SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
HUAWEI TECHNOLOGIES CO., LTD.
With the development of across-region services and establishment of enterprise branches, remote office has seen increasing demand. Thus, interconnections between branches and secure access for employees become urgent issues. Moreover, due to extensive cooperation, network interconnections among enterprises, suppliers, and customers, as well as role-based access control are indispensable.
As dedicated VPN gateways, Huawei SVN series delivers flexible
access control with fine granularity and reliable performance, comprehensively safeguarding enterprises, especially their core applications and sensitive data. Based on these features, the SVN3000 not only provides secure, easy-to-use, easy-to-manage, and mobile PC-based remote SSL VPN access to enterprise information systems for employees on business trips, SOHO staff, partners, and customers, but supports establishing IPSec VPN tunnels with remote gateways as well.
SVN3000
Product Features
Integrated SSL/IPSec VPN gateway — adapting
to various scenarios
The SVN3000 not only allows terminals to securely perform ■
remote clientless (SSL VPN) access to intranet resources through standard Web browsers, but also supports building IPSec tunnels between branches for interconnection. The SSL VPN and IPSec VPN can be enabled at the same time to accommodate to different scenarios.
Advanced service support capability — realizing
fine-granularity access control over diversified
services
The SVN3000 supports comprehensive remote access to intranet ■
applications, remote terminals' instant application access through Web, and access to various applications, such as the Web server, file sharing, Notes, Exchange, FTP, Oracle, Telnet, SSH, RDP, and VNC, bringing unprecedented scalability to enterprise applications. To satisfy the rapid development of new service
applications in the future, the SVN3000 provides VPN tunnels for all-service access.
Comprehensive authentication support
SVN3000 Access Gateway supports user name and password-based ■
authentication and authorization, also supports the mainstream of authentication and authorization platform, such as: Radius, LDAP, SecurID, X.509 digital certificates, USBKEY + digital certificates, largely reducing support and maintenance costs, greatly saving the user’s investment and facilitates the administrator of configuration and management,. At the same time, SVN3000 provides system log, administrator log and user access log, supports log classification and real-time view and export, to facilitate the administrator of the external analysis and audit logs.
Convenient deployment and management
SVN3000 provides a rich user-friendly WebUI management ■
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
supportS real-time monitoring and management, administrators can complete user configuration and resource allocation of SSL VPN service through the Web management interface. As a professional secure access gateway, SVN3000 supports command-line management and SNMP.
Industry-leading virtual gateway technologies
— achieving independent management and
operation for different systems
The SVN3000 adopts industry-leading virtual gateway ■
technologies, through which enterprises can establish independent SSL VPN systems for various departments, thus preventing mutual access between systems and implementing
independent management. Furthermore, carriers can employ virtual gateways to provide independent VPN services for different enterprises, realizing VPN operation. A single SVN3000 provides up to 128 virtual SSL VPN gateways.
High reliability Secure access gateway
SVN3000 Access Gateway security based on Huawei's high-■
reliability hardware platform, specific real-time operating system, professional VRP platform, provides superior performance and greater system security than traditional VPN service platform built with general-purpose system. SVN3000 offers standard dual power supply configuration, supports hot standby network , and is the best choice to build highly reliable VPN service network.
Application Scenarios
Enterprise headquarters BranchInternet
SVN3000 Branch RADIUS & CAMobile access user VPN Manager
Intranet
SSL VPN IPsec VPN
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
Product Specifications
Model SVN3000
Performance and Capacity
Maximum number of concurrent users 2000
Maximum number of concurrent connections 12000
SSL throughput 100 Mbps
Maximum number of concurrent IPSec tunnels 500
IPSec throughput 260 Mbps
Extension and I/O
Fixed interface Three 10/100/1000 M optical/electrical (mutually exclusive) interfaces and one console port
Extension slot 2 (supporting 2GE interface card and encryption card)
Function
Web proxy Enable clientless access to intranet Web resources through standard browsers;
Provide proxy for access to Web applications, such as intranet Web sites and emails.
Port forwarding
Support extensive C/S applications;
Enable employees on business trips and remote maintenance personnel to access intranet application resources (requiring no client) through various intranet TCP applications, such as Telnet, RDP, SSH, VNC, Notes, Email, FTP, and Oracle.
Network extension
Support all IP address-based intranet applications and entire-intranet access, thereby adapting to various enterprises' complicated applications;
Provide three tunneling modes, namely, full-tunnel, split-tunnel, and manual-tunnel. File sharing
Support intranet CIFS (Windows) and NFS (Linux) file systems;
Enable remote users to securely access intranet file systems and operate shared intranet files/directories as easily as implementing operations on local computers, achieving file-level resource authorization.
Virtual gateway
Provide up to 128 virtual gateways through a single device, with each virtual gateway serving as a logically independent SVN3000;
Support configuring users, resources, administrators, and access policies;
Realize independent access systems for different user groups of one enterprise or different enterprises from carriers' perspective.
Identity Authentication
VPNDB authentication
Establish the local user database on the SVN3000 to store user names and passwords of up to 30000 users;
Require no additional authentication servers, thus reducing investment and facilitating rapid deployment.
