UTM Content Security Gateway

UTM Content Security Gateway
CS-2000
UTM Content Security Gateway
Key Feature
• Anti-Spam Filtering Multiple defense layers (Spam Fingerprint, Blacklist &
Whitelist, Bayesian Filtering, Spam Signature, Graylist, Checking sender account
and IP address in RBL), and Heuristics Analysis to block over 95% spam mail.
Customizable notification options and spam mail report are provided for
administrators. Varied actions toward spam mail include Delete, Deliver, Forward
and Store in the quarantine. Built-in auto-training system rise identify rate of
spam mail substantially
• Anti-Virus Protection Built-in double virus scan engines can detect viruses,
worms and other threats from email transfer. Network Traffic in real time can
scan mission-critical content protocols, SMTP and POP3, to provide maximum
protection. Customizable notification options and virus mail report are provided
for administrators. Varied actions toward spam mail include Delete, Deliver,
Forward and Store in the quarantine
The innovation of the Internet has created a tremendous worldwide
opportunities for e-business and information sharing, but network security
problems also come out. So the request of security will be the primary
concerned for the enterprises. The new model, PLANET UTM Content
Security Gateway CS-2000, a special designed of security gateway, can adopt
Heuristics Analysis to filter spam and virus mail, and the auto-training system
can raise identify rate of spam. The built-in 80GB Hard Disk can store the
spam mail in quarantine. The Anti-virus application has double virus scan
engines - Clam and Sophos which can detect viruses, worms and other
threats from transferring E-mail and Internet network.
It also provides the mail report by Daily, Weekly, Monthly and Yearly and helps
the administrators monitor the mail status easily.
• Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS The CS-2000 can not only
provide Anti-virus feature for mail but also filter the virus from varied protocol.
The virus pattern can be updated automatically or manually.
• VPN Connectivity The CS-2000 supports several VPN features -- IPSec VPN,
SSL VPN and PPTP server/client. The VPN Tunnel with DES / 3DES / AES
encryption and SHA-1/MD5 authentication that provide secured network traffic
over public Internet. VPN Wizard can help administrators to have easy ways to
configure VPN settings
• SSL VPN SSL VPN does not need to install any software or hardware. Only
need to use the web browser and easily establish VPN connections for
transferring the data by SSL encryption
• VPN Trunk VPN trunk function provides VPN load balance and VPN fail-over
feature to keep the VPN connection more reliable
• Content Filtering The CS-2000 can block network connection based on
URLs, Scripts (The Pop-up, Java Applet, cookies and Active X), P2P (eDonkey, Bit
Torrent, WinMX and more), Instant Messaging (MSN, Yahoo Messenger, ICQ,
QQ, Skype and Google Talk) and Download/Upload. If there are updated
versions of P2P or IM software in client side, the CS-2000 will detect the
difference and update the Content Filtering pattern to renew the filtering
mechanism
• IDP Built-in IDP function can detect and prevent from Hacker attacks, Anomaly
The CS-2000 can filter spam and virus mail. Moreover, the IDP and firewall
functions can defense hackers and blaster attacks from Internet or Intranet.
The complete function in one device can provide security solutions and the
secure environment better than ever.
The CS-2000 not only just provides the same features as previous product
CS-1000, such as Content Blocking to block specific URL, Scripts, IM/P2P
program, IPSec, PPTP VPN server/Client, QoS and Authentication etc. but also
provides the higher performance than CS-1000. It has more advanced
functions, such as SSL VPN, High Availability and Inbound Load-Balancing
etc.. Built-in two WAN interfaces allow the CS-2000 to support
Outbound/Inbound load balance and WAN fail-over feature. Furthermore, the
VPN Trunk provides VPN fail-over and load balance features, that can offer a
VPN redundant mechanism to keep the VPN connection being on line.
