®
ProSafe
802.11g Wireless VPN Firewall 8 with 8-port 10/100 Mbps Switch
How a Firewall Processes a Packet
Technical Specifications
•
System Requirements
–
Cable, DSL, satellite or wireless
broadband modem and internet service
–
Ethernet connectivity from
broadband modem
–
Network card for each connected PC
–
Network software (e.g. Windows)
–
Internet Explorer 5.0 or higher or
Netscape Navigator 7.2 or higher
–
Compatible with IE 7.0 and
Windows
Vista™
®
•
Wireless
–
Standards: IEEE 802.11g, 54 Mbps,
Super-G technology up to 108 Mbps
–
Antenna: (1) 5dBi, detachable
•
Physical Interfaces
–
SLAN ports: Eight (8) 10/100Mbps
auto-sensing, Auto Uplink™ RJ-45 ports
–
WAN port: 10/100 Mbps Ethernet
RJ-45 port to connect to any broadband
modem, such as DSL or cable
•
Security Features
–
SPI firewall: Stateful packet inspection
(SPI) to prevent notorious denial-
of-service (DoS) attacks, intrusion
detection system (IDS) including
logging, reporting and email alerts,
address, service and protocol, Web
URL keyword filtering, prevent replay
attack (reassembly attack), port/service
blocking. Advanced features include
block Java/URL/ActiveX based on
extension, FTP/SMTP/RPC
program filtering.
H ow t h e F i r e wa l l Pr oc es ses a Packet
Corporate
Entering Firewall
–
VPN functionality: Eight (8) dedicated
VPN tunnels, Manual key and Internet
Key Exchange Security Association
(IKE SA) assignment with pre-shared
key and RSA/DSA signatures, key life
and IKE lifetime time settings, perfect
forward secrecy (Diffie-Hellman
groups 1 and 2 and Oakley support),
operating modes (main, aggressive,
quick), fully qualified domain name
(FQDN) support for dynamic IP
address VPN connections.
–
IPsec support: IPsec-based 56-bit
(DES), 168-bit (3DES), or 256-bit
(AES) encryption algorithm, MD5 or
SHA-1 hashing algorithm, AH/AH-ESP
support, PKI features with X.509 v.3
certificate support, remote access VPN
(client-to-site), site-to-site VPN, IPsec
NAT traversal (VPN pass-through)
–
Mode of operation: Many-to-one NAT
(LAN to WAN), classical routing,
unrestricted users per port
–
IP address assignment: Static IP
address assignment, internal DHCP
server on LAN, DHCP client on WAN,
PPPoE client support
•
Performance Features
–
Throughput: Up to 12.5 Mbps
WAN-to-LAN, up to 1.2 Mbps for 3DES
•
Management Features
–
Administration interface: SNMP (v2c)
support, Web graphic user interface,
Secure Sockets Layer (SSL)-enabled
remote management, user name and
password protected; secure remote
management support authenticated
through IP address or IP address range
and password; configuration changes/
upgrades through web GUI.
Leaving Firewall
Packet Processed
Against SPI
Stateful Packet
Inspection
Algorithm
Randomize Port Numbers
Connection Information
Stateful Inspection
Processing Inbound and
Outbound rules
Internet
–
Configuration and upgrades: Upload
and download configuration settings,
field upgradeable flash memory
•
Functions
–
VPN Wizard to simplify configuration
of the VPN, Smart Wizard to
automatically detect ISP Address type
(static, dynamic, PPPoE), port range
forwarding, port triggering, exposed
host (DMZ), enable/disable WAN Ping,
DNS proxy, MAC address cloning/
spoofing, Network Time Protocol NTP
support, keyword content filtering,
email alerts, DHCP server (info and
display table), PPPoE login client
support, WAN DHCP client, diagnostic
tools (ping, trace route, other), port/
service/MAC address blocking,
Auto-Uplink on switch ports
•
Protocol Support
–
Network: IP routing, TCP/IP , UDP ,
ICMP , PPPoE
–
IP addressing: DHCP (client and server)
–
Routing: RIPv1, RIPv2 (static routing,
dynamic routing)
–
VPN/security: IPsec (ESP , AH), MD5,
SHA-1, DES, 3DES, IKE, PKI, AES
•
User Support
–
LAN: Up to 253 users
–
WLAN: Up to 64 users
•
Maintenance
–
Save/restore configuration, restore
defaults, upgrades via web browser,
display statistics
FVG318