www.planet.com.tw network security copyright © planet technology corporation. all rights reserved
TRANSCRIPT
www.planet.com.tw
Network Security
Copyright © PLANET Technology Corporation. All rights reserved.
2 / 41www.planet.com.tw
Introduction
Advantage of PLANET’s Solution
Product Overview
Product Features & Comparison
Solutions
Roadmap
3 / 41www.planet.com.tw
PLANET Advantages
Full Range of Security Solutions
All-in-One Security Appliance
Easy integration with existing network infrastructure
Low Total Cost of Ownership from integrated security solutions
Bandwidth Management Gateway
Multi-Homing Security Gateway
VPN Security Gateway
UTM Content Security Gateway
4 / 41www.planet.com.tw
Product Overview
Model Description
Content Security
CS-1000UTM Content Security Gateway(200 IPSec VPN tunnels, IDP, Anti-Virus, Anti-Spam)
CS-2000UTM Content Security Gateway(200/1000 SSL/IPSec VPN tunnels, IDP, Anti-Virus, Anti-Spam)
VPN Security
SG-500VPN Security Gateway(5 SSL VPN tunnels, 200 IPSEC VPN tunnels)
SG-1000VPN Security Gateway(50 SSL VPN tunnels, 200 IPSEC VPN tunnels)
BandwidthManagement
Content Security
Multi-HomingSecurity
UnifiedOffice Gateway
Broadband Router /Wireless Gateway
VPN Security
Content SecurityContent Security
VPN SecurityVPN Security
5 / 41www.planet.com.tw
Product Overview
Model Description
Multi-Homing Security
MH-2001Multi-Homing Security Gateway(200 VPN tunnels)
WLS-1280Wireless LAN Switch / Security Gateway(120 VPN tunnels, 12 Access Points Management)
Bandwidth Management
BM-525Bandwidth Management Gateway(25Mbps Bandwidth Control)
BandwidthManagement
Content Security
Multi-HomingSecurity
UnifiedOffice Gateway
Broadband Router /Wireless Gateway
VPN Security
Multi-HomingSecurity
Multi-HomingSecurity
BandwidthManagement
BandwidthManagement
6 / 41www.planet.com.tw
Product Overview
Model Description
Broadband Router
VRT-401VPN Broadband Router(100 VPN tunnels)
VRT-311SVPN Broadband Router(10 VPN tunnels)
Wireless Gateway
WSG-404Hot-Spot Wireless Subscriber Gateway(50 PnP IP Users, account generate via printer)
Unified Office Gateway
UMG-2000Unified Office Gateway(IP PBX / Storage / Email / Security / WiFi / L2 Switch)
BandwidthManagement
Content Security
Multi-HomingSecurity
UnifiedOffice Gateway
Broadband Router /Wireless Gateway
VPN Security
Broadband Router /Wireless Gateway
Broadband Router /Wireless Gateway
UnifiedOffice Gateway
UnifiedOffice Gateway
www.planet.com.tw
Features & Comparison
Content SecurityVPN Security
8 / 41www.planet.com.tw
Product Overview
Model
Function
CS-1000 CS-2000 SG-500 SG-1000
Firewall V V V V
SSL VPN - V V V
Content Filtering V V V V
Load Balancing Outbound Inbound/ Outbound
- Outbound
Bandwidth Management
V V V V
IDP V V - -
Anti-Virus V V - -
Anti-Spam V V - -
Target Market SME SME SME SME
9 / 41www.planet.com.tw
Mail Server
CS-1000
Internet
DMZ
LAN
Features CS-1000
UTM security Gateway with dual WAN, WAN backup, load balance
Hardware-based Anti-Virus device Built-in Clam AV Anti-Virus engine can detect viruses,
worms or other threats from email transfer Anti-Spam block over 95% spam mail SMTP throughput 12,000 mails/ day Auto-Training system raises identify rate of spam m
ails substantially SPI Firewall, IDP support Dual WAN, VPN Trunk support VPN with DES, 3DES, AES encryption VPN Trunk support Up to 200 VPN tunnels QoS and Authentication feature
