Page 1 of 4 • Data Sheet • Secure the private network from threats from the Internet — Defense in depth protection for all Internet connections — Secure enterprise networks from unauthorized access — Robust Denial of Service attack protection • Stateful multilayer packet inspection — Incoming and outgoing traffic — Per-interface activation • Scalable GUI management — Extensive management and configuration features • Enhanced security protection — Application-level gateway for your applications — Authentication across the firewall — Extensive event logging for analysis and forensics Enterasys Firewall Solutions for the XSR™ • New full-featured, policy-managed firewall for branch offices • Maintains wire-speed performance while delivering unsurpassed security • Full protection from a wide range of Denial of Service (DoS) attacks • An easy-to-deploy, cost-effective solution with flexible management options Enterprise-Class Firewall for the Regional and Branch Office Enterasys Firewall brings a high-perform- ance, policy-managed, stateful inspection, multilayer firewall to the XSR platform. The addition of an enterprise-class firewall complements the XSR’s industry-leading IP WAN routing, Quality of Service, NAT functionality and VPN features, making it ideally suited to remote offices that require connectivity, VPN and firewall functionality. The most secure approach to protecting critical resources from external or internal threats is a “defense-in-depth” strategy with a distributed firewall at each remote office. The XSR Firewall delivers essential security with policy rules that determine which traffic is permitted and which traffic is denied. The Graphical User Interface simplifies the process by providing a scalable way to define these rules and apply them to multiple remote offices. With both firewall and VPN enabled, the XSR delivers an unprecedented level of security to the branch or regional office in a single integrated device. And, in contrast to competitive solutions, the XSR offers the power and performance needed to deliver full-featured security while main- taining wire-speed WAN performance. Meeting Enterprise Security and Connectivity Challenges Head-On With a rich suite of IP router features, a broad range of WAN interfaces, site-to-site and remote access VPNs—and now a policy- managed, stateful inspection firewall—the XSR solves the security and connectivity challenges of enterprise branch and regional offices. All versions offer multiple, embedded LAN interfaces, IPSec VPN Acceleration hardware and configurable WAN options. Plus, the router performance is blazingly fast with the product line scaling from 50k PPS to 525k PPS. IP features include RIP, OSPF and BGP routing protocols, NAT, QoS and Access Control Lists. Multiport WAN interfaces support Frame Relay, ISDN BRI and PRI, Fractional and Channelized T-1/E-1, Fractional T3/E3, ADSL, Fast Ethernet and FX100 fiber. NetSight Atlas Router Services Manager Enterasys NetSight Atlas Router Services Manager allows for the remote definition and deployment of XSR Firewall rules and is an important complement to the XSR Firewall. An advanced plug-in application, NetSight Atlas Router Services Manager provides a fast, easy way to graphically define and configure policies, filter definitions, and network and service objects on the XSR Firewall.
Transcript
Page 1 of 4 • Data Sheet
• Secure the private networkfrom threats from theInternet
— Defense in depth pro t e c t i o nfor all Internet connections
— S e c u re enterprise networksfrom unauthorized access
— Robust Denial of Serviceattack protection
• Stateful multilayer packetinspection
— Incoming and outgoingtraffic
— Per-interface activation
• Scalable GUI management
— Extensive managementand configuration features
• Enhanced security pro t e c t i o n
— Application-level gatewayfor your applications
— Authentication across thefirewall
— Extensive event loggingfor analysis and forensics
Enterasys Firewall Solutions for the XSR™
• New full-featured, policy-managed firewall for branch offices
• Maintains wire-speed performance while delivering unsurpassed security
• Full protection from a wide range of Denial of Service (DoS) attacks
• An easy-to-deploy, cost-effective solution with flexible management options
Enterprise-Class Firewall for theRegional and Branch Office
Enterasys Firewall brings a high-perform-ance, policy-managed, stateful inspection,multilayer firewall to the XSR platform.The addition of an enterprise-class firewallcomplements the XSR’s industry-leadingIP WAN routing, Quality of Service, NATfunctionality and VPN features, making itideally suited to remote offices that requirec o n n e c t i v i t y, VPN and firewall functionality.
The most secure approach to protecting critical resources from external or internalthreats is a “defense-in-depth” strategywith a distributed firewall at each remoteoffice. The XSR Firewall delivers essentialsecurity with policy rules that determinewhich traffic is permitted and which trafficis denied. The Graphical User Interfacesimplifies the process by providing a scalableway to define these rules and apply them tomultiple remote offices.
With both firewall and VPN enabled, theXSR delivers an unprecedented level ofsecurity to the branch or regional office ina single integrated device. And, in contrastto competitive solutions, the XSR offersthe power and performance needed todeliver full-featured security while main-taining wire-speed WAN performance.
