SVN3000 Security Access Gateway SSL/IPSec VPN Access Gateway

Download (0)

Full text

(1)

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

HUAWEI TECHNOLOGIES CO., LTD.

With the development of across-region services and establishment of enterprise branches, remote office has seen increasing demand. Thus, interconnections between branches and secure access for employees become urgent issues. Moreover, due to extensive cooperation, network interconnections among enterprises, suppliers, and customers, as well as role-based access control are indispensable.

As dedicated VPN gateways, Huawei SVN series delivers flexible

access control with fine granularity and reliable performance, comprehensively safeguarding enterprises, especially their core applications and sensitive data. Based on these features, the SVN3000 not only provides secure, easy-to-use, easy-to-manage, and mobile PC-based remote SSL VPN access to enterprise information systems for employees on business trips, SOHO staff, partners, and customers, but supports establishing IPSec VPN tunnels with remote gateways as well.

SVN3000

Product Features

Integrated SSL/IPSec VPN gateway — adapting

to various scenarios

The SVN3000 not only allows terminals to securely perform ■

remote clientless (SSL VPN) access to intranet resources through standard Web browsers, but also supports building IPSec tunnels between branches for interconnection. The SSL VPN and IPSec VPN can be enabled at the same time to accommodate to different scenarios.

Advanced service support capability — realizing

fine-granularity access control over diversified

services

The SVN3000 supports comprehensive remote access to intranet ■

applications, remote terminals' instant application access through Web, and access to various applications, such as the Web server, file sharing, Notes, Exchange, FTP, Oracle, Telnet, SSH, RDP, and VNC, bringing unprecedented scalability to enterprise applications. To satisfy the rapid development of new service

applications in the future, the SVN3000 provides VPN tunnels for all-service access.

Comprehensive authentication support

SVN3000 Access Gateway supports user name and password-based ■

authentication and authorization, also supports the mainstream of authentication and authorization platform, such as: Radius, LDAP, SecurID, X.509 digital certificates, USBKEY + digital certificates, largely reducing support and maintenance costs, greatly saving the user’s investment and facilitates the administrator of configuration and management,. At the same time, SVN3000 provides system log, administrator log and user access log, supports log classification and real-time view and export, to facilitate the administrator of the external analysis and audit logs.

Convenient deployment and management

SVN3000 provides a rich user-friendly WebUI management ■

(2)

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

supportS real-time monitoring and management, administrators can complete user configuration and resource allocation of SSL VPN service through the Web management interface. As a professional secure access gateway, SVN3000 supports command-line management and SNMP.

Industry-leading virtual gateway technologies

— achieving independent management and

operation for different systems

The SVN3000 adopts industry-leading virtual gateway ■

technologies, through which enterprises can establish independent SSL VPN systems for various departments, thus preventing mutual access between systems and implementing

independent management. Furthermore, carriers can employ virtual gateways to provide independent VPN services for different enterprises, realizing VPN operation. A single SVN3000 provides up to 128 virtual SSL VPN gateways.

High reliability Secure access gateway

SVN3000 Access Gateway security based on Huawei's high-■

reliability hardware platform, specific real-time operating system, professional VRP platform, provides superior performance and greater system security than traditional VPN service platform built with general-purpose system. SVN3000 offers standard dual power supply configuration, supports hot standby network , and is the best choice to build highly reliable VPN service network.

Application Scenarios

Enterprise headquarters Branch

Internet

SVN3000 Branch RADIUS & CA

Mobile access user VPN Manager

Intranet

SSL VPN IPsec VPN

(3)

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

Product Specifications

Model SVN3000

Performance and Capacity

Maximum number of concurrent users 2000

Maximum number of concurrent connections 12000

SSL throughput 100 Mbps

Maximum number of concurrent IPSec tunnels 500

IPSec throughput 260 Mbps

Extension and I/O

Fixed interface Three 10/100/1000 M optical/electrical (mutually exclusive) interfaces and one console port

Extension slot 2 (supporting 2GE interface card and encryption card)

Function

Web proxy Enable clientless access to intranet Web resources through standard browsers;

Provide proxy for access to Web applications, such as intranet Web sites and emails.

Port forwarding

Support extensive C/S applications;

Enable employees on business trips and remote maintenance personnel to access intranet application resources (requiring no client) through various intranet TCP applications, such as Telnet, RDP, SSH, VNC, Notes, Email, FTP, and Oracle.

Network extension

Support all IP address-based intranet applications and entire-intranet access, thereby adapting to various enterprises' complicated applications;

Provide three tunneling modes, namely, full-tunnel, split-tunnel, and manual-tunnel. File sharing

Support intranet CIFS (Windows) and NFS (Linux) file systems;

Enable remote users to securely access intranet file systems and operate shared intranet files/directories as easily as implementing operations on local computers, achieving file-level resource authorization.

Virtual gateway

Provide up to 128 virtual gateways through a single device, with each virtual gateway serving as a logically independent SVN3000;

Support configuring users, resources, administrators, and access policies;

Realize independent access systems for different user groups of one enterprise or different enterprises from carriers' perspective.

Identity Authentication

VPNDB authentication

Establish the local user database on the SVN3000 to store user names and passwords of up to 30000 users;

Require no additional authentication servers, thus reducing investment and facilitating rapid deployment.