CS-1000LAN
WAN DMZ
Spam Virus
10 / 41www.planet.com.tw
Features CS-2000 Anti-Spam Filtering: block over 95% spam mail Anti-Virus Protection: Built-in double virus scan engi
nes – Clam and Sophos Built-in 80GB Hard Disk can store the spam and Virus
mail in Quarantine Auto-Training system raises identify rate of spam ma
ils substantially VPN Connectivity: IPSec, SSL, PPTP Server, and PPT
P Client support Up to 1000 IPSec VPN tunnels and 200 SSL VPN tunnel
s SPI Firewall IDP support Dual WAN, VPN Trunk support Outbound/Inbound Load Balancing Content Filter includes URL, Script, P2P, IM, and Dow
nload blocking QoS and Authentication feature
CS-2000 LAN
WAN
DMZ
11 / 41www.planet.com.tw
Features SG-500
Supports SSL VPN and IPSec VPN
Up to 5 SSL VPN connection tunnels
VPN with DES, 3DES, AES encryption
SHA-1 / MD5 authentication
Up to 200 IPSec VPN tunnels
SPI Firewall
QoS
Content Filtering
Hacker Alert and Anomaly Flow Detection
Authentication: User Authentication, RADIUS, and POP3
SG-500
12 / 41www.planet.com.tw
Features SG-1000
Supports SSL VPN, IPSec VPN, and PPTP server/client
Up to 50 SSL VPN connection tunnels
VPN with DES, 3DES, AES encryption
SHA-1 / MD5 authentication
VPN Trunk support
Up to 200 VPN tunnels
SPI Firewall
QoS
Content Filtering
Dual WAN, WAN backup, load balance
SG-1000LAN
WAN DMZ
13 / 41www.planet.com.tw
Features BriefModel SG-1000 SG-500 CS-2000 CS-1000
Description VPN Security Gateway VPN Security GatewayUTM Content Security
GatewayUTM Content Security
Gateway
Placement 19” Rack Mount Desktop 19” Rack Mount 19” Rack Mount
Interface LAN x1, WAN x2, DMZ x1 LAN x1, WAN x1, DMZ x1LAN x1, WAN x2, DMZ x1
All Gigabit PortsLAN x1, WAN x2, DMZ x1
System PerformanceMax. Concurrent Sessions 110,000 20,000 1,000,000 110,000New Sessions per second 10,000 1,000 20,000 10,000
Firewall Throughput 100Mbps 70Mbps 300Mbps 100Mbps
3DES performance 17Mbps 10Mbps 30Mbps 17Mbps
Email Capacity per day - - 1,800,000 120,000
Multi-Homing
WAN Load Balance Outbound -Inbound/Outbound
Outbound
Load Balance mode Round-Robin, by traffic,by sessions, by packets
-Round-Robin, by traffic,by sessions, by packets
Round-Robin, by traffic,by sessions, by packets
Content Security
Content Filtering V V V V
Mail Security - -Anti-virus,Anti-spam
Anti-virus,Anti-spam
IDP - - V V
DoS, DDoS protections V V V V
User Authentication V V V V
QoS V V V V
VPN
IPSec VPN Tunnel 100/200 100/200 200/1000 100/200
SSL VPN 50 tunnels 5 tunnels 200 tunnels -
VPN Trunk V - V V
14 / 41www.planet.com.tw
CS-1000 Comparison
Brand PLANET Fortinet Zyxel
Model CS-1000 Fotigate-60 ZyWALL-70 UTM
LAN LAN x1, WAN x2, DMZ x1 LAN x4, WAN x2, DMZ x1 LAN x1, WAN x2, DMZ x4
System Performance
Max. Concurrent Sessions 110,000 50,000 10,000
Firewall Throughput 100Mbps 70Mbps 90Mbps
3DES performance 17Mbps 20Mbps 40Mbps
Mode of Operation
Transparent V V V
NAT, PAT V V V
Virtual server V V V
Multiple Subnet V - -
Mail Security
Anti-spam V V V
Spam Mail Training System V - -
Anti-virus V V V
Automatically virus database update V V V
Whitelist & Blacklist V V V
Alert by email V V V
Update License Fees Free of charge Per Year Per Year
15 / 41www.planet.com.tw
CS-1000 Comparison
Brand PLANET Fortinet Zyxel
Model CS-1000 Fotigate-60 ZyWALL-70 UTM
