Avaya SG203/SG208 Security Gateway Hardware Installation Guide

Data authenticity is assured by using HMAC-MD5™ or HMAC-SHA-1 packet signatures to reject altered or forged packets. All security mechanisms employed by the security gateway conform to IPSec standards, in order to provide interoperability and broaden the use of VPN technology.

Performance

For maximum network flexibility, the SG203 security gateway supports four 10/100BASE-T Ethernet interfaces, and the SG208 supports four 10/ 100/1000BASE-T Ethernet interfaces.

When packets are encrypted and authenticated according to IPSec protocol guidelines, additional bytes, in the form of IPSec headers, must be added to packets. In many cases, the additional packet overhead imposes a performance penalty in return for security. The extra bytes tend to lengthen packets and reduce the throughput (measured in packets per second). The overhead depends on the IPSec policy and could be up to 63 bytes.

Table 2

SG203/208 performance specifications

 

 

 

 

 

 

 

 

SG203

SG208

 

 

 

 

 

IKE Sessions

3000

8000

 

 

 

 

 

IPSec Sessions

12,000

16,000

 

 

 

 

 

Subnets supported

2

1

 

 

 

 

 

Firewall TCP/UDP

200,000

300,000

 

Sessions

 

 

 

 

 

 

 

 

VPNremote users

100/3000

100/8000

 

(Default/Max)

 

 

 

 

 

 

 

Site to Site (Default/Max)

50/300

100/1000

 

 

 

 

 

Protected FW/VPN

3000

8000

 

Devices

 

 

 

 

 

 

 

 

12 Introduction

March 2004

Page 11 Page 13
Page 12
Image 12
Avaya SG208 manual Performance, SG203/208 performance specifications
Page 11 Page 13
Top Page Image Contents