VPN- Next-Generation Firewall (NGFW)forum.alliedtelesis.ru/MY/Presentations/2016/... · Next-Generation ARxxx AlliedWare NGFW AR3050S/AR4050S VPN Firewall AR2010V/AR2050V AlliedWare
Post on 11-Jul-2020
10 Views
Preview:
Transcript
1/37
VPN-
Next-Generation Firewall (NGFW)
2/37
►
►
Next-Generation Firewall (NGFW) VPN
Firewall
►
►
3/37
Next-Generation Firewall (NGFW) VPN Firewall
4/37
Firewall
1989
Packet Filter Firewall
1995
Stateful Inspection Firewall
1998
VPN, QoS
2005
Unified Threat Management
2010
Next-Generation Firewall
ARxxx AlliedWare
NGFW AR3050S/AR4050S VPN Firewall AR2010V/AR2050V
AlliedWare Plus
► Packet Filter Firewall L4
OSI ( TCP/UDP)
► Stateful Inspection Firewall
L4
► Unified Threat Management (UTM)
L7 OSI ( ), Deep Packet Inspection (DPI)
Intrusion Prevention System (IPS), Anti-Virus, Anti-Spam, VPN, (URL)
► Next-Generation Firewall (NGFW) UTM
5/37
Произв
од
ите
льность
Офис Крупная компания Небольшая/Средняя компания
AR4050S VPN Firewalls
AR2010V AR3050S
AR2050V
Next-Generation
Firewalls
6/37
AR3050S/AR4050S
USB
3G/4G
8 LAN
10/100/1000T
210 - RU)
2 WAN
SFP T
SD-
7/37
AR3050S/AR4050S
►
►
► AT-RKMT-J14
AT-RKMT-J15
8/37
AR3050S/AR4050S
AT-AR3050S AT-AR4050S
WAN, 10/100/1000T X SFP 2 2
LAN, 10/100/1000T 8 8
0 - 500 0 - 500
RIP RIPng
OSPFv4 OSPFv6
BGP4 BGP4+
PIMv4 PIMv6
PPPoE
DHCPv4/v6
VRRP VRRPv3
QoS, Traffic shaping
Web, CLI, SSH/Telnet, SNMP, AMF
-
AMF Master -
► Firewall c DPI
► Application Web control
► IDS/IPS
► IP Reputation
► Malware
► VPN
► IPv4 IPv6
► NAT
►QoS
►
► WAN-
► USB-3G/4G
► AMF
►
9/37
AR3050S/AR4050S
► Firewall c Deep Packet Inspection (DPI)
(Application Control)
► URL (Web Control)
-
► Intrusion Detection/Prevention System (IDS/IPS)
► IP Reputation IPS IP
IP Reputation
► Antivirus, Malware Protection adware, spyware
c
10/37
AR3050S/AR4050S Firewall
NAT
awplus(config)#zone private awplus(config-zone)#network lan awplus(config-network)#ip subnet 192.168.1.0/24 interface vlan1 awplus(config)#zone public awplus(config-zone)#network wan awplus(config-network)#ip subnet 0.0.0.0/0 interface eth2 awplus(config)#firewall awplus(config-firewall)#rule 200 permit any from private to public awplus(config)#nat awplus(config-nat)#rule 10 masq any from private to public
11/37
AR3050S/AR4050S Deep Packet Inspection (DPI)
NAVL
12/37
AR3050S/AR4050S Application Control
► Skype
► Skype
13/37
AR3050S/AR4050S URL
URL
14/37
AR3050S/AR4050S Intrusion Prevention System (IPS)
► IDS/IPS Suricata
► ETPro ,
► IQRisk IP Reputation)
15/37
AR3050S/AR4050S IP Reputation
IP Reputation
IPS
16/37
AR3050S/AR4050S Antivirus, Malware Protection
Kaspersky SafeStream II
► URL*
- -
►
►
(
*
17/37
AR3050S/AR4050S
► SSL VPN OpenVPN)
► IPSec VPN
► G/4G USB-
18/37
AR3050S/AR4050S - ► VRRP -
► - ETH
► VRRP
► ETH -
19/37
AR3050S/AR4050S L2
► L2 VLAN (pseudo-wire)
Bridge) VLAN TUNNEL
L2TPv3 L2 IP
L2TP IPsec
20/37
AR3050S/AR4050S AMF Allied Telesis Management Framework (AMF)
, CLI:
► AMF-Master
AMF-Member
21/37
AR3050S/AR4050S -
22/37
AR3050S/AR4050S -
23/37
AR3050S/AR4050S -
24/37
AR2050V
210 - RU)
USB
3G/4G
4 LAN
10/100/1000T 1 WAN
10/100/1000T
25/37
AR2050V
►
►
► AT-RKMT-J14
AT-RKMT-J15
26/37
AR2010V
140
USB
3G/4G 1 LAN
10/100/1000T
1 WAN
10/100/1000T DC
27/37
AR2010V
►
►
► AC
