|
|
Products Center
Unified Threat Management
VigorPro 5300 |
|
|
1.
Anti-Virus
- Scan SMTP, POP3, HTTP, IMAP, FTP
- Scan ZIP / GZIP / BZIP2
- Scan Encrypted VPN Tunnels
- Automatic Virus Signature Update
- Automatic Alert when Signature Update
Service Expired
- Real-time E-mail / Syslog Alert when
Virus is Detected
- Block Fragmented Mail
- Block Multiples Sessions Download
|
2.
Anti-Intrusion
- Rule-based Detection List
- Pass / Disallow / Reset when Intrusion
is Detected
- Automatic Intrusion Signature Update
- Automatic Alert When Signature Update
Service Expired
- Real-time E-mail / Syslog Alert when
Under Attack
|
3.
Anti-Spam
- Real-time Scan SMTP, POP3
- Multi Language Detection
- Multi Type ( Graphic, Document, HTML
) Detection
- Single / Double Byte Coding Detection
- Black / White List
- Automatic Alert When License Expired
- Real-time Syslog Alert when Spam is
Detected
|
4.
Dual-WAN
- Outbound Policy-based Load-balance
- Bandwidth on Demand ( BoD )
- WAN Connection Fail-over
|
5.
SSL VPN
- Up to 30 SSL VPN Tunnels
- SSL Web Proxy
|
6.
WAN Protocol
- DHCP Client
- Static IP
- PPPoE
- PPTP
- BPA
- L2TP *
|
7.
VPN
- Up to 100 VPN Tunnels
- Protocol : PPTP, IPSec, L2TP, L2TP
over IPSec
- Encryption : MPPE and Hardware-Based
AES / DES / 3DES
- Authentication : Hardware-Based MD5,
SHA-1
- IKE Authentication : Pre-shared Key
and Digital Signature ( X.509 )
- LAN-to-LAN, Teleworker-to-LAN
- DHCP over IPSec
- IPSec NAT-Traversal ( NAT-T )
- Dead Peer Detection ( DPD )
- VPN Pass-through
|
8.
Firewall Facilities
- CSM ( Content Security Management
)
- URL Content Filter
- Web Content Filter
- IM / P2P Blocking
- Multi-NAT, DMZ Host, Port Redirection
and Open Port
- Object-based Firewall
- SPI ( Stateful Packet Inspection )
- Policy-based IP Packet Filter
- DoS / DDoS Prevention
- IP Address Anti-Spoofing
- E-Mail Alert and Logging via Syslog
- Bind IP to MAC Address
- Transparent Mode
|
9.
Bandwidth Management
- QoS
- Guarantee Bandwidth for VoIP
- Class-Based Bandwidth Guarantee
by User-defined Traffic Categories
- DiffServ Code Point Classifying
- 4-level Priority for Each Direction
( Inbound / Outbound )
- Bandwidth Borrowed
- Bandwidth / Session Limitation
|
10.
Network Features
- DHCP Client / Relay / Server
- IGMP Proxy
- Dynamic DNS
- NTP Client
- RADIUS Client
- DNS Cache / Proxy
- UPnP
- Port-Based VLAN
- Routing Protocol : Static Routing
, RIP V2
|
11.
Network Management
- Web-based User Interface ( HTTP/ HTTPS
)
- Quick Start Wizard
- CLI ( Command Line Interface, Telnet
/ SSH *
)
- Administration Access Control
- Configuration Backup / Restore
- Built-in Diagnostic Function
- Firmware Upgrade via TFTP / FTP /
Web UI
- Logging via Syslog
- SNMP Management with MIB-II
|
|
*
Firmware Upgradeable |
|
Technical
Specifications of VigorPro 5300 |
| Hardware
Interface |
WAN |
2x 10/100 Base-Tx
RJ45 ports |
| LAN |
4x 10/100 Base-Tx
RJ45 ports |
| Anti-Virus
|
Scan SMTP, POP3,
HTTP, IMAP, FTP |
| Scan ZIP / GZIP
/ BZIP2 |
| Scan Encrypted
VPN Tunnels |
| Automatic Virus
Signature Update |
| Automatic Alert
when Signature Update Service Expired |
| Real-time E-mail
/ Syslog Alert when Virus is Detected
|
| Anti-Intrusion |
Rule-based Detection
List |
| Pass / Disallow
/ Reset when Intrusion is Detected |
| Automatic Intrusion
Signature Update |
| Automatic Alert
when Signature Update Service Expired |
| Real-time E-mail
/ Syslog Alert when Under Attack |
| Anti-Spam |
Real-time Scan SMTP,
POP3 |
| Automatic Alert
when License Expired |
| Real-time Syslog
Alert when Spam is Detected |
| Multi Type ( Graphic,
Document, HTML ) Detection |
| Single / Double
Byte Coding Detection |
| Black / White List |
| Dual WAN |
Outbound Policy-based
Load-balance |
| Bandwidth on Demand
( BoD ) |
| WAN Connection Fail-over |
| SSL VPN |
Up to 30 SSL VPN
Tunnels |
| SSL Web Proxy |
| WAN Protocol |
DHCP Client |
| Static IP |
| PPPoE |
| PPTP |
| BPA |
| L2TP *
|
| VPN |
Up to 100 VPN Tunnels
|
| LAN-to-LAN, Teleworker-to-LAN
|
| Protocol : PPTP
/ IPSec / L2TP / L2TP over IPSec |
| Encryption : MPPE
and Hardware-based AES / DES / 3DES |
| Authentication :
Hardware-based MD5 , SHA-1 |
| DHCP over IPSec |
| IKE
Authentication |
Pre-shared Key |
| Digital Signature ( X.509
) |
| NAT-Traversal (
NAT-T) |
| Dead Peer Detection
( DPD ) |
| VPN Pass-through |
| Firewall
Facilities |
Stateful Packet Inspection
( SPI ) |
| CSM |
URL Content Filter |
| Web Content Filter |
| IM / P2P Blocking |
| Multi-NAT, DMZ
Host, Port Redirection and Open Port |
| Policy-based IP
Packet Filter |
| DoS / DDoS Prevention |
| IP Address Anti-Spoofing |
| E-mail Alert and
Logging via Syslog |
| Bind IP to MAC Address |
| Transparent Mode |
| Bandwidth
Management |
QoS |
Guarantee Bandwidth for VoIP |
| Class-Based Bandwidth Guarantee
by User-defined Traffic Categories |
| DiffServ Code Point Classifying |
| 4-level Priority for Each
Direction ( Inbound / Outbound ) |
| Bandwidth Borrowed |
| Bandwidth / Session
Limitation |
| Network
Features |
DHCP Client / Relay
/ Server |
| Dynamic DNS |
| NTP Client |
| Call Scheduling |
| RADIUS Client |
| DNS Cache / Proxy |
| UPnP |
| Port-based VLAN |
| Routing Protocol
: Static Routing , RIP V2 |
| Network
Management |
Web-based User Interface
( HTTP / HTTPS ) |
| Quick Start Wizard |
| CLI ( Command
Line Interface , Telnet ) |
| Administration Access
Control |
| Configuration Backup
/ Restore |
| Build-in Diagnostic
Function |
| Firmware Upgrade
via TFTP / FTP / Web UI |
| Logging via Syslog |
| SNMP Management
MIB-II |
| Temperature |
Operating : 0°C
~ 45°C |
| Storage : -25°C
~ 70°C |
| Humidity |
10% ~ 90% ( Non-condensing
) |
| Max. Power |
10 Watt |
| Dimension |
L240.96 * W165.07
* H43.96 ( mm ) |
| Power |
DC 15V / 1.34A |
*
Firmware Upgradeable |
|
|
DrayTek provides customer free access to the latest
virus / hacker signature for and information update
for a period of time. Considering customer's needs to
minimize supporting effort, DrayTek support team also
provides service for VigorPro 5300 series to get the
latest signature updated from DrayTek's server automatically.
The all-in-one design makes network management simple
and easy.
Figure 2. VigorPro
5300 Application |
|
| Anti-Spam |
|
Download
Anti-Spam Flash
|
| SSL
VPN Application |
| Without the necessity of installing
VPN client on individual PC, the Secure Socket Layer
(SSL) virtual private network (VPN) facility lets
remote workers connect to the office network at any
one time. SSL is supported by standard web browsers
such as FireFox and IE. For users of small offices
and teleworkers who need to access enterprises's internal
applications, file server and file sharing, VigorPro5300
UTM series allow up to 30 concurrent SSL sessions. |
Figure 3. SSL VPN Application
|
|
| All-in-one
Unified Security Firewall |
VigorPro 5300 Series is an all-in-one Anti-Viurs,
Anti-Intrusion and Anti-Spam security application for
SOHO and branch office. VigorPro 5300 series provides
real-time network protection against viruses, worms
and malicious programs via e-mail, FTP and web browser.
The rule-based website contact filtering blocks improper
connection to internet in flexible way, With DrayTek's
DrayOS™ as kernel, VigorPro 5300 series provides
robust and stable VPN, firewall and routing functionality
as well.
Figure 4. All-in-one
Unified Security Firewall |
|
| Hardware-accelerated,
Real-time Response |
The VigorPro 5300 employs a unique, hardware-accelerated
architecture the provides the ability to perform real-time
security without slowing critical network applications,
such as Web traffic. Software-based anti-virus systems,
which are designed for scanning non-real-time email
messages, are too slow to be used to scan Web traffic
or other real-time network applications.
Figure 5. Hardware-accelerated,
Real-time Response |
|
| Network-level
Protection |
Conventional way to protection against virus or malicious
program, it required each host to install software on
the host. To install software on a large number of hosts
is a time consuming process. To evaluate for vulnerabilities,
both scan engine and virus database needs constant upgrade.
It is very costly and annoying for IT personnel with
high maintenance. While VigorPro 5300 works as firewall
as well as internet gateway, so by nature VigorPro 5300
blocks any attacks at the point of network entry. Through
the user interface, the security administrator can monitor
and instruct the VigorPro 5300 to look for any vulnerability
in network-level. Provide protection of all hosts inside
network edge before threats intrude.
Figure 6. Network-level
Protection |
|
| Content-based
Inline Inspection |
Conventional firewalls only inspect packets connection
behavior to against any connection-based attack. While
the content-based threats today. such as virus, worms,
Trojans or banned content, which spread faster and do
more damage. Conventional firewalls bypass the widely
spread content-based threat and expose internal network
to outside world. VigorPro 5300 deploys DrayTek's unique
MSSI™ ( Multi-stack Stateful Inspection) mechanism.
With MSSI™ , VigorPro 5300 inspects packet streams,
compares any suspected content or behavior with build-in
database in real-time, and provide inline anti-virus
and anti-intrusion protection.
Figure 7. Content-based
Inline Inspection |
|
|
| WhitePapers
|
CSM-IM/P2P
V2.0
In a company, most of people will do the following
things, receiving email, browsing web pages, using
IM software for communication with friends or customers,
using P2P software to download files, and etc. In
which, IM software is a tool which might reveal
confidential information of a company and would
be a channel of virus infection. P2P protocol also
is the arch-criminal of bandwidth waste and a hotbed
for spyware, Trojan horse program and backdoor program.
-
The
Eeffect of Packer to the Anti-Virus Industry
Packer is a program which can compress and recode
execution files such as EXE, DLL, SCR, and etc.
The original purpose is simply just to compress
the size of execution file.
-
Challenge
and Response of IDP
IDP system rises up from information security market
gradually. The IDP technique also becomes one of
the focal point for discussion in the forum of network
security trend (Note 1). Each IDP manufacturer might
announce that they know what the components that
"best" IDP system should contain. Yet, whether the
IDP system is successful or not is determined by
if it can help the users blocking the network attack
efficiently. Below we will discuss how many components
a good IDP system should have [RGB].
-
CSM
V1.02
For the technology of controlling IM/P2P, CSM does
not use communication port to detect and block which
is commonly used in software, but uses the way of
signature (usually used to detect virus) to match
the packet content when the packet transmitted through
network and router. If the packet content contains
the feature of IM/P2P that needed to be blocked,
then such connection will be interdicted....
-
Evolutionism
of Intrusion Detection
The network technology changes with each passing
day; and the attack technique of hacker also weeds
through the old to bring forth the new. Worms such
as Code Red, Nimda, Slammer, Blaster and Sasser
always regard the firewall /anti-virus software
as nothing at the beginning of attack. They drive
into the core server of enterprise with sudden speed
directly, paralyze the operation of the server,
or clog the bandwidth of network to cause large
loss of the enterprise...
-
The
Most Widespread Network Threat
The earliest DoS (Denial of Service) attack appeared
during 1996 ~1997. At that time, the IT magazines
in USA spread simple DoS tools. From 1997 to 1998,
the CERT (Coordination Center, CERT® /CC) announced
DoS events with various techniques continually.
Till February, 2000, some famous websites such as
Yahoo and Amazon were attacked by hackers with DDoS
(Distributed Denial of Service). Such attacks blocked
their services to the customers and caused great
damages to the companies. The gravity of DoS attack
was come up and became a key issue of network security
to be discussed widely. After that,the nightmare
of DoS has never been stopped...
|
|
|
|
|
Page last modified : 10 December 2008 |