air live rs 1200
TRANSCRIPT
RS-1200RS-1200
AirLive RS-1200AirLive RS-1200
Product introductionProduct introduction
RS-1200RS-1200
Multi-function Dual WAN Security GatewayMulti-function Dual WAN Security Gateway
RS-1200 Security Gateway can offer complete advance Firewall,2-Way Bandwidth manager, VPN servers, Messenger Control, Access Authentication, and much more functions in an all-in-one box.
IntroductionIntroduction
RS-1200RS-1200
Specification:Processor : Intel IXP425, 266MHz Memory: 8MB Flash ROM, 64MB SDRAM
RS-1200RS-1200Hardware overviewHardware overview
WAN1 WAN2 LAN DMZ
Connect two different ISP network service, like ADXL, Cable modem, Leased line,
Connect to LAN networkLike switch, hub, or LAN pc.
Connect to DMZ network
Hardware overviewHardware overview
RS-1200RS-1200
Key FeaturesKey Features
• QoS Bandwidth Management
• IPsec /PPTP VPN Server
• Dual WAN Connection The RS-1200 offer 2 of WAN interface for load balancing and redundancy
Administrators can control the bandwidth speed for downstream and upstream traffic separately.
If you want to work from home or connect 2 office networks together over Internet securely
• DMZ port support
DMZ port is a specific hardware port that lets outside user from internet accessyour servers without exposing your network to attack.
Key FeaturesKey Features
RS-1200RS-1200
Key FeaturesKey Features
• Syslog, Content Filter, IM blocking
• Password Authentication for Internet Access
• Multiple Virtual Server
Up to 4 real IP addresses are supported let you setting each with its own NAT table
This feature is useful for system administrator who want to limit certain service to certain individuals regardless of which station they use
RS-1200 have Content filter function that can filtering for restrict access for specified Web site, blocking Script, P2P application (like eMule, Bit Torrent ) , Internet Message application (like ICQ, MSN,Skype..)
• Policy Based Firewall with scheduling
All the packets that go through RS-1200 must pass the policy permission (except VPN). Therefore, the LAN, WAN, and DMZ network have to set the applicable policy when establish network connection.
Key FeaturesKey Features
RS-1200RS-1200
Outbound Load balancing
Dual WAN connectionDual WAN connection
WAN1 : ISP A connection (WAN IP: 61.11.11.11) WAN2 : ISP B connection (WAN IP:211.22.22.22)
user1user2user3user4
For setting Auto balancedAuto balanced mode example, when WAN1 traffic is busy, now user3,user4 want to connect to internet , user3,user4 will be auto sense through WAN2 for internet connection. That increase the upstream bandwidth.
functionsfunctions
RS-1200RS-1200
Redundancy
Dual WAN connectionDual WAN connection
WAN1 : ISP A connection (WAN IP: 61.11.11.11) WAN2 : ISP B connection (WAN IP211.22.22.22)
user1user2user3User 4
If the WAN1 connection is fail, RS-1200 will auto sense the client to connect internet
through WAN2, so the feature can maintaining a reliable connection
functionsfunctions
RS-1200RS-1200
DMZ port supportDMZ port support
So let outside user from internet access your servers without exposing your network to attack. This setup can protects your local network from the traffic to the server group
You can put your server group on the DMZ port, like Web Server, FTP server..
and put your PC network on the regular LAN port.
functionsfunctions
RS-1200RS-1200
2-way Qos Bandwidth Management2-way Qos Bandwidth Management
By configuring the QoS, you can control the OutBound and InBound Upstream/Downstream Bandwidth.
The RS-1200 configures the bandwidth by different QoS, and selects the suitable QoS through Policy to control and efficiently distribute bandwidth
IPsec / PPTP VPN server and ClientIPsec / PPTP VPN server and Client
The RS-1200 adopts VPN to set up safe and private network service. And combine the remote Authentication system in order to integrate the remote network and PC of the enterprise. Also provide the enterprise and remote users a safe encryption way to have best efficiency and encryption when delivering data.
functionsfunctions
RS-1200RS-1200
Policy Based Firewall with Scheduling Policy Based Firewall with Scheduling All the network packets that go through RS-1200 must pass the policy
permission when establish network connections
Administrator can define many different policy objects to setup incoming or outgoing policy and can be activate or deactivate by automatic scheduling
example: you can define the schedule policy object from 9:00am to 6:00 pm ,Monday to Friday (working-time) and setup outgoing policy to restrict MSN service from internal network.
functionsfunctions
RS-1200RS-1200
Multiple Virtual ServerMultiple Virtual Server
functionsfunctions
RS-1200 can support up to 4 real IP addresses for each with its own can mapping 4 virtual IPs.So we can use this function for variety application.
Virtual server means the server is connect to LAN and have private IP address, but external users cannot connect to its private IP Address directly. so need this function to map Private IP to Real IP that can offer related service for internet users
RS-1200RS-1200
Multiple Virtual ServerMultiple Virtual Server
functionsfunctions
Make a single server that provides several services such as FTP, Web, and Mail, to provide service
Make several servers that provide a single service
One to one mapping 4 virtual server IP addressesOne to many mapping
1 real IP address
Application sample
(usually use for VoIP,NetMetting,Online Gaming application)
RS-1200RS-1200
Password Authentication for Internet AccessPassword Authentication for Internet Access
Syslog, Content Filtering, IM blockingSyslog, Content Filtering, IM blocking
RS-1200 can only allow the users who pass authentication to access to Internet in particular time
RS-1200 have Content filter function that can filtering for restrict access specified Web site,blocking Script, P2P application (like eMule, Bit Torrent ) , Internet Message application (like ICQ, MSN,Skype..)
The traffic log can be sent automatically by email or by Syslog function.
functionsfunctions
Anti-attack (security function)Anti-attack (security function)
RS-1200 have built-in Anti-attack security functions that protect your network to prevent network attacklike Ping of Death, Port Scan, Dos, SYN,SPI.
RS-1200RS-1200
AirLive RS Family Security Gateway ComparisonAirLive RS Family Security Gateway Comparison
1 (10/100)╳╳DMZ port
○○○Support xDSL/Cable/Leased Line
2 (10/100)1 (10/100)1 (10/100)Shield RJ-45 Ethernet UTP port
WAN port
1 (10/100) 1 (10/100) 4 (10/100)Shield RJ-45 Ethernet UTP portLAN port (Switch Hub)
8MB (Flash)8MB (Flash) 16MB (Flash)Flash ROM
64 MB64 MB32 MBDRAM
Intel IXP425, 266MHzIntel IXP425, 400MHzWaveplus MIPS 100MhzCPU
Hardware
RS-1200RS-2000RS-1000
comparisoncomparison
RS-1200RS-1200
AirLive RS Family Security Gateway ComparisonAirLive RS Family Security Gateway Comparison
RS-1200RS-2000RS-1000
○○╳Messages to display
○○╳URL to redirectAuthentication Status
20╳╳Authentication Group(Max entry)
200200( Policy )200 ( Policy )Authentication User(Max entry)
Authentication
25Mbps50Mbps10MbpsQos Max. Bandwidth (MB) limited
100100100QoS(Max entry)
○○○Priority-bandwidth utilization
○○○Guaranteed Bandwidth
QoS
Bandwidth Manager Function
RS-1200RS-2000RS-1000
6,5008,000150New Sessions / Second
45,00045,00016,500Max Concurrent Sessions
9 Mbps15 Mbps╳3DES Encryption
11 Mbps16 Mbps╳Authentication (No Encryption)VPN
70 Mbps100 Mbps13 MbpsWAN-LAN
Throughput
Performance
20~25 50 5-10Concurrent users
comparisoncomparison
RS-1200RS-1200
AirLive RS Family Security Gateway ComparisonAirLive RS Family Security Gateway Comparison
RS-1200RS-2000RS-1000
50╳╳ DMZ To WAN(Max entry)
50╳╳ DMZ To LAN(Max entry)
100╳╳ WAN To DMZ(Max entry)
50╳╳ LAN To DMZ(Max entry)
1005050 Incoming(Max entry)
300200100 Outgoing(Max entry)
○○○Max. Concurrent Sessions
Policy Control
Policy Function
RS-1200RS-2000RS-1000
○╳╳DNS
○╳╳ICMPWAN Port connection status
○╳╳OutBound Load-balancing
Inbound / Outbound Function
comparisoncomparison
RS-1200RS-1200
Q & AQ & A
Q & AQ & A
Q1: if client is get private ip address automatically From DHCP server; how can i configure to blocking like MSN service for this client ?
A1: DHCP client can't be blocking for using some pre-defined service (like MSN,Skype), but MIS can setup the IP address and get the unique MAC address by this PC as address policy object and choose " get the static ip address from DHCP“ in policy object function << so that means this client will not be assign dynamic ip address every time >> this address policy object.
Q2: for SOHO use, if they want to simply connect the internet and also want have a basically security. is that very complex to configure that ?A2: for this issue, only setup one outgoing policy rule : from inside_any to outside_any service-->HTTP action--> Permit ALL. and press ok button that will work immediately. so except this rule, any service from outside to inside wil be deny and drop
Note. firewall Policy definition is very flexible and can set by IP, by service, by Qos , by Schedule and combine each together so depend on the usage, but RS-xx Family security gateway can offer you complete security functions.
Q3: when I setup Qos upstream or downstream bandwidth, do it will affect the network throughput ?A3: Yes, because Qos is one of Policy Object that you can define like Setting a policy that can restrict the user’s downstream and upstream bandwidth, netowrk throughput including Qos bandwidth usage . So RS-1200 have 70Mbps means NAT Maximum throughput when not use Qos.
RS-1200RS-1200
Thank YouThank You
The RS-1200 is a product that combines The RS-1200 is a product that combines the most important and useful security features in one package.the most important and useful security features in one package.It allows you to take complete control over your network It allows you to take complete control over your network
ConclusionConclusion