Post on 25-Jul-2020
transcript
TiFRONT
• Prevent internal network failures by malicious traffic.• Realize access network visibility in BYOD environments. • Integrated management for hundreds of security switches easily.
• Prevent internal network failures by malicious traffic.• Realize access network visibility in BYOD environments. • Integrated management for hundreds of security switches easily.
Optimizing Switch for Internal Risk Management
Because they are designed simply to transmit network traffic, typical switches have few security functions, if any. It is impossible to prevent VoIP and CCTV tapping and block information leaks.
• It is difficult to manage and control network access by large numbers of unidentified devices in BYOD.
• The threat of eavesdropping, identity theft and related dangers is increasing due to the security vulnerabilities presented by VoIP phones, web CCTV, and the Internet of Things (IoT).
• Vulnerability to APT attacks is increasing due to the increased variety of access paths.
• Malicious traffic and DoS attacks are causing more internal network failures than ever before.
Why Security Switches?
Vulnerable internal network caused by various changing security threats.
With the increasing number and variety of security threats aimed at access networks, meaning those networks to which end users connect, the importance of internal security has grown. Moreover, in the BYOD era, in which people use their smartphones and other personal devices for business, the boundaries of corporate networks are effectively expanded to include mobile networks, requiring more active and preemptive security measures. Security switches, which simultaneously provide both L2/L3 switching and security functions, are the most effective solution to address this requirement. TiFRONT security switch in PIOLINK, which blocks harmful traffic, prevents DoS/DDoS attacks, blocks ARP attacks, and provides access control and user authentication, is optimized to manage internal threats.
Current L2/3 Switches limitation
02
Risk of data leaks due to server intrusion from inside the network
Internal network failures due to excessive traffic
DoS attack from outside
AP Printer
Internal Network BYOD VoIP, CCTV
More potential APT attack targets
Internet of Things (IoT)
Security
VLAN assignment based on 802.1X authentication is impossible. Simple individual authentication and fallback authentication schemes do not provide reliable security.
Authentication
Managing security settings on existing L2/3 devices can be cumbersome. No automated security management, product management or monitoring features are provided.
Management
Server, Storage etc.
NoteBookPC Smart Phone Smart Pad USB VoIP Phone CCTV Navigation Home Network
Attacker
• Block various kinds of malicious traffic attacks (Zero-day, wired-speed) in real time• Monitor IP addresses in real time• Block VoIP, CCTV, and information leaks• Protect without any agents via integrating with end-point solutions (McAfee and FireEye)
Overview
A solution that provides both an access network and security in the vicinity of end users’ devices.
Benefits
Improved Access Security
03
L2/3 Switching(IPv4 / IPv6)
Optimizing Switch for Internal Risk Management
Managed Switch function support
Extended L2/3 function support
Malicious Traffic Blocking
(IPv4 / IPv6)Network Access
ControlCentralized Integrated
Management (TiManager)
Block DoS/DDoS/Flooding attacks
at the source
Zero-day, wired-speed
security
Easy management, Real-time attack analysis, and Network monitoring.
Various 802.1X authentication and
access controls
Optimized for BYOD mobile management.
Simultaneously manage hundreds of security switches
Improved Authentication
Easier Management
• Manage IP and MAC addresses (block unauthorized or spoofed addresses)• Assign VLANs using 802.1X authentication regardless of physical ports• Control access in 802.1X environments with powerful user and terminal authentication
• Easily manage, change security settings and even perform batch OS updates across hundreds of security switches • Analyze security threats (malicious traffic and blocking events) in real time• Visualize the access network (network status and deployment) in BYOD environments
04
To Clean NetworkThe TiFRONT security switch simultaneously acts as both a basic network L2/3 switch and an end-user terminal security solution. It blocks ARP spoofing and various kinds of flooding attack and also prevents access by unauthorized terminals, thereby protecting the network from failures that originate internally. Additionally, it can be extended and configured to work with specialized security solutions to maximize security against the most sophisticated threats. PIOLINK is continuously striving to help you maximize the security of your access network as conveniently as possible.
