TiFRONT

• Prevent internal network failures by malicious traffic.• Realize access network visibility in BYOD environments. • Integrated management for hundreds of security switches easily.

• Prevent internal network failures by malicious traffic.• Realize access network visibility in BYOD environments. • Integrated management for hundreds of security switches easily.

Optimizing Switch for Internal Risk Management

Because they are designed simply to transmit network traffic, typical switches have few security functions, if any. It is impossible to prevent VoIP and CCTV tapping and block information leaks.

• It is difficult to manage and control network access by large numbers of unidentified devices in BYOD.

• The threat of eavesdropping, identity theft and related dangers is increasing due to the security vulnerabilities presented by VoIP phones, web CCTV, and the Internet of Things (IoT).

• Vulnerability to APT attacks is increasing due to the increased variety of access paths.

• Malicious traffic and DoS attacks are causing more internal network failures than ever before.

Why Security Switches?

Vulnerable internal network caused by various changing security threats.

With the increasing number and variety of security threats aimed at access networks, meaning those networks to which end users connect, the importance of internal security has grown. Moreover, in the BYOD era, in which people use their smartphones and other personal devices for business, the boundaries of corporate networks are effectively expanded to include mobile networks, requiring more active and preemptive security measures. Security switches, which simultaneously provide both L2/L3 switching and security functions, are the most effective solution to address this requirement. TiFRONT security switch in PIOLINK, which blocks harmful traffic, prevents DoS/DDoS attacks, blocks ARP attacks, and provides access control and user authentication, is optimized to manage internal threats.

Current L2/3 Switches limitation

02

Risk of data leaks due to server intrusion from inside the network

Internal network failures due to excessive traffic

DoS attack from outside

AP Printer

Internal Network BYOD VoIP, CCTV

More potential APT attack targets

Internet of Things (IoT)

Security

VLAN assignment based on 802.1X authentication is impossible. Simple individual authentication and fallback authentication schemes do not provide reliable security.

Authentication

Managing security settings on existing L2/3 devices can be cumbersome. No automated security management, product management or monitoring features are provided.

Management

Server, Storage etc.

NoteBookPC Smart Phone Smart Pad USB VoIP Phone CCTV Navigation Home Network

Attacker

• Block various kinds of malicious traffic attacks (Zero-day, wired-speed) in real time• Monitor IP addresses in real time• Block VoIP, CCTV, and information leaks• Protect without any agents via integrating with end-point solutions (McAfee and FireEye)

Overview

A solution that provides both an access network and security in the vicinity of end users’ devices.

Benefits

Improved Access Security

03

L2/3 Switching(IPv4 / IPv6)

Optimizing Switch for Internal Risk Management

Managed Switch function support

Extended L2/3 function support

Malicious Traffic Blocking

(IPv4 / IPv6)Network Access

ControlCentralized Integrated

Management (TiManager)

Block DoS/DDoS/Flooding attacks

at the source

Zero-day, wired-speed

security

Easy management, Real-time attack analysis, and Network monitoring.

Various 802.1X authentication and

access controls

Optimized for BYOD mobile management.

Simultaneously manage hundreds of security switches

Improved Authentication

Easier Management

• Manage IP and MAC addresses (block unauthorized or spoofed addresses)• Assign VLANs using 802.1X authentication regardless of physical ports• Control access in 802.1X environments with powerful user and terminal authentication

• Easily manage, change security settings and even perform batch OS updates across hundreds of security switches • Analyze security threats (malicious traffic and blocking events) in real time• Visualize the access network (network status and deployment) in BYOD environments

04

To Clean NetworkThe TiFRONT security switch simultaneously acts as both a basic network L2/3 switch and an end-user terminal security solution. It blocks ARP spoofing and various kinds of flooding attack and also prevents access by unauthorized terminals, thereby protecting the network from failures that originate internally. Additionally, it can be extended and configured to work with specialized security solutions to maximize security against the most sophisticated threats. PIOLINK is continuously striving to help you maximize the security of your access network as conveniently as possible.

