VISION ONE: SECURITY WITHOUT SACRIFICE

Similar documents
VISION ONE: SECURITY WITHOUT SACRIFICE

NETWORK VISIBILITY NETWORK PACKET BROKER COMPARISON TABLE KEY VISIBILITY ATTRIBUTES SYSTEM SPECIFICATIONS SYSTEM CAPACITY.

IXIA NET TOOL OPTIMIZER 7300 CHASSIS FAMILY

IXIA NET TOOL OPTIMIZER 5204

IXIA IBYPASS HD DATA SHEET PROBLEM: INLINE TOOLS ARE A SINGLE POINT OF FAILURE IN THE NETWORK

Anue Net Tool Optimizer 5273

IXIA XSTREAM TM 40 DATA SHEET AGGREGATION, FILTERING, AND LOAD BALANCING FOR 10GBE/40GBE NETWORKS HIGHLIGHTS

TRADEVISION HIGH PERFORMANCE MONITORING OF MULTICAST MARKET DATA FEEDS

IXIA FLEX TAP TM DATA SHEET PASSIVE NETWORK MONITORING KEY FEATURES HIGHLIGHTS

XGS2 CHASSIS PLATFORM

Ixia Flex Tap PASSIVE NETWORK MONITORING HIGHLIGHTS KEY FEATURES. Data Sheet

XGS2 CHASSIS PLATFORM

IXIA VISIBILITY ARCHITECTURE Eliminating Blind spots

NETWORK VISIBILITY NETWORK PACKET BROKER COMPARISON TABLE

WHITE PAPER. Monitoring Converged Networks: Link Aggregation

Ixia xstream TM 10. Aggregation, Filtering, and Load Balancing for 1GbE/10GbE Networks. Aggregation and Filtering DATA SHEET

WHITE PAPER. Fail-Safe IPS Integration with Bypass Technology

IXIA PHANTOM VTAP WITH TAPFLOW FILTERING

ngenius 5100 Packet Flow Switch

CloudStorm TM 100GE Application and Security Test Load Module

ngenius 5010 Packet Flow Switch

Ixia Net Optics ilink Agg xstream

Key Benefits Ixia xstreamtm 40 Fail -safe Inline Security NPB Offers Aggregation, Filtering, and Load Balancing for 10GbE/40GbE Networks

Ixia xbalancer. A Purpose-Built Load Balancer for 10G Networks. The Load Balancing Solution DATA SHEET. Highlights

Ixia ibypass: Avoid 5 Common Security Risks in One Easy Step

ngenius 6002 Packet Flow Switch

ngenius 6010 Packet Flow Switch

Cisco SCE 2020 Service Control Engine

CLOUDLENS PUBLIC, PRIVATE, AND HYBRID CLOUD VISIBILITY

Cubro Network Security Series

NGY 10GE FUSION LOAD MODULES

Cisco SR 520-T1 Secure Router

Cubro Packetmaster EX48600

GIGABIT ETHERNET XMVR LAN SERVICES MODULES

APPLICATION NOTE IXIA NOVUS 25GE SPEED OPTION INDUSTRY SPECIFICATIONS AND INTEROPERABILITY OVERVIEW

ngenius 6002 Packet Flow Switch

ngenius 2200 Series Packet Flow Switch

ngenius 4200 Series Packet Flow Switch

3299 Rack Mount. Product Highlights. Multifunctional BypassP 2 Segment. Switching Fabric

Cubro Packetmaster EX12

NSG100 Nebula Cloud Managed Security Gateway

WI-FI AND LTE COEXISTENCE VALIDATION METHODS

ngenius 6010 Packet Flow Switch

Product Highlights. Multi-rate segments of multi-functional bypass and active Tap. Multifunctional BypassP 2 Segment.

McAfee Network Security Platform

GigaVUE-2404 // Data Sheet

NSG50/100/200 Nebula Cloud Managed Security Gateway

QuickSpecs. Models HP TippingPoint S8010F Next Generation Firewall Appliance

RELEASE 6.6/6.7 EA RELEASE 6.8/6.9 EA RELEASE 6.10/6.10.1EA NEW FEATURES/ENHANCEMENTS IMPLEMENTED

75% 64% Data Sheet GigaVUE-HC1

2804 Hybrid Packet Broker

VB120 Modular 1G/10G Packet Flow Switch

McAfee Network Security Platform

Symantec Network Security 7100 Series

Data Sheet: GigaVUE HD Series

Use Cases Application And Service Monitoring Eliminate contention for network data. Centralize Netflow/IPFIX Generation

CONNECTRIX MDS-9132T, MDS-9396S AND MDS-9148S SWITCHES

CISCO Switch Catalyst 6500 Series Datasheet

HP S1500 SSL Appliance. Product overview. Key features. Data sheet

ASA5525-FPWR-K9 Datasheet. Overview. Check its price: Click Here. Quick Specs

Alcatel OmniAccess 200 Series

GigaVUE-2404 // Data Sheet

ngenius 4200 Series Packet Flow Switch

Cubro Packetmaster EX32/32(+)

Cubro FlowVista Series

CN9000 Series 100Gbps Encryptors

Cisco TelePresence MSE 8000

Cubro Packetmaster EX48600

AIR-WLC K9 Datasheet. Overview. Check its price: Click Here. Quick Specs

VeloCloud SD-WAN Subscription

Acme Packet Net-Net 14000

PANORAMA. Figure 1: Panorama deployment

Use Cases Application And Service Monitoring Eliminate contention for network data. Centralize Netflow/IPFIX Generation

Request for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )

Appliance Comparison Chart

ACCESS POINTS. Configuration Specifications

CUBRO. Cubro Packetmaster EX Functions. 20 x 40 Gbps 4 x 100 Gbps NPB

Cisco TelePresence MCU 5300 Series

ARUBA 7000 SERIES MOBILITY CONTROLLER

A simple, cost-effective way to transition your workloads to the cloud

DATA SHEET ARUBA CENTRAL Product summary Product summary BRANCH GATEWAY

PSA300 PSA3000 PSA5000. None None None Yes. None Yes (1 GE) Yes (1 GE) Yes (1 GE) SSL VPN or NAC SSL VPN or NAC SSL VPN or NAC SSL VPN or NAC

Flexible and scalable five enterprise-grade Smart-1 dedicated management appliances. Full Threat Visibility

Cisco ASA 5500 Series Adaptive Security Appliances

XSR 1800 Series Security Router for Branch Offices

INTELLAFLEX. Packet Aggregation Switching Solutions

Cisco VPN Internal Service Module for Cisco ISR G2

HIGH DENSITY ACCESS POINTS

Corrigendum 3. Tender Number: 10/ dated

Acme Packet Net-Net 9200

2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 6

NetScaler SD-WAN features

WHITE PAPER. The Growing Impact of Social Networking Trends on Lawful Interception

ARUBA 7000 SERIES MOBILITY CONTROLLER

Acme Packet Net-Net 3820

Mobil Core Monitoring Session aware load balancing of GTPv1 and GTPv2 traffic to multiple probes

PANORAMA. Key Security Features

Cisco Nexus 9500 Series Switches

Cisco ASA 5500 Series IPS Solution

SmartWall Threat Defense System - NTD1100

Transcription:

VISION ONE: SECURITY WITHOUT SACRIFICE DATA SHEET Amplify your security without changing a cable. Vision ONE provides IT Operations the ability to deploy resources where they are needed most and secure any traffic in their network. Vision ONE acts as the first step to security, providing reliable inline connectivity for security tools such as intrusion prevention systems (IPS), data loss prevention (DLP), and Web firewalls. It simultaneously connects out-of-band monitoring tools like intrusion detection systems (IDS) and data recorders. Integrated intelligence features enable you to access encrypted traffic using SSL decryption, reduce analysis traffic using advanced packet processing, and precisely select traffic by application type, geography, and device criteria using deep packet inspection (DPI). Vision ONE forwards selected traffic in a variety of formats to interoperate with any security tool. PRODUCT FEATURES Powerful GUI allows you to focus on security rather than configuration the industryleading user interface and patented filter compiler make configuration simple for both inline and out-of-band topologies SSL decryption provides downstream security tools with plain text content so they do not need to support or incur the performance overhead of decrypting traffic to find hidden threats HIGHLIGHTS Zero-loss advanced packet processing improves security tool efficiency through techniques such as deduplication and packet trimming Deep packet inspection classifies traffic in real time and directs it to the correct tool according to parameters such as application type, geolocation, or even handset type so tools get the just the traffic type they need, again optimizing your investment in tool infrastructure Sophisticated load balancing distributes traffic across a number of tools for monitoring or inline in serial or parallel to maximize up-time and ensure that no critical data is lost Comprehensive wizards makes inline tool deployment extremely easy Space efficient 1RU design saves rack space in your data center Extends the reach of security tools to access the entire network Supports inline and out-of-band monitoring use cases SSL decryption with stateful, clear text output Supports scaling your security infrastructure in more manageable steps Supports line-rate packet deduplication, header stripping and other advanced features Supports L2GRE termination from vtap Enables identification of applications by bandwidth, session, and geography Supports simultaneous packet forwarding and generation of NetFlow v9 and v10 records Delivers frequent updates via ATI subscription 915-6691-01-4061 Rev D Page 1

PRODUCT CAPABILITIES FULL-RATE INTELLIGENT PACKET PROCESSING Modify every packet at line-rate using any combination of Ixia s Advanced Feature Module (AFM) operations: Deduplication, trimming, timestamping, 1G burst protection and data masking Head stripping that includes VLAN, FabricPath, VNTag, GTP, MPLS, VxLAN, L2GRE, ERSPAN L2GRE tunnel termination from vtap Flexibly assign 160Gbps total processing capacity to any port in 10Gbps increments INLINE-SPECIFIC FEATURES Supports failsafe serial service chaining, parallel load balancing with spares, or combined topologies Customizable heartbeat (HB) support to detect and automatically recover from monitoring and security tool failures Multiple HB templates allow each tool to have its own unique HB Bypass switches and Vision ONE can have different HB so multi-tier design is possible to increase overall resilience IXIA S APPLICATION AND THREAT INTELLIGENCE (ATI) PROCESSOR Performs DPI to identify traffic according to: o Application, geography, device information, and service provider o Application signatures are regularly updated via ATI subscription SSL decryption supported ciphers: o 3DES o RC4 o AES o SHA1/521/384/256/224 o MD5 915-6691-01-4061 Rev D Page 2

Ixia s Application and Threat Intelligence Processor (ATIP) provides easy-to-use graphical displays of the traffic captured by Vision ONE SSL/TLS Decryption Support: o SSL/TLS Versions: SSL3.0, TLS1.0, TLS1.1 and TLS1.2 o Asymmetric Key Exchange: RSA and ECDH o Symmetric Keys: AES, 3DES and RC4 o Hashing algorithms: SHA and MD5 o Maximum concurrent sessions: Over 1,000,000 o Private key storage: Encrypted and write only Regular expression matching Data masking to protect sensitive data such as credit cards and personally identifiable information (PII) o Target field identified by user-definable regular expression o Default regular expressions provided for commonly request data patterns such as credit card numbers Multiple actions can be taken on matching sessions o Forward all related packets to an analysis tool o Enhanced NetFlow v9 and v10 and IPFIX can be generated and sent to up to 10 collectors Simple pricing o ATI subscription includes all current and new features and application signatures released 915-6691-01-4061 Rev D Page 3

SPECIFICATIONS GENERAL SPECIFICATIONS Performance 1U Security Appliance In-band or passive deployment Full line rate across all ports with blocking enabled Reporting, blocking, or fail-safe bypass operation Always-on ATI cloud security service Heat/power dissipation for module at 100% traffic load: 660W / 2252 BTU/hour Management SNMP v1, v2, v3 support SNMP v1, v2, v3 support Supports IEEE / Precision Time Protocol (PTP) time synchronization Local, RADIUS, and TACACS+ support (members and groups) Granular access control features Event monitoring and logging Syslog IT Automation control with RESTful API PHYSICAL SPECIFICATIONS Vision ONE Size, Weight and Compliance 1RU high 19 rack-mountable chassis Dimensions: 17.5W x 29.5L x 1.75H (inches) / 44.5W x 75.0L x 4.5H (cm) Weight: 36.4lb / 16.5kg ROHS IEC-60950-1:2005, UL60950-1, and CSA C22.2 No. 60950-1, EN 60950-1, CE, FCC, AS/NZS CISPR 22 & 24, 55022, 55024, IEC-003 Power for Vision ONE (AC) Dual AC power supplies Hot Swappable Operating input voltage: 100 to 240VAC Nom. current: 6.6A @ 100VAC, 1.5A @ 240VAC Max. operating input current: 7.7A @ 100VAC Power for Vision ONE (DC) Dual AC power supplies Hot Swappable Operating input voltage: 40 to 60VDC Nom. current: 12.5A @ 53VDC Max. operating input current: 19.25A @ 40VDC OPERATING SPECIFICATIONS Temperature Operating: 5 C to 40 C Short-term*: -5 C to 55 C (*not to exceed 96 consecutive hours) Short-term* with fan failure: -5 C to 40 C (*not to exceed 96 consecutive hours) Humidity Operating: 5% to 85% (non-condensing) Short-term*: 5% to 90% (non-condensing, *not to exceed 96 hours) 915-6691-01-4061 Rev D Page 4

ORDERING INFORMATION Solution Ordering Information Solutions include Vision ONE hardware with 48 physical SFP/SFP+ ports and 4 QSFP+ ports. Transceivers are not included. Compatible transceivers are available and may be purchased from Ixia. All solutions are configured with dual power supplies. Additional licenses may be added to a system to enable additional ports, Advanced Packet Processing, or Application and Threat Intelligence. Vision ONE Base Units Number of Physical ports Licensed Ports SOLUTION PART NUMBER 1/10G HW INCLUDED 40G HW INCLUDED LICENSED FOR 1G USE LICENSED FOR 10G USE LICENSED FOR 48G USE SYS-V-ONE- 1610G81G-AC SYS-V-ONE- 1610G81G-DC SYS-V-ONE- 410G161G-B1-AC 48 4 8 10 0 48 4 8 10 0 48 4 16 4 0 License Ordering Information Software licenses can be added to any of the Vision ONE hardware components or solutions. A fully licensed chassis supports 48 ports of 1G/10G, 4 ports of 40G, 160 Gbps of AFM and ATIP. Vision ONE Port Licenses HARDWARE COMPONENT PART NUMBER LIC-SYS-V-ONE-X8D-UP LIC-SYS-V-ONE-X24D LIC-SYS-V-ONE-X8D LIC-SYS-V-ONE-X4D LIC-SYS-V-ONE-G24D LIC-SYS-V-ONE-Q4D Upgrade 8 ports of 1G to 1/10G operation. 24-port perpetual license for 1G/10G operation. 8-port perpetual license for 1G/10G operation. 4-port perpetual license for 1G/10G operation. 24-port perpetual license for 1/G operation. 4-port perpetual license for 40G operation. 915-6691-01-4061 Rev D Page 5

Vision ONE AFM Throughput Licenses HARDWARE COMPONENT PART NUMBER LIC-SYS-V-ONE-80G-AFM LIC-SYS-V-ONE-40G-ADV-FULL LIC-SYS-V-ONE-10G-ADV-ENTRY 80Gbps of AFM includes dedup, header stripping, slicing, and timestamping. Advanced full license that enables advanced packet processing functionality at 40G operation. Advanced entry license that enables advanced packet processing functionality at 10G operation. Vision ONE AFM Capability Licenses HARDWARE COMPONENT PART NUMBER LIC-SYS-V-ONE-ADV-TUNNELING LIC-SYS-V-ONE-ADV-STRIPPING LIC-SYS-V-ONE-DEDUP LIC-SYS-V-ONE-ADV-TIMESTAMP Feature license that enables advanced packet tunneling feature. Feature license that enables advanced packet stripping feature. Feature license that enables advanced packet deduplication feature. Feature license that enables advanced packet time stamping feature(ptp timestamps). Vision ONE ATIP Throughput Licenses HARDWARE COMPONENT PART NUMBER SUB-SYS-V-ONE-ATIP LIC-SYS-V-ONE-ATI-ENTRY LIC-SYS-V-ONE-ATI-FULL ATI (Application and Threat Intelligence) Processor One- Year License. Enables application use and software updates. Does not enable ports. Application will not function without a valid license installed. Includes all ATIP functions. Advanced entry-level license to enable ATI. ATIP Capability Licenses must be ordered. Advanced full-level license to enable ATI. ATIP Capability Licenses must be ordered. 915-6691-01-4061 Rev D Page 6

Vision ONE ATIP Capability Licenses HARDWARE COMPONENT PART NUMBER LIC-SYS-V-ONE-ATI-NETFLOW LIC-SYS-V-ONE-ATI-SSL-DECRYPT SUB-SYS-V-ONE-ATI-APPINTEL Feature license that enables ATI Netflow feature. Feature license that enables ATI passive SSL feature. Feature license that enables ATI filtering on applications, custom applications, and geolocation feature. Vision ONE Advanced INLINE Capabilities License HARDWARE COMPONENT PART NUMBER LIC-SYS-V-ONE-INLINE Enables inline functionality. Additional Licenses Ordering Information Vision ONE ATIP Licenses (Renewals) Hardware Component Part Number SUB-ATIP-RENEWAL SUB-ATI-APPINTEL-RENEWAL Description NTO Net Tool Optimizer ATI processor renewed one year subscription license. NTO Net Tool Optimizer series renewed one year subscription license. 915-6691-01-4061 Rev D Page 7

Vision ONE Accessories, Upgrades and Spare Licenses HARDWARE COMPONENT PART NUMBER SYS-V-ONE-FAN-ASSY SYS-ONE-AC-POWER SYS-ONE-DC-POWER LIC-SYS-V-ONE-SPARE LIC-SYS-V-ONE-ADV-UP LIC-SYS-V-ONE-ATI-UP One fan module unit. One AC power module. One DC power module. Cold spare system port license. Feature license upgrade advanced packet license Upgrade license for Application Threat Intelligence base from entry-level to full performance. IXIA WORLDWIDE HEADQUARTERS 26601 AGOURA RD. CALABASAS, CA 91302 (TOLL FREE NORTH AMERICA) 1.877.367.4942 (OUTSIDE NORTH AMERICA) +1.818.871.1800 (FAX) 818.871.1805 www.ixiacom.com IXIA EUROPEAN HEADQUARTERS IXIA TECHNOLOGIES EUROPE LTD CLARION HOUSE, NORREYS DRIVE MAIDENHEAD SL6 4FL UNITED KINGDOM SALES +44.1628.408750 (FAX) +44.1628.639916 IXIA ASIA PACIFIC HEADQUARTERS 101 THOMSON ROAD, #29-04/05 UNITED SQUARE, SINGAPORE 307591 SALES +65.6332.0125 (FAX) +65.6332.0127 915-6691-01-4061 Rev D Page 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback