Alcatel-Lucent VPN Firewall Portfolio
Protect your network with innovative security solutions.
Optimize IT staff time and effort while minimizing
total cost of ownership.
Benefits
• Deploy robust security safeguards enterprise-wide
Implement large-scale VPN support with high-performance packet processing
•
• Streamline firewall deployment, configuration and management
• Leverage high-availability bandwidth management for consistent service quality
Secure your V
•
• Sustain business continuity with carrier-class reliability and availability
• Keep total ownership costs low
oIP and Next-Generation multimedia applications
Complete, cost-effective solutions for
network security, VPN, service-quality
assurance and more
The Alcatel-Lucent VPN Firewall portfolio offers a broad
range of enterprise and carrier-class security solutions
to protect corporate and service provider networks
delivering mission-critical IP applications to
headquarter employees, branch offices, trading
partners, road warriors and customers.
Alcatel-Lucent VPN Firewall solutions can help stretch IT
budgets with superb price/performance and low total
ownership costs. Leading-edge technology with
timesaving, work-saving features help maximize IT
staff resources. And ample flexibility, availability and
scalability can simplify deployment and management
of diverse applications including:
• Advanced security services
• VPN services for site-to-site and remote access
• Bandwidth management capabilities
• Secure data center Web and application hosting
• Storage network secure solution
• Mobile data security
• Packet Data Gateway and Packet Data Interworking
Functions for Dual-Mode Wireless/WiFi VPN and
VoIP/Data Security
The Alcatel-Lucent VPN Firewall Portfolio forms a
unique 3-tier security architecture and includes:
VPN Firewall Brick®platforms – Security appliances that
•
integrate application layer inspection, firewall
functionality with advanced VPN capabilities for smalloffice through data-center requirements
Alcatel-Lucent Security Management Server (SMS) – Software
•
for robust, tightly synchronized firewall, VPN, service
quality, VLAN and virtual firewall policy management.
•
lcatel-Lucent IPSec Client
A
– Software that provides
secure remote access VPN services for mobile
workforce and telecommuters.
Deploy robust security safeguards
network-wide
VPN Firewall Brick®platforms are built as security-
specific devices. In contrast to traditional router-based
systems, they operate as intrinsically secure Ethernetlayer bridges that are virtually invisible to hackers
scanning your network. Completely segregated from
the routing process, these security appliances are not
vulnerable to dynamic routing protocol attacks. In
many instances, they are undetectable by any device
not on the same network segment, protecting
enterprises with a high level of stealth security.
Reinforcing this depth of defense is the platforms’
innovative, Bell Labs-developed operating system, a
compact real-time kernel designed exclusively for
security. Far less easily compromised than generalpurpose operating systems running on server platforms,
this exceptionally thin system virtually eliminates all
points of vulnerability. As a result, VPN Firewall Brick
platforms have no security-threatening back doors (no
telnet, ftp, HTTP or other insecure access method can be
used to compromise the configuration of these security
devices) and can only be accessed by a secure, encrypted
management channel from the Alcatel-Lucent SMS
software.
Alcatel-Lucent SMS software adds exposure-limiting
safeguards including strong IP-specific denial-ofservice attack protection, premium firewall and VPN
authentication services, application-layer defense and
content-level security including command blocking,
URL blocking and virus scanning.
®
IPSec Client 9.0
• Easy to use IPSec w/IKE
Auto policy download
•
• Stateful Firewall
• Client “status logs”
Managed client option
•
• Interoperable with
full portfolio
®
350 and Brick®1100 are not available in Europe.All other models are
* Brick
compliant with European RoHS (Restriction of Hazardous Substances) directive
VPN Firewall
®
Brick
50
• (3) 10/100 ports
195 Mbps fir
•
• 75 Mbps 3DES
• 135,000 sessions
1000
•
• 50 virtual firewalls
ewall
VPN tunnels
VPN Firewall
®
Brick
150
• (4) 10/100 ports
330 Mbps fir
•
• 127 Mbps 3DES
• 245,000 sessions
1000
•
• 150 virtual firewalls
ewall
VPN tunnels
VPN Firewall
®
Brick
350*
• (7) 10/100 ports
(1) 10/100/1000 port
•
• 787 Mbps firewall
• 404 Mbps 3DES
1,000,000 sessions
•
• 5400 VPN tunnels
• 300 virtual firewalls
.
VPN Firewall
®
Brick
700
• (8) 10/100/1000 port
•
• 425Mbps 3DES
• 1,000,000 sessions
•
• 350 virtual firewalls
1.7 Gbps fir
VPN tunnels
7500
ewall
VPN Firewall
®
Brick
1100*
• (4) GigE Fiber or
(13) GigE Copper
(7) 10/100
ewall
3 Gbps fir
•
• up to 1 Gbps 3DES
• 4,000,000 sessions
VPN tunnels
20000
•
• 1,000 virtual firewalls
• Brick 1100A has AES
H/W Accel
VPN Firewall
®
Brick
1200/1200HS
• (2) or (6) mini-GBIC SFP
(8) or (14) 10/100/1000
port
3.0 or 4.75Gbps fir
•
• 1.1 or 1.7Gbps 3DES
• 2,000,000 or 3,000,000
sessions
10000 or 20000
•
tunnels
• 500 or 1100 virtual
firewalls
VPN
Alcatel-Lucent Security Management Server
Software for robust, tightly synchronized firewall, VPN, service quality, VLAN and virtual firewall policy management.
arrior SOHO ROBO Small Enterprise Mid Enterprise Large Enterprise
W
Road
Data Center
VPN Firewall Brick®platforms deliver bullet-proof security and comprehensive, high-performance VPN capabilities for
enterprise environments ranging from small offices to large data centers.
2
ewall
Active/Active
Management
V
LAN 100
Extranet Server
V
LAN 200
SAP Server
V
LAN 300
Mail Server
V
LAN 400
Public Server
VLAN 400
Public Server
IP Network
Data Center
Services
Network-based
Services
Mobile/IPSec Client
Services
Centralized Management
with Alcatel-Lucent SMS
CPE-based
Services
Existing
Router
Existing
Router
Existing
Router
VPN Firewall
Brick
®
50/150
VPN Firewall
Brick
®
350
VPN Firewall
B
rick
®
7
00
A
lcatel-Lucent
Security
M
anagement
Server
Alcatel-Lucent
S
ecurity
M
anagement
Server
EMEA NOC
U
SA NOC
VPN Firewall
Brick
®
1100
VPN Firewall
Brick
®
1200 HS
IPSec
Client
The Alcatel-Lucent VPN Firewall
portfolio offers flexible deployment
options to suit enterprise network
strategies and users’ diverse needs.
Implement large-scale VPN support with
high-performance packet processing
VPN Firewall Brick®platforms deliver the performance
needed to provide vital security and VPN services for
thousands of enterprise users. High-capacity packetprocessing capabilities help maximize user efficiency
and productivity with up to 1.7 Gbps VPN throughput
and a full 4.75 Gbps firewall throughput.
Portfolio-wide scalability helps protect expanding user
populations cost effectively. A single VPN Firewall
Brick®unit can support up to 4 million simultaneous
sessions and over 20,000 simultaneous VPN tunnels.
Its highly efficient operating system contributes to
these outstanding processing capabilities by freeing
memory for session and policy management.
Streamline firewall deployment,
configuration and management
VPN Firewall Brick®platforms can be installed and
working at any network location. These flexible
bridging firewalls work as quickly as a physical
connection can be made. There’s no need to resegment the network, worry about downtime during
network conversion to the new topology or wait as
hosts are directed to a new gateway. Alcatel-Lucent
SMS software delivers:
• Sophisticated IP services management capabilities with
low operating costs to manage security, not individual
devices – easy security deployment, management and
maintenance with centrally controlled VPN Firewall
Brick®clients
Scalability to rapidly provision and manage up to
•
20,000 VPN Firewall Brick®platforms and 500,000
IPSec Client users from one console – fewer devices to
maintain and fewer people to maintain them
• Seamless integration of firewall, VPN, bandwidth
management, virtual LAN (VLAN) and virtual firewall
policy management – centralized realtime monitoring,
robust logging and customized reporting capabilities
• Integrated Denial of Service protections, Intrusion
Detection/Prevention facilities and Bell Labs-developed
Intelligent Cache Management capabilities maximizes
uptime and mitigates impacts of network attacks
Leverage high-availability bandwidth
management for consistent service quality
VPN Firewall Brick®platforms can increase both network
security and quality of service through uniquely granular
bandwidth management. They incorporate – at no extra
charge – robust implementation of class-based queuing
(CBQ) technology for committed-rate bandwidth control
and traffic prioritization. Bandwidth limits to help defend
against flood attacks, and bandwidth guarantees to
enhance end-user experiences, are enforced at the server
and user levels. Traffic can be classified by physical
interface, virtual firewall, policy rule and session, enabling
simplified yet precisely targeted security implementations.
