ISG-600 Cloud Gateway Cumilon ISG Integrated Security Gateway Integrated Security Gateway Cumilon ISG-600C cloud gateway is the security product developed by Systrome for the distributed access network for the cloud-computing era. It integrates the L2-L7security features of the next-generation firewall, is based on the user identification and application identification, and provides the application-layer firewall, intrusion prevention, anti-virus, anti-apt, VPN, intelligent bandwidth management, multi-egress link load balancing, content filtering, URL filtering, and other security functions. It provides the cloud interface. The security cloud management platform based on the big data platform architecture can monitor the network topology and device status in real time, simplifying the online deployment of the professional device via the auto configuration delivery. The real-time monitoring of the mobile terminal reduces the maintenance cost and makes the security visible at any time and anywhere. Systrome cloud gateway is the best access security choice of the middle and small enterprises, branch interconnection, and chain enterprises. Hardware and Appearance
6 0 0 Strong network adaptability Site-to-Site VPN: support IPSec VPN, support intra-tunnel traffic security detection and bandwidth control Support MCE, 802.1Q, GRE, VPN track networking, support PPPoE, DHCP, Vlan, and Trunk access modes Support routing, transparent, NAT, bypass, mixed mode, and other deployment modes Support IPv4/IPv6 dual-stack, support v4/ v6 transition technology Professional next-generation firewall High performance: The private hardware and integrated processing engine provides the high-performance application security prevention for the user Intelligent identification: Application-based identification, static, dynamic user identification and track recording L2-L7 security features: Intrusion prevention, virus scanning, APT attack defense, application control, content filtering, URL category filtering, effectively preventing Trojans, worm, SQL, injection, XSS attacks, and overflow attacks, ensuring the file transfer security, blocking the access for the bad websites and illegal links, and defending based on the content analysis Intelligent bandwidth management: The bandwidth management based on the channel nesting can provide the ondemand selective bandwidth service, for different network users and applications, ensuring that the key services of the key users get the high-priority bandwidth guarantee by the time period, and controlling the abuse of the P2P, flow media and other applications for the bandwidth
6 0 0 Multi-express link load: Multi-express link can be based on the user service load balancing or mutual backup, support link status health detection Security traffic visualization: Inbuilt statistics set, clearly display application, user, whole-device traffic trend, user bandwidth usage by priority, and the happening frequency and source of the security event Security and traffic Status Statistics Cloud Management Architecture Centralized monitoring: Real-time monitoring of the operation status, application traffic statistics analysis, topology monitoring Auto configuration: Configuration template, auto deliver cloud-control VPN, QoS, URL category filtering policy, simplifying the network configuration management of the terminal user Auto upgrade: Upgrade firmware version, security service feature database via the cloud management platform in a unified manner, convenient for maintenance On-demand customizing based on SaaS model: Convenient for the user to expand the service scale and service hierarchy, and reduce the IT investment of the user Architecture of Cloud manager Secure connection between Cloud and gateway Device running Status Statistics
6 0 0 Configuration Distribution Mobile APP Platform Real-time Monitoring Monitoring and report Mobile APP Monitoring Anytime and anywhere: The intelligent mobile terminal device can view the device operation status via Internet by installing APP Status monitoring: Device operation status, application traffic statistics analysis Threshold alarm: Device health threshold alarm, serious fault alarm, abnormal account login alarm, highrisk security event alarm Threat intelligence pushing: Push the network security trend analysis and development trend of the basic big data analysis to the mobile user, helping the network management staff to understand the network status in time and customize the plan
6 0 0 Network and Firewall The 8-tuple NGFW policy based on the interface, address, user, service, application, and time Support static, dynamic, third-party user authentication and identification Source NAT, destination NAT, static NAT NAT traversal and ALG of various application protocols PPPoE, DHCP (C/S), DNS server Support IPv4/IPv6 dual-stack protocol, networking, tunnel and protocol conversion Support static route, dynamic route (RIP, OSPF, BGP4) Policy route based on application and user Support L4 Dos attack protection and scanning protection Support link aggregation and multi-express link load balance Support HA and VRRP Support interface status linkage Network access management Access control policy based on application feature and action IM login control and black-white list Email topic, key words, receiver/sender filtering Flow media, P2P download management, game, stock and other action control More than 1000 applications and update regularly L7 security features Intrusion protection, more than 2000 rules predefined, support customizing the protection rule Support the IDS linkage Virus scanning, killing of more than three million kinds of virus Support the sandbox linkage of the remote system Support filtering by web content and key word URL category filtering, local 20K + categories Flow management Support the bandwidth management based on the line and channel nesting Management Managing the configuration by local WEB (HTTP/ HTTPS), command line, and console Support delivering the security policy by the cloud platform automatically Support template auto delivering VPN policy, network access policy Auto upgrading software version and feature database via the cloud platform Support SNMPv1, v2, v3 Administrator authority division, only permitting authorized administrator to access the log Support the third-party user authentication of the administrator user, RADIUS/LDAP Graphical diagnosis and online capturing packets security device bind with the cloud platform account Support the encrypted communication of the device and cloud platform Multi-tenant isolation, support the hierarchical management of group users VPN Standard IPSecVPN protocol Support the negotiation authentication mode based on the share key/certificate Site-to-Site and remote access deployment mode Monitoring, log and statistics Mobile APP real-time monitoring system and traffic status The cloud platform monitors the device traffic and application distributing in real time Monitor the abnormal using of the system resource Abnormal traffic alarm of the mobile APP and cloud platform Email and syslog alarms, the different module logs can be sent to multiple syslog servers Support network health check template, icmp, tcp and so on Support pushing the threat information to the mobile terminal Monitor the interface status Online user monitoring, querying, and freezing Support monitoring the system session status Support the intrusion prevention statistics, virus protection statistics
6 0 0 Support interface downlink/uplink bandwidth management and speed limitation per IP The channel matching by application, user, time, priority Support the traffic statistics and trend chart of Top 10 applications Support the traffic statistics and trend chart of the Top 10 users Bandwidth limitation, bandwidth guarantee, flexible bandwidth, flow shaping Support the eliminating policy based on the user, address Hardware Specifications Hardware specifications ISG-600C ISG-600H ISG-800W Product forms Desk-top Desk-top Desk-top Fixed interface 6 GE (RJ45) 6 GE (RJ45) 8 GE (RJ45) Management interface Share with the service port Share with the service port Share with the service port USB interface 1 1 1 Console interface 1 1 1 Reset key Yes Yes Yes Wireless interface - - 802.11 a/b/g/n Storage Size - 128G - System performance Firewall throughput (512 bytes) 1.5Gbps 1.5Gbps 1.5Gbps Firewall PPS (512 bytes) 300kpps 300kpps 300kpps New connections (HTTP) 2.2W 2.2W 2.2W Con-concurrent connections (HTTP) 400K 400K 400K Layer 7 firewall throughput (HTTP) 1.8Gbps 1.8Gbps 1.8Gbps Firewall policies 2000 2000 2000 IPS throughput (HTTP) 900Mbps 900Mbps 900Mbps Anti-virus (application layer) throughput (HTTP) 820Mbps 820Mbps 820Mbps IPSecVPN throughput (512 bytes) 320Mbps 320Mbps 320Mbps IPSecVPN tunnels 1000 1000 1000 Recommended Max. Users 300 300 300 Physical features Power Inbuilt switch power/external power adapter Inbuilt switch power/external power adapter Inbuilt switch power/external power adapter
6 0 0 Input rated voltage 100-240V AC 100-240V AC 100-240V AC Max. input current 0.5A 0.5A 0.5A Heat dissipation mode No fan No fan No fan Dimension (H * W * D) mm 1U9 inch (44*225*140) 1U9 inch (44*225*140) 1U9 inch (44*225*140) Work temperature 6 6 6 Storage temperature 6 4 6 4 6 4 Work humidity 5%-90% noncondensing 5%-90% noncondensing 5%-90% noncondensing Authentication CCC, Rohs CCC, Rohs CCC, Rohs MTBF 100, 000 hours 100, 000 hours 100, 000 hours Weight 1.0kg 1.2kg 1.2kg Order Information Product Name ISG-600C ISG-600C-VPN-LIC ISG-600C-IPS-LIC-1Y ISG-600C-AV-LIC-1Y ISG-600C-APP-LIC-1Y ISG-600C-URL-LIC-1Y ISG-600H ISG-600H-VPN-LIC ISG-600H-IPS-LIC-1Y ISG-600H-AV-LIC-1Y ISG-600H-APP-LIC-1Y ISG-600H-URL-LIC-1Y ISG-800W ISG-800W-VPN-LIC-x ISG-800W-IPS-LIC-1Y ISG-800W-AV-LIC-1Y ISG-800W-APP-LIC-1Y ISG-800W-URL-LIC-1Y Description 6 GE, containing all functions of NGFW, one-year upgrade service of the four-in-one feature database One VPN tunnel license One-year upgrade service of ISG-600C IPS feature database One-year upgrade service of ISG-600C AV feature database One-year upgrade service of ISG-600C APP feature database One-year upgrade service of ISG-600C URL feature database 6 GE, 128G Storage, containing all functions of NGFW, one-year upgrade service of the four-in-one feature database One VPN tunnel license One-year upgrade service of ISG-600C IPS feature database One-year upgrade service of ISG-600C AV feature database One-year upgrade service of ISG-600C APP feature database One-year upgrade service of ISG-600C URL feature database 8 GE, external dual-frequency antenna, containing all functions of NGFW, one-year upgrade service of the four-in-one feature database VPN tunnel license One-year upgrade service of CG-800W IPS feature database One-year upgrade service of CG-800W AV feature database One-year upgrade service of CG-800W APP feature database One-year upgrade service of CG-800W URL feature database www.systrome.com