Alcatel Security Management Server (SMS) Release 9.4 Manual de usuario Pagina 3
- Pagina / 6
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Alcatel-Lucent VPN Firewall Brick 1200 Security Appliance | Data Sheet 3
• Nested zone rule sets for common
firewall policies for all VPN
Firewall Brick security appliances
in the zone
• Link aggregation
• Mobile VPN Firewall Brick using
integrated DHCP client
Services supported
• BOOTP, HTTP, IRC, Netstat, POP3,
SNMP, TFTP, PPTP, DNS, HTTPS,
Kerberos, NNTP, RIP, SSH, who,
RADIUS, EIGRP, Ident, LDAP, NTP,
RIP2, Syslog, Shell, X11, Exec,
GMP, login, OSPF, rlogin, Telnet,
Talk, H.323, SIP, FTP, IMAP,
Mbone, Ping, RSH, Traceroute,
IBM
®
Lotus
®
Notes
®
, Alcatel-Lucent
OmniPCX
™
New Office Environment
(NOE), Gopher, IPSec, NetBIOS,
Pointcast, MTP, Oracle
®
SQL*Net
• Any IPv4 protocol (user-definable)
• Any IPv4 protocol + layer-4 ports
(user-definable)
• Support for non-IP protocols as
defined by service access point
(SAP)/Ethertype
Layer-7 application support
• Application filter architecture
supports layer-7 protocol inspection
(deep packet inspection) for
command and protocol validation,
protocol anomaly detection,
dynamic channel pinholes
and application-layer address
translation. Application filters
include HTTP, FTP, RPC, TFTP,
H.323/H.323 RAS, SMTP, Oracle
SQL*Net, NetBIOS, ESP, DHCP
Relay, DNS, GTP, SIP, RTSP and
Alcatel-Lucent OmniPCX NOE.
Firewall attack detection
and protection
• Generalized zero-day anomaly-
based flood protection with
patent-pending intelligent cache
management protection
• SYN flood protection to specifi-
cally protect inbound servers
(for example, Web servers)
from inbound traffic
• Transmission Control Protocol
(TCP) SYN floods
• Strict TCP validation to ensure
TCP session state enforcement,
validation of sequence and
acknowledgement numbers
• Rejection of bad TCP flag
combinations
• Initial sequence number (ISN)
rewriting for weak TCP stack
implementations
• Fragment flood protection with
robust fragment reassembly
ensures no partial or overlapping
fragments are transmitted
• Generalized IP packet validation
including detection of malformed
packets
• DoS mitigation for over 190 DoS
attacks, including ping of death,
land attack, tear drop attack, etc.
• Drops bad IP options as well as
source route options
• Connection rate limits to minimize
effects of new attacks
QoS/bandwidth management
• Classified by physical port, virtual
firewall, firewall rule, session
bandwidth guarantees – Into and
out of virtual firewall, allocated in
bits/second
• Bandwidth limits – Into and out
of virtual firewall, allocated in
bits/second, packets/session,
sessions/second
• Type of service (ToS)/differentiated
services (DiffServ) marking and
matching
• Integrated with application-layer
filters
Content security
• HTTP filter keyword support
integrated with HTTP
• Application filter
• Basic content filtering with
configurable whitelist/blacklist
and content keyword matching
• URL redirection for blacklist sites
• Rules-based routing feature for
HTTP, SMTP and FTP features
(Alcatel-Lucent SMS R 9.2 or later)
¬ Interoperates with all third-party
antivirus, antispam, and content
filtering systems
¬ Redirects only protocol-specific
packets to third-party systems
performing antivirus, antispam,
and content filtering services
• Application-layer protocol command
recognition and filtering
• Application-layer command line
length enforcement
• Unknown protocol command
handling
• Extensive session-oriented
logging for application-layer
commands and replies
• Hostile mobile code blocking (Java
™
technology, ActiveX
®
controls)
Firewall user authentication
• Browser-based authentication
