CS-2001 UTM Content Security Gateway The innovation of the Internet has created a tremendous worldwide opportunities for e-business and information sharing; however, it also brings network security issues. The request of information security becomes the primary concern for the enterprises. To fulfill the demand, PLANET introduces the UTM Content Security Gateway CS-2001, the next generation of the CS2000, to support the enterprises build up the secure network protection. For further IP compatibility, it supports IPv6 as well. The CS-2001 adopts Heuristics Analysis to filter spam emails and virus, and its auto-training system can increase the spam emails identification. The CS-2001 has built-in 500GB Hard Disk to store the spam email in quarantine. The Anti-Virus application has dual virus scan engines - Clam and Sophos to effectively detect viruses, worms and other threats from emails and Internet. Moreover, it helps the administrators to monitor the email status easily via email reports by Daily, Weekly, Monthly and Yearly. Besides filtering spam and virus emails, the CS-2001 presents the IDP (Intrusion Detection and Prevention) and firewall functions to defense hackers and blaster attacks from Internet or Intranet. The comprehensive functions in one device provide enterprises security solutions for better secure environment than ever. The CS-2001 supports most of popular security features including Content Blocking to block specific URL, Scripts, IM/P2P program, Authentication, IPSec, PPTP VPN server/Client, SSL VPN, QoS, High Availability, Inbound Load-Balancing and etc. Furthermore, it provides higher performance with all Gigabit Ethernet interfaces which offer faster speeds for your network applications. The Gigabit user defined interfaces flexibly fulfill the network requirement nowadays, and the multiple WAN interfaces enable the CS-2001 to support Outbound / Inbound load balance and WAN fail-over features. As the result, the VPN not only can configure Trunk mode but also provide VPN fail-over and load balance features which is a VPN redundant mechanism to keep the VPN always alive. Applications UTM Content Security Gateway PLANET UTM Content Security Gateway, CS-2001, is a specially designed security gateway with virus and spam filtering features. As the gatekeeper of corporate security network, the CS-2001 prevents corporate intranet from being infected by virus and its network resource being occupied by useless spam emails. Furthermore, IDP, User Authentication and Content Filter features of the security gateway offer the corporate intranet highly secure protection. The CS2001 also provides the IPSec, SSL VPN, and PPTP VPN solutions for secure data delivery via VPN tunnel. Branch Office Vendor Firewall Gateway Firewall Gateway PC 001101010 ADSL Modem Modem Internet IPSec VPN Tunnel IPSec VPN Tunnel PC 001101010 b/g Access Point Laptop ADSL 001101010 Modem Attack Virus Access Point Spam SSL VPN Tunnel Firewall CS-2001 Firewall PC DMZ b/g Laptop Finance-Server PC Web-Server Mail-Server Home Headquarters 100Base-TX UTP 1000Base-T UTP Data Sheet 1 ADSL 2/2+ ADSL b/g 2.4GHz 802.11b/g CS-2001 Key Features All Gigabit user defined Interface IDP (Intrusion Detection and Prevention) •• The CS-2001 not only supports all Gigabit Ethernet interfaces to provide higher performance but is also able to be defined the interface role for your network environment. •• Built-in IDP function can detect the intrusions and prevent the network from Hacker attacks, Anomaly Flow and Signatures from the Internet. The CS-2001 provides three kinds of the signatures to complete the intrusion detection system. Users can select to configure “Anomaly”, “Pre-defined” and “Custom” according to the current environment request. IPv6 •• IPv6 is designed to success the IPv4 version. The CS-2001 implements the new IP version for further compatibility of network environment. Anti-Spam Filtering •• Multiple defense layers (Spam Fingerprint, Blacklist & Whitelist, Bayesian Filtering, Spam Signature, Graylist, Checking sender account and IP address in RBL), and Heuristics Analysis help to block over 95% of spam mails. Customizable notification options and spam mail report are provided for the administrators. Varied actions to spam mails include Delete, Deliver, Forward and Store in the quarantine. It also has built-in auto-training system to improve the spam emails identification substantially. Anti-Virus Protection •• Built-in dual virus scan engines can detect viruses, worms and other threats from email transfer and can scan mission-critical content protocols, SMTP and POP3 in real time to provide maximum protection. It provides customizable notification options and virus mail report for the administrators. Varied actions to virus mails include Delete, Deliver, Forward and Store in the quarantine. Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS •• The CS-2001 can filter the virus from various protocols. The virus pattern can be updated automatically or manually. VPN Connectivity •• The CS-2001 supports several VPN features -- IPSec VPN, SSL VPN and PPTP server/client. The VPN Tunnel with DES / 3DES / AES encryption and SHA-1 / MD5 authentication provides secure network traffic over public Internet. VPN Wizard helps the administrators to configure VPN settings easily. SSL VPN •• SSL VPN allows users to easily establish VPN connections for transferring the data by SSL encryption via web browser without the need of any software or hardware installation. VPN Trunk •• VPN trunk function provides VPN load balance and VPN failover feature to keep the VPN connection more reliable. Policy-Based Firewall •• The built-in Policy-Based firewall prevents many well-known hacker attacks including SYN attack, ICMP flood, UDP flood, Ping of Death, and etc. The access control function specifies WAN or LAN users to use authenticated network services only on specified time. QoS •• Network packets can be classified based on IP address, IP subnet and TCP/UDP port number and offer guarantee of maximum bandwidth with three levels of priority. User Authentication •• Web-Based authentication allows users to be authenticated via web browser. User database can be configured on the CS2001 and it also supports the authenticated database through external RADIUS, POP3 and LDAP server. WAN Backup •• The CS-2001 can monitor each WAN link status and automatically activate backup links when a failure is detected. The detection is based on the configurable target Internet address. Outbound Load Balancing •• The network sessions are assigned based on the user configurable load balancing modes including “Auto”, “RoundRobin”, “By Traffic”, “By Session” and “By Packet”. Users can also configure IP or TCP/UDP type of traffic and assign which one of the two WAN ports for connection. Inbound Load Balancing •• The Inbound Load Balancing is provided for enterprises internal server to reduce the server loading and system crash risks in order to improve the server working efficiency. Multiple NAT •• Multiple NAT allows local ports to be set in multiple subnets and connect to the Internet through different WAN IP addresses. VLAN Content Filtering •• The CS-2001 can block network connection based on URLs, Scripts (The Pop-up, Java Applet, cookies and Active X), P2P (eDonkey, Bit Torrent, WinMX and more), Instant Messaging (MSN, Yahoo Messenger, ICQ, QQ, Skype and Google Talk) and Download / Upload. If there are update versions of P2P or IM software in client side, the CS-2001 will detect the difference and update the Content Filtering pattern to renew the filtering mechanism. •• The CS-2001 provides IEEE 802.1Q Tagged VLAN and the VLAN groups which allow the administrator to install the network flexibly. High Availability •• The CS-2001 provides the High Availability function and the redundant system to keep the network traffic active when the device crash down. IM Recording •• Built-in IM Recoding function can help you record and monitor the use of MSN and QQ messenger. This can prevent productivity losses from personal use and confidentiality breaches from information leaks. Data Sheet 2 PLANET Technology Corporation 11F, No. 96, Min Chuan Road, Hsin Tien, Taipei, Taiwan, R.O.C. Tel: 886-2-2219-9518 Fax: 886-2-2219-9528 Email: [email protected] www.planet.com.tw VoIP Gateway: vip.planet.com.tw PLANET reserves the right to change specifications without prior notice. All brand names and trademarks are property of their respective owners. Copyright © 2008 PLANET Technology Corp. All rights reserved. CS-2001 Specification Product UTM Content Security Gateway