居易科技 Draytek VIGOR 5510 寬頻防火牆路由器
VigorPro 5510C產品是建立在居易科技股份有限公司成熟的防火牆路由器基礎上推出的一款UTM產品,集雙線路接入、防病毒/防入侵(AV/AI)、反垃圾郵件、VPN閘道、傳統封包篩檢程式于一體,適合SOHO用戶、中小型企業以及網吧的使用。VigorPro 5510C 針對電子郵件、FTP及Web流覽的即時資料流,提供了對病毒、蠕蟲以及惡意程式的防治。基於規則的網頁內容過濾功能還可 以靈活地阻擋那些不當的連接。再輔以DrayTek最新第三代DrayOS?核心系統,VigorPro 5510C 可以提供比起 VigorPro 5500 更為強大且穩定的VPN、防火牆以及路由功 能。1.強大的防毒/防入侵(AV/AI)功能
• 內建MSSI(Multi-Stack Stateful Inspection)專利技術與硬體加速的內容處理器基於這種核心技術,VigorPro 5510C 不僅可以通過防入侵偵測出蠕蟲攻擊,還能夠檢測出壓縮檔或是MIME電子郵件中的病毒,而且不受檔大小限制。傳統的基於代理的防病毒、防入侵方式在檢查資料內容前需要事先收集和儲存流量中的資料。而與此不同,MSSI則是內嵌到ISO網路結構的第四層中(傳輸層),所以VigorPro 5510C 在作內部處理的時候不會有延遲,性能將比傳統的基於代理的技術要好的多。此外,VigorPro小組還將一個硬體加速的內容處理器集成在路由器中,以提高字串匹配的速度。因此,作為一款入線式安全設備,VigorPro 5510C 才在即時地保護整個網路不受病毒、入侵或是惡意軟體的傷害的同時,還能保證良好的傳輸性能。
• 最棒的病毒/入侵防護支援後盾作為一款安全網路產品,VigorPro 5510C 的防病毒/防入侵能力是無庸質疑的。而我們有如此信心,則是來源於強大的後援支持:I)Kaspersky(卡巴斯基)——來自俄羅斯的全球知名安全廠商。Kaspersky採用了最新的防病毒技術,目前很多其他的防病毒廠商所採用的技術,都是由Kaspersky工作室開創的。它為DrayTek度身定做最優秀、最頂級的病毒防治服務。II)D-SWAT(Digital SWAT)——居易科技公司自己的檢測與防禦研究團隊。如同現實世界中的SWAT,D-SWAT致力於終結虛擬世界中的“惡勢力”,為您的網路帶來安全。(目前免費)
• 便捷的特徵庫自動更新服務VigorPro 5510C 的推送升級功能,使得路由器可以按您的需要,每週、每天、甚至每隔數小時就自動更新特徵庫,保證在第一時間給您最新的病毒/入侵防護,而您也省去了時常留意更新資訊的麻煩。。2.反垃圾郵件(Anti-Spam)功能
雙WAN 寬頻連線,但是若沒有設定LOAD BALANCE POLICY,一般只會從原來的WAN 1 出去。
下方都是與一般VIGOR 路由器(分享器) , 最大不同的地方。
關鍵字 KEYWORD #VIGOR #DRAYTEK #5110 #ROUTER #FIREWALL #路由器
DrayTek VigorPro 5510 Unified Security Firewall now available
https://www.itweb.co.za/content/lwrKx73D42zMmg1o
Johannesburg, 15 May 2008
DrayTek VigorPro 5510 Security Firewall featuring unified threat management (UTM)
Local DrayTek distributor Network Platforms has announced the release of the DrayTek VigorPro 5510 Security Firewall featuring unified threat management (UTM) that protects networks from threats at the point of entry.
The VigorPro 5510 offers a complete security solution incorporating standard firewalling, anti-virus, anti-spam, anti-intruder, load-balancing and content filtering and also includes three years of DrayTek anti-virus/anti-intrusion updates. One can also add optional Web-content filtering and anti-spam measures.
Combined with prudent personnel policies, the DrayTek VigorPro 5510 enables companies to provide far stronger protection and detection than with simpler firewalls. VPN facilities also make the DrayTek VigorPro 5510 ideal for remote offices and teleworkers.
