TeamF1 : Products : Security Gateway Solution :

Security Gateway Solution

Turnkey SMB VPN/Firewall Gateway

The SecureF1rst Security Gateway Solution (SGS) from TeamF1 is a comprehensive turnkey software package that combines a rich set of field-proven, standard components with an array of customizable options to provide OEMs/ODMs the ultimate in product flexibility.

As a member of TeamF1�s SecureF1rst line of innovative prepackaged solutions, the Security Gateway Solution enables OEMs/ODMs to deliver leading-edge VPN/firewall gateway devices to the market in record time at far less risk than traditional development approaches. Devices built around SecureF1rst SGS offer end-customers ironclad, advanced networking security; easy-to-use device management features; and multiple gateway options.

In order to create specific instances of SecureF1rst SGS, TeamF1 leverages pre-existing software blocks that have proven their merit in numerous deployments, not only minimizing risk for OEMs but also keeping licensing terms flexible. And only SecureF1rst SGS can offer such a comprehensive set of features with completely modular packaging that allows for full customization to meet an OEM�s specific requirements.

PDF datasheet

ds-2.1

Technical Specifications

Interfaces

� Ethernet WAN (single or multiple)

� xDSL/Cable/WWAN ISP Corporate LAN compatible

� Wireless WAN (GPRS / EVDO / 3G / LTE / WiMAX)

� Dialup WAN

� Ethernet LAN port or switch (managed/unmanaged)

� Wi-Fi LAN Access Point or client (e.g. Muni Wi-Fi or travel router)

Protocol Support

� IP routing (IPv4 and IPv6)

� TCP/IP, UDP, ICMP

� STP, RSTP, MSTP

� PPPoE, PPTP, L2TP client, including multi-instance capable

� DHCP (with option 60 VCI support )

� DNS/DNSsec Server/Proxy

� NTP, NTPv4

� RIPv1, RIPv2, RIPng with multi-cast and authentication support

� IPsec (ESP, AH), IKE, IKEv2

� IEEE 802.11 standards including a ratified version of 802.11n

� SIP, FTP and other common ALGs

� Bonjour (zeroconfig), LLDP and other common discovery protocols

Networking Capabilities

� Static Routing, Dynamic Routing

� Unlimited users per port

� Static IP address assignment

� Internal DHCP server on LAN, including multi-instance DHCP server

� DHCP client on WAN

� PPPoE client support: Static and dynamic

� Outbound protocol binding

� PPTP (e.g. Austria DSL) client support for login

� Telestra BigPond (Australia) authentication support

� DHCP address reservation and MAC filtering

� IGMP snooping and direct multicast

� Dynamic DNS clients (DynDNS, Iego, PeanutHull, DDNS 3322, others)

� NAT or classical routing

� Transparent bridging

� VLAN (static/dynamic, QoS, subneting)

� Port-Triggering

� uPNP

� Configurable MTU, PMTU discovery

� Multiple LAN sub-nets

� MTA (client and server)

� Network device on USB (NAS, printer, 3G, WCN, storage device for sharing or firmware update)

Wireless Features

� 802.11 a/b/g/n radio support

� Customizable SSID

� WEP/WPA/WPA2/WPS

� Personal mode and Enterprise mode

� MAC Access List

� Disable SSID broadcast

� Auto Channel detect

� Rogue AP detection

� QoS (WMM)

� WDS (Wireless Distribution System)

� IAPP

� Multi-radio, Multi-Virtual AP

� Client Isolation on same AP

� ToD (Time of Day) active AP

� SSID based VLANs

Security Features

� SPI Firewall

� DoS Attack Resistance

� Packet-filtering Firewall

� IDS/IPS (Intrusion Detection/Prevention Service)

� WIPS (Wireless Intrusion Prevention Service)

� GAV (Gateway Anti-Virus)

� WCF (Web Content Filtering)

� Java / URL / ActiveX blocking

� DNSsec

� E-mail alerts

� Pre-set security levels in Firewall

� Flexibility to restrict number of VPNs

� Port / service blocking

� 10,000+ tested VPN tunnels

� Manual key and IKE SAs

� Preshared keys and RSA signatures IKE authentication

� Choice of advanced encryption and integrity algorithms

� AH/AH-ESP support

� Diffie-Hellman and PFS support

� Main, Aggressive, Quick IKE modes

� FQDN based VPN connections

� Key and IKE lifetime settings

� Replay attack prevention

� Remote access VPN (client-to-site)

� Site-to-site VPN: Hub and spoke, mesh

� Microsoft MS-CHAP

� IPSec NAT traversal (RFCs 3947/3948)

� PNAC (Port based Network Access Control)

� Kerberos Authentication Agent

� Firewall multiple zones

� VPN redundancy and backup

� One to one and many to one NAT

� XAUTH and External RADIUS server authentication

� Internal local user database

� VPN ModeConfig Support authentication

� IKE keep-alive

� Multiple schedules in firewall

Cryptography

» MD5

� SHA-1/ SHA-256/384/512

� DES/3DES

� AES 128/192/256

� RC-4

� Blowfish

� RSA/DSA

� DH Groups 1,2,5,14

� X.509 v.3 certificates

Management and Administration

� Intuitive, easily brandable browser based GUI

� Login with two factor authentication

� Multiple profiles and rights

� SNMP v2.c and v3 (control / monitor)

� TR-069 family of protocols for remote access & provisioning

� FTP/SFTP, Telnet/SSH, RCP/SCP

� Serial console (RS232/USB) CLI support

� SSL (HTTPS) based remote mgmt with IP address restrictions

� Display usage-reports & router status

� Localization and Internationalization

� Save/Restore configuration settings

� USB thumb-drive booting and configuration/firmware backup/restore

� GUI based firmware upgrade

� Captive Portal feature

� SYSLOG, email logs, alerts

� SMTP authentication for emails

� Traffic Metering

� ToD (Time of Day) policies

� Admin inactivity timeout

� Configuration upload in ASCII

� Restore factory defaults, last known good configuration

� Comprehensive logging

� Diagnostics ping, DNS lookup, trace-route, web-based packet capture

� Support for manufacturing tests access for ODMs