Flow and Signatures from the Internet. The CS-2000 provides three kinds of the
signatures to complete the intrusion detection system, and users can select to
configure “Anomaly”, “Pre-defined” and “Custom” according to the current
environment request
• Policy-based Firewall The built-in policy-based firewall prevents many
well-known hacker attacks including SYN attack, ICMP flood, UDP flood, Ping of
Death, etc. The access control function specified WAN or LAN users to use only
allowed network services on specified time
• QoS Network packets can be classified based on IP address, IP subnet and
TCP/UDP port number and give guarantee and maximum bandwidth with three
levels of priority
• User Authentication Web-based authentication allows users to be
authenticated by web browser. User database can be configured on CS-2000
and it also supports the authenticated database through external RADIUS, POP3
and LDAP server
• WAN Backup The CS-2000 can monitor each WAN link status and
automatically activate backup links when a failure is detected. The detection is
based on the configurable target Internet address
• Outbound Load Balancing The network sessions are assigned based on the
user configurable load balancing mode, including “Auto”, “Round-Robin”, “By
Traffic”, “By Session” and “By Packet”. Users can also configure IP or TCP/UDP
type of traffic use which WAN port to connect
• Inbound Load Balancing The CS-2000 provides the Inbound Load Balancing
for enterprises internal server. The Inbound Load Balancing can reduce the server
loading and system crash risks in order to improve the server working efficiency
• Multiple NAT Multiple NAT allows local ports to set multiple subnet works
and connect to the Internet through different WAN IP address
• High Availability The CS-2000 provides the High Availability function, and
the redundant system will avoid to influencing the network traffic because the
device crash down
Data Sheet
1
CS-2000
Specification
Product
UTM Content Security Gateway
Model
Hardware
Ethernet
CS-2000
LAN
WAN
DMZ
Console
Hard Disk
H/W Watch-Dog
Software
Management
Operation Mode
Routing Protocol
Concurrent Sessions
New Session / Second
Email Capacity Per Day
Firewall Performance
VPN Performance
VPN Performance (with 3DES)
Firewall Security
VPN Tunnels (Connection/Configure)
VPN Function
Content Filtering
IDP
Anti-Virus
Anti-Spam
QoS
User Authentication
Logs
Accounting Report
Statistics
Others
Data Sheet
2
1 x 10/100 Based-TX RJ-45
2 x 10/100 Based-TX RJ-45
1 x 10/100 Based-TX RJ-45
1 x RS-232 (DB9)
80 GB
Auto reboot when detecting system fail
Web (English, Traditional Chinese, Simplified Chinese)
DMZ_Transparent, DMZ_NAT, NAT
Static Route, RIPv2
582,000
20,000
600,000
100Mbps
46Mbps
30Mbps
Policy-based access control, Stateful Packet Inspection (SPI), NAT/NAPT
200/1000
IPSec, SSL VPN, PPTP server and client, DES, 3DES and AES encrypting
SHA-1/MD5 authentication algorithm, Remote access VPN (Client-to-Site) and Site to Site VPN
URL Blocking
Script Blocking (Popup, Java Applet, cookies and Active X)
IM blocking (MSN, Yahoo Messenger, ICQ, QQ, Skype and Google Talk)
P2P blocking (eDonkey, Bit Torrent, WinMX and more), Download and Upload blocking
Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS
Automatic or manual update for virus and signature database
Anomaly: Syn Flood, UDP Flood, ICMP Flood and more
Pre-defined: Backdoor, DDoS, DoS, Exploit, NetBIOS and Spyware
Custom: User defined based on TCP, UDP, ICMP or IP protocol
Yearly, Monthly, Weekly and Daily Reports support
Virus scan engine: Two scan engines - Sophos and Clam
Virus scanning of E-mail attachment by SMTP, POP3
Inbound scanning for internal and external Mail Server
Action of infected mail: Delete, Deliver to the recipient, forward to an account and store in quarantine
Automatic or manual Virus database update
Inbound scanning for external and internal Mail Server
Support Spam Fingerprint, Bayesian, Signature, RBL and Graylist filtering
Checking sender account and IP to filter the spam mail
Black and white list support auto training system
Action of spam mail: Delete, Deliver to the recipient, forward to an account and store in quarantine,
Yearly, Monthly, Weekly and Daily Reports support
Policy-based bandwidth management
Guarantee maximum bandwidth with 3 priority levels
Classify traffics based on IP, IP subnet, and TCP/UDP port
Built-in user database with up to 500 entries
Support local database, RADIUS, POP3 and LDAP authentication
Traffic Log, Event Log and Connection Log
Log can be saved from web and backup by e-mail or syslog server
Record of Inbound and Outbound traffic utilization by Source IP, Destination IP and Service
Backup Accounting Report for Outbound and Inbound traffic
WAN ports traffic statistic and policies statistic with graph's display
Dynamic DNS
NTP support
Multiple server load balancing
Outbound / Inbound load balancing
High availability
Multiple subnet
SNMP v1
CS-2000
Applications
UTM Content Security Gateway
PLANET UTM Content Security Gateway, CS-2000, is specially designed security gateway with virus and spam filtering features. As the
gatekeeper of corporate security network, CS-2000 prevents corporate intranet from being infected by virus and its network resource
occupied by useless spam mails. Furthermore, IDP, User Authentication and Content Filter features of the security gateway offer the
corporate intranet highly secure protection. The CS-2000 also provides the IPSec, SSL VPN, and PPTP VPN solutions that the data can be
securely delivered via VPN tunnel.
V endor
Bra nc h O f f ic e
VPN Tunnel
Modem
VPN Tunnel
CS-1000
CS-500
Modem
Internet
Access Point
Modem
Access Point
Firewall
VPN Tunnel
CS-2000
Firewall
DMZ
Finance-Server
Web-Server
Mail-Server
Home
Ordering Information
CS-2000
Data Sheet
3
UTM Content Security Gateway (2 x WAN, 1 x LAN, 1 x DMZ)
PLANET Technology Corporation
11F, No. 96, Min Chuan Road, Hsin Tien, Taipei, Tawian R.O.C.
Tel: 886-2-2219-9518
Fax: 886-2-2219-9528
Email: [email protected]
www.planet.com.tw
VoIP Gateway: vip.planet.com.tw
07-07
C-CS2000-1
PLANET reserves the right to change specifications without prior notice. All brand names and trademarks are property or
their respective owners. Copyright©2007 PLANET Technology Corp. All rights reserved.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement