CS-2000 UTM Content Security Gateway Key Feature • Anti-Spam Filtering Multiple defense layers (Spam Fingerprint, Blacklist & Whitelist, Bayesian Filtering, Spam Signature, Graylist, Checking sender account and IP address in RBL), and Heuristics Analysis to block over 95% spam mail. Customizable notification options and spam mail report are provided for administrators. Varied actions toward spam mail include Delete, Deliver, Forward and Store in the quarantine. Built-in auto-training system rise identify rate of spam mail substantially • Anti-Virus Protection Built-in double virus scan engines can detect viruses, worms and other threats from email transfer. Network Traffic in real time can scan mission-critical content protocols, SMTP and POP3, to provide maximum protection. Customizable notification options and virus mail report are provided for administrators. Varied actions toward spam mail include Delete, Deliver, Forward and Store in the quarantine The innovation of the Internet has created a tremendous worldwide opportunities for e-business and information sharing, but network security problems also come out. So the request of security will be the primary concerned for the enterprises. The new model, PLANET UTM Content Security Gateway CS-2000, a special designed of security gateway, can adopt Heuristics Analysis to filter spam and virus mail, and the auto-training system can raise identify rate of spam. The built-in 80GB Hard Disk can store the spam mail in quarantine. The Anti-virus application has double virus scan engines - Clam and Sophos which can detect viruses, worms and other threats from transferring E-mail and Internet network. It also provides the mail report by Daily, Weekly, Monthly and Yearly and helps the administrators monitor the mail status easily. • Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS The CS-2000 can not only provide Anti-virus feature for mail but also filter the virus from varied protocol. The virus pattern can be updated automatically or manually. • VPN Connectivity The CS-2000 supports several VPN features -- IPSec VPN, SSL VPN and PPTP server/client. The VPN Tunnel with DES / 3DES / AES encryption and SHA-1/MD5 authentication that provide secured network traffic over public Internet. VPN Wizard can help administrators to have easy ways to configure VPN settings • SSL VPN SSL VPN does not need to install any software or hardware. Only need to use the web browser and easily establish VPN connections for transferring the data by SSL encryption • VPN Trunk VPN trunk function provides VPN load balance and VPN fail-over feature to keep the VPN connection more reliable • Content Filtering The CS-2000 can block network connection based on URLs, Scripts (The Pop-up, Java Applet, cookies and Active X), P2P (eDonkey, Bit Torrent, WinMX and more), Instant Messaging (MSN, Yahoo Messenger, ICQ, QQ, Skype and Google Talk) and Download/Upload. If there are updated versions of P2P or IM software in client side, the CS-2000 will detect the difference and update the Content Filtering pattern to renew the filtering mechanism • IDP Built-in IDP function can detect and prevent from Hacker attacks, Anomaly The CS-2000 can filter spam and virus mail. Moreover, the IDP and firewall functions can defense hackers and blaster attacks from Internet or Intranet. The complete function in one device can provide security solutions and the secure environment better than ever. The CS-2000 not only just provides the same features as previous product CS-1000, such as Content Blocking to block specific URL, Scripts, IM/P2P program, IPSec, PPTP VPN server/Client, QoS and Authentication etc. but also provides the higher performance than CS-1000. It has more advanced functions, such as SSL VPN, High Availability and Inbound Load-Balancing etc.. Built-in two WAN interfaces allow the CS-2000 to support Outbound/Inbound load balance and WAN fail-over feature. Furthermore, the VPN Trunk provides VPN fail-over and load balance features, that can offer a VPN redundant mechanism to keep the VPN connection being on line. Flow and Signatures from the Internet. The CS-2000 provides three kinds of the signatures to complete the intrusion detection system, and users can select to configure “Anomaly”, “Pre-defined” and “Custom” according to the current environment request • Policy-based Firewall The built-in policy-based firewall prevents many well-known hacker attacks including SYN attack, ICMP flood, UDP flood, Ping of Death, etc. The access control function specified WAN or LAN users to use only allowed network services on specified time • QoS Network packets can be classified based on IP address, IP subnet and TCP/UDP port number and give guarantee and maximum bandwidth with three levels of priority • User Authentication Web-based authentication allows users to be authenticated by web browser. User database can be configured on CS-2000 and it also supports the authenticated database through external RADIUS, POP3 and LDAP server • WAN Backup The CS-2000 can monitor each WAN link status and automatically activate backup links when a failure is detected. The detection is based on the configurable target