Embed Size (px)
Citation preview
Multi-Homing Gateway SeriesNusoft.Internet Security Fighter
Product Features
Full IPv6 Compatibility
A Total VPN Solution
Custom Network Interfaces and Groups
Quality of Service (QoS) / Individual QoS
In- / Outbound Load Balancing & PBR
The device is completely compatible with the mainstreamInternet protocol of the future -- IPv6. There is no budgetrequired for implementing another IPv6-based gatewaysimply for IPv4-ot-IPv6 address translation.
Up to four network interfaces are available for defining asLAN, WAN, DMZ or network groups (isolated from oneanother). Thus, MHG-1000 can serve as an internal firewallphysically separating each subnet with its grouping feature,which undoubtedly boosts your network security.
The QoS mechanisms allow IT administrators to base thebandwidth allocation on the company's network policy,preventing bandwidth being exhausted by minorities.
Most third party firewall products lack advanced VPNconnection management and therefore result in securityrisks. In comparison, MHG-1000 secures highly confidentialbusiness information carried over the VPN with QoS,authentication, etc.
The device can load-balance outbound traffic evenly acrossWAN ports based on various load-balancing algorithms. Itefficaciously makes the most of your bandwidth and ensuresyou with a reliable connection.
Besides outbound load balancing, it is also capable ofinbound load balancing, which helps mitigate multiplewebpage requests directed at your Web server by distributingthem across multiple WAN connections, guaranteeinguninterrupted e-commerce.
Its policy-based routing (PBR) mechanism allows the ITadministrator to assign a specific WAN port for a specificpurpose (or traffic).
Nusoft.Internet Security Fighter Multi-Homing Gateway Series
Multi-Homing Gateway
MHG-1000
Web Filtering Mechanism
The Web Filter employs a cloud-based URL database that has eight categories namely Anti-Social and Illegal,Pornographic and Abusive, Gaming and Gambling, Societyand Commerce, Communication and Technology, Leisure,Information and Education, Other, and up to sixty-four subcategories. Website browsing now can be easily regulatedby specifying simply the category instead of the URL, keyword, etc.
1
In addition to that, IT administrators are also allowed torestrict file transfers, MIME types and browser scripts,and provided with detailed logs and statistics for diagnosis.
Anomaly Traffic Detection
MHG-1000 is able to proactively block packet-floodingattacks and notify related personnel of the event. A coreswitch may be incorporated to perform a co-defense againstthe attack by disabling the switch port containing the sourceof the attack, efficaciously preventing Denial-of-Serviceattacks.
A single WAN connection is risky for enterprises with aheavy reliance on information technology due to theconsequences of disconnections. To avoid profit loss, thebest policy is to deploy a network with a failover mechanism.Accordingly, Nusoft MH G-1000 comes equipped withfirewall, link failover, load balancing, policy-based routing(PBR), total VPN solution (SSL / IPSec / PPTP VPN andtrunking), QoS, Web filtering, AAA server (Authentication,Authorization, and Accounting), application blocking,anomaly traffic detection, and more to not only providemulti-homing capability, but to help manage the bandwidthand users with a reasonable yet cost-effective means.
MHG- 1000’s VP N trunking capability ensures failover andbandwi dth aggregation to IPSec and PPTP tunnels, greatlyincreasing the connection speed and stability. In addition,it adopts hardwar e information (rather than login information)to authenticate an SSL VP N user. Remo te users are nowoffered wi th fast and easy SSL VPN access wi thout the needfor compl ex configurations.
Multi-Homing Gateway SeriesNusoft.Internet Security FighterNusoft.Internet Security Fighter Multi-Homing Gateway Series
2
Remote Accessibility
The Web-based UI, available in English, TraditionalChinese, and Simplified Chinese, allows configurationand management to be made through any Web browser from anywhere and consequently no software installation isrequired.
Internet-Based Application Blocking
Despite the convenience of instant messaging (IM), the use ofIM clients is difficult to manage and thus opens the door for business thefts and viruses. Accordingly, MHG-1000 has thecapability to block the use of IM clients such as MSN, Yahoo!, Skype, ICQ, and QQ for messaging or file transfer.
In addition, the use of other Internet-based applicationsmay as well result in security breach. It could bring alonghigh bandwidth consumption, information asset leakage,and malicious code, etc. In answer to that, to ensure networksecurity, the device allows you to restrain P2P sharing(eMule, BitTorrent, WinMX, eDonkey, Foxy, etc.), multimedia streaming, Web-based email access, online gaming, VPN tunneling, and remote controlling.
AAA Server
Authentication: Identifies users using either internal orexternal (RADIUS / POP3 / LDAP) authentication.
Authorization: Decides what kinds of activities, resources,or services a user is permitted.
Accounting: Provides detailed session statistics and usageinformation for network policy adjustment.