Content Filtering
Scripts, URL Blocking V V V
IM, P2P Blocking V - -
Download, Upload Blocking V - -
VPN
VPN Tunnel 100/200 40 100
PPTP server V V -
VPN Trunk V V -
Advance Feature
Outbound Load Balance V - V
WAN Fail over V V V
IDP V V V
QoS V V V
User Authentication V V V
Monitor
Log to Syslog server V V V
Accounting Report V V V
16 / 41www.planet.com.tw
CS-2000 Comparison
Brand PLANET Fortinet Juniper
Model CS-2000 FortiGate 100A NetScreen 25Hardware
Processor Intel Celeron 1.2GHz FortiASIC PowerPC266MHz
RAM 1GB 256MB 128MB
Flash 128MB - -
H.D. 80G - -
Network portLAN x 1, WAN x 2, DMZ x 1
(All Gigabit Ports)LAN x 4, WAN x 2, DMZ x 2 10/100 RJ-45 Port x 4
Software
Concurrent session 1,000,000 200,000 32,000
New Sessions / second 20,000 4,000 4,000
Firewall performance 300Mbps 100Mbps 100Mbps
3DES performance 30Mbps 40Mbps 20Mbps
QoS V V V
IDP V V V
IDP Report V V -
VPN Tunnel 200 80 125
SSL VPN V V -
WAN Load balancing Inbound / Outbound Outbound -
Content Filtering V V V
17 / 41www.planet.com.tw
CS-2000 Comparison
Brand PLANET Fortinet Juniper
Model CS-2000 FortiGate 100A NetScreen 25
IM/P2P Blocking V - -
User AuthenticationLocal Database, RADIUS,
POP3, LDAPLocal Database, RADIUS,
LDAPLocal Database, RADIUS,
LDAP
High Availability V - V
Event log and alarm V V V
Syslog server support V V V
Accounting Report V - -
Statistic V V V
Anti-Virus V V -
Anti-Virus Engine 2(Clam & Sophos) 1 -
Anti-Spam V V V
Mail Report V - -
18 / 41www.planet.com.tw
SG-1000 Comparison
Brand PLANET Cisco SonicWallModel SG-1000 VPN 3005 SSL-VPN 2000Hardware
Dimension 19” Rack Mount 19” Rack Mount 19” Rack Mount
Network Port LAN x 1, WAN x 2, DMZ x 1 LAN x 1, WAN x 1 LAN x 1, WAN x 2, DMZ x 1
Software
DMZ Transparent V - V
Static Route V V V
NAT, PAT V V V
Firewall V - V
DoS, DDoS protections V - V
VPN Entry 200 50 50
SSL VPN V - V
SSL VPN Tunnels 50 50 50
Authentication User V - V
RADIUS Authentication V V V
WAN Load balancingRound-Robin, by traffic, by packet, by session
V -
QoS V - V
Content Blocking V - -
URL Filtering V - V
H/W Watch-Dog V - -
Hacker Alert V - V
www.planet.com.tw
Features & Comparison
Multi-Homing Security
20 / 41www.planet.com.tw
Features MH-2001
Four 10/100M Ethernet ports: LAN x 1, WAN x 2, DMZ x 1
Stateful Packet Inspection (SPI) Firewall & protection for DoS
Web Content Filtering
Hardware-based VPN with DES,3DES,AES encryption
IPSec, PPTP VPN tunnels and VPN pass-through support
Round Robin of outbound load balancing by traffic, by packet, by session
Supports QoS and Authentication feature
Up to 200 VPN tunnels
User authentication
MH-2001
WAN LAN DMZ
WAN Load Balancing
Firewall
VPN
Content Filter
QoS
WAN Load Balancing
Firewall
VPN
Content Filter
QoS
21 / 41www.planet.com.tw
MH-2001 Comparison
Brand PLANET SonicWall Watch Guard
Juniper Cisco
Model MH-2001 TZ170 Firebox 700 NS-25 PIX 506E
Concurrent Session 60,000 6,000 10,000 16,000 25,000
Firewall Throughput 100 Mbps 90 Mbps 150 Mbps 100 Mbps 100 Mbps
3DES Throughput 25 Mbps 30 Mbps 5 Mbps 20 Mbps 17 Mbps
VPN Tunnels 200 50 150 100 25
OutboundLoad Balancing V V - - -
Bandwidth Management V V - V -
Server Load Balancing 4 groups - - - -
URL Filtering User-defined User-defined / Websense *
User-defined / Webblocker *
User-defined / Websense *
User-defined / Websense *