Internet address • Outbound Load Balancing The network sessions are assigned based on the user configurable load balancing mode, including “Auto”, “Round-Robin”, “By Traffic”, “By Session” and “By Packet”. Users can also configure IP or TCP/UDP type of traffic use which WAN port to connect • Inbound Load Balancing The CS-2000 provides the Inbound Load Balancing for enterprises internal server. The Inbound Load Balancing can reduce the server loading and system crash risks in order to improve the server working efficiency • Multiple NAT Multiple NAT allows local ports to set multiple subnet works and connect to the Internet through different WAN IP address • High Availability The CS-2000 provides the High Availability function, and the redundant system will avoid to influencing the network traffic because the device crash down Data Sheet 1 CS-2000 Specification Product UTM Content Security Gateway Model Hardware Ethernet CS-2000 LAN WAN DMZ Console Hard Disk H/W Watch-Dog Software Management Operation Mode Routing Protocol Concurrent Sessions New Session / Second Email Capacity Per Day Firewall Performance VPN Performance VPN Performance (with 3DES) Firewall Security VPN Tunnels (Connection/Configure) VPN Function Content Filtering IDP Anti-Virus Anti-Spam QoS User Authentication Logs Accounting Report Statistics Others Data Sheet 2 1 x 10/100 Based-TX RJ-45 2 x 10/100 Based-TX RJ-45 1 x 10/100 Based-TX RJ-45 1 x RS-232 (DB9) 80 GB Auto reboot when detecting system fail Web (English, Traditional Chinese, Simplified Chinese) DMZ_Transparent, DMZ_NAT, NAT Static Route, RIPv2 582,000 20,000 600,000 100Mbps 46Mbps 30Mbps Policy-based access control, Stateful Packet Inspection (SPI), NAT/NAPT 200/1000 IPSec, SSL VPN, PPTP server and client, DES, 3DES and AES encrypting SHA-1/MD5 authentication algorithm, Remote access VPN (Client-to-Site) and Site to Site VPN URL Blocking Script Blocking (Popup, Java Applet, cookies and Active X) IM blocking (MSN, Yahoo Messenger, ICQ, QQ, Skype and Google Talk) P2P blocking (eDonkey, Bit Torrent, WinMX and more), Download and Upload blocking Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS Automatic or manual update for virus and signature database Anomaly: Syn Flood, UDP Flood, ICMP Flood and more Pre-defined: Backdoor, DDoS, DoS, Exploit, NetBIOS and Spyware Custom: User defined based on TCP, UDP, ICMP or IP protocol Yearly, Monthly, Weekly and Daily Reports support Virus scan engine: Two scan engines - Sophos and Clam Virus scanning of E-mail attachment by SMTP, POP3 Inbound scanning for internal and external Mail Server Action of infected mail: Delete, Deliver to the recipient, forward to an account and store in quarantine Automatic or manual Virus database update Inbound scanning for external and internal Mail Server Support Spam Fingerprint, Bayesian, Signature, RBL and Graylist filtering Checking sender account and IP to filter the spam mail Black and white list support auto training system Action of spam mail: Delete, Deliver to the recipient, forward to an account and store in quarantine, Yearly, Monthly, Weekly and Daily Reports support Policy-based bandwidth management Guarantee maximum bandwidth with 3 priority levels Classify traffics based on IP, IP subnet, and TCP/UDP port Built-in user database with up to 500 entries Support local database, RADIUS, POP3 and LDAP authentication Traffic Log, Event Log and Connection Log Log can be saved from web and backup by e-mail or syslog server Record of Inbound and Outbound traffic utilization by Source IP, Destination IP and Service Backup Accounting Report for Outbound and Inbound traffic WAN ports traffic statistic and policies statistic with graph's display Dynamic DNS NTP support Multiple server load balancing Outbound / Inbound load balancing High availability Multiple subnet SNMP v1 CS-2000 Applications UTM Content Security Gateway PLANET UTM Content Security Gateway, CS-2000, is specially designed security gateway with virus and spam filtering features. As the gatekeeper of corporate security network, CS-2000 prevents corporate intranet from being infected by virus and its network resource occupied by useless spam mails. Furthermore, IDP, User Authentication and Content Filter features of the security gateway offer the corporate intranet highly secure protection. The CS-2000 also provides the IPSec, SSL VPN, and PPTP VPN solutions that the data can be securely delivered via VPN tunnel. V endor Bra nc h O f f ic e VPN Tunnel Modem VPN Tunnel CS-1000 CS-500 Modem Internet Access Point Modem Access Point Firewall VPN Tunnel CS-2000 Firewall DMZ Finance-Server Web-Server Mail-Server Home Ordering Information CS-2000 Data Sheet 3 UTM Content Security Gateway (2 x WAN, 1 x LAN, 1 x DMZ) PLANET Technology Corporation 11F, No. 96, Min Chuan Road, Hsin Tien, Taipei, Tawian R.O.C. Tel: 886-2-2219-9518 Fax: 886-2-2219-9528 Email: [email protected] www.planet.com.tw VoIP Gateway: vip.planet.com.tw 07-07 C-CS2000-1 PLANET reserves the right to change specifications without prior notice. All brand names and trademarks are property or their respective owners. Copyright©2007 PLANET Technology Corp. All rights reserved.