIA) provides granular visibility of user identity, and enables you to control network access at the user level. The User
Identity Awareness together with our True Application Control functionality will provide you with an extremely powerful and versatile tool for granular visibility and control of “who-does-what-and-when” in your networks. You will have the ability to pinpoint user access to applications across both wired and wireless networks regardless of connecting device.
Subscriptions and Services
Clavister Subscriptions
We believe our customers should have choices. We also believe you should have it all. Therefore we offer you a choice between our comprehensive Clavister Product Subscription (CPS), or our all-inclusive, full service option, Clavister Security Subscription (CSS).
Clavister Product Subscription
The Clavister Product Subscription contains a high number of product services, such as software updates, centralized management and extensive technical support.
CPS includes a hardware replacement service to offer you the best possible protection in case a hardware failure should occur. Finally to ensure you get the best out of your Clavister security gateway, we provide you with around-the-clock support from our award-winning technical support team
– an attentive, dedicated and highly skilled team of engineers that help you out in case of need.
The Clavister Product Subscription keeps your
Clavister updated, online and ready for business twenty-four-seven.
Clavister Security Subscription
Clavister Security Subscription is a complete, all inclusive suite of product services. It contains all the services you get with Clavister Product Subscription, but extends the service offering by including a full set of nextgeneration firewall services, such as Clavister True Application Control, Web
Content Filtering, Anti-Virus and Intrusion Detection and Prevention (IDP).
2 CLAVISTER EAGLE SERIES CLAVISTER EAGLE SERIES 3
2 CLAVISTER EAGLE SERIES
CSS offers best-in-class content services, which protect you from the more advanced types of malware and exploits. It grants you access to the latest software and signature updates keeping your infrastructure up to date and increasingly more stable and secure.
All Clavister Subscriptions are available in 12, 24, 36, 48 and 60 months service terms, offering you maximum security and flexibility.
For more information about Clavister Subscriptions, see the separate Clavister Subscriptions brochure.
True Flexibility – Get more performance when you need it
Clavister E20 is available in two models, each addressing specific customer requirements. Should your performance needs increase, Clavister offers you the flexibility to upgrade to the more powerful Clavister E20 Pro without having to invest in new hardware. Just simply order the upgrade to your preferred Clavister E20 model and install the new license file. It is as simple as that.
This makes Clavister E20 a low risk choice in dynamic business environments where requirements can change overnight.
Clavister provides you the performance when you need it, avoiding high up front investment costs to your security infrastructure or having to worry about costly upgrades.
Uptime Technologies
Clavister E20 comes with powerful features to ensure that your network infrastructure is online and ready for work. Features like Fast Route Failover, WAN Load Balancing, Secure WAN Load Balancing with robust VPN tunnels simultaneously used across multiple WAN links, guarantee uninterrupted communication with your headquarter.
Powerful Next-Generation Firewall
The Clavister E20 is a next-generation firewall, but it also has all the traditional security features, such as stateful firewall with deep-packet inspection, and it is powered by our own in-house developed network security operating system, the Clavister cOS Core. As well as providing all traditional firewall functions, such as port blocking and proxy server, the Clavister E20 incorporate next-generation firewall features to detect and block sophisticated application-level attacks. This means higher level of security, higher traffic throughput and minimal use of system resources.
Performance
Clavister E20 provides next-generation security services across all points of your network without sacrificing performance throughput. Purpose-built hardware running on our highly efficient network security operating system ensures that the firewall performance throughput is one of the highest in the industry, making sure that your Clavister firewall will not be a bottleneck in your network infrastructure.
Simplicity
We strive to make things easy to understand and easy to use. This includes everything from hardware design to security management. We build highly customizable enterprise-grade firewalls, and despite the inherent complexity, we make an effort of making it easy to use. For example, our highly acclaimed centralized security management system, Clavister InControl uses color-coded attribute groups to provide a clear overview over dependencies that the firewall rules have to each other, making human errors less likely to occur. By combining policies and services into one, firewall policy management can be simplified and more easy to use. This results in fewer policy rules, making it easier to manage and less likely to cause a security breach.
All-Inclusive Security Management
For any network, security management is one of the more important aspects. It has to be intuitive, efficient and easy to use for large enterprises, with multiple firewalls at multiple sites, and even in geographical disperse areas, keeping your security management consistent and cohesive, and up to date is a non-trivial task. All these security management systems are included with our Clavister cOS Core products – free of charge.
