Lucent VPN Firewall Portfolio

(1)

(2)

Benefits

• Deploy robust security safeguards enterprise-wide

• Implement large-scale VPN support with high-performance packet processing

• Streamline firewall deployment, configuration and management

• Leverage high-availability bandwidth management for consistent service quality

• Sustain business continuity with carrier-class reliability and availability

• Keep total ownership costs low

Lucent VPN Firewall Portfolio

Protect your enterprise

with innovative network

security solutions

Optimize IT staff time and effort –

(3)

2 Complete, cost-effective solutions for

network security, VPN, service-quality

assurance and more

The Lucent VPN Firewall portfolio offers a broad

range of enterprise-class security solutions to protect

corporate networks and deliver mission-critical IP

applications to headquarter employees, branch offices,

trading partners, road warriors and customers.

VPN Firewall solutions can stretch IT budgets with

superb price/performance and low total ownership

costs. Leading-edge technology with timesaving,

work-saving features help maximize IT staff resources.

And ample flexibility, availability and scalability can

simplify deployment and management of diverse

applications including:

• Advanced security

• Site-to-site and remote access VPN

• Bandwidth management (service quality assurance)

• Mobile data

• Storage network security

• Secure intranets and extranets

• Shared Internet connectivity

The Lucent VPN Firewall Portfolio for Enterprises forms

a unique 3-tier security architecture and includes:

•

VPN Firewall Brick®_platforms

_{– Security appliances that}

integrate deep packet inspection firewall functionality

with advanced VPN capabilities for small-office

through data-center requirements

•

Lucent Security Management Server (LSMS)

– Software

for robust, tightly synchronized firewall, VPN, service

quality, VLAN and virtual firewall policy management.

•

Lucent IPSec Client

– Software that provides secure

remote access VPN services for mobile workforce

and telecommuters.

Deploy robust security

safeguards enterprise-wide

Unlike many competitive products, VPN Firewall

Brick

®

_{platforms are built as security-specific devices.}

In contrast to traditional router-based systems, they

operate as intrinsically secure Ethernet-layer bridges

that are virtually invisible to hackers scanning your

network. Completely segregated from the routing

process, these security appliances are not vulnerable to

dynamic routing protocol attacks. In many instances,

they are undetectable by any device not on the same

network segment, protecting enterprises with a high

level of stealth security.

Reinforcing this depth of defense is the platforms’

innovative, Bell Labs-developed operating system,

a compact real-time kernel with built-in security

features. Far less easily compromised than

general-purpose operating systems running on server

platforms, this exceptionally thin system eliminates

most points of vulnerability. As a result, VPN Firewall

Brick

®

_{platforms have no security-threatening back}

doors, no Computer Emergency Response Team

(CERT

®

_{) advisories or reported vulnerabilities.}

LSMS software adds exposure-limiting safeguards

including strong IP-specific denial-of-service attack

protection, premium firewall and VPN authentication

services, application-layer defense and content-level

security including command blocking, URL blocking

and virus scanning.

VPN Firewall Brick®_{platforms deliver bullet-proof security and comprehensive, high-performance VPN capabilities for} enterprise environments ranging from small offices to large data centers.

IPSec Client 6.0

• Easy to use IPSec w/IKE • Auto policy download • Stateful Firewall • Client “status logs” • Managed client option • Interoperable w/full portfolio VPN Firewall Brick®₂₀ • (3) 10/100 ports • 100 Mbps firewall • 3 Mbps 3DES • 1,000 sessions • 55 VPN tunnels • 20 virtual firewalls VPN Firewall Brick®₈₀ • (4) 10/100 ports • 190 Mbps firewall • 11 Mbps 3DES • 30,000 sessions • 200 VPN tunnels • 80 virtual firewalls VPN Firewall Brick®₁₅₀ • (4) 10/100 ports • 330 Mbps firewall • 127 Mbps 3DES • 300,000 sessions • 1,000 VPN tunnels • 150 virtual firewalls VPN Firewall Brick®₃₅₀ • (7) 10/100 ports • (1) 10/100/1000 port • 787 Mbps firewall • 404 Mbps 3DES** • 1,000,000 sessions • 5,400 VPN tunnels • 300 virtual firewalls VPN Firewall Brick®₅₀₀ • (14) 10/100 ports • 1 GigE port • 975 Mbps firewall • 450 Mbps 3DES** • 600,000 sessions • 8,000 VPN tunnels • 500 virtual firewalls Lucent Security Management Server (LSMS)

Software for robust, tightly synchronized firewall, VPN, service quality, VLAN and virtual firewall policy management.

VPN Firewall Brick®₁₁₀₀ • up to (4) GigE Fiber or (13) GigE Copper (7) 10/100 • 3 Gbps firewall • 1 Gbps Fiber or 700 Mbps Copper 3DES** • 4,000,000 sessions • 7,150 VPN tunnels • 1,000 virtual firewalls

Road Warrior SOHO ROBO Small Enterprise Mid Enterprise Mid/Large Large Enterprise

Enterprise Data Center

(4)

3 Implement large-scale VPN support with

high-performance packet processing

VPN Firewall Brick

®

_{platforms deliver the performance}

needed to provide vital security and VPN services for

thousands of enterprise users. High-capacity

packet-processing capabilities help maximize user efficiency

and productivity with up to 1 Gbps VPN throughput

and a full 3 Gbps firewall throughput.

Portfolio-wide scalabilityhelps protect expanding user

populations cost effectively. A single VPN Firewall

Brick

®

_{unit can support up to 4 million simultaneous}

sessions and over 7,000 VPN tunnels. Its highly

efficient operating system contributes to these

outstanding processing capabilities by freeing memory

for session and policy management.

Streamline firewall deployment,

configuration and management

VPN Firewall Brick

®

_{platforms can be installed and}

working at any network location with an IP address.

These flexible bridging firewalls work as quickly as a

physical connection can be made. There’s no need to

re-segment the network, worry about downtime during

network conversion to the new topology or wait as hosts

are directed to a new gateway. LSMS software delivers:

• Sophisticated IP services management capabilities with

low operating costs to manage security, not individual

devices – easy security deployment, management and

maintenance with centrally controlled VPN Firewall

Brick

®

_clients

• Scalability to rapidly provision and manage up to

1,000 VPN Firewall Brick

®

_{platforms and 10,000 IPSec}

Client users from one console – fewer devices to

maintain and fewer people to maintain them

• Seamless integration of firewall, VPN, bandwidth

management, virtual LAN (VLAN) and virtual firewall

policy management – centralized realtime monitoring,

robust logging and customized reporting capabilities

Leverage high-availability

bandwidth management for

consistent service quality

VPN Firewall Brick

®

_{platforms can increase both}

network security and quality of service through

uniquely granular bandwidth management. They

incorporate — at no extra charge — robust

implementation of class-based queuing (CBQ)

technology for committed-rate bandwidth control

and traffic prioritization. Bandwidth limits to help

defend against flood attacks, and bandwidth

guarantees to enhance end-user experiences, are

enforced at the server and user levels. Traffic can

be classified by physical interface, virtual firewall,

policy rule and session, enabling simplified yet

precisely targeted security implementations.