External authentication
Support third-party authentication servers (such as RADIUS, LDAP, and AD servers), which can seamlessly interwork with the existing authentication systems of enterprises, realizing centralized management on access users and protecting enterprises' original investment.
Certificate authentication
Support X.509v3 digital certificates and certificates issued by third-party Certificate Authorities (CAs); Attain certificate validity information in real time from external authentication servers through the Online Certificate Status Protocol (OCSP) or Certificate Revocation List (CRL);
Store certificates in USB key medium to tremendously improve the security of system access. Dynamic password authentication Authenticate user identities based on accounts, PIN codes (static passwords), and dynamic token
passwords, thus accomplishing dual-factor authentication. Access Control
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
Model SVN3000
VPNDB authorization Adopt the local database on the SVN3000 to control users' permissions, reducing investment and facilitating deployment.
External group mapping authorization
Support external authorization systems (RADIUS and LDAP);
Realize unified authorization by mapping user group information on external authorization servers to the SVN3000 and integrating with existing authorization systems.
Access control policy
Control access permissions with fine granularity, allowing specific users to access only authorized resources;
Support access control based on URLs, IP addresses, ports, and permit/deny policies to guarantee legitimate users' authorized operations and better safeguard enterprises' application systems. EPS
Terminal security check
Implement access control based on detection over firewall and anti-virus software, operating system versions and patches, registries, specific files, specific ports, and application processes of terminals, thus preventing hidden intranet threats.
Access history clearing
Clear the browser cache, cookies, accounts/passwords, document lists, and history records generated during users' access to intranets through VPNs, thus preventing the disclosure of enterprise applications or individual information.
Adaptive policy Flexibly grant users appropriate permissions based on the security status of terminals.
Terminal binding Bind user accounts with terminals, allowing remote users to access intranets only through specific terminals, and ensuring that terminals are trustworthy and secure.
Management
Web UI (HTTP/HTTPS) Provide intuitive GUI and rich help information, ensuring operability, simplifying configuration management, and improving the working efficiency of administrators.
CLI Support CLI-based configuration management after the login through the console port, suiting
differentiated operation habits of administrators.
Individualized portal interface Comprehensively customize the login interface, making its style consistent with that of enterprises' Web sites and demonstrating individualized enterprise cultures.
Hierarchical management system
Support management based on hierarchical and categorized administrators: Administrators can be divided into two categories, namely, system administrator and virtual gateway administrator; each category consists of two levels, that is, super administrator and common administrator;
Grant administrators differentiated management permissions, so that they can view only authorized information and security is ensured.
User group and role-based management
Support management based on either single users or user groups, and binding of user groups and roles; Flexibly manage users based on their roles by assigning the roles with different security policies and resources.
Log auditing
Offer a wide range of logs, covering user logs, administrator logs, and system logs;
Log online and offline time and operations of users/administrators and system running status; Export syslogs to external log servers in real time.
Data Encryption
All-data flow encryption Encrypt all data traveling from the terminal to the SVN3000, thus preventing interception and malicious modification on the Internet and ensuring information confidentiality.
Cryptographic algorithm
Support extensive cryptographic algorithms, including encryption algorithms (3DES\DES, RC4, and AES), public key algorithms (RSA), and message algorithms (MD5 and SHA-1), to forcibly encrypt transmitted data and ensure the security and integrity of data during transmission.
Hardware encryption card Improve encryption efficiency and performance through dedicated hardware encryption cards, facilitating user experience.
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
Model SVN3000
Multiplexing Intelligently identify the best line to accelerate remote users' access, effectively solving problems (long delay and low bandwidth) of across-network access.
Reliability and Scalability Carrier-class hardware platform
Utilize Huawei dedicated high-reliability carrier-class hardware and VRP platforms and take device running conditions into consideration to adapt to various environments and maximally prevent losses caused by hardware faults.
Robust software system Employ the dedicated real-time operating system as the core component to prevent various unreliable factors, such as the vulnerabilities of universal operating systems and virus attacks.
Power module redundancy Adopt the particular dual power supplies for a single device, thus realizing hot backup of power supply modules and ensuring high reliability.
Dual-system hot backup Prevent single-point faults to ensure smooth service switchover and link reliability. Dimensions, Power Supply, and Operating Environment
Dimensions (W×H×D) 436mm×420mm×44.45mm Weight 6.0 kg AC power supply 100 V to 240 V, 50/60 Hz DC power supply 48 V to 60 V Power consumption 60 W Ambient temperature 0oC to 40oC
Ambient humidity 5% to 90%, non-condensing
Authentication Security authentication Y EMC authentication Y CB authentication Y RoHS Y FCC Y WEEE Y CE-CERT Y UL Y IC Y VCCI Y
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
SVN3000 Security Access Gateway
SSL/IPSec VPN Access Gateway
Copyright © Huawei Technologies Co., Ltd. 2011. All rights reserved. General Disclaimer
The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Industrial Base Bantian Longgang Shenzhen 518129, P.R. China Tel: +86-755-28780808 Version No.: M3-110019999-20110805-C-1.0 www.huawei.com