Clavister InControl - Centralized Security Management
Clavister InControl offers a comprehensive centralized management solution that will assist and help administrators perform their daily tasks faster, easier and in a more streamlined way. Its intuitive user interface and support for task-driven workflow management guides administrators through complex and repetitive tasks, thereby alleviating the burden of managing large installations. With support for triple-AAA (Authentication, Authorization and Audit) the integrity and configurations managed by the Clavister InControl system is kept under strict control. This level of control makes it easy to use delegated management, allowing specific teams and personnel to access only designated parts of the system.
CLAVISTER EAGLE SERIES 3
Clavister InControl can be extended to collaborate with a vast number of other management system with the use of the Clavister InControl Software Development Kit (SDK). The
Clavister InControl SDK enables organizations to integrate and extend existing system management tools with Clavister
InControl management. For example, optimized provisioning systems or integrated help desk functionality.
Clavister InControl Reporting
Clavister InControl comes with a comprehensive reporting system that offers enterprise-level reporting with tight integration with all Clavister cOS Core-based products.
Clavister InControl reporting enables you to visualize your
Clavister security solution, including pinpointing problem areas, thwarted attacks and other security issues, and then turn them into business-level reports. Reports can be generated in PDF format or HTML format.
Other Management Options
In addition to our centralized management solution, we also provide the Clavister Web Management system, an easy-touse Web-based security management solution that works for smaller installations with just a few firewalls. Each product also supports our comprehensive command-line interface (CLI), enabling you to script common tasks.
Where to Buy Clavister
For more information about where to buy Clavister products, visit www.clavister.com/partners . Additional resources and customer testimonials can be found at www.clavister.com/ resources .
Next-Generation Firewall Security
By integrating world-class Next-Generation Firewall functionality, such as our Clavister True Application Control, Intrusion
Detection and Prevention (IDP), Anti-Virus, Anti-Spam and Web
Content Filtering with a stateful firewall with deep packet inspection, IPsec and SSL VPN connectivity, we are able to protect your organization against everything from network layer attacks to application layer threats, and even viruses and worms. While you have full control of who does what, when and with what.
Big on Performance - Low on Maintenance
All Clavister security gateways share a common trait: they all support Clavister Service Provisioning Network (CSPN). This secure, high-speed network ensures that all Clavister Security
Subscription services are kept updated and current from newly emerging threats. This gives system administrators the freedom to concentrate on running their network without having to worry about having the latest security patches installed.
Clavister cOS Core
Clavister cOS Core is our in-house developed, high-performance security network operating system. Every line of code is carefully crafted to ensure that it delivers maximum performance at all times. We take pride in delivering a product that we have full control over, rather than a mashup of open-source components.
License Scalability
One important aspect of our products is scalability. Our licensing model offers you the ability to start with your performance needs today and upgrade your product incrementally as your organization grows. You also have the choice of two subscriptions models: the Clavister Security Subscription, our all-inclusive subscription, or the regular Clavister Product Subscription.
Flexibility and Adaptability
Not all networks are created equally. Vast differences in network topology and configuration require a network security gateway to be able to accommodate all these differences. Our security gateways gives you the freedom to set routing policies with extreme granularity. A large number of parameters can be used to construct policies and rules to meet even the most demanding network installation.
Low Total Cost of Ownership
Our goal is to provide a complete security solution that is more cost efficient than our competitors. Clavister security gateways, with their unique set of integrated security features, world-class service and support, and their powerful administration system, enables you to spend less time managing your security environment and keep your network defenses up to date, and thereby lower your network security infrastructure TCO significantly.
4 CLAVISTER EAGLE SERIES CLAVISTER EAGLE SERIES 5
4 CLAVISTER EAGLE SERIES
Performance and Capacity
Firewall Performance (plaintext throughput)
IPsec VPN Performance (large packets)
Maximum Concurrent Connections
Maximum Concurrent IPsec VPN Tunnels
Maximum Concurrent L2TP/PPTP/SSL VPN Tunnels
Maximum Number of Users
Maximum Number of Routing Tables (Virtual Routers)
Clavister E20
1 Gbps
50 Mbps
8,000
10
10
Unrestricted
1
Clavister E20 Pro
2 Gbps
100 Mbps
16,000
25
25
Unrestricted
1
Connectivity
Ethernet Interfaces
Expansion Slot
Interfaces for Management
Configurable Internal / External / DMZ Ports
Local Console Port
Link Aggregation IEEE 802.1AX-2008 (Static/LACP)
Maximum Number of VLAN Interfaces IEEE 802.1Q
Support for High Availability (HA)**
Service-VLAN Interfaces IEEE 802.1ad (Q-in-Q)
Clavister E20 Clavister E20 Pro
4 x 1GbE (RJ45) switch block + 2 x 1GbE (RJ45)
No
Configurable
Yes Yes
Yes
4
Optional***
Yes
Virtual Console
1
- Micro USB
1 The Virtual Console Port requires a system driver to be installed on the workstation to get access to the device local console.