With a rich suite of IP router features, abroad range of WAN interfaces, site-to-siteand remote access VPNs—and now a policy-managed, stateful inspection firewall—t h eXSR solves the security and connectivitychallenges of enterprise branch and regionaloffices. All versions offer multiple, embeddedLAN interfaces, IPSec VPN Accelerationhardware and configurable WAN options.Plus, the router performance is blazinglyfast with the product line scaling from 50kPPS to 525k PPS. IP features include RIP,OSPF and BGP routing protocols, NAT,QoS and Access Control Lists. MultiportWAN interfaces support Frame Relay,ISDN BRI and PRI, Fractional andChannelized T-1/E-1, Fractional T3/E3,ADSL, Fast Ethernet and FX100 fiber.
NetSight Atlas Router ServicesManager
Enterasys NetSight Atlas Router ServicesM a n a g e r allows for the remote definitionand deployment of XSR Firewall rules andis an important complement to the XSRFirewall. An advanced plug-in application,NetSight Atlas Router Services Manager provides a fast, easy way to graphically defineand configure policies, filter definitions,and network and service objects on theXSR Firewall.
16226,9013229-2_XSRFire_DS 4/7/04 4:32 PM Page 1
Page 2 of 4 • Data Sheet
Technical Specifications
The Enterasys XSR Firewall incorporates the key charac-teristics of standalone firewall appliances—including filtering packets at the network layer, determining thelegitimacy of IP sessions and evaluating the payload ofpackets at the application layer. The XSR Firewall deliversindustry-leading price-performance ratios and so much more.
The XSR Firewall allows a direct connection between clientand host, alleviating the lack of transparency ofApplication Level Gateways (ALGs). It also employs algo-rithms to recognize and process Layer 5-7 data. Additionalstateful-inspection firewall advantages include:
• Inspection of a packet’s communication and applicationstate, acquired from past communication data throughoutall layers. For example, an FTP session’s PORT commandcan be saved to verify an incoming FTP data connection.
• Dynamic filtering by opening ports only if the config-ured policy permits and when the application requires.
• Strong security with minimal CPU overhead and fast performance because stateful inspection is implementedin the kernel.
• An Application Layer Gateway (ALG) to support appli-cations that dynamically allocate ports for secondarydata streams. ALGs apply stateful inspection to complexprotocols such as FTP and TFTP, H.323, RPC, DHCPRelay, GRE for NAT, etc.
• Smart service filtering and blocking. For exampleblocking unauthorized commands to an e-mail server,avoiding possible attacks.
• Intelligent Denial of Service prevention: Ping of Death,TCP Port Scan, ICPM and UDP Flood, session hijacking,and more.
• The capacity to search for and reject non-forming packets.
XSR-32502 + GB Central Office Appliance with expanded I/O
Software
XSR-18XX-FWFirewall for XSR1800 series
XSR-18XX-VPN-FWVPN and Firewall for XSR 1800 Series
XSR-3020-FWFirewall for the XSR-3020
XSR-3020-VPN-FWVPN and Firewall for the XSR-3020
XSR-3XXX-FWFirewall for the XSR-3150 and XSR-3250
XSR-3XXX-VPNVPN for the XSR-3150 and XSR-3250
XSR-3XXX-VPN-FWVPN for the XSR-3150 and XSR-3250
Ordering Information
Base Memory VPN Tunnel FirewallMemory Upgrade Upgrade Upgrade
XSR-1805 32 MB 128 MB Base 50 tunnels Base 13,000 sessionsupgraded to 500 upgraded to 230,000 sessions
XSR-1850 64 MB 128 MB Base 200 tunnels Base 85,000 sessionsupgraded to 500 upgraded to 230,000 sessions
XSR-3x50 256 MB 512 MB Base 3,000 tunnels Base 150,00-450,000 sessionsupgraded to 5,000 upgraded to 1,100,000 sessions
Memory
For additional Firewall session or VPN tunnel capacity,order additional memory. Memory upgrade kits replacedefault memory chips. (Please note: The XSR-3020 is notmemory upgradeable; its base memory is 128 MB.)
16226,9013229-2_XSRFire_DS 4/7/04 4:32 PM Page 3
Page 4 of 4 • Data Sheet
Warranty
As a customer-centric company, Enterasys is committedto providing the best possible workmanship and design inour product set.In the event that one of our products failsdue to a defect in one of these factors, we have developeda comprehensive warranty that protects you and provides asimple way to get your products repaired as soon as possible.
Service and Support
Enterasys understands that superior service and support isa critical component of Networks that Know.™ TheEnterasys SupportNet Portfolio—a suite of innovativeand flexible service and support offerings—completes theEnterasys solution. SupportNet offers all the post-imple-mentation support services you need—online, onsite orover the phone—to maintain your network availability andperformance.
Additional Information
For additional informationon the XSR, visitenterasys.com/products/routing/XSR
Contact Information
Contact Enterasys Sales at 877-801-7082 or e n t e r a s y s . c o m / c o r p o r a t e / c o n t a c t / c o n t a c t - s a l e s . h t m l
Enterasys NetworksCorporate Headquarters50 Minuteman RoadAndover, MA 01810U.S.A
NetSight and XSR are trademarks or re g i s t e red trademarks of Enterasys Networks. Allother products or services mentioned are identified by the trademarks or servicemarks of their respective companies or organizations. NOTE: Enterasys Networksreserves the right to change specifications without notice. Please contact your representative to confirm current specifications.