► DIN- AT-DRMT-J02
28/37
AR2010V/AR2050V
AT-AR2010V AT-AR2050V
WAN, 10/100/1000T 1 1
LAN, 10/100/1000T 1 4
AC DC AC
0 - 500 0 - 500
RIP RIPng
OSPFv4 OSPFv6
BGP4 BGP4+
PIMv4 PIMv6
PPPoE
DHCPv4/v6
VRRP VRRPv3
QoS, Traffic shaping
Web, CLI, SSH/Telnet, SNMP, AMF
- -
- -
DIN- -
► Firewall
► IDS/IPS
► VPN
► IPv4 IPv6
► NAT
►
QoS
►
► WAN-
(AR2050V)
► USB-
3G/4G
► AMF
►
29/37
AR2010V/AR2050V Firewall
NAT
awplus(config)#zone private awplus(config-zone)#network lan awplus(config-network)#ip subnet 192.168.1.0/24 interface vlan1 awplus(config)#zone public awplus(config-zone)#network wan awplus(config-network)#ip subnet 0.0.0.0/0 interface eth2 awplus(config)#firewall awplus(config-firewall)#rule 200 permit any from private to public awplus(config)#nat awplus(config-nat)#rule 10 masq any from private to public
30/37
AR2010V/AR2050V Intrusion Prevention System (IPS)
► IDS/IPS Suricata
►
31/37
AR2050V
► AR2050V
►NGFW (AR4050S
AMF)
►SSL
VPN OpenVPN)
► IPSec VPN
► G/4G USB-
32/37
AR2010V
► AR2010V
Machine-to-Machine (M2M)
► AR2010V
► IPSec VPN
AR2010V
► G/4G USB-
33/37
NGFW VPN Firewall
AT-AR2010V AT-AR2050V AT-AR3050S AT-AR4050S
2- 2- 2- 4-
5
- 4 4
700 700 750 1,900
- - 700 1,800
Firewall 100,000 100,000 100,000 300,000
3,600 3,600 3,600 12,000
IPS 200 200 220 750
IP Reputation - - 350 1,000
Malware protection - - 300 1,300
VPN 400 400 400 1000
IPsec VPN 50 50 50 200
SSL VPN 100 100 100 200
34/37
IDS/IPS App Control Web Control URL Filtering IP Reputation Malware
Protection Anti-virus
Suricata Procera Digital Arts Kaspersky Emerging
Threats Kaspersky Kaspersky
AT-AR2010V - - - - - -
AT-AR2050V - - - - - -
AT-AR3050S AT-FL-AR3-NGFW-y
(Next-Generation Firewall)
AT-FL-AR3-ATP-y
(Advanced Threat Protection) -
AT-AR4050S AT-FL-AR4-NGFW-y
(Next-Generation Firewall)
AT-FL-AR4-ATP-y
(Advanced Threat Protection)
y = (1, 3 5 )
AT-AR4050S
AMF Master ( 20 AMF) AT-FL-AR4-AM20-y
y = 1 5 )
35/37
.
AT-AR2010V AlliedWare Plus VPN Firewall, 1 x WAN 1 x LAN , 1 USB $600
AT-AR2050V AlliedWare Plus VPN Firewall, 1 x WAN x LAN , 1 USB $600
AT-AR3050S AlliedWare Plus Next-Generation Firewall, 2 x WAN x LAN , 1 USB $700
AT-FL-AR3-NGFW1 Next-Generation Firewall $500
AT-FL-AR3-NGFW3 Next-Generation Firewall $1 500
AT-FL-AR3-ATP1 Advanced Threat Protection $600
AT-FL-AR3-ATP3 Advanced Threat Protection $1 800
AT-AR4050S AlliedWare Plus Next-Generation Firewall, 2 x WAN x LAN , 1 USB $900
AT-FL-AR4-NGFW1 Next-Generation Firewall $750
AT-FL-AR4-NGFW3 Next-Generation Firewall $2 250
AT-FL-AR4-ATP1 Advanced Threat Protection $900
AT-FL-AR4-ATP3 Advanced Threat Protection $2 700
36/37
► Allied Telesis
http://www.alliedtelesis.com/products/securityapps
►
http://www.alliedtelesis.com/support/software
► AMF
http://www.alliedtelesis.com/solutions/amf
37/37
Americas Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895
Asia-Pacific Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830
EMEA & CSA Operations | Incheonweg 7 | 1437 EK Rozenburg | The Netherlands | T: +31 20 7950020 | F: +31 20 7950021
© 2016 Allied Telesis Inc. All rights reserved. Information in this document is subject to change without notice. Allcompany names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners.
► !
http://forum.alliedtelesis.ru
top related