The DrayTek VigorPro 5510 also provides two WAN ports, allowing load balancing and bandwidth aggregation across two separate WAN feeds, or one can use the secondary WAN port as a backup on another feed in case the first Internet feed (eg, broadband connection) fails. In summary, the Draytek VigorPro 5510 provides networks with far greater security, productivity and resilience.
Network Platforms managing director Bradley Love says security appliances are a great idea for smaller businesses as they offer a simple drop-in solution that protects an entire local network.
“These unified threat management boxes provide a full range of security services, but although initial costs can look very reasonable many incur high yearly subscription charges, which reduce their value in the long-term. Draytek aims to buck the trend as its latest VigorPro 5510 offers the full gamut of security measures but only asks modest yearly subscription fees.”
The DrayTek VigorPro 5510 offers a quintet of Gigabit LAN ports teamed up with a pair of Fast Ethernet WAN ports. Four options are provided for one`s Internet connection where two WAN ports can be joined together for failover or policy-based load balancing. Alternatively, the second WAN port can be used as a standby connection in case the primary link fails or one can activate it only when traffic levels peak. The USB port at the front offers more options, one can network a printer from the appliance or use a USB 3G modem as the secondary WAN connection.
DrayTek`s Web interface is well designed and intuitive and kicks off with a quick start wizard that takes users through defining their Internet connection.
Love says the DrayTek VigorPro 5510 provides many different types of threat detection and protection, each protection method covering one or more of the attack types. “However, border control is not the complete solution – any installation should be coupled with staff or household policies to protect data and hardware physically too, but the Vigor`s extensive range of protection methods goes a great way in helping to protect ones network, data and resources.”
The DrayTek VigorPro 5510 will decode each of these sequential methods in real-time using DrayTek`s patent-pending Multi-Stack Stateful Inspection (MSSI). With MSSI, separate protocol stacks take care of each layer which allows for varied protocols and cross-packet inspection (where content is fragmented in transit). Most importantly, MSSI scans data inline in real time – there is no proxy and no file size limitation and thanks to the dedicated CICP (Content Inspection Co-Processor), active scanning adds no processing overhead to the DrayTek VigorPro 5510`s main CPU.
The DrayTek VigorPro 5510`s features include:
* Anti-virus, anti-intrusion and anti-Trojan protection
* Includes three years of DrayTek anti-virus/anti-intrusion signature updates
* DrayTek Labs or optional Kapersky
* Labs anti-virus updates
* Anti-spam – detects and blocks incoming spam e-mail
* Deep packet inspection with DrayTek MSSI
* Load balancing between WAN ports
* Intrusion detection and prevention (inline, real-time)
* Dos/DDos protection
* Stateful packet inspection
* VPN – Up to 200 concurrent tunnels
* WAN failover/backup via secondary Ethernet port
* 3G (cellular network) USB modem connectivity for WAN backup
* QoS (quality of service) assurance
* Parental control/categorical Web site filtering
* Web content filtering
* Time schedule access/filtering
* Comprehensive Reporting/Logging Mechanisms
* Dedicated Draytek VigorPro R&D team (D-SWAT) and Web Site
* Five Gigabit Ethernet LAN ports
The DrayTek VigorPro 5510 scans connections for any virus or Trojan signatures. On detecting a virus, the Draytek VigorPro 5510 will destroy it; if the virus is in an e-mail (IMAP/POP3/SMTP) that e-mail is destroyed. If the virus is in a downloaded file (FTP/HTTP) then that file is destroyed. The DrayTek VigorPro 5510`s response can be recorded via syslog. Instead of destroying the virus, the current connection can be reset, or even no action taken (other than logging), depending on ones preferences. Where an e-mail file attachment has been removed, or destroyed, it is replaced with a harmless dummy file so that it is evident that something has been removed.
The DrayTek VigorPro 5510 stores the current library of known threats. This is updated automatically by the DrayTek VigorPro 5510 whenever a new signature library is available in order that your DrayTek VigorPro 5510 is kept up-to-date. On purchasing the product, one receives a 12-month anti-virus/anti-intrusion update from DrayTek Labs (D-SWAT Team). As an option, one can select Kapersky Labs virus signature file as an alternative at additional cost.