Remark: * Need additional annual fee
22 / 41www.planet.com.tw
Features WLS-1280
IPSec VPN Encrypted Network
Wireless LAN Switch
Manageable 12 APs include WAP-4033, WAP-4033PE and WAP-4060PE
Supports up to 120 concurrent users Provides 500 local accounts and 2000 on-demand
accounts Multiple User login method via local database, RADIU
S, POP3, NT domain Role-based and Policy-based access control, bandwi
dth control Supports monitor IP on 3rd party Access Points Managed APs support WEP, WPA, and WPA2 Supports VPN termination of IPSec tunnels for secur
ed wired/wireless connection Supports MAC Access Control List
WLS-1280LANWAN
www.planet.com.tw
Features & Comparison
Bandwidth Management
24 / 41www.planet.com.tw
Policy StatisticsService Distribution ChartOutbound Service Statistics Report
Features BM-525
One 10/100Mbps LAN, DMZ, and WAN ports NAT mode and DMZ mode
Guaranteed and maximum bandwidth with three levels of priorities
Professional Monitor function includes Log, Accounting Report, Statistics, and Status
MRTG-like Traffic Statistics, easy to trace and analyze
Content Filter includes URL, Script, P2P, IM, and Download blocking
Hacker Alert and Anomaly Flow Detection Virtual Server and IP mapping (Multi-DMZ H
ost) Assign daily and weekly access schedule to each indi
vidual policy
BM-525
www.planet.com.tw
Features
Broadband Router /Wireless Gateway
26 / 41www.planet.com.tw
Features VRT-401
VPN Broadband Router
IPsec, PPTP, and L2TP server/ client support
Provides up to 100 VPN tunnels
15 Mbps 3DES VPN performance
SPI firewall + DoS prevention protection
90 Mbps Firewall throughput
Virtual Server, DMZ, UPnP and DDNS support
VRT-401
27 / 41www.planet.com.tw
Built-in NAT Firewall
Stateful Packet Inspection (SPI) Firewall for DoS attacks
UPnP support
IPsec, PPTP and L2TP VPN pass through support
Provides up to 10 VPN tunnels
Group-based / Scheduled Access Control
Predefined / User-defined service database
VRT-311S
Features VRT-311S
28 / 41www.planet.com.tw
Features Brief
ModelFunction
VRT-401 VRT-311S
LAN port 4 3
WAN port 1 1
DMZ port Software 1 x hardware DMZ
Content Filtering V V
Firewall Rule-based Rule-based
DDNS, UPnP V V
Virtual Server V V
DoS support V V
Scheduling V V
Logs V V
VPN Tunnels 100 10
VPN pass through IPSec, PPTP, L2TP IPSec, PPTP, L2TP
Microsoft VPN support - V
VPN Authentication MD5/SHA-1 MD5/SHA-1
VPN Encryption DES/3DES DES/3DES/ AES
Target Market SME SOHO
29 / 41www.planet.com.tw
VRT-311S Comparison
Brand PLANET Sonicwall Juniper WatchGuard
Model VRT-311S SOHO 3 Netscreen-5XT Firebox X15
InterfaceLAN x3, WAN x1, DMZ
x1LAN x1, WAN x1, console x
1 LAN x4, WAN x1 LAN x4, WAN x1
Firewall Throughput 80 Mbps 75 Mbps 70 Mbps 95 Mbps
3DES Throughput 3.5 Mbps * 20 Mbps 20 Mbps 35 Mbps
URL Blocking V V V V
DDNS V - - V
DoS V V V V
UPnP V - - -
Virtual Server V V V V
DMZ Hardware Software* Software* Software*
Routing ModeStatic Route,
RIP v1, v2Static Route,
RIP v1, v2 Static Route,
RIP v2 Static Route,
RIP v2
VPN Tunnels 10 10 10 15
VPN Pass Through IPSec, PPTP, L2TP IPSec, PPTP, L2TP IPSec, L2TP IPSec, PPTP
Microsoft PPTP VPN Server V - - -
VPN Authentication MD5/SHA-1 MD5/SHA-1 MD5/SHA-1 MD5/SHA-1
VPN Encryption DES/3DES/AES DES/3DES/AES DES/3DES/AES DES/3DES
Hardware VPN - V V -
Remark: * software based 3DES performance.