Model Hardware Ethernet Console Hard Disk Hardware Watch-Dog Software Management Operation Mode Routing Protocol Concurrent Sessions New session per second Email Capacity per Day (mail size 1098 bytes) Firewall Performance SSL VPN Performance IPSec VPN Performance (With 3DES) CS-2001 Multiple subnet VPN Tunnels (Connection/Configure) IM Recording Content Filtering IDP Anti-Spam QoS User Authentication Logs Accounting Report Data Sheet 3 Web (English, Traditional Chinese, Simplified Chinese) DMZ_Transparent, DMZ_NAT, NAT Static Route, RIPv2, OSPF, BGP 1,000,000 10,000 2,000,000 1.6Gbps incoming and outgoing 80Mbps 100Mbps ■ ■ ■ ■ ■ ■ Firewall Security VPN Function 4 x Undefined Ethernet port 10/100/1000Base-T RJ-45, Auto-Negotiation, Auto MDI / MDI-X 1 x RS-232 (9600, 8, N, 1) 500 GB Auto reboot when detecting system fail Policy-Based access control Stateful Packet Inspection (SPI) NAT / NAPT Supports max. 64 multiple subnets VLAN id feature to assign multiple subnets VLAN trunk support 200 / 1000 ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ IPSec, SSL VPN, PPTP server and client DES, 3DES and AES encrypting SHA-1 / MD5 authentication algorithm Remote access VPN (Client-to-Site) and Site to Site VPN QQ / MSN Account Manager Periodic Report Scheduling / Send report to e-mail IM Conversation logs and statistics chart URL Blocking Script Blocking (Popup, Java Applet, cookies and Active X) IM blocking (MSN, Yahoo Messenger, ICQ, QQ, Skype, Google Talk and more) P2P blocking (eDonkey, Bit Torrent, WinMX and more) Download and Upload blocking ■ ■ ■ ■ ■ ■ Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS Automatic or manual update virus and signature database Anomaly: Syn Flood, UDP Flood, ICMP Flood and more Pre-defined: Backdoor, DDoS, DoS, Exploit, NetBIOS and Spyware Custom: User defined based on TCP, UDP, ICMP or IP protocol Yearly, Monthly, Weekly and Daily Report support ■ Inbound scanning for external and internal Mail Server ■ Support Spam Fingerprint, Bayesian, Signature, RBL and Graylist filtering, checking sender account and IP to filter the spam mail ■ Black list and white list support auto training system ■ Action of spam mail: Delete, Deliver to the recipient, forward to an account and store in quarantine ■ Yearly, Monthly, Weekly and Daily Report support ■ Policy-Based bandwidth management ■ Guarantee and maximum bandwidth with 3 priority levels ■ Classify traffics based on IP, IP subnet, TCP / UDP port ■ Built-in user database with up to 500 entries ■ Supports local database, RADIUS, POP3 and LDAP authentication ■ Traffic Log, Event Log and Connection Log ■ Log can be saved from web, backup by e-mail or syslog server ■ Record Inbound and Outbound traffic’s utilization by Source IP, Destination IP and Service ■ Backup Accounting Report for Outbound and Inbound traffic PLANET Technology Corporation 11F, No. 96, Min Chuan Road, Hsin Tien, Taipei, Taiwan, R.O.C. Tel: 886-2-2219-9518 Fax: 886-2-2219-9528 Email: [email protected] www.planet.com.tw VoIP Gateway: vip.planet.com.tw 01-08 C-POE-100SK PLANET reserves the right to change specifications without prior notice. All brand names and trademarks are property of their respective owners. Copyright © 2008 PLANET Technology Corp. All rights reserved. CS-2001 Statistics WAN Ports traffic statistic and policies statistic with graph display Others ■ ■ ■ ■ ■ ■ Dynamic DNS NTP support Multiple Server load balancing Outbound / Inbound load balancing High Availability SNMP v1, v2, v3 Ordering Information CS-2001 UTM Content Security Gateway ( Multiple WAN, LAN, DMZ ) RELATED Products CS-1000 Multi-Homing Content Security Gateway SG-4800 MH-3400 VRT-402N VRT-420N Gigabit SSL VPN Security Router Gigabit Multi-Homing VPN Security Router 802.11n Wireless VPN/Firewall Router 802.11n Multi-Homing Broadband Router Data Sheet 4 04-12 PLANET Technology Corporation 11F., No.96, Minquan Rd., Xindian Dist., New Taipei City 231, Taiwan (R.O.C.) Tel: 886-2-2219-9518 Fax: 886-2-2219-9528 Email: [email protected] www.planet.com.tw C-CS-2001v2 PLANET reserves the right to change specifications without prior notice. All brand names and trademarks are property of their respective owners. Copyright © 2012 PLANET Technology Corp. All rights reserved.
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project