Yes
8
Optional***
Yes
Product Specific Specification
Form Factor / Rack Mountable
Dimensions (height x width x depth)
Hardware Weight / Package Weight
Regulatory and Safety Standards
Desktop / Yes, rack mount kit included
44 mm x 280 mm x 180 mm (1.73 in x 11.02 in x 7.09 in)
1,7 kg (3.75 lb) / 2,6 kg (5,73 lb)
Safety / EMC
Power Specifications
Power Supply (AC) / PSU Rated Power (W)
Average Power Consumption / Redundant PSU
Appliance Input
Environmental
CE class A, FCC class A, EN/IEC 60950-1
100-240 VAC, 50-60 Hz / 25 W
12 W/41 BTU / No
0.3A
Cooling / Humidity
Operational Temperature
Passive cooling, no moving parts / 0% to 95% non-condensing
5° to 40° C (41° to 104° F)
Vibration (operating) / Shock (operating) 10 ~ 500 Hz, 2G 10min/1 cycle, period for 60min, each along X, Y, Z axes
Warranty All Clavister Eagle Series products include a two (2) years standard RMA warranty.
* Performance based on Clavister cOS Core 11.00.
** When using High Availability clusters, the hardware settings for each interface must be identical on both cluster nodes (bus, slot and port)
*** High Availability is optional on the Clavister E20 products and requires a license add-on.
CLAVISTER EAGLE SERIES 5
Product Features
Firewall
Stateful Firewall / Deep Packet Inspection
IP Policies
Multiple IP Rule Sets
User- and Group-Based Policies
Scheduled Policies
DoS and DDoS Detection and Prevention
Threshold Rules (Connection Count and Rate Limits)
IP Blacklisting / Whitelisting
TCP Sequence Number Tracking
FQDN Address Filter in IP Policies
IP Geolocation Filter in IP Policies
Ingress Filtering / IP Spoofing Protection
Access Rules
Strict Reverse Path Forwarding (RPF)
Feasible RPF by using Interface Equivalence
Address and Port Translation
Policy-Based
Dynamic NAT (Source)
Symmetric NAT
NAT Pools
Static Source Translation
Static Destination Translation (Virtual IP/Port Forward)
NAT Hairpinning
Server Load Balancing (SLB)
SLB Distribution Methods
SLB Monitoring Methods
SLB Server Stickiness
Mode of Operations
Transparent Mode (Layer 2)
Routing Mode (Layer 3)
Mixed Transparent and Routing Mode
Routing
Static Routing
Policy-Based Routing (PBR)
Scheduled Policy-Based Routing
Virtual Routing
Multiple Routing Tables
Loopback Interfaces
Route Load Balancing (Equal-Cost Multipath)
Route Failover
Route Monitoring Methods
Source-Based Routing
Path MTU Discovery
Dynamic Routing
Policy-Based Dynamic Routes
OSPFv2 Routing Process (RFC2328)
OSPFv2 RFC1583 Compatibility Mode
OSPFv2 over VPN
Multicast
Multicast Forwarding
IGMPv2 Compatibility Mode (RFC2236)
IGMPv3 (RFC3376)
IGMP Proxy Mode
IGMP Snoop Mode
Transparent Mode (L2 Bridge Mode)
Policy-Based
MPLS Pass-through
DHCP Pass-through
Layer 2 Pass-through of Non-IP Protocols
Spanning Tree BPDU Relaying
IP Address Assignment
Per Interface Address Assignment
Static
6 CLAVISTER EAGLE SERIES
Yes / Yes
ALLOW, DROP and REJECT
Yes
Yes
Yes
Yes
Yes
Yes / Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Round-Robin, Connection-Rate
ICMP Echo, Custom TCP Port, HTTP Request/Response
State, IP Address, Network
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
ARP, ICMP Echo, Custom TCP Port, HTTP Request/Response
Yes
Yes
Yes
Yes, multiple
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Normal (STP), Rapid (RSTP), Multiple (MSTP), Per VLAN Spanning Tree Plus (PVST+)
Yes
Yes
CLAVISTER EAGLE SERIES 7
6 CLAVISTER EAGLE SERIES
DHCP Client
PPPoE Client
PPTP/L2TP Client
Network Services
DHCP Server
DHCP Server Custom Options
DHCP Relay
IP Pool
Proxy ARP
Dynamic DNS Services
Custom HTTP Poster
Bandwidth Management
Policy-Based Bandwidth Management
Scheduled Policies
Bandwidth Guarantees / Limits / Prioritization
DSCP- / ToS-Based
Bandwidth Management per Group
Dynamic Bandwidth Balancing between Groups
Packet Rate Limits
DSCP Forwarding
DSCP Copy to Outer Header
Application Control
Recognizable Applications
Recognition of SSL Based Applications
Application Content Control
Policy-Based
Policy Matching on Application
Policy Matching on Application Content (Metadata)
Policy Actions
Intrusion Detection and Prevention
Policy-Based
Signature Selection per Policy
Policy Actions
Stateful Pattern Matching
Protocol and Rate Anomaly Detection
Insertion and Evasion Protection
Dynamic IP Blacklisting
Automatic Signature Updates
Content Security
Policy-Based
Protocol Validation
Web Content Filtering
HTTP / HTTPS
Audit / Blocking Mode
Classification Categories
URL Whitelisting / Blacklisting
Customizable Restriction Pages
Cloud-Based URL Classification Source
SafeSearch Enforcement
User-Agent Filter
Anti-Virus
Supported Protocols
Stream-Based Scanning
File Type Whitelisting
Scanning of Files in Archives (ZIP/GZIP)
Nested Archives Support (ZIP/GZIP)
Automatic Updates
Anti-Spam
Supported Protocols
Anti-Spam Detection Mechanisms
Reply Address Domain Verification
Malicious Link Protection
Distributed Checksum Clearinghouses (DCC)
DNS Blacklisting
Anti-Spam Actions
Ethernet, VLAN, Link-Aggregation
Ethernet, VLAN, Link-Aggregation
Yes
Yes, multiple
Yes
Yes, multiple
Yes
Yes
DynDNS.org, Dyns.cx, CJB.net, Peanut Hull
Yes
Yes
Yes
Yes / Yes / Yes
Yes
Yes
Yes
Yes
Yes
VLAN, IPsec
< 2,000
Yes
2,400
Yes
Yes
Yes
Audit, DROP, Bandwidth Management
Yes
Yes
Audit, DROP, Bandwidth Management
Yes
Yes
Yes
Yes
Yes
Yes
HTTP, HTTPS, FTP, SMTP, POP3, IMAP, TFTP, SIP, H.323, PPTP, TLS/SSL
Yes / Yes
Yes / Yes
32
Yes / Yes
Yes
Yes
Google, Yahoo, Bing
Yes
HTTP, HTTPS, FTP, SMTP, POP3, IMAP
Yes
Yes
Yes
Yes, up to 10 levels
Yes
SMTP, POP3, IMAP
Yes
SMTP, POP3, IMAP
SMTP, POP3, IMAP
SMTP, POP3, IMAP
SMTP, POP3, IMAP
CLAVISTER EAGLE SERIES 7
Strip Malicious Links
Tag Subject and Headers
Send to Quarantine E-mail Address
E-mail Rate Limiting
File Integrity
Supported Protocols
File Type Whitelisting / Blacklisting
File Extension and MIME Type Verification
Application Layer Gateway
HTTP / HTTPS (Content Security)
FTP (Content Security, NAT / SAT)
TFTP (NAT / SAT)
SIP (NAT / SAT)
H.323 / H.323 Gatekeeper (NAT / SAT)
SMTP (Content Security)
POP3 (Content Security)
IMAP (Content Security)
SSL / TLS (Offloading)
PPTP (Passthrough, NAT / SAT)
IPsec VPN
Internet Key Exchange
IKEv1 Phase 1
IKEv1 Phase 2
IPsec Modes
IKE Encryption
IPsec Encryption
AES Key Size
IKE/IPsec Authentication
Perfect Forward Secrecy (DH Groups)
IKE Config Mode
IKE DSCP Assignment
Dead Peer Detection (DPD)
Pre-Shared Keys (PSK)
X.509 Certificates
XAuth (IKEv1)
EAP (IKEv2)
PKI Certificate Requests
Self-Signed Certificates
Certificate Authority Issued Certificates