External authentication

Support third-party authentication servers (such as RADIUS, LDAP, and AD servers), which can seamlessly interwork with the existing authentication systems of enterprises, realizing centralized management on access users and protecting enterprises' original investment.

Certificate authentication

Support X.509v3 digital certificates and certificates issued by third-party Certificate Authorities (CAs); Attain certificate validity information in real time from external authentication servers through the Online Certificate Status Protocol (OCSP) or Certificate Revocation List (CRL);

Store certificates in USB key medium to tremendously improve the security of system access. Dynamic password authentication Authenticate user identities based on accounts, PIN codes (static passwords), and dynamic token

passwords, thus accomplishing dual-factor authentication. Access Control

(4)

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

Model SVN3000

VPNDB authorization Adopt the local database on the SVN3000 to control users' permissions, reducing investment and facilitating deployment.

External group mapping authorization

Support external authorization systems (RADIUS and LDAP);

Realize unified authorization by mapping user group information on external authorization servers to the SVN3000 and integrating with existing authorization systems.

Access control policy

Control access permissions with fine granularity, allowing specific users to access only authorized resources;

Support access control based on URLs, IP addresses, ports, and permit/deny policies to guarantee legitimate users' authorized operations and better safeguard enterprises' application systems. EPS

Terminal security check

Implement access control based on detection over firewall and anti-virus software, operating system versions and patches, registries, specific files, specific ports, and application processes of terminals, thus preventing hidden intranet threats.

Access history clearing

Clear the browser cache, cookies, accounts/passwords, document lists, and history records generated during users' access to intranets through VPNs, thus preventing the disclosure of enterprise applications or individual information.

Adaptive policy Flexibly grant users appropriate permissions based on the security status of terminals.

Terminal binding Bind user accounts with terminals, allowing remote users to access intranets only through specific terminals, and ensuring that terminals are trustworthy and secure.

Management

Web UI (HTTP/HTTPS) Provide intuitive GUI and rich help information, ensuring operability, simplifying configuration management, and improving the working efficiency of administrators.

CLI Support CLI-based configuration management after the login through the console port, suiting

differentiated operation habits of administrators.

Individualized portal interface Comprehensively customize the login interface, making its style consistent with that of enterprises' Web sites and demonstrating individualized enterprise cultures.

Hierarchical management system

Support management based on hierarchical and categorized administrators: Administrators can be divided into two categories, namely, system administrator and virtual gateway administrator; each category consists of two levels, that is, super administrator and common administrator;

Grant administrators differentiated management permissions, so that they can view only authorized information and security is ensured.

User group and role-based management

Support management based on either single users or user groups, and binding of user groups and roles; Flexibly manage users based on their roles by assigning the roles with different security policies and resources.

Log auditing

Offer a wide range of logs, covering user logs, administrator logs, and system logs;

Log online and offline time and operations of users/administrators and system running status; Export syslogs to external log servers in real time.

Data Encryption

All-data flow encryption Encrypt all data traveling from the terminal to the SVN3000, thus preventing interception and malicious modification on the Internet and ensuring information confidentiality.

Cryptographic algorithm

Support extensive cryptographic algorithms, including encryption algorithms (3DES\DES, RC4, and AES), public key algorithms (RSA), and message algorithms (MD5 and SHA-1), to forcibly encrypt transmitted data and ensure the security and integrity of data during transmission.

Hardware encryption card Improve encryption efficiency and performance through dedicated hardware encryption cards, facilitating user experience.

(5)

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

Model SVN3000

Multiplexing Intelligently identify the best line to accelerate remote users' access, effectively solving problems (long delay and low bandwidth) of across-network access.

Reliability and Scalability Carrier-class hardware platform

Utilize Huawei dedicated high-reliability carrier-class hardware and VRP platforms and take device running conditions into consideration to adapt to various environments and maximally prevent losses caused by hardware faults.

Robust software system Employ the dedicated real-time operating system as the core component to prevent various unreliable factors, such as the vulnerabilities of universal operating systems and virus attacks.

Power module redundancy Adopt the particular dual power supplies for a single device, thus realizing hot backup of power supply modules and ensuring high reliability.

Dual-system hot backup Prevent single-point faults to ensure smooth service switchover and link reliability. Dimensions, Power Supply, and Operating Environment

Dimensions (W×H×D) 436mm×420mm×44.45mm Weight 6.0 kg AC power supply 100 V to 240 V, 50/60 Hz DC power supply 48 V to 60 V Power consumption 60 W Ambient temperature 0oC to 40oC

Ambient humidity 5% to 90%, non-condensing

Authentication Security authentication Y EMC authentication Y CB authentication Y RoHS Y FCC Y WEEE Y CE-CERT Y UL Y IC Y VCCI Y

(6)

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

SVN3000 Security Access Gateway

SSL/IPSec VPN Access Gateway

Copyright © Huawei Technologies Co., Ltd. 2011. All rights reserved. General Disclaimer

The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Industrial Base Bantian Longgang Shenzhen 518129, P.R. China Tel: +86-755-28780808 Version No.: M3-110019999-20110805-C-1.0 www.huawei.com

Figure

Updating...

References

Related subjects :