30 / 41www.planet.com.tw
Features WSG-404
54 Mbps 11g Hot Spot Wireless Subscriber Gateway
Plug-n-Play IP Internet access, no configuration changes required
Comply with 802.11g wireless standard
• Work with any WiFi adapters such as Centrino Notebook,11g 54Mbps adapters or 11b adapters
Built-in or RADIUS AAA support (Authentication, Authorization and Accounting)
Built-in RC4 WEP Encryption, secure HTMLlogin page (SSL), VLAN Security for Wireless, VPN (IPSec/PPTP) Pass through
Operate with the compact thermal printer(WSG-ACG4) to print out billing informationin a minute
Right for any places that provide public access to the Internet, such as Cyber Café, Airport,Government, and etc.
WSG-404
www.planet.com.tw
Features
Unified Office Gateway
32 / 41www.planet.com.tw
Applications
Unified office network management at single point
33 / 41www.planet.com.tw
Features UMG-2000
IP PBX / VoIP Service
E-mail Service
Internet Security Service
Network Storage Service
WiFi Service
24+2G Switch Service
UMG-2000
Unified Office Gateway
34 / 41www.planet.com.tw
Features UMG-2000
E-mail Service
• Supports POP3, SMTP, IMAP
• Secured Socket Layer (SSL)
• Junk Mail Filtering
• Anti-Virus and Anti-Spam
• Auto Backup, Auto Reply
• Web Mail
E-mail Service
• Supports POP3, SMTP, IMAP
• Secured Socket Layer (SSL)
• Junk Mail Filtering
• Anti-Virus and Anti-Spam
• Auto Backup, Auto Reply
• Web Mail
Internet Security Service
• Access Control List (ACL)• URL / IM / P2P Blocking• Firewall / NAT• DoS Attack Protection• Site-to-Site SSL VPN• PPTP VPN Remote Access
Internet Security Service
• Access Control List (ACL)• URL / IM / P2P Blocking• Firewall / NAT• DoS Attack Protection• Site-to-Site SSL VPN• PPTP VPN Remote Access
Network Storage Service
• RAID 0, 0/1, 5, and JBOD
• Up to 4TB Hot-swap Disk Array
• User Network Storage Quota
• Scheduled Auto Backup, Auto Snapshot
• User/Group Privilege ACL
Network Storage Service
• RAID 0, 0/1, 5, and JBOD
• Up to 4TB Hot-swap Disk Array
• User Network Storage Quota
• Scheduled Auto Backup, Auto Snapshot
• User/Group Privilege ACL
Front Panel
35 / 41www.planet.com.tw
Features UMG-2000
Rear Panel
IP PBX / VoIP Service
• SIP 2.0 (RFC3261) compliant• Up to 250 Registrations
• Call-Parking, Echo Cancellation• QoS Support• Telephone Conference, 3-Way Calling• Call Hold, Call Waiting• Fax Server Support
IP PBX / VoIP Service
• SIP 2.0 (RFC3261) compliant• Up to 250 Registrations
• Call-Parking, Echo Cancellation• QoS Support• Telephone Conference, 3-Way Calling• Call Hold, Call Waiting• Fax Server Support
WiFi Service
• 802.11b/g/n Wireless Access Point
• 3 RP-SMA Detachable Antennas• Security: WEP / WPA / WPA2
WiFi Service
• 802.11b/g/n Wireless Access Point
• 3 RP-SMA Detachable Antennas• Security: WEP / WPA / WPA2
24+2G Switch Service
• IEEE 802.1d Spanning Tree
• IGMP Snooping
24+2G Switch Service
• IEEE 802.1d Spanning Tree
• IGMP Snooping
www.planet.com.tw
Network Security Solutions
37 / 41www.planet.com.tw
When Customers Choose CS Series Products?
SPI Firewall
VPN
IDP
Anti-Virus
Anti-Spam
URL Filtering
Content Filtering
Bandwidth Management
Planet CS series products are All-in-One Security Solution which includes important security functions, such as VPN, IDP, Anti-Virus, and Anti-Spam.
If customers mainly look for Anti-Virus and Anti-Spam functions, CS-1000 or CS-2000 would be the best choice.
Use the Browser
Use the Browser
38 / 41www.planet.com.tw
When Customers Choose SG Series Products?
Support up to 50 SSL VPN
connection tunnels
Planet SG series products provide important security functions, such as VPN, SPI Firewall, Content Blocking, and QoS. If customers look for SSL, IPSec, PPTP VPN mostly, they can choose SG-500 or SG-1000.
SPI Firewall
SSL VPN
IPSec VPN
PPTP VPN (SG-1000)
VPN Trunk (SG-1000)
WAN Load Balancing (SG-1000)
Content Filtering
Bandwidth Management
39 / 41www.planet.com.tw
When Customers Choose MH Series Products?
Planet MH series products provide two WAN ports and important security functions, such as SPI Firewall, Script Blocking, URL Blocking, and QoS.If customers looking for WAN Fail Over function mostly, they can chooseMH-2001.
ISP1 ISP2
LAN
DMZ
SPI Firewall
WAN Fail Over
WAN Load Balancing
IPSec VPN
PPTP VPN
URL Blocking
Script Blocking
Bandwidth Management
WAN1 FailAccess Internet through WAN2
40 / 41www.planet.com.tw
Roadmap
Fiber Router
Security Gateway
2009/Q3 2009/Q4
1000 tunnels CS2 WAN / VPN / FW / Anti-Virus / Anti- Spam / IPDCS-2000
50 tunnels SSL VPN2 WAN / SSL VPN / FWSG-1000
Gigabit Router
5-Port Gigabit VPN / IPS Router XRT-501 Fiber Broadband Router
1 WAN 100FX, 4 LAN, PPPoE, DHCP, VLAN, 802.1q, 802.1p, VPN pass through, Firewall, FTX-401
2000 tunnels CS2WAN / VPN / FW/ IDP / Anti-Virus / Anti-spam / ICSA-certified, CS-3000
500 tunnels MHIPSec/PPTP/SSL VPN, SPI Firewall, QoS, Outbound Load Balancing, MH-3000
Unified Office Gateway1 WAN / 24+2G / 11n / 4 FXO / 4 Hard Disk, IP-PBX / VoIP / Network Storage / Email / Internet Security / WiFi / L2 SwitchUMG-2000
Unified Office Gateway1 WAN / 24+2G / 11n / 4 FXO + 4 FXS (8 FXO) /4 Hard Disk, IP-PBX / Network Storage / Email / Internet Security / WiFi / L2 Switch, UMG-2200
Unified Office Gateway1 WAN / 24+2G / 4 Hard Disk, / Internet Security / L2 Switch / (IP-PBX) / (Network Storage) / (Email) Cost Down, UMG-1800
11n Fiber Broadband Router1 WAN 100FX, 4 LAN, 11n 2T2R, PPPoE, DHCP, VLAN, 802.1q, 802.1p, VPN pass through, Firewall, FTX-401N
www.planet.com.tw