1/37

VPN-

Next-Generation Firewall (NGFW)

2/37

►

►

Next-Generation Firewall (NGFW) VPN

Firewall

►

►

3/37

Next-Generation Firewall (NGFW) VPN Firewall

4/37

Firewall

1989

Packet Filter Firewall

1995

Stateful Inspection Firewall

1998

VPN, QoS

2005

Unified Threat Management

2010

Next-Generation Firewall

ARxxx AlliedWare

NGFW AR3050S/AR4050S VPN Firewall AR2010V/AR2050V

AlliedWare Plus

► Packet Filter Firewall L4

OSI ( TCP/UDP)

► Stateful Inspection Firewall

L4

► Unified Threat Management (UTM)

L7 OSI ( ), Deep Packet Inspection (DPI)

Intrusion Prevention System (IPS), Anti-Virus, Anti-Spam, VPN, (URL)

► Next-Generation Firewall (NGFW) UTM

5/37

Произв

од

ите

льность

Офис Крупная компания Небольшая/Средняя компания

AR4050S VPN Firewalls

AR2010V AR3050S

AR2050V

Next-Generation

Firewalls

6/37

AR3050S/AR4050S

USB

3G/4G

8 LAN

10/100/1000T

210 - RU)

2 WAN

SFP T

SD-

7/37

AR3050S/AR4050S

►

►

► AT-RKMT-J14

AT-RKMT-J15

8/37

AR3050S/AR4050S

AT-AR3050S AT-AR4050S

WAN, 10/100/1000T X SFP 2 2

LAN, 10/100/1000T 8 8

0 - 500 0 - 500

RIP RIPng

OSPFv4 OSPFv6

BGP4 BGP4+

PIMv4 PIMv6

PPPoE

DHCPv4/v6

VRRP VRRPv3

QoS, Traffic shaping

Web, CLI, SSH/Telnet, SNMP, AMF

-

AMF Master -

► Firewall c DPI

► Application Web control

► IDS/IPS

► IP Reputation

► Malware

► VPN

► IPv4 IPv6

► NAT

►QoS

►

► WAN-

► USB-3G/4G

► AMF

►

9/37

AR3050S/AR4050S

► Firewall c Deep Packet Inspection (DPI)

(Application Control)

► URL (Web Control)

-

► Intrusion Detection/Prevention System (IDS/IPS)

► IP Reputation IPS IP

IP Reputation

► Antivirus, Malware Protection adware, spyware

c

10/37

AR3050S/AR4050S Firewall

NAT

awplus(config)#zone private awplus(config-zone)#network lan awplus(config-network)#ip subnet 192.168.1.0/24 interface vlan1 awplus(config)#zone public awplus(config-zone)#network wan awplus(config-network)#ip subnet 0.0.0.0/0 interface eth2 awplus(config)#firewall awplus(config-firewall)#rule 200 permit any from private to public awplus(config)#nat awplus(config-nat)#rule 10 masq any from private to public

11/37

AR3050S/AR4050S Deep Packet Inspection (DPI)

NAVL

12/37

AR3050S/AR4050S Application Control

► Skype

► Skype

13/37

AR3050S/AR4050S URL

URL

14/37

AR3050S/AR4050S Intrusion Prevention System (IPS)

► IDS/IPS Suricata

► ETPro ,

► IQRisk IP Reputation)

15/37

AR3050S/AR4050S IP Reputation

IP Reputation

IPS

16/37

AR3050S/AR4050S Antivirus, Malware Protection

Kaspersky SafeStream II

► URL*

- -

►

►

(

*

17/37

AR3050S/AR4050S

► SSL VPN OpenVPN)

► IPSec VPN

► G/4G USB-

18/37

AR3050S/AR4050S - ► VRRP -

► - ETH

► VRRP

► ETH -

19/37

AR3050S/AR4050S L2

► L2 VLAN (pseudo-wire)

Bridge) VLAN TUNNEL

L2TPv3 L2 IP

L2TP IPsec

20/37

AR3050S/AR4050S AMF Allied Telesis Management Framework (AMF)

, CLI:

► AMF-Master

AMF-Member

21/37

AR3050S/AR4050S -

22/37

AR3050S/AR4050S -

23/37

AR3050S/AR4050S -

24/37

AR2050V

210 - RU)

USB

3G/4G

4 LAN

10/100/1000T 1 WAN

10/100/1000T

25/37

AR2050V

►

►

► AT-RKMT-J14

AT-RKMT-J15

26/37

AR2010V

140

USB

3G/4G 1 LAN

10/100/1000T

1 WAN

10/100/1000T DC

27/37

AR2010V

►

►

► AC

► DIN- AT-DRMT-J02

28/37

AR2010V/AR2050V

AT-AR2010V AT-AR2050V

WAN, 10/100/1000T 1 1

LAN, 10/100/1000T 1 4

AC DC AC

0 - 500 0 - 500

RIP RIPng

OSPFv4 OSPFv6

BGP4 BGP4+

PIMv4 PIMv6

PPPoE

DHCPv4/v6

VRRP VRRPv3

QoS, Traffic shaping

Web, CLI, SSH/Telnet, SNMP, AMF

- -

- -

DIN- -

► Firewall

► IDS/IPS

► VPN

► IPv4 IPv6

► NAT

►

QoS

►

► WAN-

(AR2050V)

► USB-

3G/4G

► AMF

►

29/37

AR2010V/AR2050V Firewall

NAT

awplus(config)#zone private awplus(config-zone)#network lan awplus(config-network)#ip subnet 192.168.1.0/24 interface vlan1 awplus(config)#zone public awplus(config-zone)#network wan awplus(config-network)#ip subnet 0.0.0.0/0 interface eth2 awplus(config)#firewall awplus(config-firewall)#rule 200 permit any from private to public awplus(config)#nat awplus(config-nat)#rule 10 masq any from private to public

30/37

AR2010V/AR2050V Intrusion Prevention System (IPS)

► IDS/IPS Suricata

►

31/37

AR2050V

► AR2050V

►NGFW (AR4050S

AMF)

►SSL

VPN OpenVPN)

► IPSec VPN

► G/4G USB-

32/37

AR2010V

► AR2010V

Machine-to-Machine (M2M)

► AR2010V

► IPSec VPN

AR2010V

► G/4G USB-

33/37

NGFW VPN Firewall

AT-AR2010V AT-AR2050V AT-AR3050S AT-AR4050S

2- 2- 2- 4-

5

- 4 4

700 700 750 1,900

- - 700 1,800

Firewall 100,000 100,000 100,000 300,000

3,600 3,600 3,600 12,000

IPS 200 200 220 750

IP Reputation - - 350 1,000

Malware protection - - 300 1,300

VPN 400 400 400 1000

IPsec VPN 50 50 50 200

SSL VPN 100 100 100 200

34/37

IDS/IPS App Control Web Control URL Filtering IP Reputation Malware

Protection Anti-virus

Suricata Procera Digital Arts Kaspersky Emerging

Threats Kaspersky Kaspersky

AT-AR2010V - - - - - -

AT-AR2050V - - - - - -

AT-AR3050S AT-FL-AR3-NGFW-y

(Next-Generation Firewall)

AT-FL-AR3-ATP-y

(Advanced Threat Protection) -

AT-AR4050S AT-FL-AR4-NGFW-y

(Next-Generation Firewall)

AT-FL-AR4-ATP-y

(Advanced Threat Protection)

y = (1, 3 5 )

AT-AR4050S

AMF Master ( 20 AMF) AT-FL-AR4-AM20-y

y = 1 5 )

35/37

.

AT-AR2010V AlliedWare Plus VPN Firewall, 1 x WAN 1 x LAN , 1 USB $600

AT-AR2050V AlliedWare Plus VPN Firewall, 1 x WAN x LAN , 1 USB $600

AT-AR3050S AlliedWare Plus Next-Generation Firewall, 2 x WAN x LAN , 1 USB $700

AT-FL-AR3-NGFW1 Next-Generation Firewall $500

AT-FL-AR3-NGFW3 Next-Generation Firewall $1 500

AT-FL-AR3-ATP1 Advanced Threat Protection $600

AT-FL-AR3-ATP3 Advanced Threat Protection $1 800

AT-AR4050S AlliedWare Plus Next-Generation Firewall, 2 x WAN x LAN , 1 USB $900

AT-FL-AR4-NGFW1 Next-Generation Firewall $750

AT-FL-AR4-NGFW3 Next-Generation Firewall $2 250

AT-FL-AR4-ATP1 Advanced Threat Protection $900

AT-FL-AR4-ATP3 Advanced Threat Protection $2 700

36/37

► Allied Telesis

http://www.alliedtelesis.com/products/securityapps

►

http://www.alliedtelesis.com/support/software

► AMF

http://www.alliedtelesis.com/solutions/amf

37/37

Americas Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895

Asia-Pacific Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830

EMEA & CSA Operations | Incheonweg 7 | 1437 EK Rozenburg | The Netherlands | T: +31 20 7950020 | F: +31 20 7950021

© 2016 Allied Telesis Inc. All rights reserved. Information in this document is subject to change without notice. Allcompany names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners.

► !

http://forum.alliedtelesis.ru