Air Live Rs 1200

RS-1200RS-1200

AirLive RS-1200AirLive RS-1200

Product introductionProduct introduction

RS-1200RS-1200

Multi-function Dual WAN Security GatewayMulti-function Dual WAN Security Gateway

RS-1200 Security Gateway can offer complete advance Firewall,2-Way Bandwidth manager, VPN servers, Messenger Control, Access Authentication, and much more functions in an all-in-one box.

IntroductionIntroduction

RS-1200RS-1200

Specification:Processor : Intel IXP425, 266MHz Memory: 8MB Flash ROM, 64MB SDRAM

RS-1200RS-1200Hardware overviewHardware overview

WAN1 WAN2 LAN DMZ

Connect two different ISP network service, like ADXL, Cable modem, Leased line,

Connect to LAN networkLike switch, hub, or LAN pc.

Connect to DMZ network

Hardware overviewHardware overview

RS-1200RS-1200

Key FeaturesKey Features

• QoS Bandwidth Management

• IPsec /PPTP VPN Server

• Dual WAN Connection The RS-1200 offer 2 of WAN interface for load balancing and redundancy

Administrators can control the bandwidth speed for downstream and upstream traffic separately.

If you want to work from home or connect 2 office networks together over Internet securely

• DMZ port support

DMZ port is a specific hardware port that lets outside user from internet accessyour servers without exposing your network to attack.


RS-1200RS-1200


• Syslog, Content Filter, IM blocking

• Password Authentication for Internet Access

• Multiple Virtual Server

Up to 4 real IP addresses are supported let you setting each with its own NAT table

This feature is useful for system administrator who want to limit certain service to certain individuals regardless of which station they use

RS-1200 have Content filter function that can filtering for restrict access for specified Web site, blocking Script, P2P application (like eMule, Bit Torrent ) , Internet Message application (like ICQ, MSN,Skype..)

• Policy Based Firewall with scheduling

All the packets that go through RS-1200 must pass the policy permission (except VPN). Therefore, the LAN, WAN, and DMZ network have to set the applicable policy when establish network connection.


RS-1200RS-1200

Outbound Load balancing

Dual WAN connectionDual WAN connection

WAN1 : ISP A connection (WAN IP: 61.11.11.11) WAN2 : ISP B connection (WAN IP:211.22.22.22)

user1user2user3user4

For setting Auto balancedAuto balanced mode example, when WAN1 traffic is busy, now user3,user4 want to connect to internet , user3,user4 will be auto sense through WAN2 for internet connection. That increase the upstream bandwidth.

functionsfunctions

RS-1200RS-1200

Redundancy

Dual WAN connectionDual WAN connection

WAN1 : ISP A connection (WAN IP: 61.11.11.11) WAN2 : ISP B connection (WAN IP211.22.22.22)

user1user2user3User 4

If the WAN1 connection is fail, RS-1200 will auto sense the client to connect internet

through WAN2, so the feature can maintaining a reliable connection

functionsfunctions

RS-1200RS-1200

DMZ port supportDMZ port support

So let outside user from internet access your servers without exposing your network to attack. This setup can protects your local network from the traffic to the server group

You can put your server group on the DMZ port, like Web Server, FTP server..

and put your PC network on the regular LAN port.

functionsfunctions

RS-1200RS-1200

2-way Qos Bandwidth Management2-way Qos Bandwidth Management

By configuring the QoS, you can control the OutBound and InBound Upstream/Downstream Bandwidth.

The RS-1200 configures the bandwidth by different QoS, and selects the suitable QoS through Policy to control and efficiently distribute bandwidth

IPsec / PPTP VPN server and ClientIPsec / PPTP VPN server and Client

The RS-1200 adopts VPN to set up safe and private network service. And combine the remote Authentication system in order to integrate the remote network and PC of the enterprise. Also provide the enterprise and remote users a safe encryption way to have best efficiency and encryption when delivering data.

functionsfunctions

RS-1200RS-1200

Policy Based Firewall with Scheduling Policy Based Firewall with Scheduling All the network packets that go through RS-1200 must pass the policy

permission when establish network connections

Administrator can define many different policy objects to setup incoming or outgoing policy and can be activate or deactivate by automatic scheduling

example: you can define the schedule policy object from 9:00am to 6:00 pm ,Monday to Friday (working-time) and setup outgoing policy to restrict MSN service from internal network.

functionsfunctions

RS-1200RS-1200

Multiple Virtual ServerMultiple Virtual Server

functionsfunctions

RS-1200 can support up to 4 real IP addresses for each with its own can mapping 4 virtual IPs.So we can use this function for variety application.

Virtual server means the server is connect to LAN and have private IP address, but external users cannot connect to its private IP Address directly. so need this function to map Private IP to Real IP that can offer related service for internet users

RS-1200RS-1200

Multiple Virtual ServerMultiple Virtual Server

functionsfunctions

Make a single server that provides several services such as FTP, Web, and Mail, to provide service

Make several servers that provide a single service

One to one mapping 4 virtual server IP addressesOne to many mapping

1 real IP address

Application sample

(usually use for VoIP,NetMetting,Online Gaming application)

RS-1200RS-1200

Password Authentication for Internet AccessPassword Authentication for Internet Access

Syslog, Content Filtering, IM blockingSyslog, Content Filtering, IM blocking

RS-1200 can only allow the users who pass authentication to access to Internet in particular time

RS-1200 have Content filter function that can filtering for restrict access specified Web site,blocking Script, P2P application (like eMule, Bit Torrent ) , Internet Message application (like ICQ, MSN,Skype..)

The traffic log can be sent automatically by email or by Syslog function.

functionsfunctions

Anti-attack (security function)Anti-attack (security function)

RS-1200 have built-in Anti-attack security functions that protect your network to prevent network attacklike Ping of Death, Port Scan, Dos, SYN,SPI.

RS-1200RS-1200

AirLive RS Family Security Gateway ComparisonAirLive RS Family Security Gateway Comparison

1 (10/100)╳╳DMZ port

○○○Support xDSL/Cable/Leased Line

2 (10/100)1 (10/100)1 (10/100)Shield RJ-45 Ethernet UTP port

WAN port

1 (10/100) 1 (10/100) 4 (10/100)Shield RJ-45 Ethernet UTP portLAN port (Switch Hub)

8MB (Flash)8MB (Flash)　 16MB (Flash)Flash ROM

64 MB64 MB32 MBDRAM

Intel IXP425, 266MHzIntel IXP425, 400MHzWaveplus MIPS 100MhzCPU

Hardware

RS-1200RS-2000RS-1000

comparisoncomparison

RS-1200RS-1200


RS-1200RS-2000RS-1000

○○╳Messages to display

○○╳URL to redirectAuthentication Status

20╳╳Authentication Group（Max entry）

200200( Policy )200 ( Policy )Authentication User（Max entry）

Authentication

25Mbps50Mbps10MbpsQos Max. Bandwidth (MB) limited

100100100QoS（Max entry）

○○○Priority-bandwidth utilization

○○○Guaranteed Bandwidth

QoS

Bandwidth Manager Function

RS-1200RS-2000RS-1000

6,5008,000150New Sessions / Second

45,00045,00016,500Max Concurrent Sessions

9 Mbps15 Mbps╳3DES Encryption

11 Mbps16 Mbps╳Authentication (No Encryption)VPN

70 Mbps100 Mbps13 MbpsWAN-LAN

Throughput

Performance

20~25 50 5-10Concurrent users


RS-1200RS-1200


RS-1200RS-2000RS-1000

50╳╳ DMZ To WAN（Max entry）

50╳╳ DMZ To LAN（Max entry）

100╳╳ WAN To DMZ（Max entry）

50╳╳ LAN To DMZ（Max entry）

1005050 Incoming（Max entry）

300200100 Outgoing（Max entry）

○○○Max. Concurrent Sessions

Policy Control

Policy Function

RS-1200RS-2000RS-1000

○╳╳DNS

○╳╳ICMPWAN Port connection status

○╳╳OutBound Load-balancing

Inbound / Outbound Function


RS-1200RS-1200

Q & AQ & A

Q & AQ & A

Q1: if client is get private ip address automatically From DHCP server; how can i configure to blocking like MSN service for this client ?

A1: DHCP client can't be blocking for using some pre-defined service (like MSN,Skype), but MIS can setup the IP address and get the unique MAC address by this PC as address policy object and choose " get the static ip address from DHCP“ in policy object function << so that means this client will not be assign dynamic ip address every time >> this address policy object.

Q2: for SOHO use, if they want to simply connect the internet and also want have a basically security. is that very complex to configure that ?A2: for this issue, only setup one outgoing policy rule : from inside_any to outside_any service-->HTTP action--> Permit ALL. and press ok button that will work immediately. so except this rule, any service from outside to inside wil be deny and drop

Note. firewall Policy definition is very flexible and can set by IP, by service, by Qos , by Schedule and combine each together so depend on the usage, but RS-xx Family security gateway can offer you complete security functions.

Q3: when I setup Qos upstream or downstream bandwidth, do it will affect the network throughput ?A3: Yes, because Qos is one of Policy Object that you can define like Setting a policy that can restrict the user’s downstream and upstream bandwidth, netowrk throughput including Qos bandwidth usage . So RS-1200 have 70Mbps means NAT Maximum throughput when not use Qos.

RS-1200RS-1200

Thank YouThank You

The RS-1200 is a product that combines The RS-1200 is a product that combines the most important and useful security features in one package.the most important and useful security features in one package.It allows you to take complete control over your network It allows you to take complete control over your network

ConclusionConclusion

Technology

Air Live Rs 1200