Sustain business continuity with
carrier-class reliability and availability
A high-availability architecture is built into every
component of the Alcatel-Lucent VPN Firewall portfolio.
There is no single point of failure solution-wide. All
VPN Firewall Brick®models support native subsecond
failover to a standby unit. In an outage, services
continue uninterrupted. Out-of-band management
capabilities help ensure continued service even if
communications are lost due to a network outage. For
added reliability, Alcatel-Lucent SMS software can be
distributed across multiple geographically dispersed
operations centers for active/active network
redundancy. This enables immediate disaster recovery
in the event of a catastrophe at the primary
management location.
3
Keep your total ownership costs low
VPN Firewall solutions efficiently address the need to
contain operations outlays, make efficient use of inhouse technical expertise and protect network
investments. All solution components are built to
interoperate smoothly with existing infrastructure
elements. Introducing them requires no costly
network retrofits.
VPN Firewall Brick®products help cut IT staff hours and
shorten time-to-service with its full-featured bridging
support. And because it doesn’t run on a generalpurpose operating system, it eliminates the high costs
and time-intensive efforts associated with OS upgrades
and patches.
The performance-proven Alcatel-Lucent SMS security
management solution offers one simple, economical
licensing structure – without costly additional modules
or recurring license fees. Its high-capacity processing
and high-device-count management capabilities help
minimize additional capital-equipment purchases.
And its comprehensive security safeguards
dramatically reduce network vulnerabilities that
consume IT staff time and budget.
Alcatel-Lucent VPN Firewall Portfolio
implified management
• S
entralized staging, real-time monitoring and no-touch
c
management of all VPN, security and service-quality
assurance capabilities via scalable, proven Lucent SMS
• Full-featured bridging – enables stealthy, depth-of
defense security that conventional router-based
firewalls cannot match
• Advanced security safeguards – denial-of-service attack
protection; high-speed content security; premium
authentication services; with no occurrences of
reported advisories or vulnerabilities and no
backdoors.
• Uniquely granular bandwidth management – maximize
service quality via flexible class-based queuing (CBQ)
technology, server-level and user-level limits and
guarantees
• Carrier-grade reliability – native high-availability
architecture with no single point of failure
Rules Based Routing – Routes all packets matching the
•
rule to a proxy server, router or other device utilizing
third party software to perform content filtering
functions such as command blocking, URL filtering
and virus scanning. Allows transparent interaction
with any third party equipment.
• High-performance packet processing – supports up to
4 million simultaneous sessions, 1100 virtual firewalls,
20,000 VPN tunnels
• Ultra-thin, highly secure operating system – virtually
impenetrable to hacker attacks; frees memory for
packet processing, policy management
• Virtual firewall and VLAN support – easily assign and
enforce security policies for diverse user groups
• Plug-and-play deployment – implement secure mission
critical applications without costly, time-intensive
network reconfiguration
• Low ownership costs – no ongoing feature-licensing
expenses; easy installation, management and upgrades
save IT staff time and effort; high-performance, high
capacity features reduce the need to purchase
additional equipment
– unique client/server design;
To learn more about our comprehensive portfolio, contact
your Alcatel-Lucent sales representative, authorized reseller
or sales agent.
You can also visit our web site at www.alcatel-lucent.com.
This document is provided for planning purposes only and does
not create, modify or supplement any warranties which may be
made by Alcatel-Lucent relating to the products and/or services
described herein. The publication of information contained in
this document does not imply freedom from patent or other
protective rights of Alcatel-Lucent or third parties.
VPN Firewall Brick is a registered trademark of Alcatel-Lucent.
T is a registered trademark and service mark of Carnegie
CER
Mellon University.
Copyright © 2006
Alcatel-Lucent
All rights reserved
LVF.ENT v6.0107
Loading...