Sustain business continuity with

carrier-class reliability and availability

A high-availability architecture is built into every

component of the Lucent VPN firewall portfolio. There

is no single point of failure solution-wide. All VPN

Firewall Brick

®

_{models support native subsecond}

failover to a standby unit. In an outage, services

continue uninterrupted. Out-of-band management

capabilities help ensure continued service even if

communications are lost due to a network outage. For

added reliability, LSMS software — unlike competitive

management systems — can be distributed across

multiple geographically dispersed operations centers

for active/active network redundancy. This enables

immediate disaster recovery in the event of a

catastrophe at the primary management location.

Active/Active Management

VLAN 100

Extranet Server SVLAN 200AP Server Mail VLAN 300Server PuVLAN 400blicServer

VLAN 400 PublicServer _{IP Network} Data Center Services Network-based Services Mobile/IPSec Client Services Centralized Management with LSMS CPE-based Services Existing Router Existing Router Existing Router VPN Firewall Brick®_20/80/150 VPN Firewall Brick®₃₅₀ VPN Firewall Brick®₅₀₀ LSMS LSMS Europe NOC USA NOC VPN Firewall Brick®₁₁₀₀ VPN Firewall Brick®₁₁₀₀ IPSec Client

The VPN Firewall portfolio offers flexible deployment options to suit enterprise network strategies and users’ diverse needs.

(5)

To learn more about our comprehensive portfolio, contact your Lucent Technologies sales representative, authorized reseller or sales agent.

You can also visit our web site at www.lucent.com/security. This document is provided for planning purposes only and does not create, modify or supplement any warranties which may be made by Lucent Technologies relating to the products and/or services described herein. The publication of information contained in this document does not imply freedom from patent or other protective rights of Lucent Technologies or third parties. VPN Firewall Brick is a registered trademark of

Lucent Technologies Inc.

CERT is a registered trademark and service mark of Carnegie Mellon University.

Lucent VPN Firewall Portfolio

Features

•

Full-featured bridging

— enables stealthy,

depth-of-defense security that conventional router-based

firewalls cannot match

•

Advanced security safeguards

— denial-of-service

attack protection; high-speed content security;

premium authentication services; with low

occurrences of reported advisories or vulnerabilities

and no backdoors.

•

High-performance packet processing

— supports up to

4 million simultaneous VPN sessions, 1000 virtual

firewalls, 7000 VPN tunnels

•

Ultra-thin, highly secure operating system

— virtually

impenetrable to hacker attacks; frees memory for

packet processing, policy management

•

Plug-and-play deployment

— implement secure

mission-critical applications without costly,

time-intensive network reconfiguration

•

Low ownership costs

— no ongoing feature-licensing

expenses; easy installation, management and upgrades

save IT staff time and effort; performance,

high-capacity features reduce the need to purchase

additional equipment

•

Simplified management

— unique client/server design;

centralized staging, real-time monitoring and no-touch

management of all VPN, security and service-quality

assurance capabilities via scalable, proven LSMS

•

Virtual firewall and VLAN support

— easily assign and

enforce security policies for diverse user groups

•

Uniquely granular bandwidth management

—

maximize service quality via flexible class-based

queuing (CBQ) technology, server-level and

user-level limits and guarantees

•

Carrier-grade reliability

— native high-availability

architecture with no single point of failure

Keep your total ownership costs low

VPN Firewall solutions efficiently address the need

to contain operations outlays, make efficient use of

in-house technical expertise and protect network

investments. All solution components are built to

interoperate smoothly with existing infrastructure

elements. Introducing them requires no costly

network retrofits.

VPN Firewall Brick

®

_{products cut IT staff hours and}

shortens time-to-service with its full-featured bridging

support. And because it doesn’t run on a

general-purpose operating system, it eliminates the high

costs and time-intensive efforts associated with

OS upgrades and patches.

The performance-proven LSMS security management

solution offers one simple, economical licensing

structure — without costly additional modules or

recurring license fees. Its high-capacity processing

and high-device-count management capabilities help

minimize additional capital-equipment purchases.

And its comprehensive security safeguards

dramatically reduce network vulnerabilities that

consume IT staff time and budget.

(6)

VPN Firewall Brick

®

₁₂₀₀

Security, VPN, VoIP and QoS Gateways

Applications

• Advanced security services

• VPN services for site-to-site and remote access • Bandwidth management capabilities

• VoIP Security

• Secure data center Web and application hosting • Storage network security solution

• Mobile data security

• Packet Data Gateway and Packet Data Interworking Functions for Dual-Mode Wireless/Wifi VPN and VoIP/Data Security • Managed Security Services

• Unlicensed Mobile Access (UMA) and IP Multimedia Subsystem(IMS) Security

Features

• Integrated security platform— Provides high-speed firewall, VPN, QoS, VLAN and virtual firewall capabilities in one configuration

• Industry-leading throughput — Delivers up to 4.75Gbps firewall performance, 1.7Gbps 3DES and AES VPN performance with built-in encryption accelerator cards (EAC), depending on version of Brick®_{1200 platform selected.}

• Innovative security services— Includes advanced distributed denial of service attack protection, latest IKEv2 standards, strong authentication and real-time monitoring, logging and reporting • High capacity— Supports up to 20,000 simultaneous VPN

tunnels, 4,094 VLANs, 1100 virtual firewalls, and 3 million simultaneous sessions (HS version)

• Intrinsically secure, transparent Layer-2 bridge— Outperforms firewalls running on routers, general purpose operating systems or PC servers

• Central staging and secure remote management— Provides integrated control over thousands of VPN Firewall Brick®_units

and Lucent IPSec Client users, from one console, using Lucent Security Management Server (SMS) software

• High-availability architecture— Eliminates any single point of failure

• Proven Secure— No Computer Emergency Response Team (CERT®_{) advisories or reported vulnerabilities}

Benefits

• Higher performance— Deliver an enhanced user experience with up to 1.7Gbps IP VPN throughput, combined with best-in-class bandwidth management — with customer-level, user-level and server-level QoS control

• Low price/performance— Get outstanding security and throughput for less than the per-Mbps price of major competitors

• Low cost of ownership—One configuration supports multiple IP services with no additional or recurring licensing fees

• Flexible deployment— Options include premises- or network-based services with shared or dedicated hardware environments • Economical growth path— You can migrate to advanced

security and VPN services with no added infrastructure investments

• Plug-and-Play interoperability— There’s no need for costly network reconfigurations or on-site support

• Cost-effective business continuity— Take advantage of low priced, full gigabit-rate encryption performance and maintain carrier-class reliability for today’s data-heavy business applications

• Centralized, Scalable, carrier-class management— Centrally manage up to 20,000 VPN Firewall Brick®_{units and 500,000}

Lucent IPSec Client (or 3rd party IPSec client) users with Lucent Security Management Server v9.0 or later.

The Lucent VPN Firewall Brick®_{1200 platforms take data security to new levels by}

providing up to 4.75 Gbps firewall throughput, along with integrated high-speed VPN, VoIP Security, VLAN and virtual firewall capabilities at a breakthough price. With QoS bandwidth management features, built in IDS/DoS protections and high network performance, the VPN Firewall Brick®_{1200 platforms provide solid}

security for large enterprise, data centers and network-edge environments. This carrier-grade IP services platform provides excellent value with low

price/performance and total ownership costs, enabling service providers, government entities and large enterprises to deploy secure IP and VPN services that enhance their business while maximizing returns on their capital investments.

(7)

2 VPN Firewall Brick

®

_{1200 Platforms Technical Specifications}

1.Processor/Memory

3.6 GHz Processor with 2GB of RAM for Brick 1200 HS AC & DC models 3.2 GHz Processor with 1GB of RAM for Brick 1200 AC Model 2.LAN/VPN Interfaces

Brick 1200 HS AC and DC Models:

(14) 10/100/1000-Base-TX ports (6) GigE mini-GBIC SFP ports (1) VPN Encryption Accelerator

Brick 1200 AC Model:

(8) 10/100/1000-Base-TX ports (2) GigE mini-GBIC SFP ports (1) VPN Encryption Accelerator 3.Other Ports

SVGA video, DB9 serial, PS/2 keyboard, 4xUSB 4.Performance

Brick 1200 HS AC or HS DC

Concurrent sessions – 3,000,000 New sessions/second – 45,000

Rules – 30,000 (shared among all virtual firewalls)

Max clear text throughput – 4.75Gbps (1460 byte UDP Packets) Max Clear Text PPS throughput – 2,200,000 pps (78 byte UDP Packets) Max 3DES throughput with hardware encryption acceleration (Brick 1200 HS) – 1.7 Gbps (1460 byte UDP Packets)

Max AES throughput with hardware encryption acceleration (Brick 1200 HS) – 1.7 Gbps (1460 byte UDP Packets)

Brick 1200 AC

Max clear text throughput – 3.0 Gbps (1460 byte UDP Packets) Max Clear Text PPS throughput – 1,750,000 pps (78 byte UDP Packets) Max 3DES throughput with hardware encryption –

1.1 Gbps (1460 byte UDP Packets)

Max AES throughput with hardware encyption – 1.1 Gbps (1460 byte UDP Packets)

5.Virtualization

Maximum number of virtual firewalls – 1100 (Brick 1200 HS AC or DC) Maximum number of virtual firewalls – 500 (Brick 1200 AC) Number of VLANs supported – 4,094

VLAN domains – up to 16 per VLAN trunk

VPN Firewall Brick®_{partitions – allows for virtualization of customer IP}

address range, including support for overlapping IP addresses 6.Modes of Operation

Bridging and/or routing on all interfaces All features supported with bridging IP routing with static routes

802.1Q VLAN tagging supported inbound and outbound on any combination of ports

Layer-2 VLAN bridging

Network Address Translation (NAT) Port Address Translation (PAT) Policy-based NAT and PAT (per rule)

Supports virtual IP addresses for both address translation and VPN tunnel endpoints

PPPoE and DHCP-assignable interface/VLAN addresses Redundant DHCP Relay capabilities

Dynamic registration of mobile VPN Firewall Brick®_{platform address}

for centralized remote management

Nested zone rulesets for common firewall policies for all Bricks®_{in zone.}

Link Aggregation

Mobile Brick- DHCP Client.

7.Services Supported

Bootp, http, irc, netstat, pop3, snmp, tftp, pptp, dns, https, kerberos, nntp, rip, ssh, who, RADIUS, eigrp, ident, ldap, ntp, rip2, syslog, shell, X11, exec, gmp, login, ospf, rlogin, telnet, talk, H.323, SIP, ftp, imap, mbone, ping, rsh, traceroute, lotus notes, VoIP, Gopher, IPSec, netbios, pointcast, mtp, sql*net

Any IP protocol (user definable)

Any IP protocol + layer 4 ports (user definable)

Support for non-IP protocols as defined by SAP/Ethertype 8.Layer-7 Application Support

Application Filter architecture supports Layer-7 protocol inspection for command validation, dynamic channel pinholes and application layer address translation. Application filters include http, ftp, tftp, H.323/H.323 RAS, Oracle SQL*Net, Net BIOS, DHCP Relay, DNS, GTP, and SIP

9.Firewall Attack Detection and Protection

Generalized flood protection extensible to new flood attacks as discovered with patent-pending Intelligent Cache Management Protections from over 190 attacks, including:

SYN flood protection to specifically protect inbound servers, e.g. Web servers, from inbound TCP SYN floods

Strict TCP validation to ensure TCP session state enforcement, validation of sequence and acknowledgement numbers, rejection of bad TCP flag combinations

Initial Sequence Number (ISN) rewriting for weak TCP stack implementations

Fragment flood protection with robust fragment reassembly, ensures no partial or overlapping fragments are transmitted Generalized IP packet validation including detection of malformed packets such as ping of death, land attack, tear drop attack and over 100 other DoS signatures. Drops bad IP options as well as source route options

10.QoS/Bandwidth Management

Classified by Physical Port, Virtual Firewall, Firewall Rule, Session Bandwidth Guarantees – Into and out of Virtual Firewall, allocated in bits/second

Bandwidth Limits – Into and out of Virtual Firewall, allocated in bits/second, packets/session, sessions/second

ToS/DiffServ marking and matching 11.Content Security

HTTP Filter Keyword support integrated with HTTP Application Filter Rules-based routing feature for HTTP, SMTP and FTP features (Lucent Security Management Server v9.1 or later)

– Interoperates with all 3rd party Anti-virus, Content Filtering systems – Redirects only protocol-specific packets to 3rd party systems

performing Anti-virus, Anti-spam, and content filtering services. Lucent Proxy Agent (Lucent Security Management Server v9.0 or earlier) integrates load-shared content security services for: – Application protocol command blocking – HTTP, SMTP, FTP – Virus and Spam scanning

– Content Filtering

Application-layer protocol command recognition and filtering Application-layer command line length enforcement Unknown protocol command handling

Extensive session-oriented logging for application-layer commands and replies

(8)

3

12.Firewall User Authentication

Browser-based authentication allows authentication of any user protocol

Built-in internal database – user limit 10,000 Local passwords, RADIUS, SecurID

User assignable RADIUS attributes Certificate Authentication 13.VPN

Maximum number of dedicated VPN tunnels – Brick 1200 HS AC or DC – 20000

Maximum number of dedicated VPN tunnels – Brick 1200 AC – 10000

Manual Key, IKEv1, IKEv2, DoD PKI, X.509 3DES (168-bit), DES (56-bit)

AES (128, 192, 256-bit)

SHA-1 and MD5 authentication/integrity Replay attack protection

Remote access VPN Site-to-site VPN

IPSec NAT Traversal (UDP encapsulated IPSec) IKEv2 IPSec NAT Traversal and Dead Peer Detection LZS compression

Spliced and nested tunneling Fully meshed or Hub and Spoke 14.VPN Authentication

Local passwords, RADIUS, SecurID, X.509 digital certificates with Entrust CA

PKI Certificate requests (PKCS 12) Automatic LDAP certificate retrieval 15.High Availability

VPN Firewall Brick®_{platform to VPN Firewall Brick}®_platform

active/passive failover with full synchronization 400 millisecond device failure detection and activation

Session protection for firewall, VoIP and VPN Link failure detection

Alarm notification on failover

Encryption and authentication of session synchronization traffic Self-healing synchronization links

Lucent Proxy Agent load sharing supports high availability for content security services

16.Diagnostic Tools

Out of band debugging and analysis via serial port/modem/terminal server

Centralized, secure remote console to any VPN Firewall

Brick®_{platform supporting Ping, Traceroute, Packet Trace with filters}

Remote VPN Firewall Brick®_{platform bootstrapping}

Real-time log viewer analysis tool Lucent Remote LSMS Navigator 17.3-Tier Management Architecture

Centralized, carrier-class, active/active management architecture with Lucent Security Management Server software

Secure VPN Firewall Brick®_{platform to Lucent SMS communications}

with Diffie-Helman and 3DES encryption, SHA-1 authentication and integrity and digital certificates for VPN Firewall Brick®_platform/

Lucent Security Management Server authentication

Up to 100 simultaneous administrators securely managing all aspects of up to 20,000 VPN Firewall Brick®_{units in hierarchical management}

cluster.

Secure, reliable, redundant real-time alarms, logs, reports

18.Certifications

ICSA V3.0A Firewall Certification in process, ICSA V1.0D IPSec Certification in process, FIPS 140-2 Certification in process EAL-4 Certification in process

NEBS™ Level 3 (compliant to Telecordia GR1089-CORE and GR-63-CORE) in process for Brick 1200 HS DC version. 19.Mean Time Between Failure

125,000 hours

20.Dimensions (W x L x H) Est. 19” x 19” x 3.5” (2U)

Est. 48.3 cm x 48.3 cm x 8.9 cm (2U) Rack Mountable per EIA-310 specification Est. Weight: 44 lbs (20 kg)

Est. Shipping Weight: 50 lbs (22 kg) 21.Cooling

Chassis fan (Intake & Exhaust), power supply fans 22.Operating Altitude

Up to 13,123 ft (4,000 m) 23.Environmental

Operating

Normal Operating Temperature: 0 to 40º C Shock: 2.5g at 15 – 20 ms on any axis

Relative humidity: 5–85% at 40 C. (non-condensing) Vibration: 5g at 2 – 200Hz on any axis

Non-Operating

Temperature: -40 to 70º C

Shock: 35g at 15 – 20 ms on any axis

24.Power

AC Models:

Hot Swappable, Internal Dual AC to DC Power Supply: 500W max Auto-ranging: 100 to 240 VAC, 47 to 63 Hz

Consumption: 8A @ 120 VAC; 45A @ 240 VAC

DC Model:

Hot Swappable, Internal Dual DC to DC Power Supply: 500W max Input Range: -40 to -60 VDC

Consumption: 10A @ -48 VDC, 8A@ -60VDC 25.Safety Listings

USA/Canada – Certified to UL®_{60950-1, First Edition}

Canada – CAN/CSA C22.2 No. 60950-1-03 EU – CE, CB Scheme to EN/IEC 60950-1 AS/NZS – 3260

26.EMC Certifications USA – FCC Part 15, Class A Canada – IC-ES003

EU – CE, EN55022/VCC, EN300-386-2, EMC Directive Class A AS/NZS – 3548 CISPR PUB 22

(9)

To learn more, contact your

dedicated Lucent Technologies

representative, authorized reseller,

or sales agent. You can also visit

our Web site at www.lucent.com

This document is provided for planning purposes only and does not create, modify, or supplement any warranties, which may be made by Lucent Technologies relating to the products and/or services described herein. The publication of information contained in this document does not imply freedom from patent or other protective rights of Lucent Technologies or other third parties.

VPN Firewall Brick is a registered trademark of Lucent Technologies Inc. ActiveX is a trademark of Microsoft corporation. Webshield is a trademark of McAfee, Inc Java is a trademark of Sun Microsystems, Inc. NEBS is a trademark of Telcordia Technologies. Pentium is a registered trademark of Intel

Corporation. Solaris is a trademark of Sun Microsystems, Inc. Sun is a registered trademark of Sun Microsystems, Inc. UL is a registered trademark of Underwriter’s Laboratories. X-Stop is a trademark of Log-On Data Corp.

Lucent Security Management Server

and Lucent Proxy Agent

1.Software Requirements

Sun Solaris™2.8, 2.9 or 2.10 on SPARC processors

Microsoft Windows®_{2000 Professional, Windows}®_{2000 Server,}

Windows XP Professional or Windows Server 2003. 2.Hardware Requirements

Sun®_{workstation for Sun Solaris operating system:}

Sun UltraSPARC5 (330MHz processor or better) or better 512MB of system memory (minimium)

Swap space at least as large as system memory

500MB free disk space in file system partition where software is to be installed

50MB free disk space in root partition 1 10/100 Ethernet interface

CD-ROM drive

3.5” floppy drive, USB port and serial port.

Video card capable of supporting 1024x768 resolution (65,535 colors)

Intel®_{-based workstation (for Microsoft Windows}®_{operating systems}

noted above)

400 MHz Pentium®_{Pro processor (minimum)}

512 MB system memory (minimum), higher recommended CD-ROM drive

Swap space at least as large as install system memory 1 GB free space on an NTSF partition

3.5” floppy, USB port and serial port. 1 Ethernet 10/100 card

Ordering Information

1.Lucent VPN Firewall Brick®_{1200 AC Platform}

Part Number 109625772

2.Lucent VPN Firewall Brick®_{1200 HS AC Platform}

3.Lucent VPN Firewall Brick®_{1200 HS DC Platform}

4.Lucent Security Management Server

Available in several configurations to meet your networking requirements.