05
Secure Log Storage
Failure
Unauthorized Router Blocked
Hardware based Security Engine - TiMatrix
With recent drastic increases in the amount of network traffic, it is vital to be able to collect, evaluate, and, if necessary, block heterogeneous traffic quickly and reliably. Our exclusive TiMatrix security engine, which is built right in, differentiates TiFRONT from other products. TiMatrix runs on TiFRONT’s high-performance multicore CPU to give you the best possible security performance.
Unauthorized Router Detection
When a network user arbitrarily installs a wired/wireless NAT (Network Address Translation) router in order to use a personal smart device, internal network failures can result due to the spread of infected malicious traffic, DDoS attacks, etc. Additionally, backdoor programs that can expose your internal network to the outside have been discovered hidden in the firmware of such routers. TiFRONT protects you from this danger by maintaining a list of NAT devices located on your internal network, which administrators can use to detect and locate unauthorized NAT devices.
Log Buffer storage - Blackbox
In order to take appropriate measures in the event of a power outage or an administrator error, it is necessary to have previously arranged for the secure storage of all information about the environment. The TiFRONT security switch provides 128MB of flash memory dedicated to the long-term storage of log messages.
TiManager, Integrated Management Solution
Even those without specialized network expertise can easily and conveniently monitor the status of networks and respond instantly to security threats. The integrated management of hundreds of devices significantly reduces the administrative workload. Purchasing TiFRONT also help you reduce your initial investment expense, because there is no need to provision a separate NMS (Network Monitoring System).
Advantages
L2/3 Switching + Security
TiFRONT provides all the features of costly managed switches and supports various data transmission protocols and services including Extended VLAN, STP, RSTP, PvSTP, QoS, IGMP, LACP, etc. It automatically detects and blocks malicious traffic originating from users’ terminals. It also combines various access network security features, including DoS prevention, protocol anomaly detection, authorization, protection against ARP attacks, IP Management, etc. in a single appliance.
Enhanced security engine based on multi-core CPU
CORE 1
CORE 2
CORE 3
CORE 4
RT Packet Gathering
Security Filter
Sensor log
TiMatrix Protection Logic
06
Key Security Feature
Anti-ARP/IP Spoofing AttacksProtect your network from account informationtheft and phone tapping
Because TiFRONT closely monitors individual ports, it distinguishes the victims of MAC spoofing attacks from the attackers, and blocks only the attackers. With the TiFRONT security switch, you can now secure your network from threats such as phone tapping and identity and information theft in a UC (Unified Communications) environment.
Self-loop Prevention Stable network is guaranteed.
TiFRONT provides STP (Spanning Tree Protocol) functionality, and automatically blocks the relevant port when a loop occurs, even in environments in which STP is not in use. This feature is convenient and stable because ports are automatically blocked and opened, and does not burden the network with loop-checking packets.
USER A USER B
IP/MAC Address-based Access ControlAccess control from unauthorized terminals.
In a static IP address environment, TiFRONT provides an IP management feature that authenticates users based on their IP or MAC addresses. Administrators can check the status and history of access by individual devices, either using TiManager’s IP Management Collection Mode or by directly managing IP or MAC addresses.* User authentication is possible by connecting to a RADIUS server, NAC, etc.
Unregistered IP/MAC address
Spoofed IP/MAC address
Block the Spread of Malicious Wired and Wireless Traffic Prevent slowdowns due to traffic overloads and system failure
TiFRONT protects network resources from various kinds of DoS traffic that flow through access networks, such as TCP SYN flooding, UDP flooding, and ARP flooding. When the security switch detects traffic that it suspects is part of a DoS attack, it automatically isolates and blocks only that traffic, thereby maintaining continuous and stable service.
In order to safely respond to security threats, the number of which is increasing daily, it is necessary to take measures to address not only security threats originating from outside the network, but also those originating from within your internal access network. The most effective solution is a security switch, which provides both switching and security functionality at the same time. The TiFRONT security switch is a complete solution to secure access network.
Attacker
IPv6 Ready
. . .
Src. MAC Src. IP
IngressPort
Dest.MAC
Count
Interval #Z
#Y
#X
State-of-the-Art Smart Security Engine : TiMatrix
• A built-in, high-performance CPU-based multicore security engine for maximum security performance • Isolation and selective blocking of malicious traffic • Auto-detection and blocking without any administrator intervention• Security testing at wire speed without delaying traffic • The security engine and the switch are physically and logically isolated from each other, so general L2/3 switching works normally even if a failure occurs in the security engine.
All features like flooding, DoS/DDoS, Scanning, and ARP spoofing are worked in IPv6
Powerful 802.1X Access Control
Now that the BYOD phenomenon is here to stay, user authentication for network security is more important than ever before.TiFRONT supports integrated authentication thus making it possible to establish an even safer network.
• Other Switches : depending on the configuration, users can gain network access if only one of 802.1X authentication, MAC authentication, or web authentication is successful. (Fallback authentication)
• TiFRONT : Allows you to selectively combine and require any two of IEEE 802.1X, MAC authentication and web authentication. Network access is allowed only when both terminal and user authentication are successful, making your network even more secure. (Both fallback authentication and individual authentication supported)
Extended IPv6 Security
Protection against new kinds of attacks exclusive to IPv6 (Neighbor spoofing, DAD attack, MLD DoS etc.)
New IPv6 Security Features
All management features (Telnet, Ping, SSH, ICMP, SNMP, NTP etc.) supported in IPv6
IPv6 Management
Static, RIPng, OSPFv3, BGP4+ etc. routing supported in IPv6
IPv6 Routing
+ or or802.1X + +
07
Abnoraml traffic Normal traffic
802.1X auth MAC auth WEB auth
IDPW 802.1X
MAC auth 802.1X auth WEB auth
IDPW
08
Extended functions by interworking with end-point solutionsTiFRONT works with other solutions to maximize readiness for sophisticated security threats and provide increased functionality for greater user convenience. No single security product is able to provide complete protection against all security threats; each specialized solution has its own role and feature set. Because it is able to interwork with various other security solutions to maximize security and enable big data analysis, the usefulness in TiFRONT is continuously being increased.
Interworking with Authentication Servers and NAC Servers
TiFRONT can be connected to a RADIUS server, NAC server, authentication server, etc. to implement various kinds of user authentication, such as ID/password or certificate-based authentication, for powerful network access control.* Even without connecting to a separate server, combined IP/MAC address user authentication is still possible.
Compatibility with Malicious Code Detection and UTM Solutions
Malicious code detection and UTM security solutions have a limitation in that they can only play a detection role, and require the separate installation of an agent on individual terminals. Moreover, they are unable to detect the spread of malicious code within the network. Using TiFRONT together with such specialized detection tools provides a convenient solution that is able to directly block the execution of malicious code from inside the network. * PIOLINK is a member of the McAfee Security Innovation Alliance (SIA), and TiFRONT can be integrated with McAfee’s ePO security management application.
Compatibility with “Splunk” Big Data Analysis Solution
Customers using both TiFRONT and the Splunk big data analysis solution can use Splunk to analyze the wide variety of logs that TiFRONT collects. Not only will you be able to use security logs, device logs, inspection logs, etc.to analyze various events occurring inside your access network; you will also be better prepared to respond to internal security threats.* The software that enables the connection is available for download at splunk.com.
➊ Malicious code inflow
➏ Blocked at TiFRONT
Attack, Infection
➍ Analysis result transmission➎ Blocking policy sent
➋ Packet collection(Tx/Rx)➌ Malicious code analysis
Internet
Detection Solution
McAfee : Network Security PlatformFireEye : FireEye MPSFortinet : FortiGate UTMPalo Alto : Firewall PA Series
NAC or Authentication
Server
StackingScalability and Superior Recoverability
The TiFRONT-GX Series (GX24(P)N, GX24M) is stackable, so it is highly scalable and affords excellent fault tolerance. Up to 8 switches can be integrated into a single virtual chassis, which allows you to manage up to 192 gigabit ports using a single IP address. When you add an additional switch to an existing stack, the new switch’s software and configuration files are automatically synchronized with the others. Additionally, in the unlikely event that a switch develops a fault and needs to be replaced, the replacement unit is automatically synchronized.
