0 ks zboží za 0,- 

Hillstone SG6K-T5860-IN-12: Next Generation Firewall, propustnost 40 Gbps, 2x AC zdroj

SG-6000-T5860: 2U, 2GE&4SFP interfaces, 4 universal expansion slots, Dual Storage: 120G system storage (480G or 960G SSD Optional) +1T HDD data storage (960G SSD Optional), dual AC power supply, 1-yr HW warranty. 1-yr application identify database

Hillstone SG6K-T5860-IN-12: Next Generation Firewall, propustnost 40 Gbps, 2x AC zdroj
SG6K-T5860-IN-12Kód:

Hillstone

Výrobce:
12 měsícůZáruka:
Dostupnost po přihlášeníDostupnost:

 

Specifikace:

 

  • Integrated I/O: 2x GE, 4x SFP
  • Maximum I/O: 38x GE, 8x 10GE
  • FW Throughput (Maximum): 40Gbps
  • IPSec Throughput: 28Gbps
  • AV Throughput: 9.5Gbps
  • IPS Throughput: 18Gbps
  • Expansion Modules: 4x Generic Slot
  • Expansion Module Option: IOC-8GE-M, IOC-8SFP-M, IOC-4GE-B-M, IOC-4XFP, IOC-8SFP+, IOC-4SFP+, IOC-2XFP-Lite-M (only supported at Slot -3/4)
  • Management Ports: 1x Console Port, 2x HA, 1x MGT, 1x USB 2.0, 1x AUX Port
  • Maximum Power Consumption: 2x 450W Redundancy 1+1
  • Storage: 120G SSD, 500G HDD or 1T HDD
  • Power Supply: AC 100-240V 50/60Hz
  • Dimensions: 440x520x88 mm
  • Weight: 15,8kg
  • Temperature: 0-40°C
  • Relative Humidity: 10-95%

 

Popis:

 

Inteligentní Next Generation Firewally Hillstone řady T poskytují špičkovou ochranu v reálném čase pro aplikace a proti síťovým útokům. Poskytují ochranu proti virům, spywarům, červům, botnetům, ARP spoofingu, DoS / DDoS útokům, trojským koním atp.

Oproti verzi E Inteligentní Next Generation Firewally Hillstone řady T používají tři klíčové technologie pro nejvyšší možnou bezpečnost:

1)      používá statistický clustering k detekci narušení bezpečnosti v reálném čase - detekuje rizikové uživatelé a poskytuje kontextové informace o útoku

2)      provádí analýzu chování sítě k detekci abnormálních událostí - poskytuje přehled o každé fázi útoku a dává administrátorovi více příležitostí jak k útoku předejít

3)      provádí forenzní analýzu a poskytuje administrátorovi nalézt příčinu napadení sítě -  umožňuje správci provést změnu bezpečnostních pravidel, aby se zabránilo podobnému útoku do sítě

 

Modelová řada T nabízí propustnost až 40 Gb/s.

 

U řady T lze volitelně přikoupit:

-          Balíček IPS, Antivir, QoS, URL filtering, Inteligetní analýzu (Stoneshield)

-          VSYS licence (Virtual System License) – možnost rozdělení HW firewallu do více virtuálních firewallů

-          SSL VPN licence

-          Rozšiřující HW moduly

-          Rozšíření HW záruky a SLA služby

-          SSD nebo HDD disk

-          Centrální management HSM

-          Centrální dohled HSA (ukládání syslogů)

 

VIDEO:

 

Vlastnosti

 

Network Services

  • Dynamic routing (OSPF, BGP, RIPv2)
  • Static and Policy routing
  • Route controlled by application
  • Built-in DHCP, NTP, DNS Server and DNS proxy
  • Tap mode – connect to SPAN port
  • IPv6 Support: Mgt. over IPv6, IPv6 routing protocols, IPv6 tunneling, IPv6 logging and HA
  • Interface modes: sniffer, port aggregated, loopback, VLANS (802.1Q and Trunking)
  • L2/L3 switching & routing
  • Virtual wire (Layer 1) transparent inline deployment

