Documente Academic
Documente Profesional
Documente Cultură
Page 1
Product Features
Feature
Protections
Network Wide Protections
Behavioral DoS
Protect against known and zero-minute DoS/DDoS flood attacks that misuse network
bandwidth resources including: TCP Floods, UDP floods, ICMP floods, IGMP floods and
fragmented attacks.
DNS Protection
Protect DNS critical infrastructure against flood attack that misuse DNS server resources.
Malware Propagation
Prevents network pre-attack probes (Reconnaissance) including horizontal and vertical TCP
Scanning
& UDP scanning, stealth scanning and ping sweeps.
RSA FraudAction
Real-time Anti-Trojan and Anti-Phishing service, targeted to fight against financial fraud,
feeds
information theft and malware spread. Based on real-time reputation feeds from RSA Anti
Fraud Command Center (AFCC).
Server Protections
SYN Protection
Protect against any type of SYN flood attacks using advanced SYN authentication
mechanisms
HTTP flood protection
Protect against HTTP page flood attacks that misuse web server resources.
Server-Cracking
Block brute force and dictionary attacks targeting to defeat server authentication schemes
Protection
including Mail servers (SMTP, POP3, IMAP), FTP servers, SIP servers, MS-SQL and
MYSQL servers.
Web application protection, Mail servers protection, FTP servers protection, DNS
Vulnerabilities, SIP vulnerabilities, SNMP Vulnerabilities, Microsoft vulnerabilities, Worms
and Viruses, Backdoors and Trojans, Cross-Site Scripting, SQL Injections, Spyware, LAN
Protocol and Services Protection (RPC, NetBIOS, Telnet etc.), Generic Payloads (Remote
Execution, Shellcodes).
RFC compliance and state machine verification for various protocols including TCP, ICMP,
DNS, HTTPS, SMTP, IMAP, POP3, FTP, SSH.
Stateful Operation
TCP Stream Reassembly, IP Defragmentation.
SSL Attack Prevention
Available for DefensePro series X16 and X412 in conjunction with AppXcel.
Bandwidth Management and Access Control
Bandwidth
Attacks real-time signatures of ongoing DoS/DDoS attacks and malware propagation and
anti scanning.
Page 2
Product Specifications
DefensePro Model
Network Location
Hardware Platform
Perimeter
OnDemand Switch VL
Latency
Real time
signatures
Inspection Ports
10/100/1000
Copper Ethernet
GE (SFP)
10GE (XFP)
Management
Ports
10/100/1000
Copper Ethernet
RS-232
Operation Mode
Network Operation
Deployment
Modes
Tunneling
protocols support
IPv6
Policy Action
Block Actions
High Availability
Fail-open / failclose
Dual Power
500Mbps
500Mbps
2,000,000
1GMbps
1GMbps
2,000,000
2Gbps
2Gbps
2,000,000
Core Network
OnDemand Switch 2S1; Dual PS
option is: OnDemand Switch 2S2
Performance
2
Capacity
3
Throughput
Max Concurrent
Sessions
Maximum DDoS
Flood Attack
Prevention Rate
1Gbps
1Gbps
2,000,000
2Gbps
2Gbps
2,000,000
4Gbps
3.6Gbps
2,000,000
Core Network
On Demand Switch 3S2
4Gbps
4Gbps
4,000,000
8Gbps
8Gbps
4,000,000
14Gbps
12Gbps
4,000,000
1,000,000 1,000,000
1,000,000
packets
packets
packets
per
per
per
second
second
second
< 60 micro seconds
Detect and protect attacks in less
than 18 seconds
5,000,000
5,000,000
5,000,000
packets
packets
packets
per
per
per
second
second
second
< 60 micro seconds
Detect and protect attacks in less
than 18 seconds
10,000,00
10,000,00
10,000,000
0 packets
0 packets
packets per
per
per
second
second
second
< 60 micro seconds
Detect and protect attacks in less than
18 seconds
12
12
12
2
-
2
-
2
-
4
-
4
-
4
-
4
4
4
4
4
4
Transparent L2 Forwarding
In-line; SPAN Port Monitoring; Copy Port Monitoring; local out-of-path; Out-of-path mitigation (scrubbing center solution)
VLAN Tagging, L2TP, MPLS, GRE, GTP
Support IPv6 networks and block IPv6 attacks
Block & Report, Report Only
Drop packet, reset (source, destination, both), suspend (source, src port, destination, dest port or any combination),
Challenge-Response for HTTP and DNS attacks
Internal fail-open/fail-close for copper
ports; internal fail-close for SFP
ports; optional fail-open for SFP
4
ports
No
No
No
Optional
Optional
Actual performance figures may change per network configuration, traffic type, etc.
Capacity is measured as maximum traffic forwarding when no security profiles are configured.
3
Throughput is measured with behavioral IPS protections and signature IPS protections using eCommerce protection
profile.
4
External fiber fail-open switch with SFP ports is available at additional cost.
5
External fiber fail-open switch with SFP ports is available at additional cost.
6
External fiber fail-open switches with SFP or XFP ports are available at additional cost.
2
Page 3
Supply
Advanced internal
overload
7
mechanism
Active-Passive
cluster
Physical
Dimensions (W x
D x H) mm
Weight (lb, kg)
Power Supply
Power
Consumption
Heat Dissipation
(BTU/h)
Operating
Temperature
Humidity (noncondensing)
Safety
Certifications
EMC
Other
Certifications
Warranty
Support
Yes
Yes
Yes
Yes
Yes
Yes
swappable
Yes
swappable
Yes
swappable
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
424x457x44
15.8, 7.2
Auto range: 100V-120V/200V-240V
AC 47-63Hz or 38-72VDC
128W
436.5
424x600x44 (1U)
Dual PS option: 424x600x88 (2U)
20.9, 9.5
Dual PS option is 24.0, 10.9
Auto range: 100V-120V/200V-240V
AC 50-60Hz or 38-72VDC
302W
Dual PS option is 312W
1029
Dual PS option is 1064
0-40C
424x600x88
39.0, 18.0
Auto range: 100V-120V/200V-240V
AC 50-60Hz or 38-72VDC
476W
1623
5% to 95%
EN 60950-1:2006, CB - IEC 60950-1,
cTUVus
EN 55022, EN 55024, FCC Part 15B
Class A
CE, FCC, VCCI, CB, TUV, UL/cUL,
CCC, C-Tick, RoHS
Patent No. 7,617,170 Generated Anomaly Pattern for HTTP Flood Protection
Patent No. 7,624,084 Method for Generating Anomaly Pattern for HTTP Flood Protection
Patent No. 11/835,503 Method, system and computer program product for preventing sip attacks
Specifications subject to change without notice.
Overload mechanism is designed to obtain maximum security coverage under extreme traffic loads.
Page 4