Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
IT-Security made in Germany
Secure site networking
Enables any number of locations to be linked
securely, communication to be encrypted and
VPN dial-up accesses to be provided.
WiFi pre-installed
The VPN-Gateway has built-in WiFi. The WiFi
option can be tested for 30 days free of charge
and can then be activated permanently by
purchasing a licence key.
VPN-Client
Professional Securepoint VPN-Client based on
OpenVPN. Allows complex encryption and
authentication methods to be managed simply
and clearly.
VPN server
The integrated VPN server offers extensive
connectivity and supports the protocols IPSec,
SSL-VPN/OpenVPN and L2TP.
Black Dwarf VPN-GatewayProfessional site networking
User identification
The VPN-Gateway can be linked to an active directory and
this makes the process of authenticating VPN users much
simpler. A radius authentication for the VPN protocols
PPTP and L2TP is also integrated.
VPN-Client
The Securepoint VPN-Client for Windows based on
OpenVPN is free of charge and is available with every
Securepoint VPN and UTM product. The simple and clear
user interface allows you to manage a large number of
VPN connections.
Features overview:
■ Stateful Packet Inspection Firewall (SPI)
■ Secure VPN connections:
- Gateway-to-Gateway
- Gateway-to-Client
■ VPN servers
(IPSec, SSL-VPN, L2TP, PPTP)
■ Site networking with any number of VPN channels
■ Integrated free of charge Securepoint VPN-Client
■ No licence costs for VPN connections
■ Clientless VPN - Browser-based VPN without plug-in
(HTML5, RDP, VNC)
■ User identification
(locally, Active Directory, LDAP)
Professional and secure site networking
The Securepoint Black Dwarf VPN-Gateway is the most
affordable entry model of the highly integrated
Securepoint VPN and UTM network components. It is
especially designed for small offices, branches and home
offices of up to 10 users.
The VPN-Gateway makes it possible to link any number
of locations securely and to provide VPN dial-up
accesses. The VPN server supports the latest protocols
such as IPSec, SSL-VPN/OpenVPN, L2TP and PPTP.
In addition, Clientless VPN can be used via standard
browsers without having to install a plug-in.
Next Generation VPN-Gateway
Upgrade to UTM-Gateway
By obtaining a licence key, you can upgrade from
VPN-Gateway to UTM-Gateway and make use of
additional security features.
Pre-installed WLAN
After setting up the VPN-Gateway, the WLAN module is
available for 30 days free of charge. After the testing phase
has expired, the WiFi option can be activated
permanently by purchasing a
licence key.
■ Complete router functionality
■ Complete IPv6 support
■ Reliability when using multiple Internet accesses
(fallback)
■ Load distribution across multiple Internet accesses
(load balancing/multipath routing)
■ Integrated one-time password server for high security
two and three factor authentication (OTP)
Suitable for: up to 10 users at the location
LAN ports: 3 x 10/100/1.000 MBit/s
WiFi/WLAN: 300 MBit/s (pre-installed)
Monitoring: Securepoint Operation Center
Power consumption: ~19 watts
Warranty: 36-month guarantee (bring-in)
Securepoint WebGUI: Operating and monitoring
Professional site networking
Securepoint GmbH
Bleckeder Landstraße 28
D-21337 Lüneburg
Germany
Phone: +49 41 31 / 24 01-0
Fax: +49 41 31 / 24 01-50
Email: [email protected]
Web: www.securepoint.de
IT-Security made in Germany
System house/partner:
Operating functions
Administrator operation:– Languages: English, German– Audit-ready– Encryption of configurations, log data/reports– Real-time monitoring functions– Object-oriented configuration– Configuration backup management in Securepoint Cloud– Password/access data management– Configuration management (multiple configurations in one system)– Firmware management (updating firmware versions)– Backup management (configuration backups)– Configuration via: – CLI (Command Line Interface): Script-based management for automated roll-outs – Web user interface: Single-System-Management – Securepoint Operation Center (SOC): Multi-System-Management– SSH access to CLI– Customisable dashboard
End user operation:– Languages: English, German– Clientless VPN (VPN via browser for RDP, VNC without additional plug-ins)– Download of automatically preconfigured SSL-VPN clients (OpenVPN)– Wake-on-LAN
Monitoring, logging andreport functions
Monitoring, logging and reporting:– Internet connection monitoring– System/service status– Hardware status– Network status – Service/process status– Traffic status– VPN status– User authentication status
– Live logging– Syslog protocol support and integrated syslog server (see SOC)– Logging for various syslog servers
SNMP:– SNMPv1– SNMPv2c – Monitoring: – CPU, RAM, HDD/SSD/RAID, Ethernet – Internet connections Statistics and reports (SOC):– Exporting statistics as PDF and CSV– Antivirus/antispam statistics – Alerts: Triggered alarms– Overview of IDS attacks– IDS IP attackers and types of attack– Top dropped packets– Top accepted packets– Top rejected packets
Network functions
IPv6-ready:– Configuration for external tunnel brokers (e.g. HE.net) – IPv6-DHCP and router advertisement – DHCP-relay, also via VPN tunnel – Rules for DHCP are automatically created for the respective interfaces
WLAN access point:– Virtual WLANs (e.g. guest networks)– Authentication: Active directory, pre-shared key (PSK)– WLAN monitoring– WPA2 encryption
UMTS:– Internet connection via UMTS– UMTS usage as fallback
LAN/WAN:– Ethernet 10/100/1.000 Mbit/s– xDSL (PPPoE), cable modem– Load balancing– Bandwidth management– Time-controlled Internet connections– DynDNS support (free of charge via http://www.spdns.de)
Routing:– Source routing– Destination routing– Multipath routing in mixed operation also (up to 15 lines)– NAT (static/hide NAT), virtual IP addresses– PAT (Port address translation)
DHCP (IPv4/IPv6):– DHCP relay – DHCP client – DHCP server (dynamic/fixed IP)
DMZ:– Port forwarding – Port address translation (PAT)
VLAN:– Max. 4094 VLANs per interface – 802.1q Ethernet header tagging – Can be combined with bridging
Bridge-Mode:– OSI layer 2 firewall functions – Spanning tree (bridge ID, port cost) – Unlimited bridges – Unlimited interfaces per bridge
Traffic shaping/Quality of service (QoS):– QoS/traffic shaping (also for VPN)– Adjustable upload/download traffic– All services can be configured separately – Minimum, maximum and guaranteed bandwidths can be configured individually– Multiple Internet connections supported
High availability:– Active-passive HA– Synchronisation of single/multiple connections
Name server:– Forwarder– Relay zones– Master zones (domain and reverse)
Security functions
Firewall stateful packet insp. (SPI):– Stateful inspection – Connection tracking TCP/UDP/ICMP – SPI and proxy can be combined– Time-controlled firewall rules, content/web filters, Internet connection– Group-based firewall rules, content/web filters, Internet connection– Supported protocols: TCP, UDP, ICMP, GRE, ESP, AH
Implied rules configuration:– Standard services such as Bootp, Nebios Broadcast... can be removed from logging via One-Click– Standard services such as VPN can be granted access via One-Click without a rule having to be written– Static-NAT, hide-NAT and their excepti- ons can be configured in the packet filter– Automatic update functions
VPN:– VPN and certificate assistant– DynDNS support (free of charge via http://www.spdns.de)ClientLessVPN:– Client-to-site (VPN home offices) – VPN via browser for RDP/VNC without additional plug-ins (modern browsers)– Authentication: Active directory, local user database– SSL encryptionIPSec:– Site-to-site (VPN branches)– Client-to-site (VPN home offices) – Authentication: Active directory, local user database
– Encryption: 3DES, AES 128/ 256Bit, Twofish– Hash-Algo., MD5-HMAC/SHA1, SHA2– Windows 7/8-ready with IKEv1, IKEv2 – Pre-shared keys (PSK) – X.509 certificates – Tunnel mode – DPD (dead peer detection) – NAT-T– Data compression – PFS (perfect forward secrecy) – XAUTH, L2TPSSL:– Site-to-site (VPN branches)– Client-to-site (VPN home offices) – Authentication: Active directory, local user database– SSL encryption (OpenVPN)– Encryption: 3DES, AES (128, 192, 256) CAST5, Blowfish – Routing mode VPN – X.509 certificates – TCP/UDP port can be changed – Data compression – Export for One-Click connectionL2TP:– Client-to-site (VPN home offices) – Authentication: Active directory, radius, local user database– Windows L2TP support PPTP (not recommended):– Client-to-site (VPN home offices)– Authentication: Active directory, radius, local user database– Windows PPTP support
X.509 certificate server:– Certificate revocation list (CRL)– Online certificate status protocol (OCSP)– Templates – Multi-CA support – Multi-host certificate support
VPN clients (free):OpenVPN client (OpenVPN):– Can be configured centrally via administration interface– Configuration that can be downloaded via user web interface included– Can be executed without admin rights onWindows– Operation: One-Click VPN connectionClientlessVPN:– Can be configured centrally via admin in-terface– Can be called up via user interface– Operation: One-Click VPN connection
User authentication:– Complete active directory integration– Authentication against active directory for all VPN protocols, filters– And also radius authentication for VPN protocols PPTP/L2TP
Backup:– Locally in the workplace, locally in UTM/VPN system, in SOC database and Securepoint Cloud– Automatic and time-based backups – Backups can be encrypted – Backups possible on running system
One-time password (OTP):– Integrated one-time password server for high security two and three factor authentication
Mis
take a
nd s
ubje
ct to
change r
eserv
ed
VPN-Gateway functions