8
Highlights
• Advanced Application Routing and Control:
Easily manage access to Web Applications like Facebook, LinkedIn, Google, Twitter, Dropbox, among others.
• Advanced Threat Protection:
Innovative security against advanced malware and call
back.
• Centralized Management:
Easily manage multiple devices with Blockbit GSM (Global Security Management), which has native integration with Blockbit Next-Generation Firewall. Manage device profiles, management and automation, inventory and monitoring.
• Unified Policy and Reporting Dashboard:
Agile access control, with application of policies by groups of users, which unifies resources in a simple and innovative way. Customize and automate detailed and managerial reports.
• Timeline:
Monitor user behavior through a timeline by simply displaying the history with all detected accesses, applications and threats.
• Reduce cost and time to implement:
Centralize settings and automatically distribute them to remote assets. With the ZTP (Zero-Touch Provisioning) feature, it is possible to reduce time and cost with the implementation.
Key Features
Next-Generation Firewall
The Blockbit Platform is much more than a firewall. Combining the most advanced network management technology with advanced detection and protection capabilities against digital attacks and threats. Blockbit NGFW (Next-Generation Firewall) simplifies the creation of complex security rules and policies, using addresses, users, user groups, applications, threats and services in their settings, which can be named to facilitate understanding of policies and ensure total control of your environment.
Zero-Touch Provisioning
With the ZTP (Zero-Touch Provising) feature, it is possible to pre-configure security policies and automatically implement them on the linked remote device, as soon as it receives a network connection. This reduces the complexity of the installation and, consequently, the saving of financial and technical resources.
SSL Inspection
Most of the information that travels on the web uses encrypted connections. Blockbit Platform has SSL decryption for traffic inspection, ensuring full access control and applying advanced features such as ATP, Content Filter and Anti-Malware.
Content Filtering
Blockbit Platform has more than 46 million addresses classified in more than 88 categories. This information, together with SSL inspection, allows you to fully control access to online content, which can be configured by user, user groups, IPs, bandwidth, connection priority, links, different browsers and their versions. You can also set limits on file size for downloading, running web applications, allowed browsing time and more.
Key Features
Controle de Aplicações
The advancement of the Internet has allowed the creation of applications such as Facebook, Youtube, Google Apps, Twitter, LinkedIn and Dropbox, which have become very popular and can impact the productivity of their teams if not used correctly. Blockbit Platform allows you to fully control Web Applications, restricting or allowing access according to the rules of your business.
IPS - Intrusion Prevention System
The Blockbit Platform continuously protects your network against the growing number of digital threats. IPS has thousands of signatures to identify threats in a database updated daily by Blockbit Labs. It is possible to create multiple protection profiles to apply them to different types of network traffic. In addition, the dashboard displays information about threats detected in detail, allowing a quick and efficient risk analysis.
ATP - Advanced Threat Protection
Blockbit Platform has sophisticated security and intelligence technologies that detect and protect your company against known and unknown threats. The Blockbit Platform can detect advanced malware such as Trojans and viruses, advanced persistent threats and malicious callback attacks. ATP can also block bad reputation IPs in different categories (abusers, anonymizers, attackers, malware, reputation, spam) in addition to geolocation attacks.
SSL VPN
The Blockbit Platform allows you to create secure access to applications on your network through a web portal that can be quickly configured and executed in any browser. The platform also supports a client-to-site connection.
IPSec VPN
The Blockbit Platform allows you to create virtual private networks with native tunneling encryption, which ensures interoperability with other products and increases security. Supports IPSec hub and spoke VPN architecture for both site-to-site ("Full Meshed" and "Star") and client-to-site (remote access) topologies.
QoS & Traffic Shapping
The Blockbit Platform has a unique QoS feature that allows, via a centralized and local graphical interface, to prioritize traffic and control bandwidth according to the configured security and compliance policies, in addition to the classification of packages (Shaping). The advanced QoS feature categorizes connections according to their importance and makes it possible to prioritize packets using DSCP and TOS protocols.
SD-WAN
Blockbit Platform offers a dynamic link balancing service for long distance connection, which allows you to connect your company to any location - branches, data centers, cloud etc. You have more visibility on all activities in any location and still integrate the SD-WAN with all the security features of Blockbit, being able to manage the entire environment from a single interface, facilitating the analysis of results and making decisions about network optimizations.
Key Features
High Availability
Blockbit Platform has native support for H.A. (high availability) implementations. The feature maintains a backup appliance, which goes into service immediately if the primary appliance fails. H.A. support mirrors firewall sessions and user authentication between the primary and secondary devices so that the switch over is transparent and fast.
Captive Portal
The Blockbit Platform makes it easy to manage visitor access through authentication that the web browser uses. Captive Portal allows self-registration, personalization of access policies, content control, user management, exchange of access passwords and personalized reports. In addition, it is possible to authenticate via social media accounts (Facebook, Google and Twitter).
Centralized Management
Blockbit NGFW has native integration with GSM (Global Security Management), which makes it possible to manage multiple devices, with an encrypted and authenticated connection through a central point. Allows centralized and local management of the Forwarding Policies, WEB Proxy, IPS / IDS and Anti-Malware functionalities, monitoring your events in an integrated manner.
Features by Subscription
Features Basic Standard Advanced
Next-Generation Firewall (NGFW) ✓ ✓ ✓
Secure SD-WAN ✓ ✓ ✓
Proxy WEB ✓ ✓ ✓
VPN IPSEC ✓ ✓ ✓
VPN SSL ✓ ✓ ✓
QoS ✓ ✓ ✓
Cluster ✓ ✓ ✓
Captive Portal ✓ ✓ ✓
DHCP SERVER/RELAY ✓ ✓ ✓
Hardware Warranty ✓ ✓ ✓
URL Category Base ✓ ✓
Intrusion Prevention System (IPS) ✓ ✓
Gateway Antivirus ✓ ✓
Threat Protection ✓ ✓
Remote Support - 04 hours a month ✓
Appliance Models
Model BB1* | BB2* | BB5* | BB10* Small enterprises
Model BB30* Small enterprises
Model BB50* | BB100* Medium-sized enterprises
Model BB500* | BB1000* | BB2000* Large Enterprises
Model BB10000* Corporations and Datacenters
Virtual Appliances
Firewall Throughput (UDP) Minimum Segments Maximum Segments
BBV 2 500 Mbps 2 4 BBV 5 1.5 Gbps 2 4 BBV 10 2.5 Gbps 2 4 BBV 50 4.0 Gbps 2 6 BBV 100 5.4 Gbps 2 6 BBV 500 10 Gbps 2 24 BBV 1000 20 Gbps 2 24 BBV 2000 20 Gbps 2 24 BBV 10000 40 Gbps 2 34
* merely illustrative images
Security Policies • Filtering ➢ Web content ➢ Web applications • Inspections ➢ SSL, IPS (Intrusion Prevention System). ATP
(Advanced Threat Protection) • QoS (bandwidth control/prioritization) • Multiple services • Security rules editor (filtering policies) ➢ Enable and disable logs ➢ Types of action: allow, deny and reject ➢ Traffic simulator and policy finder ➢ Conflicting Policy Detector
Web Cache • Proxy ➢ Transparent ➢ Active • Support for web services (HTTP and HTTPS
versions 1.0, 1.1 and FTP) • Configuration of web cache in memory and disk • Enabling dynamic content web caching
(Facebook, Google Maps, MSN Video, Sourceforge Downloads, Windows Update, Youtube)
• Cache exception, configurable by regular expressions
• Proxy hierarchy with and without authentication • Support for HTTP Anti-Virus integration through
proxy hierarchy • Blocking message for the end user
Firewall • Policy with authentication option ➢ NAT (SNAT and DNAT), 1: 1, N: 1, NAT64,
NAT46 and NAT66 • Security ➢ DoS Protection (Denial Of Service) ➢ PortScan Protection ➢ Protection of invalid packages ➢ ICMP Sweep Protection ➢ Flood protection (SYN, ICMP, UDP) ➢ ICMP (controls, transmission, redirection) ➢ PING (Echo/Request) ➢ Source routing ➢ Checksum ➢ Invalid logs ➢ TCP_be_liberal ➢ IP spoofing • TCP/UDP/ICMP/IP connection controls • Supports transparent mode (layer 2), gateway
mode (layer 3) and port mirroring • Supports real time protocols
QoS - Quality of Service • Packet marking for traffic prioritization (TOS and
DSCP) • Traffic control and bandwidth guarantee per
policy
IPS Intrusion Prevention System • Detection and prevention of attacks and intrusions
based on +60 thousand signatures and +65 categories • Preprocessors • Impact Levels ➢ Low ➢ Medium ➢ High • Protection against threats at the application layer
(Exploit, Shellcode etc.) • Protection against malformed packages • DoS and DDoS Prevention • Prevention against PORT SCAN • Prevention of protocol anomalies (HTTP, SMTP, NTP,
NetBIOS, HTTPS, FTP, DNS, SMB, RPC, SSH and Telnet)
• Support for exception configuration by source or destination subscription
• Log record of incidences for each type of attack identified
• Automatic and periodic update • Decodes multiple unicode formats • IP fragmentation and defragmentation • Policies applied to interfaces or security zones • Inline implementation support (bridge / transparent
mode)
Threat Protection
• Antivirus and Anti-Malware
➢ HTTP, HTTPS, FTP, POP3 and SMTP (native to the
solution)
• Protection against unauthorized applications
o (Packed, PwTool, NetTool, P2P, IRC, RAT, Tool, Spy)
• Password protection against files
• Anti-Malware Quarantine
• Scanned file report
• Identifies, classifies and blocks malware such as trojans,
spyware, worms and viruses
• Allows reputation blocking of the address classified in 6
categories: spam, reputation, malware, attacks,
anonymous and abuse
• Automatic and periodic update
SD-WAN
• Support for multiple configuration profiles ➢ Failover, Load Balance, Spillover and Performance • Monitoring link availability and protecting against data
link degradation ➢ Verification by TCP, ICMP and HTTP protocol • Measurement by bandwidth consumption, packet loss,
jitter, latency (allows monitoring multiple destinations and on all interfaces)
• Application-based routing
Zero-touch Provisioning
• Automatic provisioning • Apply security templates at initial installation
Content Filtering • Content Filter • 88 categories, +47 million cataloged URLs, Google
domain login control, SafeSearch integration, Google, Bing and Yahoo, blocking message for the end user
• SSL inspection ➢ Integration with ATP inspection • Application Recognition - DPI (Deep Packet
Inspection) • Web Application Control ➢ Facebook (Post, Like, Comment), LinkedIn (job
search), Gmail (attachment attachment), Twitter, Instagram and more
• SNI control by category • Filtering, categorizing and reclassifying websites by
URL • Authentication of users in LDAP, Radius and
Microsoft Active Directory • Blocking by building specific filters with textual
search engine • Blocking invalid certificates • Custom lists (whitelist and blacklist) • Captive Portal with social login (Facebook, Twitter,
Google) • Navigation quotas by time and/or traffic volume • Scheduled and Automatic Update
IPSec VPN and SSL VPN
• VPN tunnel (LAN to LAN) • VPN RAS (remote access allows access by VPN
client or direct support at the station without a client)
• Authentication ➢ Pre-Shared Key (PSK), X-Auth (AD, LDAP, local,
RADIUS), digital certificate, EAP (MSCHAPv2) • High Availability ➢ FQDN (Full Quality Domain Name) ➢ DDNS support • NAT-T (UDP encapsulation) • DPD (Dead Peer Detection) • Exchange mode ➢ Main mode ➢ Aggressive mode • Compressed data support • Fragment size (MTU) • Protocols ➢ IKEv1 and IKEv2 (for phase 1 and phase 2) ➢ ESP • VPN Clients • Supports Auto-Discovery VPN (AD-VPN) ➢ Allows multiple devices (Spokes) with centralized
gateway (hub) ➢ Supports type-tunnels (Site-to-Site, Full Mesh, Star) • Supports RSA and Diffie-Hellman algorithms • Supports X.509 v3 digital certificate • Supports enrollment of certification authorities • Support for RIPv2 and OSPFv3 routing protocols • Support for certificates issued by certification
authority in the ICP-Brasil standard • Support for certificate revocation list (CRL)
verification • Clientless VPN • SSL certificate management (X.509)
Other Resources
• Interfaces ➢ Ethernet ➢ VLAN (IEEE 802.1q) up to 4096 per interface➢ DSL / MPLS ➢ Alias (Virtual IP) • SNMP v2 and v3 protocol support• Suporte Netflow / IPFIX• H.A. (High Availability) / Active-Active and Active-
Passive• Optimization of TCP flows (characteristic of the
TCP / IP protocol itself)• Date and time update with support for Network
Time Protocol (NTP) servers• Option of automatic and periodic updates of the
system for corrections and HTTPS web releases• Management dashboard• Disaster recovery (backup/restore) • Link aggregation➢ Ethernet bonding (802.3ad)• TCPDUMP (allows capture and download in
PCAP format) ➢ User registration in authentication, access,
blocking and threat events ➢ RX / TX counters, packet input and output, packet
discards and errors (CLI command)
• IPv6• Storage• NFS / DISK (HDD) / SSH• Dynamic routing• BGP4• OSPF3• RIPv2• Static routing (IP and source / destination port)• Policy-based routing• Synchronization of users and groups with servers• Windows AD and LDAP servers • Authentication• Local, Windows, AD / LDAP, SSO Windows (single
sign on) - unified authentication, X-Auth for VPN services, authentication on Radius servers, RSSO (radius single sign on), password complexity identifier
• TACACS + support for administration users andFirewall users;
• LDAP integration for Blockbit Platform administration;• Detailed event preview window• Disk maintenance tool• Proxy Services (HTTP, FTP, SMTP, POP3)• Exporting reports in multiple formats (PDF, CSV,
HTML)
• Snapshot• Support for multiple• Authentication domains• Supports fail-closed and optional fail-open interface
(by-pass) • Resource objects➢ IP addresses ➢ MAC addresses ➢ Port services and protocols➢ Timetable➢ Table of periods and dates ➢ Dictionaries (set of words and / or regularexpressions) ➢ Content types• DHCP (dynamic host configuration protocol)➢ Relay➢ Server • Recursive DNS• DDNS Client (dynamic DNS)➢ NoIP.org➢ DynDNS.com• Remote Syslog• CLI (command line interface for management and
diagnostics)• System and Security Notifications
Performance Specifications and OptionsBB 1
BB 2
BB 5
BB 10
BB 30
BB 50
BB 100
BB 500
BB 1000
BB 2000
BB 10000
Firewall Throughput (UDP)
400 Mbps
Concurrent Connections 30.000
New Connections Per Second
6.000
NGFW Throughput (IMIX)1
50 Mbps
Web Filter Throughput 37 Mbps
SSL Inspection Throughput
30 Mbps
IPS Throughput 40 Mbps
Threat Protection Throughput
30 Mbps
IPSEC VPN Throughput (AES-128 + SHA256)
130 Mbps
SSL VPN Throughput (AES-128)
70 Mbps 100 Mbps 140 Mbps 200 Mbps 200 Mbps 420 Mbps 850 Mbps 700 Mbps 1.4 Gbps 3.0 Gbps 7.0 Gbps
Network Interfaces 4X GE RJ45 4 X GE RJ45
4 X GE RJ45
4 X GE RJ45
6 X GE RJ45
6 X GE RJ45
6X GE RJ45
8X GE RJ45
8X GE RJ45
8X GE RJ45
8X GE RJ45
Storage 32 GB
32 GB
32 GB
32 GB
32 GB
120 GB
120 GB
240 GB
240 GB
240 GB
480 GB
Optional Solid State Drive (SSD) - 64/120
GB 64/120
GB 120/240
GB 120/240
GB 240 GB
240 GB
480 GB
480 GB
480 GB
600 GB
LTE 3G/4G Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
40GbE Network Module - 2 QSFP + ports
- - - - - - - 1x 1x 1x 2x
10GbE Network Module - 4 SFP + ports
- - - - - 1x 1x 1x 1x 1x 7x
1GbE Network Module – 4 SFP ports
- - - - - 1x 1x 1x 1x 1x 7x
1GbE Network Module - 8 RJ45 ports
- - - - - - - 1x 1x 1x 7x
10GbE Network Module - 2 SFP + ports
- - - - - 1x 1x - - - -
1GbE Network Module - 2 SFP ports
- - - - - 1x 1x - - - -
Redundant Power Source - - - - - - - Yes Yes Yes -
TESTS WERE PERFORMED IN LABORATORY USING AVALANCHE NA, Blockbit Platform V2.0, WITHOUT SUMMARIZATION BY USERS, IPS AND SERVICES, DISABLED APPLICATION DETECTORS, FIREWALL THROUGHPUT UDP PACKAGES OF 1518 BYTES, FIREWALL THROUGHPUT HTTP GET 1280Kb and PUT 1280K, IPS/ATP THROUGHPUT WITH STANDARD FACTORY SUBSCRIPTIONS ENABLED, 1 NGFW is measured with Firewall, IPS and Application Control enabled, IMIX traffic.
900 Mbps 2 Gbps 3 Gbps 3 Gbps 4 Gbps 8 Gbps 12 Gbps 20 Gbps 30 Gbps 40 Gbps
100.000 170.000 250.000 250.000 600.000 1.000.000 1.500.000 2.000.000 3.000.000 6.300.000
13.000 14.000 17.000 17.000 42.000 55.000 80.000 110.000 150.000 200.000
70 Mbps 100 Mbps 200 Mbps 200 Mbps 500 Mbps 800 Mbps 1.0 Gbps 1.3 Gbps 3.0 Gbps 4.0 Gbps
100 Mbps 260 Mbps 500 Mbps 500 Mbps 900 Mbps 1.5 Gbps 2.0 Gbps 3.8 Gbps 8 Gbps 10 Gbps
40 Mbps 100 Mbps 200 Mbps 200 Mbps 300 Mbps 700 Mbps 900 Mbps 1.8 Gbps 2.0 Gbps 3.0 Gbps
500 Mbps 700 Mbps 1 Gbps 1 Gbps 1.2 Gbps 1.6 Gbps 4.0 Gbps 6.0 Gbps 7 Gbps 10 Gbps
44 Mbps 60 Mbps 130 Mbps 130 Mbps 150 Mbps 200 Mbps 800 Mbps 1.23 Gbps 1.9 Gbps 2.8 Gbps
250 Mbps 280 Mbps 350 Mbps 350 Mbps 700 Mbps 1.0 Gbps 1.5 Gbps 3.5 Gbps 6.0 Gbps 8.0 Gbps
