Lucent Technologies VPN Firewall Brick 20 VPN Firewall Brick Platform 20 Technical Specifications

1.Processor/Memory

Rise mP6 120 MHz with 64MB RAM

2.LAN Interfaces

(3) 10/100 Base-TX Ethernet (RJ-45)

3.Other Ports

SVGA video, DB9 serial, external floppy, PS/2 keyboard

4.Performance

Concurrent sessions – 3,000 New sessions/second – 300

Rules – 30,000 (shared among all virtual firewalls)

Max clear text throughput – 125 Mbps (1518 byte TCP packets) 140 Mbps (1518 byte UDP packets)

Max PPS throughput – 40,000 pps (64 byte UDP packets)

Max 3DES throughput with software encryption – 3 Mbps (1518 byte TCP packets)

8.Layer-7 Application Support

Application Filter architecture supports Layer-7 protocol inspection for command validation, dynamic channel pinholes and application layer address translation. Application filters include http, ftp, tftp, H.323/H.323 RAS, Oracle SQL*Net, Net BIOS, DHCP Relay, DNS, GTP, SIP

9.Firewall Attack Detection and Protection

Generalized flood protection extensible to new flood attacks as discovered with patent-pending Intelligent Cache Management

SYN flood protection to specifically protect inbound servers, e.g. Web servers, from inbound TCP SYN floods

Strict TCP Validation to ensure TCP session state enforcement, validation of sequence and acknowledgement numbers, rejection of bad TCP flag combinations

Initial Sequence Number (ISN) rewriting for weak TCP stack implementations

Fragment flood protection with Robust Fragment Reassembly, ensures no partial or overlapping fragments are transmitted

5.Virtualization

Maximum number of virtual firewalls – 20 Number of VLANs supported – 4,094 VLAN domains – up to 16 per VLAN trunk

VPN Firewall Brick® partitions – allows for virtualization of customer IP address range, including support for overlapping IP addresses

6.Modes of Operation

Bridging and/or routing on all interfaces

All features supported with bridging

IP routing with static routes

802.1Q VLAN tagging supported inbound and outbound on any combination of ports

Layer-2 VLAN bridging

NAT (Network Address Translation)

PAT (Port Address Translation)

Policy-based NAT and PAT (per rule)

Supports virtual IP addresses for both address translation and VPN tunnel endpoints

DHCP-assignable interface/VLAN addresses

DHCP Relay capabilities

Dynamic registration of mobile VPN Firewall Brick® address for centralized remote management

PPPoE

7.Services Supported

Bootp, http, irc, netstat, pop3, snmp, tftp, pptp, dns, https, kerberos, nntp, rip, ssh, who, RADIUS, eigrp, ident, ldap, ntp, rip2, syslog, shell, X11, exec, gmp, login, ospf, rlogin, telnet, talk, H.323, ftp, imap, mbone, ping, rsh, traceroute, lotus notes, VoIP, Gopher, IPSec, netbios, pointcast, smtp, sql*net

Any IP protocol (user definable)

Any IP protocol + layer 4 ports (user definable)

Support for non-IP protocols as defined by DSAP/Ethertype

Generalized IP Packet Validation including detection of malformed packets such as ping of death, land attack, tear drop attack. Drops bad IP options as well as source route options

10.Content Security

Lucent Proxy Agent integrates load-shared content security services for:

Application protocol command blocking – HTTP, SMTP, FTP Virus scanning

URL screening

Application-layer protocol command recognition and filtering Application-layer command line length enforcement Unknown protocol command handling

Extensive session-oriented logging for application-layer commands and replies

Hostile mobile code blocking (Java®, ActiveX™)

URL blocking – with 8e6 Technologies’ X-Stop™ Xserver

Virus scanning – with Trend Micro’s InterScan™ VirusWall Anti-Virus Security Suite

11.QoS/Bandwidth Management

Classified by Physical Port, Virtual Firewall, Firewall Rule, Session

Bandwidth Guarantees – Into and out of Virtual Firewall, allocated in bits/second

Bandwidth Limits - Into and out of Virtual Firewall, allocated in bits/second, packets/session, sessions/second

ToS/DiffServ marking and matching

12.Firewall User Authentication

Browser-based authentication allows authentication of any user protocol

Built-in internal database – user limit 10,000 Local passwords, RADIUS, SecurID

User assignable RADIUS attributes