05

Secure Log Storage

Failure

Unauthorized Router Blocked

Hardware based Security Engine - TiMatrix

With recent drastic increases in the amount of network traffic, it is vital to be able to collect, evaluate, and, if necessary, block heterogeneous traffic quickly and reliably. Our exclusive TiMatrix security engine, which is built right in, differentiates TiFRONT from other products. TiMatrix runs on TiFRONT’s high-performance multicore CPU to give you the best possible security performance.

Unauthorized Router Detection

When a network user arbitrarily installs a wired/wireless NAT (Network Address Translation) router in order to use a personal smart device, internal network failures can result due to the spread of infected malicious traffic, DDoS attacks, etc. Additionally, backdoor programs that can expose your internal network to the outside have been discovered hidden in the firmware of such routers. TiFRONT protects you from this danger by maintaining a list of NAT devices located on your internal network, which administrators can use to detect and locate unauthorized NAT devices.

Log Buffer storage - Blackbox

In order to take appropriate measures in the event of a power outage or an administrator error, it is necessary to have previously arranged for the secure storage of all information about the environment. The TiFRONT security switch provides 128MB of flash memory dedicated to the long-term storage of log messages.

TiManager, Integrated Management Solution

Even those without specialized network expertise can easily and conveniently monitor the status of networks and respond instantly to security threats. The integrated management of hundreds of devices significantly reduces the administrative workload. Purchasing TiFRONT also help you reduce your initial investment expense, because there is no need to provision a separate NMS (Network Monitoring System).

Advantages

L2/3 Switching + Security

TiFRONT provides all the features of costly managed switches and supports various data transmission protocols and services including Extended VLAN, STP, RSTP, PvSTP, QoS, IGMP, LACP, etc. It automatically detects and blocks malicious traffic originating from users’ terminals. It also combines various access network security features, including DoS prevention, protocol anomaly detection, authorization, protection against ARP attacks, IP Management, etc. in a single appliance.

Enhanced security engine based on multi-core CPU

CORE 1

CORE 2

CORE 3

CORE 4

RT Packet Gathering

Security Filter

Sensor log

TiMatrix Protection Logic

06

Key Security Feature

Anti-ARP/IP Spoofing AttacksProtect your network from account informationtheft and phone tapping

Because TiFRONT closely monitors individual ports, it distinguishes the victims of MAC spoofing attacks from the attackers, and blocks only the attackers. With the TiFRONT security switch, you can now secure your network from threats such as phone tapping and identity and information theft in a UC (Unified Communications) environment.

Self-loop Prevention Stable network is guaranteed.

TiFRONT provides STP (Spanning Tree Protocol) functionality, and automatically blocks the relevant port when a loop occurs, even in environments in which STP is not in use. This feature is convenient and stable because ports are automatically blocked and opened, and does not burden the network with loop-checking packets.

USER A USER B

IP/MAC Address-based Access ControlAccess control from unauthorized terminals.

In a static IP address environment, TiFRONT provides an IP management feature that authenticates users based on their IP or MAC addresses. Administrators can check the status and history of access by individual devices, either using TiManager’s IP Management Collection Mode or by directly managing IP or MAC addresses.* User authentication is possible by connecting to a RADIUS server, NAC, etc.

Unregistered IP/MAC address

Spoofed IP/MAC address

Block the Spread of Malicious Wired and Wireless Traffic Prevent slowdowns due to traffic overloads and system failure

TiFRONT protects network resources from various kinds of DoS traffic that flow through access networks, such as TCP SYN flooding, UDP flooding, and ARP flooding. When the security switch detects traffic that it suspects is part of a DoS attack, it automatically isolates and blocks only that traffic, thereby maintaining continuous and stable service.

In order to safely respond to security threats, the number of which is increasing daily, it is necessary to take measures to address not only security threats originating from outside the network, but also those originating from within your internal access network. The most effective solution is a security switch, which provides both switching and security functionality at the same time. The TiFRONT security switch is a complete solution to secure access network.