Contact your Lucent Representative or authorized reseller for details. 5.Lucent Proxy Agent

Included in Lucent Security Management Server software v9.0 or earlier versions.

Lucent Proxy Agent functions replaced with Rules-based routing feature in v9.1 or later versions.

6.Lucent IPSec Client

(10)

VPN Firewall Brick

®

₇₀₀

Security, VPN, VoIP and QoS Gateways

Applications

• Advanced security services

• VPN services for site-to-site and remote access • Bandwidth management capabilities

• VoIP Security

• Secure data center Web and application hosting • Storage network security solution

• Mobile data security

• Packet Data Gateway and Packet Data Interworking Functions for Dual-Mode Wireless/WiFi VPN and VoIP/Data Security • Managed Security Services

• Unlicensed Mobile Access (UMA) and IP Multimedia Subsystem(IMS) Security

Features

• Integrated security platform— Provides high-speed firewall, VPN, QoS, VLAN and virtual firewall capabilities in one configuration

• Industry-leading throughput— Delivers, 1.7 Gbps firewall performance, 425 Mbps 3 DES VPN performance and 350 Mbps AES VPN performance with built-in encryption accelerator cards (EAC)

• Innovative security services— Includes advanced distributed denial of service attack protection, latest IKEv2 standards, strong authentication and real-time monitoring, logging and reporting • High capacity— Supports up to 7500 simultaneous VPN

tunnels, 4,094 VLANs, 350 virtual firewalls, and 1.0 million simultaneous sessions

• Intrinsically secure, transparent Layer-2 bridge— Outperforms firewalls running on routers, general purpose operating systems or PC servers

• Central staging and secure remote management— Provides integrated control over thousands of VPN Firewall Brick®_units

and Lucent IPSec Client users, from one console, using Lucent Security Management Server (SMS) software

• High-availability architecture— Eliminates any single point of failure

• Proven Secure— No Computer Emergency Response Team (CERT®_{) advisories or reported vulnerabilities}

Benefits

• Higher performance— Deliver an enhanced user experience with 425 Mbps IP VPN throughput, 3 DES VPN performance, combined with best-in-class bandwidth management — with customer-level, user-level and server-level QoS control • Low price/performance— Get outstanding security and

throughput for less than the per-Mbps price of major competitors

• Low cost of ownership—One configuration supports multiple IP services with no additional or recurring licensing fees

• Flexible deployment— Options include premises- or network-based services with shared or dedicated hardware environments • Economical growth path— You can migrate to advanced

security and VPN services with no added infrastructure investments

• Plug-and-Play interoperability— There’s no need for costly network reconfigurations or on-site support

• Cost-effective business continuity— Take advantage of low priced, full gigabit-rate encryption performance and maintain carrier-class reliability for today’s data-heavy business applications

• Centralized, Scalable, carrier-class management— Centrally manage up to 20,000 VPN Firewall Brick®_{units and 500,000}

Lucent IPSec Client (or 3rd party IPSec client) users with Lucent Security Management Server v9.0 or later.

The Lucent VPN Firewall Brick®_{700 platforms take data security to new levels by}

providing over 1.7 Gbps firewall throughput, along with integrated high-speed VPN, VoIP Security, VLAN and virtual firewall capabilities at a breakthrough price. With QoS bandwidth management features, built in IDS/DoS protections and high network performance, the VPN Firewall Brick®_{700 platforms provide solid}

security for both mid-size and large enterprise environments. This carrier-grade IP services platform provides excellent value with low price/performance and total ownership costs, enabling service providers, government entities and large enterprises to deploy secure IP and VPN services that enhance their business while maximizing returns on their capital investments.

(11)

2 VPN Firewall Brick

®

_{700 Platforms Technical Specifications}

1.Processor/Memory

2.8 GHz Processor with 512MB of RAM 2.LAN/VPN Interfaces

Brick 700 BASIC Model:

(8) 10/100/1000-Base-TX ports

Brick 700 VPN AC and DC Models:

(8) 10/100/1000-Base-TX ports (1) VPN Encryption Accelerator 3.Other Ports

SVGA video, DB9 serial, PS/2 keyboard, 4xUSB 4.Performance

Max clear text throughput –1.7Gbps (1514 byte UDP Packets) Max Clear Text PPS throughput – 800,000 pps

(78 byte UDP Packets)

Max 3DES throughput with software encryption (Brick 700 Basic) – 110Mbps (1460 byte UDP Packets) Max 3DES throughput with hardware encryption acceleration (Brick 700 VPN) – 425Mbps (1514 byte UDP Packets)

Max AES throughput with software encryption (Brick 700 Basic) – 150Mbps (1514 byte UDP Packets) Max AES throughput with hardware encryption acceleration (Brick 700 VPN) – 350Mbps (1460 byte UDP Packets) 5.Virtualization

Maximum number of virtual firewalls – 350 Number of VLANs supported – 4,094 VLAN domains – up to 16 per VLAN trunk

VPN Firewall Brick®_{partitions – allows for virtualization of customer}

IP address range, including support for overlapping IP addresses 6.Modes of Operation

Bridging and/or routing on all interfaces All features supported with bridging IP routing with static routes

PPPoE and DHCP-assignable interface/VLAN addresses Redundant DHCP Relay capabilities

Dynamic registration of mobile VPN Firewall Brick®_platform

address for centralized remote management

Nested zone rulesets for common firewall policies for all Bricks®_in

zone.

Link Aggregation

Mobile Brick- DHCP Client.

Bootp, http, irc, netstat, pop3, snmp, tftp, pptp, dns, https, kerberos, nntp, rip, ssh, who, RADIUS, eigrp, ident, ldap, ntp, rip2, syslog, shell, X11, exec, gmp, login, ospf, rlogin, telnet, talk, H.323, SIP, ftp, imap, mbone, ping, rsh, traceroute, lotus notes, VoIP, Gopher, IPSec, netbios, pointcast, mtp, sql*net

Any IP protocol (user definable)

Support for non-IP protocols as defined by SAP/Ethertype 8.Layer-7 Application Support

Application Filter architecture supports Layer-7 protocol inspection for command validation, dynamic channel pinholes and application layer address translation. Application filters include http, ftp, tftp, H.323/H.323 RAS, Oracle SQL*Net, Net BIOS, DHCP Relay, DNS, GTP, and SIP

Generalized flood protection extensible to new flood attacks as discovered with patent-pending Intelligent Cache Management Protections from over 190 attacks, including:

SYN flood protection to specifically protect inbound servers, e.g. Web servers, from inbound TCP SYN floods