Deployment
ADSL / CableModem
Internet
LAN 1 DMZ 1
WAN 2WAN 1
Multi-Homing Gateway SeriesNusoft.Internet Security FighterNusoft.Internet Security Fighter Multi-Homing Gateway Series
3
VPNInternetIPv6
IPv4LAN 2
18
Product HighlightsHighlights Benefits Third-Party Products
Full IPv6 compatibilitySaves the budget for the implementation of anIPv4-to-IPv6 gateway.
Either incompatible or with limited support.
Either fixed to factory default or incapable of load balancing.
No protection against packet flooding.
Lacks flexibility and adaptability in individualbandwidth management.
Equips user only with PPTP and IPSec VPN, lacking security and manageability.
Requires login information to establish anSSL VPN connection.
Only comes in outbound PBR capability and isnot configurable at all.
Less effectively blocks the use of Internet-based applications by port number.
Less effectively filters Website access by basiccriteria such as IP, domain, keyword, etc.
Fails to meet the needs of all sizes of businesses with just outbound load balancing.
No solution available for service disruptionduring online banking and gaming sessions.
A basic firewall with a few security featuresadded on to provide a rough protection.
Provides an effortless operation experiencethrough a single Web-based UI.
Secures your LAN network with anomaly flowdetection and co-defensive switch system.
Adds flexibility to bandwidth management byQoS and P2P bandwidth limits.
Allows in- / outbound traffic to be load balancedbased on network polices.
Restrains the use of Internet-based applicationssuch IM client, P2P software, etc.
Effortlessly regulates Website access by eightcategories and sixty-four subcategories.
Avoids service disruption during an IP-orientedconnection such as online banking and gamingdue to IP change.
Ensures access stability to both the LAN users( outbound traffic ) and website visitors( inbound traffic ).
Securely tunnels your private connections usingPPTP/IPSec/SSL VPN along with trunkingcapability and policy-based management.
Uses hardware information such as the detailsof CPU and hard disk size to authenticate anSSL VPN user without the risk of passwordcompromise.
Enables you to define networks as needed andoffers a physical internal firewall due to itsgrouping feature.
Integrated policyconfiguration
LAN security
QoS management
Total VPN solution
Application blocking
Web category filtering
Bi-directional load balancing
IP-oriented connectionsolution ( i. e., onlinebanking / gaming )
Policy-based routing (PBR)
SSL hardware authentication
Custom network interfacesand groups
IPv4/IPv6Compatibility
Policy-OrientedManagement
User Authentication Event Logging Web-Based UI PBR Web Filtering
User-DefinableNetworks
SPI Firewall Link FailoverTotal VPN Solution Multi-WANLoad Balancing
Up- / DownloadBlocking
AAA Server QoS Anomaly TrafficDetection
Co-Defense System Application Blocking
60
最高
限速
LIMITSPEED
1 Mbit/sec
Multi-Homing Gateway SeriesNusoft.Internet Security FighterNusoft.Internet Security Fighter Multi-Homing Gateway Series
4
Model Name
Power Redundancy
QoS
Individual QoS
Up- / Download Blocking
Application Blocking
VLAN / VLAN Trunking
High Availability
Max. Concurrent Users
CPU Cores / Threads
Max. Concurrent Sessions
CPU Consumption (The lower, the better.)
Outbound
Inbound
Authentication
Authorization
Accounting
Policy-Based Routing
Form Factor
Networking
LoadBalancing
AAA Server
VPNVPN Trunking
SSL Web VPN
SSL Application
Port Density
User-Definable
Hardware Specifications
Performance Statistics
IPv6 Compatibility
Interface Grouping
SPI Firewall
Internal Firewall
Web Filtering
Product Features
MHG-1000
X
X
X X
X
4 GbE (RJ45)
Unlimited Unlimited Unlimited Unlimited Unlimited
1 / 1 2 / 2 2 / 2 8 / 8 8 / 16
1.6 Gbps 2.5 Gbps 3.3 Gbps 3.4 Gbps 5.0 Gbps
75 % 40 % 37 % 11 % 3 %
582,000 1,000,000 1,000,000 2,000,000 2,000,000
MHG-1500 MHG-2000 MHG-3000 MHG-5000
6 GbE (RJ45) 7 GbE (RJ45)
1U Rack-Mountable
1U Rack-Mountable
1U Rack-Mountable
2U Rack-Mountable
2U Rack-Mountable
12 GbE(RJ45/Mini-GBIC)
12 GbE(RJ45/Mini-GBIC)
Firewall Throughput
Model Comparison
IPSec / PPTP VPN
Nusoft CorporationTel: +886-2-8226-6789 Fax: +886-2-8226-6488Address:
http://www.nusoft.com.twSales Department : [email protected] Support: [email protected]
3F.-1, No. 880, Zhongzheng Rd., Zhonghe Dist., New Taipei City 235-86, Taiwan (R.O.C.)