Redundancy ConfigurationMaintain a network availability
To configure redundancy with an unmanaged switch that does not support STP, connect the switches using two LAN cables. If one cable fails, the other will become active, thereby preventing a network outage and ensuring constant availability.
Management
STP Unsupported Switch
ERPSEthernet Ring Protection Switching
This is a feature that prevents looping by selectively blocking links in a network configured as a ring. (Both single ring and multiple rings configurations can be managed.)
Malicious Traffic Web Alert SettingsAccess Block Alerts and Self-Check Prompts
With this function, when TiMatrix detects harmful traffic, it notifies the host from which the traffic originated that access to the Internet was blocked. It opens a warning pop-up window in the user’s web browser, indicating the transmission of harmful traffic and prompting the user to diagnose his/her machine. (Support multiple languages.)
MasterP S
F
09
The access network is the first location that a user’s terminal accesses when using IT resources. In the past, only PCs were connected to access networks, but in recent times the definition of a terminal has expanded to encompass not only desktop PCs but also notebooks, wireless APs, network printers, VoIP phones, etc. TiFRONT meets the needs of such a diverse access network environment while providing L2/3 switching and security features.
10
Various Environments support
General/Large-Scale User Environment
• Detect and block harmful traffic caused by malicious code, such as scanning, flooding, DoS/DDoS, etc.• Prevent the spread of malicious traffic throughout the network. • Prevent eavesdropping via ARP spoofing between the gateway and terminals. • Business Continuity Management by selectively blocking only malicious traffic. • Authenticate users to allow only permitted users to access the network. • Preemptively prevent loops in order to ensure network stability.
PoE Environment
• Reduce cable installation expenses by providing electricity and data simultaneously over a single line. • Support both 802.3af and 802.3at specifications • Improve electrical efficiency with PoE scheduling.
VoIP Environment
• Guarantee the quality of voice transmissions carried over Hybrid VLAN, LLDP, LLDP-MED, Voice VLAN, Dynamic VLAN, etc. • Detect and block ARP spoofing to prevent wiretapping and eavesdropping.• Detect and block harmful traffic caused by malicious code, such as scanning, flooding, DoS/DDoS, etc.• Business Continuity Management by selectively blocking only malicious traffic.• Authenticate users to allow only permitted users to access the network.
Wireless Network Environment
• Detect and block harmful traffic caused by malicious code, such as scanning, flooding, DoS/DDoS, etc.• Detect and block ARP spoofing to prevent wiretapping and eavesdropping.• Avoid business interruptions by selectively blocking only malicious traffic.• Authenticate users to allow only permitted users to access the network.
TiManager : Integrated Management Solution
Real-time Monitoring
With TiManager, in a single glance you can check not only current traffic and security breaches, but also the status of security switches and the internal use of IP addresses. You can also check security logs, device status logs and the network configuration in real time.
Detail Security Configurations
With the TiFRONT security switch, you can set individual or group security policies. Additionally, with port-specific security policies, you can specify which IP or MAC addresses can access each port, and also set access time limits.
User IP Management
Easily check, in real time, which user accessed which security switch, the IP address and port number they used, and the time of access. IP and MAC address-based user authentication to manage IP resources, control access by specific devices, and check the network history.
A Wide Variety of Reports
TiFRONT provides reports about security switches and registered IP addresses. Get a single report containing information on the traffic, security and device status for all of the IP addresses connected to each port of dozens or even hundreds of switches.
11
TiManager System Requirements TiFRONT
CPU
Memory
Disk
Operating System
Software Environment
Less than 100 units
2GHz Intel Core2 Duo or better
Minimum 3GB
Minimum 200GB HDD
Windows Server 2003, 2008, or 2012
Microsoft.NET Framework 3.5, MS-SQL2008 or PostgreSQL9.2.2
101 ~ 512 units
Intel Core i5 or better
Minimum 4GB
Minimum 128GB SSD
513 ~ 1024 units
Intel Core i5 or better
Minimum 8GB
Minimum 256GB SSD
* Windows desktop operating systems (XP, Vista, 7, 8) are not supported
Make security configurations and manage the device easily, even without specialized expertise.
Control access to the network from within by unauthorized terminals.
Check and block malicious traffic.
Monitor IP addresses in real time. Make it easy to oversee complex networks.
Manage hundreds of security switches from a single node. lock malicious traffic.
12
Case Studies
Centralized Management of Head Office and Factory NetworksReducing Network Complexity and Increasing Visibility
10 years after their network was originally constructed, Boryung Pharmaceutical was experiencing frequent network outages. Network administrators could neither determine the reason nor locate the point of origin. As their business expanded, they had gradually built out their network by simply adding switches and hubs when necessary. Employees had found it convenient to purchase and install hubs as they saw fit, which had a profoundly negative effect on network visibility. This made it difficult for them to respond to outages and manage security threats. Moreover, they were looking for a way to combat the ARP Spoofing and DDoS attacks that they were frequently experiencing. They had ruled out implementing a separate point solution for each kind of attack because they didn’t want to make the system more complicated and difficult to manage. They felt that a security switch would meet their needs because it would block suspected attack packets, protect both the network infrastructure and the PCs accessing the network, and minimize the number of management points.
• Background and Requirements
TiFRONT in PIOLINK is an L2/3 switch with added security features. It can be installed without changing your network configuration, and protects PCs without requiring the installation of an agent on each PC. It blocks both wired and wireless malicious traffic originating on the network, and also blocks ARP spoofing and TCP/UDP flooding attacks. It enables detailed control and history management of device access, either based on IP addresses or in conjunction with an authentication server. TiFRONT with PoE is fit for building IPT. It can be used with malicious code detection solutions to help shut down zombie PCs and prevent APT attacks. Boryung Pharmaceutical chose TiFRONT to secure their internet phone system and prevent DDoS, ARP spoofing and similar attacks. Because the TiFRONT security switch is installed in close proximity to users’ PCs, it protects the network along with the endpoints. It determines whether incoming traffic destined for local PCs contains malicious code in order to prevent them from becoming zombie PCs, and also detects harmful traffic in order to defend against DDoS attacks. Additionally, it provides the most effective solution for self-loop problems attributable to complicated cable connections, which is in the L2 layer, close to end users’ PCs. Not only is TiFRONT the best solution for blocking PC and network attacks; it is also advantageous in that it is convenient to manage and operate. In addition to head office, Boryung Pharmaceutical has a factory in Ansan and branch offices throughout South Korea. They needed a centralized solution to defend against attacks in all of these locations, and they were hoping to find a solution that would make it easy for them to set and implement access policies without the burden of having to provide their network administrators with specialized education. TiFRONT was the ideal solution for their needs.
• The Solution
Because TiFRONT makes centralized management possible, the greatest benefit to Boryung Pharmaceutical was easy management by those without network or security expertise. In the past, when outages occurred they had no way to locate the point of failure besides manually checking the whole building for potential points of failure.TiFRONT provides a centralized management console, so Boryung Pharmaceutical administrators are now able to instantly locate failure points and determine the cause of outages, which helps them take the appropriate action swiftly and conveniently. Since TiFRONT is a switch-based device, it has the advantage of informing you of switch failure in advance. In the past, it had been difficult for them to manage endpoint switches, but TiFRONT checks the operating status of endpoint switches and informs administrators in advance when the possibility of failure is high, thereby making failure prevention possible. TiFRONT is also very helpful when setting security policies, because it reveals the occurrence of attacks that previously went undetected. It is difficult to instantly detect everything from DoS and ARP spoofing attacks to cable-related problems such as looping, but now immediate action in response to such issues is possible because TiFRONT provides relevant reports and warnings. Boryung Pharmaceutical is currently using TiFRONT at their head office and the Ansan factory, and have plans to roll it out at all branch offices nationwide in the future.
* This case study was first published in issue No. 234 (February 2013) of Network Times Monthly (www.datanet.co.kr).
• The Result
Because we had been changing our network configuration every time we expanded, the network had become complicated and difficult to manage. Allowing people to freely connect hubs and mobile devices didn’t help either, because it made it harder for us to locate the point of occurrence of failure.
Because TiFRONT is easy for those without specialized expertise to operate, management tasks were significantly reduced.
Even in a distributed environment, in this case comprising the head office, branch offices, and factory, TiFRONT is convenient to manage, because all management and individual policy settings can be made from a centralized location.
13
Solving Network Failures and Securing Access
Korea Testing Laboratory was suffering from zombie PC activity, network outages, and poor L2 switch performance, all attributable to virus infections on PCs on the local network. While evaluating various solutions for these problems, they reviewed L2 security switches, which improve access-level security. They tested L2 security switch in PIOLINK for a trial period, were satisfied that it would be able to effectively respond to DoS attacks caused by zombie PCs, and decided to purchase the switch.
• Background and Requirements
- KTL realized a network between backbone switches and the endpoint switches on each floor that reliably provided gigabit speeds even when the amount of end-user traffic increased considerably. - They chose TiFRONT-F26 for the security switch on each floor, and established an environment in which they have complete control over network access by individual end-users’ PCs. - When they want to change the security policy on their network, they use TiManager to implement the new policy across all L2 security switches with a single batch task. TiManager also allows them to monitor and respond immediately to attacking PCs or PCs that are generating abnormal traffic.- Each security switch, which is an access switch through which end-users’ terminals are connected, detects and blocks DDoS attacking traffic and blocks the activity of zombie PCs. It also blocks ARP spoofing and other kinds of attack in advance, thus reducing the burden on backbone switches.
• The Result
Establishing an IP Telephony Network in City Hall and Government Offices
The challenge was to implement a network to integrate city hall with district offices and provide various services including wired/wireless access and IP Telephony (VoIP) with PoE. The TiFRONT security switch was able to meet all of these criteria. Using PoE enables power and data to be transmitted simultaneously without installing a separate power supply. TiManager, the integrated security control system, makes it possible not only to manage the entire network in an integrated manner, but also to manage security settings at city hall and district offices individually when desired.
Massive Network covering Education Offices and Institutes
The Office of Education is able to manage hundreds of TiFRONT security switches installed nationwide at every level of regional government office with a single instance of TiManager, the master management system. Moreover, individual schools are able to set their own security policies, and can set them differently for individual floors and classrooms.
Integrated NetworkRouter
Redundant SecurityDevice
TiManager
TiManager
TiManager
District#1Office
District#1Office
City Hall Configuration District Office Configuration
We replaced our old L2 switches with TiFRONT without changing our overall network configuration. We put an end to our network outages by eliminating the cause, which was DoS and other malicious traffic.
We simultaneously manage hundreds of security switches installed across the nation.
By replacing our VoIP telephone service, we have become able to block ARP spoofing and other internet-based attacks.
Specifications
Memory
Software Features
512M
160MB(OS 32MB, Log Buffer 128M)
24 X 10/100BASE-T,2 X 1G dual combo : Copper & Fiber
N/A
Single / Dual
24.3W(S) / 24.9W(D)
440 X 350 X 44
4.0Kg(S) / 4.2Kg(D)
IEEE802.3af/802.3at
Dual
40.8W(D)
5Kg(D)
512M
256MB(OS 128MB, Log Buffer 128M)
10 X 10/100/1000BASE-T,2 X 1000BASE-X
100~240VAC, 50/60Hz(Free Voltage)
N/A
Single
27.5W
220 X 290 X 44
2.9Kg(S)
KC(Class A) / VCCI(Class A)
CC2.0(ELA2)
IPv6 ready logo(Phase-II)
RoHS Compliant
512M
160MB(OS 32MB, Log Buffer 128M)
24 X 10/100/1000BASE-T,4 X combo included : 1000BASE-X SFP
N/A
Single / Dual
39.3W(S) / 39.6W(D)
440 X 350 X 44
4.0Kg(S) / 4.2Kg(D)
IEEE802.3af/802.3at
Single
36.7W(S)
220 X 350 X 44
3.6Kg(S)
IEEE802.3af/802.3at
Dual
41.12W(D)
5.2Kg(D)
Interface
PoE
Power Input
PowerMaximum Power Consumption Dimension(WxDxH)
Weight
EMC
Security Certification
IPv6
RoHS
TiFRONT-F26 TiFRONT-F26P TiFRONT-G2408 TiFRONT-G2408P TiFRONT-G24 TiFRONT-G24P
Autonego/Speed/duplexFlow controlSmart Port RedundancyPort-based/Protocol/MAC/Voice/Subnet VLAN802.1QHybrid VLANPrivate VLANIngress/Egress taggingMax VLAN (4K)802.1ad VLAN Stacking (QinQ)STP, RSTP, MSTP, PvST+, RPvST+MAC address agingMAC filteringDuplicate MAC address learning preventionReserve MAC learning preventionStatic entry supportIndependent VLAN learningMax. MAC entry (16K/32K)Port Mirroring (N:N)LACPLink trunkingLACP load balancingTrunk groups (8)Members per group (8)Static Trunk load balancingTraffic changeover in the event of link failure
Port Management
VLAN
Spanning TreeMAC learning
Port MirroringLink Aggregation
Flash Memory
L2
Join/Leave, Multicast group (1K), v1/v2/v3L2, L3, L4 header based classificationQoS marking & RemarkingQoS queuing & scheduling - Cos Queue mapping - 8 CoS Queues per port - Scheduling by SPQ/WRR/DRR - Dro precedence - Congestion AvoidanceIngress rate-limiting (per port/per flow)Egress rate-limiting (per port)DiffservSahping & packet drop policyMin./Max. BW guaranteeL2/L3/L4 based filteringVLAN ACLACL filter namingTime-Based ACLPoE+ Standard Support (802.3at)Enable/disable for each portPriority for power supply to individual portsPoE operational status monitoringPoE port-specific power supply blockingPoE power schedulingsupportedsupported
IGMP snoopingQoS
ACL
PoE
Jumbo FrameERPS
Product Specifications
14
IPv4/IPv6 Static routing (ECMP/Blackhole)IPv4 RIPv1/v2, OSPFv2, BGPv4, VRRP, PIM-SM/SSMIPv6 OSPFv3, RIPng, BGP+IPv6 6to4 tunneling and ISATAP
One-to-One flooding, Random flooding, IP scanning, Port scanning, IP spoofing, ARP spoofing, Neighbor spoofing, MAC flooding, counting & loggingIpv4/IPv6 security feature supportAutomatic detection, blocking and releaseIndividual MAC/IP address blockingDetection exception settingsDAD attack, Land attack, Teardrop attack, L4 source port range matter, same port(sPort/dPort), TCP flag matter, TCP fragments, ICMP fragments, Smurf802.1X, MAC auth, Web auth, Multistep/Fall-back auth, Fall-back auth802.1X auth VLAN/Unauthorized-VLANRADIUS, TACACS+Storm controlAssigns maximum MACLogin/Logout recordCommand execution recordIP Source Guard, Dynamic ARP Inspection, Embedded RADIUS, Unauthenticated routers Detection, terminal detection, DHCP filtering, NetBIOS filtering,Self loop detect, System Access security,Web alert, and real-time security Syslog
Static routingDynamic routing(optional)
Anomalous traffic
Protocol Anomaly
Authentication
Port Protection
Accounting
Other features
L3
Security Management
Security Interoperation
SNMP v1/v2cPublic MIB (System, Interface, IP address, UCD, Router(RFC-1213), Protocol(TCP, UDP, SNMP, ICMP), RFC1573 Private Interface MIB)Private MIB (Learning MAC table, Security Configuration)SNMP Trap (Authentication, Port Link up/down)IPv6 MIBTelnet, SSH, ConsoleSNMP, Syslog, SSHRADIUS, TACACS+Password-based user login, Login timeout, Multiple users, User-specific privileges, Multiple configurationsOS update via TFTP/FTPSyslog server, Monitoring, Log Threshold management, Log backup, System/Security logPort statistics, CPU/Memory usage, Fan, Watchdog, Temperature sensorRMONsFlow supportedDHCP server/Relay, LLDP, LLDP-MED,UDLD, USB Interface support , Multi OS, Technical-assist
McAfee : Network Security Platform/ePOFireEye : Malware Protection SystemFortnet : FortiGate UTMPalo Alto : Firewall PA Series
SNMP
CLI InterfaceEMS InterfaceAuthenticationUser Management
Configuration and OS ManagementLogging
Monitoring
StackingOther
Solution
TiFRONT-G48 TiFRONT-G48P TiFRONT-GX24M TiFRONT-GX24N TiFRONT-GX24PN
1GB
160MB(OS 32MB, Log Buffer 128M)
48 X 10/100/1000BASE-T,4 X combo included : 1000BASE-X SFP
IEEE802.3af/802.3at
Dual
95W(D)
440 X 475 X 44
7Kg(D)
N/A
Single / Dual
72.2W(S) / 75.4W(D)
440 X 350 X 44
4.3Kg(S) / 4.6Kg(D)
1GB
256MB(OS 128MB, Log Buffer 128M)
8 X 10/100/1000BASE-T Module or8 X 1000BASE-X SFP Module(Optional Module Type)2 X 10G SFP + (Uplink & Stacking)
100~240VAC, 50/60Hz(Free Voltage)
N/A
Single / Dual
55.8W(S) / 55.9W(D)
440 X 350 X 44
4.3Kg(S) / 4.6Kg(D)
KC(Class A), VCCI(Class A)
CC2.0(ELA2)
IPv6 ready logo(Phase-II)
RoHS Compliant
1GB
256MB(OS 128MB, Log Buffer 128M)
24 X 10/100/1000BASE-T,4 X combo included : 1000BASE-X SFP,2 X 10G SFP + (Uplink & Stacking)
N/A
Single / Dual
59.4W(S) / 62.6W(D)
440 X 350 X 44
4.1Kg(S) / 4.4Kg(D)
IEEE802.3af/802.3at
Dual
75.7W(D)
440 X 475 X 44
7.1Kg(D)
15
P4-14G
• The content of this document is subject to change without prior notification due to improvements in product performance, the addition of features, or error corrections. • Images may differ from the actual products. • The names of listed companies, products, and services are trademarks or service marks belonging to their respective owners. • Products can be purchased through authorized partners. More detailed technical information is available on our website.
www.PIOLINK.com | global@piolink.com
PIOLINK, Inc. is a specialist in cloud data center optimization. We optimize service availability, performance, and security management in data centers characterized by high volumes of traffic and in the rapidly changing network infrastructure required for cloud and big data service. In the age of telecommuting and increased mobile device use, we enable faster service response times. We also protect customers’ data and confidential corporate information in the environment of increased server centralization and virtualization. We guarantee the usability of all applications through the effective use of IT resources, and earn the satisfaction and trust of our custom-ers with our powerful security capabilities and ability to realize transparency through accurate monitoring.
(ADC) Application Delivery Controller• Ensure Network Availability and Optimize Performance • Increase the Effectiveness of IT Investment
Web Application Firewall• Block Anomalous Web Traffic• Secure Websites and Protect Information
PAS-K
WEBFRONT-K
Security SwitchManage Internal Network Threats
TiFRONT
SDN SwitchManage Network Operation Easily and Quickly with a Switch that supports OpenFlow
TiFLOW
PIOLINK