Lucent Technologies 1200 User Manual

Alcatel-Lucent VPN Firewall Brick 1200 Security Appliance

V P N , V o I P A N D Q o S S E C U R I T Y G A T E W AY S

The Alcatel-Lucent VPN Firewall Brick® 1200 security appliances take data security to new levels by providing up
to 4.75 Gbps firewall throughput, along with integrated high-speed VPN, VoIP Security, VLAN and virtual firewall
capabilities at a break though price. With QoS bandwidth management features, built in IDS/DoS protections and
high network performance, the VPN Firewall Brick 1200 security appliances provide solid security for large enterprise,
data centers and network-edge environments. This carrier-grade IP services platform provides excellent value with
low price/performance and total ownership costs, enabling service providers, government entities and large enterprises
to deploy secure IP and VPN services that enhance their business while maximizing returns on their capital investments.

A P P L I C A T I O N S

Advanced security services

VPN services for site-to-site and remote
access

Bandwidth management
capabilities

VoIP Security

Secure data center Web and
application hosting

Storage network security solution

Mobile data security

Packet Data Gateway and Packet Data
Interworking functions for fixed mobile
convergence Wifi VPN and VoIP/data
security

Managed Security Services

Unlicensed Mobile Access (UMA)
and IP Multimedia Subsystem (IMS)
Security

F E A T U R E S

• Integrated security platform —
Provides high-speed firewall, VPN,
QoS, VLAN and virtual firewall
capabilities in one configuration

• Industry-leading throughput —
Delivers up to 4.75Gbps firewall
performance, 1.7Gbps 3DES and
AES VPN performance with built-in
encryption accelerator cards (EAC),
depending on the Brick 1200 security
appliance version selected.

• Innovative security services —
Includes advanced distributed denial
of service attack protection, latest
IKEv2 standards, strong authentica­tion and real-time monitoring, logging
and reporting

• High capacity — Supports up to
20,000 simultaneous VPN tunnels,
4,094 VLANs, 1100 virtual firewalls,
and 3 million simultaneous sessions
(HS version)

B E N E F I T S

• Higher performance — Deliver an
enhanced user experience with up to

4.75 Gbps cleartext and 1.7Gbps
3DES and AES IPSec VPN throughput,
combined with best-in-class bandwidth
management — with customer-level,
user-level and server-level QoS control

• Low price/performance —
Get outstanding security and through­put for less than the per-Mbps price
of major competitors

• Low cost of ownership — One
configuration supports multiple IP
services with no additional or recurring
licensing fees

• Flexible deployment — Options
include premises- or network-based
services with shared or dedicated
hardware environments

• Economical growth path —
Seamless migration to advanced,VoIP,
QoS and VPN security services with
no added infrastructure investments

F E A T U R E S B E N E F I T S

• Central staging and secure
remote management — Provides
integrated control over thousands of
VPN Firewall Brick appliances and IPSec
client users (including the Alcatel­Lucent IPSec Client, from one console,
using the Alcatel-Lucent Security
Management Server (SMS) software

• High-availability architecture —
Eliminates any single point of failure

• Proven Secure — Virtually impene­trable hardened security operating

• Economical growth path — Seamless migration to advanced, VoIP, QoS
and VPN security services with no added infrastructure investments

• Plug-and-play interoperability — There’s no need for costly network recon­figurations or on-site support

• Cost-effective business continuity — Take advantage of low priced encryption
performance and maintain carrier-class reliability for today’s data-heavy
business applications

• Assured business continuity — native high availability with carrier-class reliability

• Centralized, scalable, carrier-class management — Centrally manage up
to 20,000 VPN Firewall Brick security appliances and 500,000 Alcatel-Lucent
IPSec Client (or third party IPSec client) users with Alcatel-Lucent Security
Management Server v9.0 or later.

system coupled with secure
management infrastructure.

T E C H N I C A L S P E C I F I C A T I O N S

Processor/Memory

• 3.6 GHz Processor with 2GB of RAM for Brick

1200 HS AC and DC models

• 3.2 GHz Processor with 1GB of RAM for Brick
1200 AC Model

LAN/VPN Interfaces

B R I C K 12 0 0 HS AC AN D D C MO D EL S

• (14) 10/100/1000 copper ports

• (6) GigE mini-GBIC SFP ports

• (1) VPN Encryption Accelerator

B R I C K 12 0 0 A C M O D EL

• (8) 10/100/1000 copper ports

• (2) GigE mini-GBIC SFP ports

• (1) VPN Encryption Accelerator

Other Ports

• SVGA video, DB9 serial, PS/2 keyboard, 4xUSB

Performance

B R I C K 12 0 0 HS AC OR H S D C

• Concurrent sessions – 3,000,000

• New sessions/second – 45,000

• Rules – 30,000 (shared among all virtual firewalls)

• Maximum cleartext throughput – 4.75Gbps (1460

byte UDP Packets)

• Maximum cleartext PPS throughput – 2,200,000
pps (78 byte UDP Packets)

• Maximum 3DES and AES 256 throughput with
hardware encryption acceleration

¬ 1.7 Gbps (1460 byte UDP Packets)

• Maximum 3DES and AES 256 PPS throughput with
hardware encryption acceleration

¬ 480,000 pps (78 byte UDP Packets

B R I C K 12 0 0 A C

• Concurrent sessions – 2,000,000

• New sessions/second – 30,000

• Rules – 30,000 (shared among all virtual

firewalls)

• Maximum cleartext throughput – 4.1 Gbps (1460
byte UDP Packets)

• Maximum cleartext PPS throughput – 2,016,000
pps (78 byte UDP Packets)

• Maximum 3DES and AES 256 throughput with
hardware encryption – 1.1 Gbps (1460 byte UDP
Packets)

• Maximum 3DES and AES 256 PPS throughput with
hardware encryption – 332,000 pps (78 byte UDP
Packets)

Virtualization

• Maximum number of virtual firewalls – 1100

(Brick 1200 HS AC or DC)

• Maximum number of virtual firewalls – 500 (Brick
1200 AC)

• Number of VLANs supported – 4,094

• VLAN domains – up to 16 per VLAN trunk

• VPN Firewall Brick partitions – allows for

virtualization of customer IP address range,
including support for overlapping IP addresses

Modes of Operation

• Bridging and/or routing on all interfaces

• All features supported with bridging

• IP routing with static routes

• 802.1Q VLAN tagging supported inbound and

outbound on any combination of ports

• Layer-2 VLAN bridging

• Network Address Translation (NAT)

• Port Address Translation (PAT)

• Policy-based NAT and PAT (per rule)

• Supports virtual IP addresses for both address

translation and VPN tunnel endpoints

• PPPoE and DHCP-assignable interface/VLAN
addresses

• Redundant DHCP Relay capabilities

• Dynamic registration of mobile VPN Firewall Brick

security appliance address for centralized remote
management

• Nested zone rule sets for common firewall
policies for all Bricks in the zone

• Link Aggregation

• Mobile Brick using integrated DHCP Client.

2 Alcatel-Lucent VPN Firewall Brick 1200 Security Appliance