Attacker

IPv6 Ready

. . .

Src. MAC Src. IP

IngressPort

Dest.MAC

Count

Interval #Z

#Y

#X

State-of-the-Art Smart Security Engine : TiMatrix

• A built-in, high-performance CPU-based multicore security engine for maximum security performance • Isolation and selective blocking of malicious traffic • Auto-detection and blocking without any administrator intervention• Security testing at wire speed without delaying traffic • The security engine and the switch are physically and logically isolated from each other, so general L2/3 switching works normally even if a failure occurs in the security engine.

All features like flooding, DoS/DDoS, Scanning, and ARP spoofing are worked in IPv6

Powerful 802.1X Access Control

Now that the BYOD phenomenon is here to stay, user authentication for network security is more important than ever before.TiFRONT supports integrated authentication thus making it possible to establish an even safer network.

• Other Switches : depending on the configuration, users can gain network access if only one of 802.1X authentication, MAC authentication, or web authentication is successful. (Fallback authentication)

• TiFRONT : Allows you to selectively combine and require any two of IEEE 802.1X, MAC authentication and web authentication. Network access is allowed only when both terminal and user authentication are successful, making your network even more secure. (Both fallback authentication and individual authentication supported)

Extended IPv6 Security

Protection against new kinds of attacks exclusive to IPv6 (Neighbor spoofing, DAD attack, MLD DoS etc.)

New IPv6 Security Features

All management features (Telnet, Ping, SSH, ICMP, SNMP, NTP etc.) supported in IPv6

IPv6 Management

Static, RIPng, OSPFv3, BGP4+ etc. routing supported in IPv6

IPv6 Routing

+ or or802.1X + +

07

Abnoraml traffic Normal traffic

802.1X auth MAC auth WEB auth

IDPW 802.1X

MAC auth 802.1X auth WEB auth

IDPW

08

Extended functions by interworking with end-point solutionsTiFRONT works with other solutions to maximize readiness for sophisticated security threats and provide increased functionality for greater user convenience. No single security product is able to provide complete protection against all security threats; each specialized solution has its own role and feature set. Because it is able to interwork with various other security solutions to maximize security and enable big data analysis, the usefulness in TiFRONT is continuously being increased.

Interworking with Authentication Servers and NAC Servers

TiFRONT can be connected to a RADIUS server, NAC server, authentication server, etc. to implement various kinds of user authentication, such as ID/password or certificate-based authentication, for powerful network access control.* Even without connecting to a separate server, combined IP/MAC address user authentication is still possible.

Compatibility with Malicious Code Detection and UTM Solutions

Malicious code detection and UTM security solutions have a limitation in that they can only play a detection role, and require the separate installation of an agent on individual terminals. Moreover, they are unable to detect the spread of malicious code within the network. Using TiFRONT together with such specialized detection tools provides a convenient solution that is able to directly block the execution of malicious code from inside the network. * PIOLINK is a member of the McAfee Security Innovation Alliance (SIA), and TiFRONT can be integrated with McAfee’s ePO security management application.

Compatibility with “Splunk” Big Data Analysis Solution

Customers using both TiFRONT and the Splunk big data analysis solution can use Splunk to analyze the wide variety of logs that TiFRONT collects. Not only will you be able to use security logs, device logs, inspection logs, etc.to analyze various events occurring inside your access network; you will also be better prepared to respond to internal security threats.* The software that enables the connection is available for download at splunk.com.

➊ Malicious code inflow

➏ Blocked at TiFRONT

Attack, Infection

➍ Analysis result transmission➎ Blocking policy sent

➋ Packet collection(Tx/Rx)➌ Malicious code analysis

Internet

Detection Solution

McAfee : Network Security PlatformFireEye : FireEye MPSFortinet : FortiGate UTMPalo Alto : Firewall PA Series

NAC or Authentication

Server

StackingScalability and Superior Recoverability

The TiFRONT-GX Series (GX24(P)N, GX24M) is stackable, so it is highly scalable and affords excellent fault tolerance. Up to 8 switches can be integrated into a single virtual chassis, which allows you to manage up to 192 gigabit ports using a single IP address. When you add an additional switch to an existing stack, the new switch’s software and configuration files are automatically synchronized with the others. Additionally, in the unlikely event that a switch develops a fault and needs to be replaced, the replacement unit is automatically synchronized.

Redundancy ConfigurationMaintain a network availability

To configure redundancy with an unmanaged switch that does not support STP, connect the switches using two LAN cables. If one cable fails, the other will become active, thereby preventing a network outage and ensuring constant availability.

Management

STP Unsupported Switch

ERPSEthernet Ring Protection Switching

This is a feature that prevents looping by selectively blocking links in a network configured as a ring. (Both single ring and multiple rings configurations can be managed.)

Malicious Traffic Web Alert SettingsAccess Block Alerts and Self-Check Prompts

With this function, when TiMatrix detects harmful traffic, it notifies the host from which the traffic originated that access to the Internet was blocked. It opens a warning pop-up window in the user’s web browser, indicating the transmission of harmful traffic and prompting the user to diagnose his/her machine. (Support multiple languages.)

MasterP S

F

09

The access network is the first location that a user’s terminal accesses when using IT resources. In the past, only PCs were connected to access networks, but in recent times the definition of a terminal has expanded to encompass not only desktop PCs but also notebooks, wireless APs, network printers, VoIP phones, etc. TiFRONT meets the needs of such a diverse access network environment while providing L2/3 switching and security features.

10

Various Environments support

General/Large-Scale User Environment

• Detect and block harmful traffic caused by malicious code, such as scanning, flooding, DoS/DDoS, etc.• Prevent the spread of malicious traffic throughout the network. • Prevent eavesdropping via ARP spoofing between the gateway and terminals. • Business Continuity Management by selectively blocking only malicious traffic. • Authenticate users to allow only permitted users to access the network. • Preemptively prevent loops in order to ensure network stability.

PoE Environment

• Reduce cable installation expenses by providing electricity and data simultaneously over a single line. • Support both 802.3af and 802.3at specifications • Improve electrical efficiency with PoE scheduling.

VoIP Environment

• Guarantee the quality of voice transmissions carried over Hybrid VLAN, LLDP, LLDP-MED, Voice VLAN, Dynamic VLAN, etc. • Detect and block ARP spoofing to prevent wiretapping and eavesdropping.• Detect and block harmful traffic caused by malicious code, such as scanning, flooding, DoS/DDoS, etc.• Business Continuity Management by selectively blocking only malicious traffic.• Authenticate users to allow only permitted users to access the network.

Wireless Network Environment

• Detect and block harmful traffic caused by malicious code, such as scanning, flooding, DoS/DDoS, etc.• Detect and block ARP spoofing to prevent wiretapping and eavesdropping.• Avoid business interruptions by selectively blocking only malicious traffic.• Authenticate users to allow only permitted users to access the network.

TiManager : Integrated Management Solution

Real-time Monitoring

With TiManager, in a single glance you can check not only current traffic and security breaches, but also the status of security switches and the internal use of IP addresses. You can also check security logs, device status logs and the network configuration in real time.

Detail Security Configurations

With the TiFRONT security switch, you can set individual or group security policies. Additionally, with port-specific security policies, you can specify which IP or MAC addresses can access each port, and also set access time limits.

User IP Management

Easily check, in real time, which user accessed which security switch, the IP address and port number they used, and the time of access. IP and MAC address-based user authentication to manage IP resources, control access by specific devices, and check the network history.

A Wide Variety of Reports

TiFRONT provides reports about security switches and registered IP addresses. Get a single report containing information on the traffic, security and device status for all of the IP addresses connected to each port of dozens or even hundreds of switches.

11

TiManager System Requirements TiFRONT

CPU

Memory

Disk

Operating System

Software Environment

Less than 100 units

2GHz Intel Core2 Duo or better

Minimum 3GB

Minimum 200GB HDD

Windows Server 2003, 2008, or 2012

Microsoft.NET Framework 3.5, MS-SQL2008 or PostgreSQL9.2.2

101 ~ 512 units

Intel Core i5 or better

Minimum 4GB

Minimum 128GB SSD

513 ~ 1024 units

Intel Core i5 or better

Minimum 8GB

Minimum 256GB SSD

* Windows desktop operating systems (XP, Vista, 7, 8) are not supported

Make security configurations and manage the device easily, even without specialized expertise.

Control access to the network from within by unauthorized terminals.

Check and block malicious traffic.

Monitor IP addresses in real time. Make it easy to oversee complex networks.

Manage hundreds of security switches from a single node. lock malicious traffic.

12

Case Studies

Centralized Management of Head Office and Factory NetworksReducing Network Complexity and Increasing Visibility

10 years after their network was originally constructed, Boryung Pharmaceutical was experiencing frequent network outages. Network administrators could neither determine the reason nor locate the point of origin. As their business expanded, they had gradually built out their network by simply adding switches and hubs when necessary. Employees had found it convenient to purchase and install hubs as they saw fit, which had a profoundly negative effect on network visibility. This made it difficult for them to respond to outages and manage security threats. Moreover, they were looking for a way to combat the ARP Spoofing and DDoS attacks that they were frequently experiencing. They had ruled out implementing a separate point solution for each kind of attack because they didn’t want to make the system more complicated and difficult to manage. They felt that a security switch would meet their needs because it would block suspected attack packets, protect both the network infrastructure and the PCs accessing the network, and minimize the number of management points.

• Background and Requirements

TiFRONT in PIOLINK is an L2/3 switch with added security features. It can be installed without changing your network configuration, and protects PCs without requiring the installation of an agent on each PC. It blocks both wired and wireless malicious traffic originating on the network, and also blocks ARP spoofing and TCP/UDP flooding attacks. It enables detailed control and history management of device access, either based on IP addresses or in conjunction with an authentication server. TiFRONT with PoE is fit for building IPT. It can be used with malicious code detection solutions to help shut down zombie PCs and prevent APT attacks. Boryung Pharmaceutical chose TiFRONT to secure their internet phone system and prevent DDoS, ARP spoofing and similar attacks. Because the TiFRONT security switch is installed in close proximity to users’ PCs, it protects the network along with the endpoints. It determines whether incoming traffic destined for local PCs contains malicious code in order to prevent them from becoming zombie PCs, and also detects harmful traffic in order to defend against DDoS attacks. Additionally, it provides the most effective solution for self-loop problems attributable to complicated cable connections, which is in the L2 layer, close to end users’ PCs. Not only is TiFRONT the best solution for blocking PC and network attacks; it is also advantageous in that it is convenient to manage and operate. In addition to head office, Boryung Pharmaceutical has a factory in Ansan and branch offices throughout South Korea. They needed a centralized solution to defend against attacks in all of these locations, and they were hoping to find a solution that would make it easy for them to set and implement access policies without the burden of having to provide their network administrators with specialized education. TiFRONT was the ideal solution for their needs.

• The Solution

Because TiFRONT makes centralized management possible, the greatest benefit to Boryung Pharmaceutical was easy management by those without network or security expertise. In the past, when outages occurred they had no way to locate the point of failure besides manually checking the whole building for potential points of failure.TiFRONT provides a centralized management console, so Boryung Pharmaceutical administrators are now able to instantly locate failure points and determine the cause of outages, which helps them take the appropriate action swiftly and conveniently. Since TiFRONT is a switch-based device, it has the advantage of informing you of switch failure in advance. In the past, it had been difficult for them to manage endpoint switches, but TiFRONT checks the operating status of endpoint switches and informs administrators in advance when the possibility of failure is high, thereby making failure prevention possible. TiFRONT is also very helpful when setting security policies, because it reveals the occurrence of attacks that previously went undetected. It is difficult to instantly detect everything from DoS and ARP spoofing attacks to cable-related problems such as looping, but now immediate action in response to such issues is possible because TiFRONT provides relevant reports and warnings. Boryung Pharmaceutical is currently using TiFRONT at their head office and the Ansan factory, and have plans to roll it out at all branch offices nationwide in the future.

* This case study was first published in issue No. 234 (February 2013) of Network Times Monthly (www.datanet.co.kr).

• The Result

Because we had been changing our network configuration every time we expanded, the network had become complicated and difficult to manage. Allowing people to freely connect hubs and mobile devices didn’t help either, because it made it harder for us to locate the point of occurrence of failure.

Because TiFRONT is easy for those without specialized expertise to operate, management tasks were significantly reduced.

Even in a distributed environment, in this case comprising the head office, branch offices, and factory, TiFRONT is convenient to manage, because all management and individual policy settings can be made from a centralized location.

13

Solving Network Failures and Securing Access

Korea Testing Laboratory was suffering from zombie PC activity, network outages, and poor L2 switch performance, all attributable to virus infections on PCs on the local network. While evaluating various solutions for these problems, they reviewed L2 security switches, which improve access-level security. They tested L2 security switch in PIOLINK for a trial period, were satisfied that it would be able to effectively respond to DoS attacks caused by zombie PCs, and decided to purchase the switch.

• Background and Requirements

- KTL realized a network between backbone switches and the endpoint switches on each floor that reliably provided gigabit speeds even when the amount of end-user traffic increased considerably. - They chose TiFRONT-F26 for the security switch on each floor, and established an environment in which they have complete control over network access by individual end-users’ PCs. - When they want to change the security policy on their network, they use TiManager to implement the new policy across all L2 security switches with a single batch task. TiManager also allows them to monitor and respond immediately to attacking PCs or PCs that are generating abnormal traffic.- Each security switch, which is an access switch through which end-users’ terminals are connected, detects and blocks DDoS attacking traffic and blocks the activity of zombie PCs. It also blocks ARP spoofing and other kinds of attack in advance, thus reducing the burden on backbone switches.

• The Result

Establishing an IP Telephony Network in City Hall and Government Offices

The challenge was to implement a network to integrate city hall with district offices and provide various services including wired/wireless access and IP Telephony (VoIP) with PoE. The TiFRONT security switch was able to meet all of these criteria. Using PoE enables power and data to be transmitted simultaneously without installing a separate power supply. TiManager, the integrated security control system, makes it possible not only to manage the entire network in an integrated manner, but also to manage security settings at city hall and district offices individually when desired.

Massive Network covering Education Offices and Institutes

The Office of Education is able to manage hundreds of TiFRONT security switches installed nationwide at every level of regional government office with a single instance of TiManager, the master management system. Moreover, individual schools are able to set their own security policies, and can set them differently for individual floors and classrooms.

Integrated NetworkRouter

Redundant SecurityDevice

TiManager

TiManager

TiManager

District#1Office

District#1Office

City Hall Configuration District Office Configuration

We replaced our old L2 switches with TiFRONT without changing our overall network configuration. We put an end to our network outages by eliminating the cause, which was DoS and other malicious traffic.

We simultaneously manage hundreds of security switches installed across the nation.

By replacing our VoIP telephone service, we have become able to block ARP spoofing and other internet-based attacks.

Specifications

Memory

Software Features

512M

160MB(OS 32MB, Log Buffer 128M)

24 X 10/100BASE-T,2 X 1G dual combo : Copper & Fiber

N/A

Single / Dual

24.3W(S) / 24.9W(D)

440 X 350 X 44

4.0Kg(S) / 4.2Kg(D)

IEEE802.3af/802.3at

Dual

40.8W(D)

5Kg(D)

512M

256MB(OS 128MB, Log Buffer 128M)

10 X 10/100/1000BASE-T,2 X 1000BASE-X

100~240VAC, 50/60Hz(Free Voltage)

N/A

Single

27.5W

220 X 290 X 44

2.9Kg(S)

KC(Class A) / VCCI(Class A)

CC2.0(ELA2)

IPv6 ready logo(Phase-II)

RoHS Compliant

512M

160MB(OS 32MB, Log Buffer 128M)

24 X 10/100/1000BASE-T,4 X combo included : 1000BASE-X SFP

N/A

Single / Dual

39.3W(S) / 39.6W(D)

440 X 350 X 44

4.0Kg(S) / 4.2Kg(D)

IEEE802.3af/802.3at

Single

36.7W(S)

220 X 350 X 44

3.6Kg(S)

IEEE802.3af/802.3at

Dual

41.12W(D)

5.2Kg(D)

Interface

PoE

Power Input

PowerMaximum Power Consumption Dimension(WxDxH)

Weight

EMC

Security Certification

IPv6

RoHS

TiFRONT-F26 TiFRONT-F26P TiFRONT-G2408 TiFRONT-G2408P TiFRONT-G24 TiFRONT-G24P

Autonego/Speed/duplexFlow controlSmart Port RedundancyPort-based/Protocol/MAC/Voice/Subnet VLAN802.1QHybrid VLANPrivate VLANIngress/Egress taggingMax VLAN (4K)802.1ad VLAN Stacking (QinQ)STP, RSTP, MSTP, PvST+, RPvST+MAC address agingMAC filteringDuplicate MAC address learning preventionReserve MAC learning preventionStatic entry supportIndependent VLAN learningMax. MAC entry (16K/32K)Port Mirroring (N:N)LACPLink trunkingLACP load balancingTrunk groups (8)Members per group (8)Static Trunk load balancingTraffic changeover in the event of link failure

Port Management

VLAN

Spanning TreeMAC learning

Port MirroringLink Aggregation

Flash Memory

L2

Join/Leave, Multicast group (1K), v1/v2/v3L2, L3, L4 header based classificationQoS marking & RemarkingQoS queuing & scheduling - Cos Queue mapping - 8 CoS Queues per port - Scheduling by SPQ/WRR/DRR - Dro precedence - Congestion AvoidanceIngress rate-limiting (per port/per flow)Egress rate-limiting (per port)DiffservSahping & packet drop policyMin./Max. BW guaranteeL2/L3/L4 based filteringVLAN ACLACL filter namingTime-Based ACLPoE+ Standard Support (802.3at)Enable/disable for each portPriority for power supply to individual portsPoE operational status monitoringPoE port-specific power supply blockingPoE power schedulingsupportedsupported

IGMP snoopingQoS

ACL

PoE

Jumbo FrameERPS

Product Specifications

14

IPv4/IPv6 Static routing (ECMP/Blackhole)IPv4 RIPv1/v2, OSPFv2, BGPv4, VRRP, PIM-SM/SSMIPv6 OSPFv3, RIPng, BGP+IPv6 6to4 tunneling and ISATAP

One-to-One flooding, Random flooding, IP scanning, Port scanning, IP spoofing, ARP spoofing, Neighbor spoofing, MAC flooding, counting & loggingIpv4/IPv6 security feature supportAutomatic detection, blocking and releaseIndividual MAC/IP address blockingDetection exception settingsDAD attack, Land attack, Teardrop attack, L4 source port range matter, same port(sPort/dPort), TCP flag matter, TCP fragments, ICMP fragments, Smurf802.1X, MAC auth, Web auth, Multistep/Fall-back auth, Fall-back auth802.1X auth VLAN/Unauthorized-VLANRADIUS, TACACS+Storm controlAssigns maximum MACLogin/Logout recordCommand execution recordIP Source Guard, Dynamic ARP Inspection, Embedded RADIUS, Unauthenticated routers Detection, terminal detection, DHCP filtering, NetBIOS filtering,Self loop detect, System Access security,Web alert, and real-time security Syslog

Static routingDynamic routing(optional)

Anomalous traffic

Protocol Anomaly

Authentication

Port Protection

Accounting

Other features

L3

Security Management

Security Interoperation

SNMP v1/v2cPublic MIB (System, Interface, IP address, UCD, Router(RFC-1213), Protocol(TCP, UDP, SNMP, ICMP), RFC1573 Private Interface MIB)Private MIB (Learning MAC table, Security Configuration)SNMP Trap (Authentication, Port Link up/down)IPv6 MIBTelnet, SSH, ConsoleSNMP, Syslog, SSHRADIUS, TACACS+Password-based user login, Login timeout, Multiple users, User-specific privileges, Multiple configurationsOS update via TFTP/FTPSyslog server, Monitoring, Log Threshold management, Log backup, System/Security logPort statistics, CPU/Memory usage, Fan, Watchdog, Temperature sensorRMONsFlow supportedDHCP server/Relay, LLDP, LLDP-MED,UDLD, USB Interface support , Multi OS, Technical-assist

McAfee : Network Security Platform/ePOFireEye : Malware Protection SystemFortnet : FortiGate UTMPalo Alto : Firewall PA Series

SNMP

CLI InterfaceEMS InterfaceAuthenticationUser Management

Configuration and OS ManagementLogging

Monitoring

StackingOther

Solution

TiFRONT-G48 TiFRONT-G48P TiFRONT-GX24M TiFRONT-GX24N TiFRONT-GX24PN

1GB

160MB(OS 32MB, Log Buffer 128M)

48 X 10/100/1000BASE-T,4 X combo included : 1000BASE-X SFP

IEEE802.3af/802.3at

Dual

95W(D)

440 X 475 X 44

7Kg(D)

N/A

Single / Dual

72.2W(S) / 75.4W(D)

440 X 350 X 44

4.3Kg(S) / 4.6Kg(D)

1GB

256MB(OS 128MB, Log Buffer 128M)

8 X 10/100/1000BASE-T Module or8 X 1000BASE-X SFP Module(Optional Module Type)2 X 10G SFP + (Uplink & Stacking)

100~240VAC, 50/60Hz(Free Voltage)

N/A

Single / Dual

55.8W(S) / 55.9W(D)

440 X 350 X 44

4.3Kg(S) / 4.6Kg(D)

KC(Class A), VCCI(Class A)

CC2.0(ELA2)

IPv6 ready logo(Phase-II)

RoHS Compliant

1GB

256MB(OS 128MB, Log Buffer 128M)

24 X 10/100/1000BASE-T,4 X combo included : 1000BASE-X SFP,2 X 10G SFP + (Uplink & Stacking)

N/A

Single / Dual

59.4W(S) / 62.6W(D)

440 X 350 X 44

4.1Kg(S) / 4.4Kg(D)

IEEE802.3af/802.3at

Dual

75.7W(D)

440 X 475 X 44

7.1Kg(D)

15

P4-14G

• The content of this document is subject to change without prior notification due to improvements in product performance, the addition of features, or error corrections. • Images may differ from the actual products. • The names of listed companies, products, and services are trademarks or service marks belonging to their respective owners. • Products can be purchased through authorized partners. More detailed technical information is available on our website.

www.PIOLINK.com | global@piolink.com

PIOLINK, Inc. is a specialist in cloud data center optimization. We optimize service availability, performance, and security management in data centers characterized by high volumes of traffic and in the rapidly changing network infrastructure required for cloud and big data service. In the age of telecommuting and increased mobile device use, we enable faster service response times. We also protect customers’ data and confidential corporate information in the environment of increased server centralization and virtualization. We guarantee the usability of all applications through the effective use of IT resources, and earn the satisfaction and trust of our custom-ers with our powerful security capabilities and ability to realize transparency through accurate monitoring.

(ADC) Application Delivery Controller• Ensure Network Availability and Optimize Performance • Increase the Effectiveness of IT Investment

Web Application Firewall• Block Anomalous Web Traffic• Secure Websites and Protect Information

PAS-K

WEBFRONT-K

Security SwitchManage Internal Network Threats

TiFRONT

SDN SwitchManage Network Operation Easily and Quickly with a Switch that supports OpenFlow

TiFLOW

PIOLINK