 

Firewall

  • Operating modes: NAT/route, transparent (bridge), and mixed mode
  • Policy objects: predefined, custom, and object grouping
  • Application Level Gateways and session support: MSRCP, PPTP, RAS, RSH, SIP, FTP, TFTP, HTTP, dcerpc, dns-tcp, dns-udp, H.245 0, H.245 1, H.323 and weighted, embedded ISP routing and dynamic detection
    • Inbound link load balancing supports SmartDNS and dynamic detection
    • Automatic link switching based on bandwidth and latency
    • Link health inspection with ARP, PING, and DNS
  • Access control based on IP address geolocation
  • Repetitive and redundant firewall rule inspection

 

VPN

  • IPSec VPN:
    • IPSEC Phase 1 mode: aggressive and main ID protection mode
    • Peer acceptance options: any ID, specific ID, ID in dialup user group
    • Supports IKEv1 and IKEv2 (RFC 4306)
    • Authentication method: certificate and pre-shared key
    • IKE mode configuration support (as server or client)
    • DHCP over IPSEC
    • Configurable IKE encryption key expiry, NAT traversal keep alive frequency
    • Phase 1/Phase 2 Proposal encryption: DES, 3DES, AES128, AES192, AES256
    • Phase 1/Phase 2 Proposal authentication: MD5, SHA1, SHA256, SHA384, SHA512
    • Phase 1/Phase 2 Diffie-Hellman support: 1,2,5 - XAuth as server mode and for dialup users
    • Dead peer detection
    • Replay detection
    • Autokey keep-alive for Phase 2 SA
  • IPSEC VPN realm support: allows multiple custom SSL VPN logins associated with user groups (URL paths, design)
  • IPSEC VPN configuration options: route-based or policy based
  • IPSEC VPN deployment modes: gateway-to-gateway, full mesh, hub-and-spoke, redundant tunnel, VPN termination in transparent mode
  • One time login prevents concurrent logins with the same username
  • SSL portal concurrent users limiting
  • SSL VPN port forwarding module encrypts client data and sends the data to the application server
  • Supports clients that run iOS, Android, and Windows XP/Vista including 64-bit Windows OS
  • Host integrity checking and OS checking prior to SSL tunnel connections
  • MAC host check per portal
  • Cache cleaning option prior to ending SSL VPN session
  • L2TP client and server mode, L2TP over IPSEC, and GRE over IPSEC
  • View and manage IPSEC and SSL VPN connections

 

User and Device Identity

  • Local user database
  • Remote user authentication: TACACS+,LDAP, Radius, Active Directory
  • Single-sign-on: Windows AD
  • 2-factor authentication: 3rd party support, integrated token server with physical and SMS
  • User and device-based policies

 

IPS

  • 7,000+ signatures, protocol anomaly detection, rate-based detection, custom signatures, manual, automatic push or pull signature updates, integrated threat encyclopedia
  • IPS Actions: default, monitor, block, reset (attackers IP or victim IP, incoming interface) with expiry time
  • Packet logging option
  • Filter Based Selection: severity, target, OS, application or protocol
  • IP exemption from specific IPS signatures
  • IDS sniffer mode
  • IPv4 and IPv6 rate based DoS protection with threshold settings against TCP Syn flood, TCP/UDP/SCTP port scan, ICMP sweep, TCP/UDP/SCIP/ICMP session flooding (source/destination)
  • Active bypass with bypass interfaces
  • Provides predefined template of defense configuration
  • Predefined prevention configuration

 

Threat Protection

  • Breach Detection
    • Near real-time breach detection (seconds/minutes)
    • Detailed description and severity of malware closely resembling attack
    • Pcap files and log files provide corroborating evidence
    • Confidence level provides certainty of attack
    • Supports inspection of encrypted tunneling traffic for unknown applications
  • Network Behavior Analysis
    • L3-L7 baseline traffic compared to real-time traffic to reveal anomalous network behavior
    • Built-in mitigations technologies include: session limits, bandwidth limits and blocking
    • Graphical depiction of anomalous behavior compared to baseline and upper and lower thresholds
    • Slow-drip DDoS inspection
  • Network Risk Index quantifies the threat level of the network based on the aggregate host index
  • Host Risk Index quantifies the host threat level based on attack severity, detection method, and confidence level
  • Over 1.3 million AV signatures
  • Botnet server IP blocking with global IP reputation database
  • DGA-based C&C inspection
  • Flow-based Antivirus: protocols include HTTP, SMTP, POP3, IMAP, FTP/SFTP
  • Flow-based web filtering inspection
  • Manually defined web filtering based on URL, web content and MIME header
  • Dynamic web filtering with cloud-based real-time categorization database: over 140 million URLs with 64 categories (8 of which are security related)
  • Additional web filtering features:
    • Filter Java Applet, ActiveX or cookie
    • Block HTTP Post
    • Log search keywords
    • Exempt scanning encrypted connections on certain categories for privacy
  • Web filtering profile override: allows administrator to temporarily assign different profiles to user/group/IP
  • Web filter local categories and category rating override
  • Proxy avoidance prevention: proxy site category blocking, rate URLs by domain and IP address, block redirects from cache & translation sites, proxy avoidance application blocking, proxy behavior blocking (IPS)
  • Provide visual details of risky host across the kill chain

 

Application Control

  • Over 3,000 applications that can be filtered by name, category, subcategory, technology and risk
  • Each application contains a description, risk factors, dependencies, typical ports used, and URLs for additional reference
  • Actions: block, reset session, monitor, traffic shaping
  • Identify and control applications in the cloud
  • Provide multi-dimensional monitoring and statistics for applications running in the cloud, including risk category and characteristics

 

High Availability

  • Redundant heartbeat interfaces
  • Active/Passive
  • Standalone session synchronization
  • HA reserved management interface
  • Failover:
    • Port, local & remote link monitoring
    • Stateful failover
    • Sub-second failover
    • Failure notification
  • Deployment Options:
    • HA with link aggregation
    • Full mesh HA
    • Geographically dispersed HA

 

Administration

  • Management access: HTTP/HTTPS, SSH, telnet, console
  • Central Management: Hillstone Security Manager (HSM), web service APIs
  • System Integration: SNMP, syslog, alliance partnerships
  • Rapid deployment: USB auto-install, local and remote script execution
  • Dynamic real-time dashboard status and drill-in monitoring widgets
  • Identify and monitor user OS and web browser
  • Language support: English

 

Logs & Reporting

  • Logging facilities: local memory and storage (if available), multiple syslog servers and multiple Hillstone Security Audit (HSA) platforms
  • Encrypted logging and log integrity with HSA scheduled batch log uploading
  • Reliable logging using TCP option (RFC 3195)
  • Detailed traffic logs: forwarded, violated sessions, local traffic, invalid packets
  • Comprehensive event logs: system and administrative activity audits, routing & networking, VPN, user authentications, WiFi related events
  • IP and service port name resolution option • Brief traffic log format option

 

SSL Decryption

  • Inspect SSL encrypted traffic
  • Support IPS enablement for SSL encrypted traffic
  • Support AV enablement for SSL encrypted traffic
  • Support URL filter for https encrypted traffic

 

 

Parametry
40Gbps GbpsFW Propustnost
28GbpsIPSec Propustnost
9.5GbpsAntivir Propustnost
18GbpsIPS Propustnost
6MMaximum Concurrent Sessions (Standard/Max.)
20,000IPSec Tunnel Number
10,000Maximum SSL VPN Users
450KNew Sessions/sec(HTTP)

červeně jsou označeny povinné součásti produktu


Pro sjednání služby kontaktujte: info@proficomms.cz



ShopCentrik - shop, eShop, e-shop, B2C, B2B

© 2014  PROFIcomms s.r.o. Olomoucká 91, 627 00 Brno

MAPA STRÁNEK