Certificate Revocation List (CRL) Protocols
CRL Fail-Mode Behavior
IKE Identity
Security Association Granularity
Replay Attack Prevention
Policy-Based Routing
Virtual Routing
Roaming Client Tunnels
NAT Traversal (NAT-T)
IPsec Dial-on-Demand
IPsec Tunnel Selection Through
Redundant VPN Tunnels
IPsec Passthrough
SSL VPN
TLS/SSL VPN
One-Time Client Installation
Browser Independent
VPN Policy Selection Through
Split Tunneling
SSL VPN IP Provisioning
L2TP VPN
L2TPv2 Client (LAC)
L2TPv2 Server (LNS)
L2TPv3 Client (LAC)
L2TPv3 Server (LNS)
L2TP over IPsec
8 CLAVISTER EAGLE SERIES
SMTP, POP3, IMAP
SMTP, POP3, IMAP
SMTP
SMTP
HTTP, HTTPS, FTP, SMTP, POP3, IMAP
Yes / Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes, using Email Control Profile
Yes
Yes
IKEv1, IKEv2
Main Mode, Aggressive Mode
Quick Mode
Tunnel, Transport (IKEv1 only)
AES, 3DES, DES, Blowfish, Twofish, Cast-128
AES, 3DES, DES, Blowfish, Twofish, Cast-128, NULL
128, 192, 256
SHA-1, SHA-256, SHA-512, MD-5, AES-XCBC (IKEv2 only)
1, 2, 5, 14, 15, 16, 17, 18
Yes
Static
Yes
Yes
Yes
Yes, Client and Server
Yes, Server (RADIUS only)
PKCS#1, PKCS#3, PKCS#7, PKCS#10
Yes
Yes, VeriSign, Entrust etc.
LDAP, HTTP
Conditional, Enforced
IP, FQDN, E-mail, X.500 Distinguished-Name
Net, Host, Port
Yes
Yes
Yes
Yes
Yes
Yes
Firewall Rule Set, Routing, Policy-Based Routing
Yes
Yes
Yes
Yes
Yes
Firewall Rule Set, Routing and Policy-Based Routing
Yes
IP Pool, Static
Yes
Yes
Yes
Yes
Yes
CLAVISTER EAGLE SERIES 9
8 CLAVISTER EAGLE SERIES
L2TP Tunnel Selection Through
L2TP Client Dial-on-Demand
L2TPv2 Server IP Provisioning
Firewall Rule Set, Routing, Policy-Based Routing
Yes
IP Pool, Static
Other Tunnels
PPPoE Client (RFC2516)
Unnumbered PPPoE
PPPoE Client Dial-on-Demand
PPTP Client (PAC)
PPTP Client Dial-on-Demand
PPTP Server (PNS)
PPTP Server IP Provisioning
MPPE Encryption (PPTP/L2TP)
Generic Router Encapsulation (RFC2784, RFC2890)
6in4 Tunneling (RFC4213)
Tunnel Selection Through
User Authentication
Local User Database
Yes
Yes
Yes
Yes
Yes
Yes
IP Pool, Static
RC4-40, RC4-56, RC4-128
Yes
Yes
Firewall Rule Set, Routing, Policy-Based Routing
RADIUS Authentication
RADIUS Accounting
LDAP Authentication
RADIUS Authentication Protocols
XAUTH IKE/IPsec Authentication
Web-Based HTTP/HTTPS Authentication
Configurable HTTP/HTTPS Front-End
L2TP/PPTP/SSL VPN Authentication
Single Sign-On
Device-Based Authentication (MAC Address)
ARP Authentication
RADIUS Relay
Active Directory Integration
Client-less Deployment
Client Support
Security Management
Centralized Management
Yes, multiple
Yes, multiple servers
Yes, multiple servers
Yes, multiple servers
PAP, CHAP, MS-CHAPv1, MS-CHAPv2
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Microsoft Windows Server 2003, 2008 R2, 2012
Yes iOS, Android, Windows, OSX, Linux
Web User Interface (WebUI)
SSH / SCP Management
Command Line Interface (CLI)
REST API
Management Authentication
Remote Fail-Safe Configuration
Local Console (RS-232)
Traffic Simulation (CLI)
Scripting
Packet Capture (PCAP)
System Upgrade
System and Configuration Backup
Clavister InControl
1
HTTP and HTTPS
Yes / Yes
Yes
User Authentication
Local User Database, RADIUS
Yes
Yes
ICMP, TCP, UDP
CLI, WebUI
Yes
SSH / WebUI / Clavister InControl. From version 9.00.01 and later.
