Embed Size (px)
Citation preview
ISG-600 Cloud Gateway
——Integrated Security Gateway
Cumilon ISG-600C cloud gateway is the security product developed by Systrome for the distributed access network for the cloud-computing era. It integrates the L2-L7security features of the next-generation firewall, is based on the user identification and application identification, and provides the application-layer firewall, intrusion prevention, anti-virus, anti-APT, VPN, intelligent bandwidth management, multi-egress link load balancing, content filtering, URL filtering, and other security functions. It provides the cloud interface. The security cloud management platform based on the big data platform architecture can monitor the network topology and device status in real time, simplifying the online deployment of the professional device via the auto configuration delivery. The real-time monitoring of the mobile terminal reduces the maintenance cost and makes the security visible at any time and anywhere. Systrome cloud gateway is the best access security choice of the middle and small enterprises, branch interconnection, and chain enterprises.
!
Hardware and Appearance
Cumilon ISG
Integrated Security Gateway
6 0 0
!
Strong network adaptability
◆ Site-to-Site VPN: support IPSec VPN,
support intra-tunnel traffic security detection and bandwidth control
◆ Support MCE, 802.1Q, GRE, VPN track
networking, support PPPoE, DHCP, Vlan, and Trunk access modes
◆ Support routing, transparent, NAT,
bypass, mixed mode, and other deployment modes
◆ Support IPv4/IPv6 dual-stack, support v4/
v6 transition technology
Professional next-generation firewall
◆ High performance: The private hardware and integrated processing engine provides the high-performance application
security prevention for the user
◆ Intelligent identification: Application-based identification, static, dynamic user
identification and track recording
◆ L2-L7 security features: Intrusion prevention, virus scanning, APT attack defense, application control, content
filtering, URL category filtering, effectively preventing Trojans, worm, SQL, injection, XSS attacks, and overflow attacks,
ensuring the file transfer security, blocking the access for the bad websites and illegal links, and defending based on the
content analysis
◆ Intelligent bandwidth management: The bandwidth management based on the
channel nesting can provide the on-demand selective bandwidth service, for different network users and applications,
ensuring that the key services of the key users get the high-priority bandwidth guarantee by the time period, and
controlling the abuse of the P2P, flow media and other applications for the bandwidth
6 0 0
◆ Multi-express link load: Multi-express link can be based on the user service load balancing or mutual backup, support link status health detection
◆ Security traffic visualization: Inbuilt statistics set, clearly display application, user, whole-device traffic trend, user bandwidth usage by priority, and the happening frequency and source of the security event
Security and traffic Status Statistics
!
!
!
!
Device running Status Statistics
!
Cloud Management Architecture
◆ Centralized monitoring: Real-time monitoring of the operation status, application traffic statistics analysis, topology monitoring
◆ Auto configuration: Configuration template, auto deliver cloud-control VPN, QoS, URL category filtering policy, simplifying the network configuration management of the terminal user
◆ Auto upgrade: Upgrade firmware version, security service feature database via the cloud management platform in a unified manner, convenient for maintenance
◆ On-demand customizing based on SaaS model: Convenient for the user to expand the service scale and service hierarchy, and reduce the IT investment of the user
Architecture of Cloud manager
!
Secure connection between Cloud and gateway
!
6 0 0
Configuration Distribution
!
Monitoring and report
!
Mobile APP Monitoring
◆ Anytime and anywhere: The intelligent mobile terminal device can view the device operation status via Internet by installing APP
◆ Status monitoring: Device operation status, application traffic statistics analysis
◆ Threshold alarm: Device health threshold alarm, serious fault alarm, abnormal account login alarm, high-risk security event alarm
◆ Threat intelligence pushing: Push the network security trend analysis and development trend of the basic big data analysis to the mobile user, helping the network management staff to understand the network status in time and customize the plan
Mobile APP Platform Real-time Monitoring
!
6 0 0
Network and Firewall Management
The 8-tuple NGFW policy based on the interface, address, user, service, application, and time
Managing the configuration by local WEB (HTTP/HTTPS), command line, and console
Support static, dynamic, third-party user authentication and identification
Support delivering the security policy by the cloud platform automatically
Source NAT, destination NAT, static NAT Support template auto delivering VPN policy, network access policy
NAT traversal and ALG of various application protocols
Auto upgrading software version and feature database via the cloud platform
PPPoE, DHCP (C/S), DNS server Support SNMPv1, v2, v3
Support IPv4/IPv6 dual-stack protocol, networking, tunnel and protocol conversion
Administrator authority division, only permitting authorized administrator to access the log
Support static route, dynamic route (RIP, OSPF, BGP4)
Support the third-party user authentication of the administrator user, RADIUS/LDAP
Policy route based on application and user Graphical diagnosis and online capturing packets
Support L4 Dos attack protection and scanning protection
security device bind with the cloud platform account
Support link aggregation and multi-express link load balance
Support the encrypted communication of the device and cloud platform
Support HA and VRRP Multi-tenant isolation, support the hierarchical management of group users
Support interface status linkage VPN
Network access management Standard IPSecVPN protocol
Access control policy based on application feature and action
Support the negotiation authentication mode based on the share key/certificate
IM login control and black-white list Site-to-Site and remote access deployment mode
Email topic, key words, receiver/sender filtering Monitoring, log and statistics
Flow media, P2P download management, game, stock and other action control
Mobile APP real-time monitoring system and traffic status
More than 1000 applications and update regularly
The cloud platform monitors the device traffic and application distributing in real time
L7 security features Monitor the abnormal using of the system resource
Intrusion protection, more than 2000 rules pre-defined, support customizing the protection rule
Abnormal traffic alarm of the mobile APP and cloud platform
Support the IDS linkage Email and syslog alarms, the different module logs can be sent to multiple syslog servers
Virus scanning, killing of more than three million kinds of virus
Support network health check template, icmp, tcp and so on
Support the sandbox linkage of the remote system
Support pushing the threat information to the mobile terminal
Support filtering by web content and key word Monitor the interface status
URL category filtering, local 20K + categories Online user monitoring, querying, and freezing
Flow management Support monitoring the system session status
Support the bandwidth management based on the line and channel nesting
Support the intrusion prevention statistics, virus protection statistics
6 0 0
Hardware Specifications
Support interface downlink/uplink bandwidth management and speed limitation per IP
Support the traffic statistics and trend chart of Top 10 applications
The channel matching by application, user, time, priority
Support the traffic statistics and trend chart of the Top 10 users
Bandwidth limitation, bandwidth guarantee, flexible bandwidth, flow shaping
Support the eliminating policy based on the user, address
ISG-600C ISG-600H ISG-800W
Hardware specifications
Product forms Desk-top Desk-top Desk-top
Fixed interface 6 × GE (RJ45) 6 × GE (RJ45) 8 × GE (RJ45)
Management interfaceShare with the
service portShare with the
service portShare with the
service port
USB interface 1 1 1
Console interface 1 1 1
Reset key Yes Yes Yes
Wireless interface - - 802.11 a/b/g/n
Storage Size - 128G -
System performance
Firewall throughput (512 bytes) 1.5Gbps 1.5Gbps 1.5Gbps
Firewall PPS (512 bytes) 300kpps 300kpps 300kpps
New connections (HTTP) 2.2W 2.2W 2.2W
Con-concurrent connections (HTTP) 400K 400K 400K
Layer 7 firewall throughput (HTTP) 1.8Gbps 1.8Gbps 1.8Gbps
Firewall policies 2000 2000 2000
IPS throughput (HTTP) 900Mbps 900Mbps 900Mbps
Anti-virus (application layer) throughput (HTTP) 820Mbps 820Mbps 820Mbps
IPSecVPN throughput (512 bytes) 320Mbps 320Mbps 320Mbps
IPSecVPN tunnels 1000 1000 1000
Recommended Max. Users 300 300 300
Physical features
PowerInbuilt switch
power/external power adapter
Inbuilt switch power/external power adapter
Inbuilt switch power/external power adapter
6 0 0
Order Information
Input rated voltage 100-240V AC 100-240V AC 100-240V AC
Max. input current 0.5A 0.5A 0.5A
Heat dissipation mode No fan No fan No fan
Dimension (H * W * D) mm 1U9 inch (44*225*140)
1U9 inch (44*225*140)
1U9 inch (44*225*140)
Work temperature 6 6 6
Storage temperature 6 4 6 4 6 4
Work humidity 5%-90% non-condensing
5%-90% non-condensing
5%-90% non-condensing
Authentication CCC, Rohs CCC, Rohs CCC, Rohs
MTBF ≥100, 000 hours ≥100, 000 hours ≥100, 000 hours
Weight 1.0kg 1.2kg 1.2kg
Product Name Description
ISG-600C 6 × GE, containing all functions of NGFW, one-year upgrade service of the four-in-one feature database
ISG-600C-VPN-LIC One VPN tunnel license
ISG-600C-IPS-LIC-1Y One-year upgrade service of ISG-600C IPS feature database
ISG-600C-AV-LIC-1Y One-year upgrade service of ISG-600C AV feature database
ISG-600C-APP-LIC-1Y One-year upgrade service of ISG-600C APP feature database
ISG-600C-URL-LIC-1Y One-year upgrade service of ISG-600C URL feature database
ISG-600H 6 × GE, 128G Storage, containing all functions of NGFW, one-year upgrade service of the four-in-one feature database
ISG-600H-VPN-LIC One VPN tunnel license
ISG-600H-IPS-LIC-1Y One-year upgrade service of ISG-600C IPS feature database
ISG-600H-AV-LIC-1Y One-year upgrade service of ISG-600C AV feature database
ISG-600H-APP-LIC-1Y One-year upgrade service of ISG-600C APP feature database
ISG-600H-URL-LIC-1Y One-year upgrade service of ISG-600C URL feature database
ISG-800W 8× GE, external dual-frequency antenna, containing all functions of NGFW, one-year upgrade service of the four-in-one feature database
ISG-800W-VPN-LIC-x VPN tunnel license
ISG-800W-IPS-LIC-1Y One-year upgrade service of CG-800W IPS feature database
ISG-800W-AV-LIC-1Y One-year upgrade service of CG-800W AV feature database
ISG-800W-APP-LIC-1Y One-year upgrade service of CG-800W APP feature database
ISG-800W-URL-LIC-1Y One-year upgrade service of CG-800W URL feature database
www.systrome.com