Love says spam (unsolicited bulk e-mail) is one of the most serious threats to e-mail productivity and also Internet bandwidth usage. “It is estimated that a staggering 90 billion spam e-mails are sent every day and that over 80% of all e-mail sent across the Internet is spam. One cannot stop it being sent, so intercepting or identifying it before it reaches ones PC, at least reduces one`s wasted time, processing and annoyance.”
“If you have multiple Internet feeds, you can connect both of them to the DrayTek VigorPro 5510 to provide greater total bandwidth by using both at once; this uses load balancing to distribute the traffic evenly across both feeds, or you can set an uneven ratio. With failover backup, the secondary connection is normally inactive but is used automatically in the event of the primary connection failing. Bandwidth-on-demand (BoD) is where the second WAN interface is used whenever the first WAN interface exceeds preset throughput thresholds. This flexible dual-WAN facility provides redundancy and fault tolerance to your mission-critical network,” he concludes.
Main specifications:
* Security firewall with dedicated UTM Co-processor
* Unified threat management
* Scans in real-time (no proxy) including inside compressed files
* Scans inbound and outbound data packets and cross-packet boundary scanning
* Anti-virus – Scanning of recognised signatures
* Anti-spam – Detects incoming spam e-mail received via POP3 or SMTP
* Intrusion detection featuring DrayTek`s MSSI (Multi-Stack Stateful Inspection)
* DoS (denial of service) and DDoS attack blocking and detection
* Stateful packet inspection
* Deep packet inspection
* Blocking of non-HTTP content on Port 80 (switchable)
* DrayTek MSSI (Multi-Stack Stateful Scanning)
* IDP – inline intrusion detection system
* Unlimited file size scanning
* Rule-based packet filtering
* Selectable Web content filtering:
* Web URL keyword filtering – blacklist or whitelist of Web site URLs
* Block browsing by IP address
* Blocking download of Java applets and ActiveX controls
* Blocking of Web site cookies
* Block http downloads of file types:
* Binary executable: .EXE / .COM / .BAT / .SCR / .PIF
* Compressed: .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
* Multimedia: .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
* Time schedules for enabling/disabling the content restrictions
* Block P2P (peer-to-peer) file sharing programs
* Block instant messaging programs (eg, ICQ, MSN/Yahoo Messenger)
* Parental control using Surfcontrol Database – block/allow specific Web categories, for example block adult or uncategorised sites from your workplace or home
* Logging of Web activity to Syslog for audit trail purposes
* Automatic e-mailing to administrator of detected/foiled attacks/threats
* Secure (SSL) local and remote management and status monitoring
* Ethernet port mirroring for sniffing/diagnostic (VigorPro 5510 only)
Connectivity features include:
* Firewall throughput up to 90Mb/s
* VPN throughput up to 50Mb/s
* Twin-WAN ports:
* Load-balancing – Connect two broadband feeds and distribute your traffic between them either automatically or according to your chosen rule-set.
* Redundant failover – switch to secondary feed when primary fails
* Bandwidth-on-demand (BoD)- use secondary WAN based on demand
* Ethernet LAN ports with auto-crossover/uplink
* Four flexible LAN ports:
* VLAN – Segment ports into inclusive or exclusive groups
* Five Gigabit Ethernet LAN ports (VigorPro5510 only)
* 10/100BaseT with auto-crossover/uplink
* VPN features
* Up to 200 simultaneous VPN tunnels (VigorPro5510 only)
* Dial-in or dial-out, LAN-to-LAN or Teleworker-to-LAN
* Protocol support for PPTP, L2TP, IPSec, L2TP over IPSec
* MD-5 and SHA-1 authentication (hardware processed)
* Encryption: MPPE, DES/3DES & AES
* PFS (Perfect Forward Secrecy)
* Pre-shared/IKE keying and PKI (X.509) certificate support
* IKE Phase 1 aggressive/standard modes and phase two selectable lifetimes
* Radius support for dial-in teleworker profiles
* Compatible with other leading third-party vendor VPN devices
* Quality of service assurance
* Guarantee available bandwidth for priority services
* For example, ensure VOIP traffic always has bandwidth available
* Class-based policy by user-defined traffic categories
* Support for DiffServ CodePoint classifying
關鍵字 KEYWORD #VIGOR,5510,FIREWALL,ROUTER,防火牆,居易,DRAYTEK,SPECIFICATION