Radware Defensepro IPS Technical Specifications Datasheet
Radware Defensepro IPS Technical Specifications Datasheet
Radware Defensepro IPS Technical Specifications Datasheet
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Radware</strong> DefensePro <strong>IPS</strong>: Specification Sheet<br />
DefensePro <strong>IPS</strong> and Behavioral Protection<br />
<strong>Technical</strong> Product Information<br />
Product Models and Upgrade Options<br />
DefensePro OnDemand Switch 3S2 Models<br />
Designed for large data centers protection deployed by large<br />
enterprises, eCommerce and service providers<br />
Models:<br />
DefensePro 8412 <strong>IPS</strong> & Behavioral Protection (up to<br />
8Gbps)<br />
DefensePro 4412 <strong>IPS</strong> & Behavioral Protection (up to<br />
4Gbps)<br />
Upgrade options (thru software license key):<br />
DefensePro 4412 <strong>IPS</strong> & Behavioral Protection to<br />
DefensePro 8412 <strong>IPS</strong> & Behavioral Protection<br />
DefensePro OnDemand Switch 2S Models<br />
Designed for medium sized data centers protection deployed by large enterprises, eCommerce and service providers<br />
Models:<br />
DefensePro 3016 <strong>IPS</strong> & Behavioral Protection (up to<br />
3Gbps)<br />
DefensePro 2016 <strong>IPS</strong> & Behavioral Protection (up to<br />
2Gbps)<br />
DefensePro 1016 <strong>IPS</strong> & Behavioral Protection (up to<br />
1Gbps)<br />
Upgrade options (thru software license key):<br />
DefensePro 1016 <strong>IPS</strong> & Behavioral Protection to<br />
DefensePro 2016 <strong>IPS</strong> & Behavioral Protection<br />
DefensePro 2016 <strong>IPS</strong> & Behavioral Protection to<br />
DefensePro 3016 <strong>IPS</strong> & Behavioral Protection<br />
DefensePro X02 Series<br />
Targeting Branch offices, Internet Gateway<br />
Models:<br />
DefensePro 502 (up to 500Mbps)<br />
DefensePro 202 (up to 200Mbps)<br />
DefensePro 102 (up to 100Mbps)<br />
Upgrade options (thru software license key):<br />
DefensePro 102 to DefensePro 202<br />
DefensePro 202 to DefensePro 502<br />
Page 1
<strong>Radware</strong> DefensePro <strong>IPS</strong>: Specification Sheet<br />
Product Features<br />
Feature<br />
Protections<br />
Network Wide Protections<br />
Behavioral DoS Protect against known and zero-minute DoS/DDoS flood attacks that misuse network<br />
bandwidth resources including: TCP Floods, UDP floods, ICMP floods, IGMP floods and<br />
fragmented attacks.<br />
Malware Propagation Prevent zero-minute malware spread by already infected hosts.<br />
Prevention and Anti<br />
Scanning<br />
Prevents network pre-attack probes (Reconnaissance) including horizontal and vertical TCP<br />
& UDP scanning, stealth scanning and ping sweeps.<br />
RSA FraudAction<br />
feeds<br />
Real-time Anti-Trojan and Anti-Phishing service, targeted to fight against financial fraud,<br />
information theft and malware spread. Based on real-time reputation feeds from RSA Anti<br />
Fraud Command Center (AFCC).<br />
Server Protections<br />
SYN Protection Protect against any type of SYN flood attacks using advanced SYN Cookies mechanism.<br />
Prevent SYN-ACK Reflection attacks.<br />
HTTP Mitigator Protect against HTTP page flood attacks that misuse web server resources.<br />
Server-Cracking<br />
Protection<br />
Connection Limit<br />
Block brute force and dictionary attacks targeting to defeat server authentication schemes<br />
including Mail servers (SMTP, POP3, IMAP), FTP servers, SIP servers, MS-SQL and<br />
MYSQL servers.<br />
Web sites application vulnerability scanning and hacking protection.<br />
SIP Invite and Bye floods prevention.<br />
Defend against connection based attacks such as half open SYN attacks, request attacks and<br />
full session attacks.<br />
Vulnerability-based protections<br />
Signature Protections Protects against known application vulnerabilities and common malware including:<br />
Web application protection, Mail servers protection, FTP servers protection, DNS<br />
Vulnerabilities, SIP vulnerabilities, SNMP Vulnerabilities, Microsoft vulnerabilities, Worms<br />
and Viruses, Backdoors and Trojans, Cross-Site Scripting, SQL Injections, Spyware, LAN<br />
Protocol and Services Protection (RPC, NetBIOS, Telnet etc.), Generic Payloads (Remote<br />
Execution, Shellcodes).<br />
Security updates service (SUS) - weekly updates and emergency updates.<br />
User-defined Attack Signatures.<br />
Stateful Inspection RFC compliance and state machine verification for various protocols including TCP, ICMP,<br />
DNS, HTTPS, SMTP, IMAP, POP3, FTP, SSH.<br />
Stateful Operation TCP Stream Reassembly, IP Defragmentation.<br />
SSL Attack Prevention Available for DefensePro series X16 and X412 in conjunction with AppXcel.<br />
Bandwidth Management and Access Control<br />
Bandwidth<br />
Guarantee bandwidth per application (granular, per user or session basis).<br />
Management<br />
Limit bandwidth per application.<br />
Limit P2P protocol traffic per session.<br />
Access Control Access Lists per IP address & protocol; Black/White Lists per IP address per feature.<br />
Supported protocols More than 100 protocols are supported including TCP, ICMP, DNS, HTTP, HTTPS, SMTP,<br />
IMAP, POP3, FTP, Telnet, SSH, SIP, Skinny (SCCP), H.223, RTP, SNMP, MySQL, MS-SQL<br />
(TDS) and LAN-centric protocols (RPC, NetBIOS) etc. Additional protocols can be defined by the<br />
user.<br />
Management<br />
Alerting<br />
SNMP V1, 2C &3, Log File, Syslog, E-mail.<br />
Forensics<br />
Attack Packet Logging, In-depth Attack Footprint Analysis, Attack Details and Statistics.<br />
Configuration<br />
SNMP V1, 2C, 3, HTTP, HTTPS, SSH, Telnet, Console (user selectable).<br />
Time Synchronization NTP v2.0<br />
Export Real-Time Northbound XML interface exporting behavioral parameters such as:<br />
Signature information Normal traffic patterns.<br />
Attacks real-time signatures of ongoing DoS/DDoS attacks and malware propagation and<br />
anti scanning.<br />
Page 2
<strong>Radware</strong> DefensePro <strong>IPS</strong>: Specification Sheet<br />
Product <strong>Specifications</strong><br />
DefensePro<br />
Model<br />
Network<br />
Location<br />
Hardware<br />
Platform<br />
102 202 502 1016 <strong>IPS</strong><br />
&<br />
Behavioral<br />
Protection<br />
Perimeter Perimeter Perimeter Core<br />
MiniDP (SP-1)<br />
2016 <strong>IPS</strong><br />
&<br />
Behavioral<br />
Protection<br />
Core<br />
3016 <strong>IPS</strong><br />
&<br />
Behavioral<br />
Protection<br />
Core<br />
Network Network Network<br />
OnDemand Switch 2S1<br />
Dual PS option is: OnDemand Switch<br />
2S2<br />
4412 <strong>IPS</strong> &<br />
Behavioral<br />
Protection<br />
Core Network<br />
8412 <strong>IPS</strong> &<br />
Behavioral<br />
Protection<br />
Core Network<br />
On Demand Switch 3S1<br />
Performance 1<br />
Capacity 2 100Mbps 200Mbps 500Mbps 1Gbps 2Gbps 4Gbps 4Gbps 10Gbps<br />
Throughput 3 100Mbps 200Mbps 400Mbps 1Gbps 2Gbps 3.6Gbps 4Gbps 8Gbps<br />
Max<br />
Concurrent<br />
Sessions<br />
Maximum<br />
DDoS Flood<br />
Attack<br />
Prevention<br />
Rate<br />
200,000 200,000 200,000 2,500,000 2,500,000 2,500,000 4,000,000 4,000,000<br />
40,000<br />
packets<br />
per<br />
second<br />
40,000<br />
packets<br />
per<br />
second<br />
40,000<br />
packets<br />
per<br />
second<br />
1,000,000<br />
packets<br />
per<br />
second<br />
1,000,000<br />
packets<br />
per<br />
second<br />
1,000,000<br />
packets<br />
per<br />
second<br />
10,000,000<br />
packets per<br />
second<br />
10,000,000<br />
packets per<br />
second<br />
Latency < 120 micro seconds < 60 micro seconds < 60 micro seconds<br />
Inspection<br />
Ports<br />
10/100/1000<br />
Copper<br />
Ethernet<br />
2 2 2 12 12 12 8 8<br />
GE (SFP) - - - 4 4 4 4 4<br />
10GE (XFP) - - - - - - 4 4<br />
Management<br />
Ports<br />
10/100/1000<br />
Copper<br />
Ethernet<br />
1 1 1 2 2 2 2 2<br />
RS-232 1 1 1 1 1 1 1 1<br />
Mode of<br />
Operation<br />
Network<br />
Operation<br />
Deployment<br />
Modes<br />
Tunneling<br />
protocols<br />
support<br />
IPv6<br />
Policy Action<br />
Block Actions<br />
Transparent L2 Forwarding<br />
In-line; SPAN Port Monitoring; and Copy Port Monitoring<br />
VLAN Tagging, L2TP, MPLS, GRE, GTP<br />
Support Ipv6 networks and block Ipv6 attacks<br />
Block & Report, Report Only<br />
Drop packet, reset (source, destination or both), suspend (source, source port, destination, destination port<br />
1 Actual performance figures may change per network configuration, traffic type, etc.<br />
2 Capacity is measured as maximum traffic forwarding when no security profiles are configured.<br />
3 Throughput is measured with behavioral <strong>IPS</strong> protections and signature <strong>IPS</strong> protections using eCommerce<br />
protection profile.<br />
Page 3
<strong>Radware</strong> DefensePro <strong>IPS</strong>: Specification Sheet<br />
High<br />
Availability<br />
Fail-open /<br />
fail-close<br />
Internal fail-open (no fail-close<br />
option)<br />
or any combination)<br />
Internal fail-open/fail-close for copper<br />
ports; internal fail-close for SFP<br />
ports; optional for SFP ports 4<br />
Internal fail-open/fail-close for<br />
copper ports; internal fail-close<br />
for SFP and XFP ports;<br />
optional for SFP and XFP<br />
ports 5<br />
Dual Power No No No Optional Optional Optional Yes Yes<br />
Supply<br />
Advanced<br />
internal<br />
overload<br />
mechanism 6 Yes Yes Yes Yes Yes Yes Yes Yes<br />
Physical<br />
Dimensions<br />
(W x D x H)<br />
mm<br />
298x215x44<br />
424x600x44 (1U)<br />
Dual PS option: 424x600x88 (2U)<br />
Weight (lb, kg) 4.785, 2.175 20.9, 9.5<br />
Dual PS option is 24.0, 10.9<br />
Power Supply Auto range: 100V-120V/200V- Auto range: 100V-120V/200V-240V<br />
240V AC 50-60Hz<br />
AC 50-60Hz or 38-72VDC<br />
424x600x88<br />
39.0, 18.0<br />
Auto range: 100V-120V/200V-<br />
240V AC 50-60Hz or 38-<br />
72VDC<br />
Power<br />
20W 302W 426W<br />
Consumption<br />
Heat<br />
68.2 1029 1452<br />
Dissipation<br />
(BTU/h)<br />
Operating<br />
0-40C<br />
Temperature<br />
Humidity<br />
5% to 95%<br />
(noncondensing)<br />
Safety<br />
UL, IEC #60950-1 EN, UL, CSA, IEC #60950-1<br />
Certifications<br />
EMC FCC part 15B class A EN 55022, EN 55024, FCC Part 15B Class A<br />
Other<br />
CE, FCC, VCCI, TUV, C-Tick,<br />
CE, FCC, VCCI, CB, TUV, UL/cUL, CCC, C-Tick, RoHS<br />
Certifications<br />
GOST-R<br />
Warranty<br />
1-year hardware and software maintenance<br />
Support<br />
Certainty Support Program<br />
Patent protected behavioral analysis technology<br />
<strong>Radware</strong> DefensePro has been successfully awarded multiple United States patents based on real-time signatures, which<br />
protect and secure applications and network traffic. DefensePro technology is protected by the following patents:<br />
Patent No. 7,607,170 “Stateful Attack Protection”<br />
Patent No. 7,617,170 “Generated Anomaly Pattern for HTTP Flood Protection”<br />
Patent No. 7,624,084 “Method for Generating Anomaly Pattern for HTTP Flood Protection”<br />
Patent No. 7,681,235 “Dynamic network protection”<br />
Patent No. 11/869,067 “Automatic Signature Propagation Network”<br />
Patent No. 11/835,503 “Method, system and computer program product for preventing sip attacks”<br />
<strong>Specifications</strong> subject to change without notice.<br />
4 External fiber fail-open switch with SFP ports is available at additional cost.<br />
5 External fiber fail-open switches with SFP or XFP ports are available at additional cost.<br />
6 Overload mechanism is designed to obtain maximum security coverage under extreme traffic loads.<br />
Page 4
Change language