Fragment flood protection with robust fragment reassembly, ensures no partial or overlapping fragments are transmitted Generalized IP packet validation including detection of malformed packets such as ping of death, land attack, tear drop attack and over 100 other DoS signatures. Drops bad IP options as well as source route options

Bandwidth Limits - Into and out of Virtual Firewall, allocated in bits/second, packets/session, sessions/second

ToS/DiffServ marking and matching 11.Content Security

HTTP Filter Keyword support integrated with HTTP Application Filter

Rules-based routing feature for HTTP, SMTP and FTP features (Lucent Security Management Server v9.1 or later)

– Interoperates with all 3rd party Anti-virus, Content Filtering systems

– Redirects only protocol-specific packets to 3rd party systems performing Anti-virus, Anti-spam, and content filtering services. Lucent Proxy Agent (Lucent Security Management Server v9.0 or earlier) integrates load-shared content security services for: – Application protocol command blocking – HTTP, SMTP, FTP – Virus and Spam scanning

– Content Filtering

Application-layer protocol command recognition and filtering Application-layer command line length enforcement Unknown protocol command handling

(12)

3

User assignable RADIUS attributes Certificate Authentication 13.VPN

Maximum number of dedicated VPN tunnels – 7,500 Manual Key, IKEv1, IKEv2, DoD PKI, X.509

3DES (168-bit), DES (56-bit) AES (128, 192, 256-bit)

IPSec NAT Traversal (UDP encapsulated IPSec) IKEv2 IPSec NAT Traversal and Dead Peer Detection LZS compression

Spliced and nested tunneling Fully meshed or Hub and Spoke 14.VPN Authentication

PKI Certificate requests (PKCS 12) Automatic LDAP certificate retrieval 15.High Availability

VPN Firewall Brick®_{platform to VPN Firewall Brick}®_platform

active/passive failover with full synchronization 400 millisecond device failure detection and activation Session protection for firewall, VoIP and VPN

Link failure detection Alarm notification on failover

16.Diagnostic Tools

Centralized, secure remote console to any VPN Firewall Brick®_{platform supporting Ping, Traceroute, Packet Trace with}

filters

Remote VPN Firewall Brick®_{platform bootstrapping}

Real-time log viewer analysis tool Lucent Remote lucent SMS Navigator 17.3-Tier Management Architecture

Centralized, carrier-class, active/active management architecture with Lucent Security Management Server software

Secure VPN Firewall Brick®_{platform to Lucent SMS communications}

with Diffie-Helman and 3DES encryption, SHA-1 authentication and integrity and digital certificates for VPN Firewall Brick®_platform

/Lucent Security Management Server authentication Up to 100 simultaneous administrators securely managing all aspects of up to 20,000 VPN Firewall Brick®_{units in hierarchical}

management cluster.

18.Certifications

ICSA V3.0A Firewall Certification in process, ICSA V1.0D IPSec Certification in process, FIPS 140-2 Certification in process EAL-4 Certification in process

NEBS™Level 3 (compliant to Telecordia GR1089-CORE and GR-63-CORE) in process for Brick 700 DC version.

19.Mean Time Between Failure 60,000 hours

20.Dimensions (W x L x H) 19” x 19” x 1.75” (1U)

48.3 cm x 48.23 cm x 4.4 cm (1U) Rack Mountable per EIA-310 specification.

Weight: 27 lbs (12.3 kg)

Shipping Weight: 30 lbs (13.6 kg) 21.Cooling

Chassis fans (intake & exhaust), power supply fans 22.Operating Altitude

Up to 13,123 ft (4,000 m) 23.Environmental

Operating

Normal Operating Temperature: 0 to 40º C Shock: 2.5g at 15 – 20 ms on any axis

Non-Operating

Temperature: -40 to 70º C

Shock: 35g at 15 – 20 ms on any axis

24.Power

AC Models:

Internal AC to DC Power Supply: 300W max Auto-ranging: 100 to 240 VAC, 47 to 63 Hz Consumption: 8A @ 120 VAC; 5A @240 VAC

DC Model:

Internal DC to DC Power Supply: 300W max Input Range: -40 to -60 VDC

Consumption: 10A @ -48 VDC, 84A @ -60 VDC 25.Safety Listings

USA/Canada – CSA Certified to UL®_{60950-1, First Edition}

Canada – CAN/CSA C22.2 No. 60950-1-03 EU – CE, CB Scheme to EN/IEC 60950-1 26.EMC Certifications

USA – FCC Part 15, Class A Canada – IC-ES003

EU – CE, EN55022/VCC, EN300-386-2, EMC Directive Class A AS/NZS – 3548 CISPR PUB 22

(13)

To learn more, contact your

dedicated Lucent Technologies

representative, authorized reseller,

or sales agent. You can also visit

our Web site at www.lucent.com

This document is provided for planning purposes only and does not create, modify, or supplement any warranties, which may be made by Lucent Technologies relating to the products and/or services described herein. The publication of information contained in this document does not imply freedom from patent or other protective rights of Lucent Technologies or other third parties.

VPN Firewall Brick is a registered trademark of Lucent Technologies Inc. ActiveX is a trademark of Microsoft corporation. Webshield is a trademark of McAfee, Inc Java is a trademark of Sun Microsystems, Inc. NEBS is a trademark of Telcordia Technologies. Pentium is a registered trademark of Intel Corporation. Solaris is a trademark of Sun

Microsystems, Inc. Sun is a registered trademark of Sun Microsystems, Inc. UL is a registered trademark of Underwriter’s Laboratories. X-Stop is a trademark of Log-On Data Corp.

Lucent Security Management Server

and Lucent Proxy Agent

Sun Solaris™2.8, 2.9 or 2.10 on SPARC processors

Microsoft Windows®_{2000 Professional, Windows}®_{2000 Server,}

Windows XP Professional or Windows Server 2003. 2.Hardware Requirements

Sun®_{workstation for Sun Solaris operating system:}

Sun UltraSPARC5 (330MHz processor or better) or better 512MB of system memory (minimium)

Swap space at least as large as system memory

500MB free disk space in file system partition where software is to be installed

50MB free disk space in root partition 1 10/100 Ethernet interface

CD-ROM drive

3.5” floppy drive, USB port and serial port.

Intel®_{-based workstation (for Microsoft Windows}®_operating

systems noted above)

400 MHz Pentium®_{Pro processor (minimum)}

Swap space at least as large as install system memory 1 GB free space on an NTSF partition

3.5” floppy, USB port and serial port. 1 Ethernet 10/100 card

Ordering Information

1.Lucent VPN Firewall Brick®_{700 Basic Platform}

2.Lucent VPN Firewall Brick®_{700 VPN AC Platform}

3.Lucent VPN Firewall Brick®_{700 VPN DC Platform}

Contact your Lucent Representative or authorized reseller for details.

5.Lucent Proxy Agent

Included in Lucent Security Management Server software v9.0 or earlier versions.

Lucent Proxy Agent functions replaced with Rules-based routing feature in v9.1 or later versions.

Contact your Lucent Representative or authorized reseller for details

(14)

VPN Firewall Brick

®

₁₅₀

Security, VPN, and QoS Gateway

Applications

• Advanced security services

• Site-to-site and remote access VPN services

• Bandwidth management services

• Web/application hosting

• Mobile data services

• Voice over IP (VOIP)

Features

• Integrates high-speed firewall, VPN, QoS, VLAN, and

virtual firewall capabilities in one configuration

• 330 Mbps firewall performance; 127 Mbps 3 Data

Encryption Standard (3DES) VPN performance;

1,000 simultaneous VPN tunnels; 4,094 VLANs;

150 virtual firewalls

• Advanced Encryption Standard (AES) encryption (via

hardware) is available when using LSMS 8.0 or higher

• Hardware assisted encryption with built-in

accelerator chip

• Intrinsically secure, transparent Layer-2 bridge

• Central staging and secure remote management via

Lucent Security Management Server (LSMS) software;

manages thousands of VPN Firewall Brick

®

_{units and}

IPSec Client users from one console

• Advanced distributed denial of service attack protection,

high-speed content security (command blocking, URL

filtering, virus scanning), strong authentication,

real-time monitoring, logging, and reporting

• High-availability architecture: No single point of failure

Benefits

•

Unsurpassed security services

— leverages

state-of-the-art Bell Labs security technology for optimum

performance

•

Low price/high-performance

— significantly lower

price/Mbps than major competitors

•

Low cost of ownership

— one configuration supports

multiple IP services with no additional or recurring

licensing fees; VLAN and virtual firewall support for up

to 150 customers at no additional cost; management

efficiencies reduce staffing and administrative expenses

•

Flexible deployment options

— premises or network

based services with shared or dedicated hardware

environments

•

Economical growth path

— migrate to advanced

security and VPN services with no added infrastructure

investments

•

No-touch Customer Premises Equipment (CPE)

— no

need for costly network reconfigurations, truck-rolls,

or onsite support

•

Enhanced user experiences

— best-in-class bandwidth

management with customer-level, user-level, and

server-level QoS control

•

Assured business continuity

— native high availability,

carrier-class reliability

•

Scalable, carrier-grade management

— central

management of up to 1,000 VPN Firewall Brick

®

_units

and 10,000 Lucent IPSec Client users

Deliver service level-assured advanced security, IP VPN, and bandwidth

management services to enterprise regional and branch office sites.

The carrier-class, VPN Firewall Brick

®

_{150 IP services platform stretches}

investment dollars and lowers total ownership costs by offering a

low price/high-performance solution with service-enhancing,

revenue-building features.

(15)

2 VPN Firewall Brick

®

_{150 Technical Specifications}

1.Processor/Memory

650MHz Celeron Processor with 128 MB of RAM

2.LAN Interfaces

(4) 10/100base TX Ethernet Ports

3.Other Ports

SVGA video, DB9 serial, Parallel, USB (2)

4.Performance

Concurrent sessions – 245,000 New sessions/second – 20,000

Max clear text throughput – 334 Mbps (1514 byte UDP packets) 94,000 pps (78 byte UDP packets)

Max 3DES throughput with hardware encryption acceleration – 127 Mbps (1460 byte UDP packets without LZS compression) 44,000 pps (78 byte, UDP packets)

Hardware Assisted Encryption – Encryption Accelerator module

5.Virtualization

Maximum number of virtual firewalls – 150 Number of VLANs supported – 4,094 VLAN domains – up to 16 per VLAN trunk

VPN Firewall Brick®_{partitions – allows for virtualization of}

customer IP address range, including support for overlapping IP addresses

6.Modes of Operation

Bridging and/or routing on all PPPoE interfaces All features supported with bridging

IP routing with static routes

DHCP-assignable interface/VLAN addresses DHCP Relay capabilities

Dynamic registration of mobile VPN Firewall Brick®_addresses

for centralized remote management

Bootp, http, irc, netstat, pop3, snmp, tftp, pptp, dns, https, kerberos, nntp, rip, ssh, who, RADIUS, eigrp, ident, ldap, ntp, rip2, syslog, shell, X11, exec, gmp, login, ospf, rlogin, telnet, talk, H.323, ftp, imap, mbone, ping, rsh, traceroute, lotus notes, VoIP, Gopher, IPSec, netbios, pointcast, smtp, sql*net Any IP protocol (user definable)

Support for non-IP protocols as defined by DSAP/Ethertype 2

8.Layer-7 Application Support

Application Filter architecture supports Layer-7 protocol inspection for command validation, dynamic channel pinholes and application layer address translation. Application filters include http, ftp, tftp, H.323/H.323 RAS, Oracle SQL*Net, Net BIOS, DHCP Relay, DNS, GTP, SIP

Generalized flood protection extensible to new flood attacks as discovered with patent-pending Intelligent Cache Management SYN flood protection to specifically protect inbound servers, e.g. Web servers, from inbound TCP SYN floods

Fragment flood protection with Robust Fragment Reassembly, ensures no partial or overlapping fragments are transmitted Generalized IP Packet Validation including detection of

malformed packets such as ping of death, land attack, tear drop attack. Drops bad IP options as well as source route options

10.Content Security Lucent

Proxy Agent integrates load-shared content security services for: Application protocol command blocking – HTTP, SMTP, FTP Virus scanning

URL screening

Application-layer protocol command recognition and filtering Application-layer command line length enforcement

Unknown protocol command handling

Hostile mobile code blocking (JAVA, ActiveX)

URL blocking – with 8e6 Technologies’ X-Stop™ Xserver Virus scanning – with Trend Micro’s InterScan™ VirusWall Anti-Virus Security Suite

Bandwidth Limits - Into and out of Virtual Firewall, allocated in bits/second, packets/session, sessions/second

ToS/DiffServ marking and matching

(16)

3

13.VPN

Maximum number of dedicated VPN tunnels – 1,000 Manual Key, IKE, PKI (X.509)

3DES (168-bit), DES (56-bit) AES

IPSec NAT Traversal (UDP encapsulated IPSec) LZS compression

Spliced and nested tunneling

14.VPN Authentication

PKI Certificate requests (PKCS 12) Automatic LDAP certificate retrieval

15.High Availability

VPN Firewall Brick®_{to VPN Firewall Brick}®_{active/passive}

failover with full synchronization

400 millisecond device failure detection and activation Session protection for firewall and VPN

Link failure detection Alarm notification on failover

16.Diagnostic Tools

Centralized, secure remote console to any VPN Firewall Brick®

unit supporting Ping, Traceroute, packet trace with filters Remote VPN Firewall Brick®_{bootstrapping}

Real-time log viewer analysis tool

17.3-Tier Management Architecture

Centralized, carrier-grade, active/active management architecture with Lucent Security Management Server (LSMS) software

Secure VPN Firewall Brick®_{to LSMS communications with}

Diffie-Helman and 3DES and AES encryption, SHA-1 authentication and integrity and digital certificates for VPN Firewall Brick®_{/LSMS authentication}

Up to 100 simultaneous administrators securely managing all aspects of up to 1000 VPN Firewall Brick®_units

18.Certifications

ICSA V4.0 Firewall Certified (pending), ICSA V1.0B IPSec Certified

19.Mean Time Between Failure

218,999 Hrs

Telecordia SR-332 at Standard Reference Conditions.

20.Dimensions (W x L x H)

11” (W) x 7.18” (D) x 1.75” (H) (1U) 27.9 cm x 18.2 cm x 4.5 cm (1U) Rack, Wall, or Table Mountable Weight: 3 lbs. (1.4 Kg) Shipping Weight: 5 lbs. (2.3 Kg) 21.Cooling Chassis fan 22.Operating Altitude Up to 13,123 feet (4,000 m.) 23.Environmental Operating Temperature: 0 to 50 C.

Shock: 2.5g. at 15 – 20 ms on any axis

Relative Humidity: 10 – 95% at 40 C. (non-condensing) Vibration: 5g. at 2 – 200 Hz on any axis

Non-Operating

Temperature: -20 to 70 C.

Shock: 35g. at 15 – 20 ms on any axis

Relative Humidity: 10 – 95% at 40 C. (non-condensing) Vibration: 5g at 2 – 200 Hz on any axis

24.Power

External AC to DC Power Supply: Rated 50W max. Input: CV mode, 100 – 240 VAC, 47 to 63 Hz, 64 watts Typical Consumption: 0.28A @ 115V, 0.14A @ 230V

25.Safety Listings

USA/Canada: CSA Certified to UL®_{60950-1, First Edition}

and CAN/CSA C22.2 No. 60950-1-03 EU: CE, CB Scheme to EN/IEC 60950

26.EMC Certifications

USA: FCC Part 15, Class B Canada: IC-ES003

EU: CE, EN 300-386-2; EN 55022, Class A Japan: VCCI, Class A

(17)

To learn more about our comprehensive portfolio of security products, please contact your Lucent Technologies Sales Representative or visit our web site at www.lucent.com or

www.lucent.com/security.

This document is for planning purposes only, and is not intended to modify or supplement any Lucent Technologies specifications or warranties relating to these products or services. This publication of information in this document does not imply freedom from patent or other protective rights of Lucent Technologies or others. VPN Firewall Brick is a registered trademark of Lucent Technologies Inc. NEBS is a trademark of

Telcordia Technologies, Inc. X-Stop is a trademark of Log-On Data Corp.

InterScan is a registered trademark of Trend Micro, Inc.

Lucent Proxy Agent

Solaris 8

2.Hardware Requirements

Sun workstation

333 MHz Pentium Pro processor (minimum)

1 Ethernet 10/100 card

Ordering Information

1.Firewall Brick®_{150 Basic}

Brick 150 Requires LSMS 7.2.317 or later. AES feature requires LSMS 8.0 or later. See LSMS data sheet for ordering details

3.Lucent Proxy Agent

Included in LSMS software

(18)

VPN Firewall Brick

®

₅₀

Security, VPN, and QoS Gateway

Applications

• Advanced security services

• Site-to-site and remote access VPN services

• Bandwidth management services

• Web/application hosting

• Mobile data services

• Voice over IP (VOIP)

Features

• Integrates high-speed firewall, VPN, QoS, VLAN, and

virtual firewall capabilities in one configuration

• 195 Mbps firewall performance; 75 Mbps 3 Data

Encryption Standard (3DES) VPN performance;

1,000 simultaneous VPN tunnels; 4,094 VLANs;

50 virtual firewalls

• Advanced Encryption Standard (AES) encryption

(via hardware) – 60 Mbps VPN performance

(AES 128, AES 192, AES 256)

• Hardware assisted encryption with built-in

accelerator chip

• Intrinsically secure, transparent Layer-2 bridge

• Central staging and secure remote management via

Lucent Security Management Server (LSMS) software;

manages thousands of VPN Firewall Brick

®

_{units and}

IPSec Client users from one console

• Advanced distributed denial of service attack protection,

high-speed content security (command blocking, URL

filtering, virus scanning), strong authentication,

real-time monitoring, logging, and reporting

• High-availability architecture: No single point of failure

Benefits

•

Unsurpassed security services

— leverages

state-of-the-art Bell Labs security technology for optimum

performance

•

Low price/high-performance

— significantly lower

price/Mbps than major competitors

•

Low cost of ownership

— one configuration supports

multiple IP services with no additional or recurring

licensing fees; VLAN and virtual firewall support for up

to 50 customers at no additional cost; management

efficiencies reduce staffing and administrative expenses

•

Flexible deployment options

— premises or network

based services with shared or dedicated hardware

environments

•

Economical growth path

— migrate to advanced

security and VPN services with no added infrastructure

investments

•

No-touch Customer Premises Equipment (CPE)

— no

need for costly network reconfigurations, truck-rolls,

or onsite support

•

Enhanced user experiences

— best-in-class bandwidth

management with customer-level, user-level, and

server-level QoS control

•

Assured business continuity

— native high availability,

carrier-class reliability

•

Scalable, carrier-grade management

— central

management of up to 20,000 VPN Firewall Brick

®

_units

and up to 500,000 simultaneously connected VPN users

Deliver service level-assured advanced security, IP VPN, and bandwidth

management services to small office and home office locations. The

carrier-class, VPN Firewall Brick

®

_{50 IP services platform stretches}

investment dollars and lowers total ownership costs by offering a

low price/high-performance solution with service-enhancing,

revenue-building features.

To learn more about our comprehensive portfolio of security products, please contact your Lucent Technologies Sales Representative or visit our web site at www.lucent.com or

www.lucent.com/security.

This document is for planning purposes only, and is not intended to modify or supplement any Lucent Technologies specifications or warranties relating to these products or services. This publication of information in this document does not imply freedom from patent or other protective rights of Lucent Technologies or others. VPN Firewall Brick is a registered trademark of Lucent Technologies Inc. UL is a registered trademark of Underwriters Laboratories Inc. Copyright © 2006

Ordering Information

1.Firewall Brick®_{50 Basic}

Brick 50 requires a 9.0 patch release (see http://www.lucent.com/security) See LSMS data sheet for ordering details 3.Lucent Proxy Agent

Included in LSMS software 4.Lucent IPSec Client