allows authentication of any
user protocol
• Built-in internal database –
10,000 user limit
• Local passwords, RADIUS, SecurID
• User-assignable RADIUS attributes
• Certificate authentication
VPN
• Maximum number of dedicated
VPN tunnels – 7500
• Manual key, IKEv1, IKEv2,
DoD PKI, X.509
• 3DES (168-bit), DES (56-bit)
• AES (128-, 192-, 256-bit)
• SHA-1 and MD5 authentication/
integrity
• Replay attack protection
• Remote access VPN
• Site-to-site VPN
• IPSec NAT traversal/User Datagram
Protocol (UDP) encapsulated IPSec
• IKEv2 IPSec NAT traversal and
dead peer detection
• LZS compression
• Spliced and nested tunneling
• Fully meshed or hub-and-spoke
site-to-site VPN
VPN authentication
• Local passwords, RADIUS, SecurID,
X.509 digital certificates
• Public key infrastructure (PKI)
certificate requests (PKCS 12)
• Automatic Lightweight Directory
Access Protocol (LDAP) certificate
retrieval
• DoD PKI
High availability
• VPN Firewall Brick 1200 security
appliance to VPN firewall
• VPN Firewall Brick 1200 security
appliance active/passive failover
with full synchronization
• 400-ms device failure detection
and activation
• Session protection for firewall,
VoIP and VPN
• Link failure detection
• Alarm notification on failover
• Encryption and authentication of
session synchronization traffic
• Self-healing synchronization links
• Pre-emption and IP tracking for
improved health state checking
• Seamless system upgrade with
no downtime for redundant
deployments
Diagnostic tools
• Out-of-band debugging and
analysis via serial port/modem/
terminal server
• Centralized, secure remote console
to any VPN Firewall Brick 1200
• Supports ping, traceroute,
and packet trace with filters
• Remote VPN Firewall Brick 1200
security appliance bootstrapping
• Real-time log viewer analysis tool
• Java-based navigator for remote
access to management system
Three-tier management
architecture
• Centralized, carrier-class, active/
active management architecture
with Alcatel-Lucent SMS software
• Secure VPN Firewall Brick to
Alcatel-Lucent SMS communications
with Diffie-Hellman and 3DES
encryption, SHA-1 authentication
and integrity and digital certificates
for VPN Firewall Brick 1200 security
appliance/Alcatel-Lucent SMS
authentication
• Up to 100 simultaneous admin-
istrators securely managing all
aspects of up to 20,000 VPN
Firewall Brick 1200 units in a
hierarchical management cluster
• Secure, reliable, redundant,
real-time alarms, logs, reports
Certifications
• ICSA Labs v4.1 firewall certified
• ICSA Labs IPSec 1.3 certified
• EAL-4 certified (Certification
based on VPN Firewall Brick 1200
Release 2 platform. Current VPN
Firewall Brick 1200 Release 3
platform pending certification.)
• Federal Information Processing
Standards (FIPS) 140-2 certified
(Certification based on VPN
Firewall Brick 1200 Release 2
platform. Current VPN Firewall
Brick 1200 Release 3 platform
pending certification.)
• Network Equipment Building
system (NEBS) Level 3 (compliant
with Telcordia GR-1089-CORE and
GR-63-CORE) in process for Brick
1200 Release 3
Relacionado con productos y manuales para Servidores Alcatel Security Management Server (SMS) Release 9.4
Servidores Alcatel OmniTouch UC Guía de instalación
(68 paginas)
(68 paginas)
Servidores Alcatel OmniPCX Manual de usuario
(4 paginas)
(4 paginas)
Servidores Alcatel OmniTouch Manual de usuario
(29 paginas)
(29 paginas)
Servidores Alcatel OmniPCX Manual de usuario
(12 paginas)
(12 paginas)
Servidores Alcatel OmniTouch UC Manual de usuario
(68 paginas)
(68 paginas)
Servidores Alcatel T.38 Manual de usuario
(3 paginas)
(3 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.095 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales