MPSec ISG1000-G1 Online Behavior Management Gateway
MPSec ISG1000 series online behavior management gateway is a multi-service gateway and an online behavior management gateway which integrates terminal access authentication, access control, online behavior audit/control, intelligent security protection, flow control, VPN and other functions.
MPSec ISG1000 series products solve the security boundary problem of Internet. The product makes multiple gateway products of the traditional series connection , such as traditional ACL, anti-virus wall, IPS, DPI, flow control, VPN and other products, be integrated into one device, bringing great benefit to the user in management and cost.
MPSec ISG1000 series products support a variety of terminal access authentication and control modes. It can combine packet filtering technology and implement the identification and access control of L4-L7 services. It can realize user network access authentication, Internet record audit, behavior control, anti-fishing websites of the risk website, and other deep security audit and control functions, truly "controllable, perspective, marketable, trustworthy".
The deployment of MPSec ISG1000 series products is flexible and adaptable, meeting the requirements of wired wireless integrated management and control. It can be widely applied in Internet export of government and enterprise, business outlets and headquarters of financial institutions, Internet export of educational MAN, and other scenarios.
A variety of convenient user authentication modes
It provides a variety of convenient Internet access authentication modes, including local authentication based on user name and password, WEB authentication, and external authentication by combining with third-party RADIUS/LDAP server, applicable to various user internet access scenarios.
Refined online behavior identification and control
It can accurately identify more than 1000 applications. With the content-class packet mining technology, it can accurately identify a variety of behaviors, and perform the refined control for the user network access behavior.
Flexible flow control management
The traffic control technology can effectively curb all kinds of applications to snatch valuable bandwidth and IT resources, so as to ensure the rational allocation of network resources and the service quality of key services, improving the overall performance of the network. It can perform the traffic nesting IP and application, and support 4 layers of QoS, flexibly controlling customer business.
Rich Internet marketing functions
It provides the Portal page push function. Combining with AAS series products, the users in different locations can push different advertising pages after getting online, realizing the accurate locating and pushing of the advertising. It supports the APP cache technology, and mobile users can download APP at a high speed without occupying export bandwidth. This enhances customer business experience and improves APP downloading and usage.
Perfect log management and analysis
It provides a variety of log functions, traffic statistics and analysis functions, various events monitoring and statistics functions, and mail alarming function. Combining with the log management system, it can complete log recording, query, analysis and report generating, providing a perfect data basis for big data analysis.
Advanced hardware platform and software architecture
It adopts the MIPS platform, high-speed security processing, unified feature library and integrated analysis processing engine design, greatly improving the operation efficiency of multiple function modules when running at the same time.
Comprehensive network attack protection
It supports DoS/DDoS attack protection, MAC and IP binding function, intelligent anti-worm virus technology, ARP attack protection, ultra-large ICMP packet attack prevention, and other network attack protections.
It supports the dual-system hot backup function, and the Active/Active and Active/Passive working modes, realizing load sharing and business backup; supports auto synchronizing the feature library and policy library; supports dual configuration files. The key parts of the equipment all adopt the redundant design.
24FE(8POE), 2GE, 1Combo
One Console port
One USB interface
Inbuilt 500GB hard disk
Three extended slots, extensible 4GE/4SFP module
440mm×380mm×44.4mm, the width is about 19 inches and the height is about 1U
Single power, input voltage (AC): 100V–240V, 50Hz–60Hz, 200W
Working temperature: 0℃ to 45℃
Storage temperature: -40℃ to 70℃
Work humidity: 10% to 95%, no-condensing
Storage humidity: 10% to 95%, no-condensing
Support routing mode, transparent (bridge) mode, bypass mode and mixed mode.
Support VLAN sub interface and port aggregation
Support DHCP server, DHCP relay agent
Support static routing, policy routing, ISP routing, RIP, OSPF
Support IPv6 access control, IPv6 routing
Local user authentication, binding IP authentication, binding MAC authentication
External server user authentication (RADIUS, LDAP), Web authentication
Support identifying malicious websites, illegal websites
Support the real-time online upgrading of the URL library
Behavior analysis and audit
Any key font library can be set to match and identify text information in the information sent out by various ways
Support auditing SMTP/POP3 mail information, including record sender, recipient, topic, time, etc.
It can audit the posts for the forum, record the title and text of the posting, and block the contents of the posts according to the set key words.
It can record the search keyword information for the search engine, and block searching according to the key words.
It can record the files downloaded and uploaded by FTP
Support continuous auto identification and auto classification based on L7 network traffic
Support real-time and historical monitoring of link/downlink traffic, bandwidth, number of online users, user/application depth traffic analysis
Support viewing the bandwidth, traffic and connections of the specified user / user group / application/application group.
Support deeply viewing the application and user; you can view the source/destination address and protocol type; deeply associate the application with the user
Support displaying the flow information by regional diagram/histogram/pie chart/graph and other views
Support the forwarding traffic statistics for the device, the statistics values of CPU usage, memory, session, and forwarding traffic.
Support the QoS management by address + user + service + application + time. You can manage QoS for the selected users as a whole; support QoS nesting.
Support speed limit per IP/user, support IP speed limit and application speed limit nesting.
Support four levels of hierarchical QoS
Support the bandwidth management by user (user group) + application (Application Group) + time.
Support SYN Flood, UDP Flood, ICMP Flood and other DoS/DDoS attack protection
Support ARP attack protection
Support Ping of Death, Land-Base, Tear Drop, Smurf and other abnormal packet attacks
Application identification and control
It identifies, blocks, restricts, interferes, and alarms for more than one thousand applications.
Support the application control based on any combination of the link, service, source/destination IP, IP group, time, application and so on.
Support online upgrade of the application feature library
Support IPSec VPN
Support dual-system active/standby and session synchronization
Log and report
Support the Syslog
Support NAT log, online behavior log, URL log, etc.
Support multidimensional statistical analysis for application, user and traffic, and automatically output the summary, contrast, trend, and other reports
Support providing a dedicated log audit system software
Support remote security management based on SSL protocol
Support system configuration by the Web interface and full command line mode
Support troubleshooting by capturing packet at the console
Online behavior management gateway, configured with 1Combo+2GE+24FE(8POE), inbuilt 500GB hard disk, three extended slots, single AC power supply, 1U device.
Feature library upgrade license module
ISG1000-G1-3IN1-1Y, security, one-year license of MPSec ISG1000-G1-AC three-in-one feature library upgrade, containing the upgrade license of AC, IPS, AV feature library