SSH / WebUI / Clavister InControl
Yes SNTP Time Sync
Monitoring
Syslog
Clavister Log
Real-Time Log
Mail Alerting
Log Settings per Policy
Log Export via WebUI
SNMPv2c Polling / SNMPv2c Traps
Real-Time Monitor Alerts (Log Action)
Real-Time Performance Monitoring
Hardware Key Metrics Monitoring
Yes, multiple servers
Yes, multiple servers
WebUI, Clavister InControl
Yes, SMTP
Yes
Yes
Yes / Yes
Yes
WebUI, Clavister InControl
CPU Load, CPU Temperature, Voltage, Memory, Fan, etc.
NOTE:
Several third-party log monitoring plug-ins are available for Clavister firewalls. These monitoring plug-ins are either commercially available or via open source.
IPv6
IPv6 Ready Certification Core Protocols, Phase-2 Router
Neighbor Discovery
Proxy Neighbor Discovery
IPv6 Path MTU Discovery
ICMPv6
Yes
Yes
Yes
Yes
CLAVISTER EAGLE SERIES 9
IPv6 Router Advertisement
Interfaces
Ethernet Interfaces
VLAN Interfaces (802.1q)
Link Aggregation IEEE 802.1AX-2008 (Static/LACP)
Static IPv6 Address Assignment
IPv6 DHCP Client
IPv6 Router Solicitation
Stateless Address Autoconfiguration
Firewall
IP Policies
Stateful Firewall
Ingress Filtering
IPv6 Routing / Policy-Based Routing
Content Security
Policy-Based
Protocol validation
Web Content Filtering
HTTP/HTTPS
Audit / Blocking Mode
Classification Categories
URL Whitelisting / Blacklisting
Customizable Restriction Pages
SafeSearch Enforcement
User-Agent Filter
Anti-Virus
Supported Protocols
Stream-Based Scanning
File-Type Whitelisting
Scanning of files in archives
Nested Archives Support
Functionality
DHCPv6 Server
Application Control
High Availability
2
Active Mode with Passive Backup
Firewall Connection State Synchronization
IKE / IPsec State Synchronization
User and Accounting State Synchronization
DHCP Server and Relayer State Synchronization
Synchronization of Dynamic Routes
IGMP State Synchronization
Server Load Balancing (SLB) State Synchronization
Configuration Synchronization
Device Failure Detection
Dead Link / Gateway / Interface Detection
Average Failover Time
Specifications subject to change without further notice.
1
See Clavister InControl datasheet for compatible versions.
2
High Availability is an optional feature.
HTTP, HTTPS
Yes
Yes
Yes
Yes, up to 10 levels
Yes
Yes
Yes
Yes
Yes / Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes / Yes / Yes
< 800 ms
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
ALLOW, DROP and REJECT
Yes
Yes
Yes / Yes
Yes
HTTP, HTTPS
Yes / Yes
Yes / Yes
32
Yes / Yes
Yes
Google, Yahoo, Bing
Yes
CID: 9150-0040-24 (2016/01)
About Clavister
Clavister (NASDAQ: CLAV) is a leading security provider for fixed, mobile and virtual network environments. Its award-winning solutions give enterprises, cloud service providers and telecoms operators the highest levels of protection against threats, with unmatched reliability. Clavister’s performance in the security sector was recognized with the Product Quality Leadership Award from Frost & Sullivan.
The company was founded in Sweden in 1997, with its solutions available globally through its network of channel partners. To learn more, visit www.clavister.com
.
Where to Buy www.clavister.com/partners
Contact www.clavister.com/contact
Clavister AB, Sjögatan 6 J, SE-891 60 Örnsköldsvik, Sweden
◼
Phone: +46 (0)660 29 92 00
◼
Fax: +46 (0)660 122 50
◼
Web: www.clavister.com
Copyright © 2015-2016 Clavister AB. All rights reserved. The Clavister logo and all Clavister product names and slogans are trademarks or registered trademarks of Clavister
AB. Other product names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies. Information in this document is subject to change without prior notification.
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement