maipu maipu

SEARCH
Security > Behavior Gateway > MPSec ISG1000-F2 Online Behavior Management Gateway

MPSec ISG1000-F2 Online Behavior Management Gateway

MPSec ISG1000 series online behavior management gateway is a multi-service gateway and an online behavior management gateway which integrates terminal access authentication, access control, online behavior audit/control, intelligent security protection, flow control, VPN and other functions.

MPSec ISG1000 series products solve the security boundary problem of Internet. The product makes multiple gateway products of the traditional series connection , such as traditional ACL, anti-virus wall, IPS, DPI, flow control, VPN and other products, be integrated into one device, bringing great benefit to the user in management and cost.

MPSec ISG1000 series products support a variety of terminal access authentication and control modes. It can combine packet filtering technology and implement the identification and access control of L4-L7 services. It can realize user network access authentication, Internet record audit, behavior control, anti-fishing websites of the risk website, and other deep security audit and control functions, truly "controllable, perspective, marketable, trustworthy".

The deployment of MPSec ISG1000 series products is flexible and adaptable, meeting the requirements of wired wireless integrated management and control. It can be widely applied in Internet export of government and enterprise, business outlets and headquarters of financial institutions, Internet export of educational MAN, and other scenarios.


Product Features

    A variety of convenient user authentication modes

    It provides a variety of convenient Internet access authentication modes, including local authentication based on user name and password, WEB authentication, and external authentication by combining with third-party RADIUS/LDAP server, applicable to various user internet access scenarios.


    Refined online behavior identification and control

    It can accurately identify more than 1000 applications. With the content-class packet mining technology, it can accurately identify a variety of behaviors, and perform the refined control for the user network access behavior.


    Flexible flow control management

    The traffic control technology can effectively curb all kinds of applications to snatch valuable bandwidth and IT resources, so as to ensure the rational allocation of network resources and the service quality of key services, improving the overall performance of the network. It can perform the traffic nesting IP and application, and support 4 layers of QoS, flexibly controlling customer business.


    Rich Internet marketing functions

    It provides the Portal page push function. Combining with AAS series products, the users in different locations can push different advertising pages after getting online, realizing the accurate locating and pushing of the advertising. It supports the APP cache technology, and mobile users can download APP at a high speed without occupying export bandwidth. This enhances customer business experience and improves APP downloading and usage.


    Perfect log management and analysis

    It provides a variety of log functions, traffic statistics and analysis functions, various events monitoring and statistics functions, and mail alarming function. Combining with the log management system, it can complete log recording, query, analysis and report generating, providing a perfect data basis for big data analysis.


    Advanced hardware platform and software architecture

    It adopts the MIPS platform, high-speed security processing, unified feature library and integrated analysis processing engine design, greatly improving the operation efficiency of multiple function modules when running at the same time.


    Comprehensive network attack protection

    It supports DoS/DDoS attack protection, MAC and IP binding function, intelligent anti-worm virus technology, ARP attack protection, ultra-large ICMP packet attack prevention, and other network attack protections.


    High-reliability guarantee

    It supports the dual-system hot backup function, and the Active/Active and Active/Passive working modes, realizing load sharing and business backup; supports auto synchronizing the feature library and policy library; supports dual configuration files. The key parts of the equipment all adopt the redundant design.



Product Specifications

Hardware Specifications

Product Model

MPSec ISG1000-F2-AC

Physical ports

8GE

Management interface

One Console port

Other interfaces

One USB interface

Storage

Inbuilt 4G storage card, extended external storage of USB port

Fan

Mute fan

Dimension (W×D×H)

260mm×190mm×44.4mm, the width is about 10 inches and the height is about 1U

Power supply

Single power, input voltage (AC): 100V–240V, 50Hz–60Hz, 30W

Temperature

Working temperature: 0℃ to 45℃

Storage temperature: -40℃ to 70℃

Humidity

Work humidity: 10% to 95%, no-condensing

Storage humidity: 10% to 95%, no-condensing


 Software Specifications

Deployment mode

Support routing mode, transparent (bridge) mode, bypass mode and mixed mode.

Network function

Support VLAN sub interface and port aggregation

Support DHCP server, DHCP relay agent

Support static routing, policy routing, ISP routing, RIP, OSPF

Support IPv6 access control, IPv6 routing

User authentication

Local user authentication, binding IP authentication, binding MAC authentication

External server user authentication (RADIUS, LDAP), Web authentication

URL filter

Support identifying malicious websites, illegal websites

Support the real-time online upgrading of the URL library

Behavior analysis and audit

Any key font library can be set to  match and identify text information in the information sent out by various   ways

Support auditing SMTP/POP3 mail information, including record sender, recipient, topic, time, etc.

It can audit the posts for the forum, record the title and text of the posting, and block the contents of the posts   according to the set key words.

It can record the search keyword information for the search engine, and block searching according to the key words.

It can record the files downloaded and uploaded by FTP

Traffic analysis

Support continuous auto identification  and auto classification based on L7 network traffic

Support real-time and historical monitoring of link/downlink traffic, bandwidth, number of online users, user/application depth traffic analysis

Support viewing the bandwidth, traffic and connections of the specified user / user group / application/application group.

Support deeply viewing the application and user; you can view the source/destination address and protocol type; deeply associate the application with the user

Support displaying the flow information by regional diagram/histogram/pie chart/graph and other views

Support the forwarding traffic statistics for the device, the statistics values of CPU usage, memory, session, and forwarding traffic.

Traffic management

Support the QoS management by address + user + service + application + time. You can manage QoS for the selected users as a whole; support QoS nesting.

Support speed limit per IP/user, support IP speed limit and application speed limit nesting.

Support four levels of hierarchical QoS

Support the bandwidth management by user (user group) + application (Application Group) + time.

Security protection

Support SYN Flood, UDP Flood, ICMP Flood and other DoS/ DDoS attack protection

Support ARP attack protection

Support Ping of Death, Land-Base, Tear Drop, Smurf and other abnormal packet attacks

Application identification and control

It identifies, blocks, restricts, interferes, and alarms for more than one thousand applications.

Support the application control based on any combination of the link, service, source/destination IP, IP group, time, application and so on.

Support online upgrade of the application feature library

VPN

Support IPSec VPN

HA

Support dual-system active/standby and session synchronization

Log and report

Support the Syslog

Support NAT log, online behavior log, URL log, etc.

Support multidimensional statistical analysis for application, user and traffic, and automatically output the   summary, contrast, trend, and other reports

Support providing a dedicated log   audit system software

System maintenance

Support remote security management based on SSL protocol

Support system configuration by the Web interface and full command line mode

Support troubleshooting by capturing packet at the console



Order Information

Product Model

Description

Gateway host

MPSec ISG1000-F2-AC

Online behavior management gateway, configured with 8GE, inbuilt 4GB storage card, single AC power supply, 1U device.

Master software license module

ISG1000-F2-1Y3IN1-L

MPSec ISG1000-F2-AC product host software license, containing the one-year license of the application, IPS, and AV three-in-one feature library upgrade