Multi-Homing Gateway MHG-1500

Nusoft．Internet Security Fighter
Multi-Homing
Series
Multi-HomingGateway
Gateway Series
Multi-Homing Gateway
MHG-1500
A single WAN connection is risky for enterprises with a
heavy reliance on information technology due to the
consequences of disconnections. To avoid profit loss, the
best policy is to deploy a network with a failover mechanism.
Accordingly, Nusoft MH G-1500 comes equipped with
firewa ll, link failover, load balancing, policy-based routing
(PBR), total VPN solution (SSL / IPSec / PPTP VPN and
trunking), Qo S, Web filtering, AA A server (Au thentication,
Authorization, and Accounting), application blocking,
anomaly traffic detection, and more to not only provide
mu lti-homi ng capability, but to help ma nage the bandwidth
and users with a reasonable yet cost-effective means.
Product Features
A Total VPN Solution
MHG- 1500’s VP N trunking capability ensures failover and
bandwi dth aggregation to IPSec and PPTP tunnels, greatly
increasing the connection speed and stability. In addition,
it adopts hardwar e information (rather than login information)
to authenticate an SSL VP N user. Remo te users are now
offered wi th fast and easy SS L VPN access wi thout the need
for complex configurations. Be sides that, VNC connectivity,
Wake-On -LAN capability and mo re are ma de available
through its SSL application support.
Full IPv6 Compatibility
The device is completely compatible with the mainstream
Internet protocol of the future -- IPv6. There is no budget
required for implementing another IPv6-based gateway
simply for IPv4-to-IPv6 address translation.
Custom Network Interfaces and Groups
Up to six network interfaces are available for defining as
LAN, WAN, DMZ or network groups ( isolated from one
another). Thus, MHG-1500 can serve as an internal firewall
physically separating each subnet with its grouping feature,
which undoubtedly boosts your network security.
Most third party firewall products lack advanced VPN
connection management and therefore result in security
risks. In comparison, MHG-1500 secures highly confidential
business information carried over the VPN with QoS,
authentication, etc.
In- / Outbound Load Balancing & PBR
Web Filtering Mechanism
The device can load-balance outbound traffic evenly across
WAN ports based on various load-balancing algorithms. It
efficaciously makes the most of your bandwidth and ensures
you with a reliable connection.
The Web Filter employs a cloud-based URL database that
has eight categories namely Anti-Social and Illegal,
Pornographic and Abusive, Gaming and Gambling, Society
and Commerce, Communication and Technology, Leisure,
Information and Education, Other, and up to sixty-four
subcategories. Website browsing now can be easily regulated
by specifying simply the category instead of the URL,
keyword, etc.
Besides outbound load balancing, it is also capable of
inbound load balancing, which helps mitigate multiple
webpage requests directed at your Web server by distributing
them across multiple WAN connections, guaranteeing
uninterrupted e-commerce.
In addition to that, IT administrators are also allowed to
restrict file transfers, MIME types and browser scripts,
and provided with detailed logs and statistics for diagnosis.
Its policy-based routing (PBR) mechanism allows the IT
administrator to assign a specific WAN port for a specific
purpose (or traffic).
Anomaly Traffic Detection
MHG-1500 is able to proactively block packet-flooding
attacks and notify related personnel of the event. A core
switch may be incorporated to perform a co-defense against
the attack by disabling the switch port containing the source
of the attack, efficaciously preventing Denial-of-Service
attacks.
Quality of Service (QoS) / Individual QoS
The QoS mechanisms allow IT administrators to base the
bandwidth allocation on the company's network policy,
preventing bandwidth being exhausted by minorities.
1
Multi-Homing
Series
Multi-HomingGateway
Gateway Series
Nusoft．Internet Security Fighter
Internet-Based Application Blocking
AAA Server
Despite the convenience of instant messaging (IM), the use of
IM clients is difficult to manage and thus opens the door for
business thefts and viruses. Accordingly, MHG-1500 has
capability to block the use of IM clients such as MSN,
Yahoo!, Skype, ICQ, and QQ for messaging or file transfer.
Authentication: Identifies users using either internal or
external (RADIUS / POP3 / LDAP) authentication.
Authorization: Decides what kinds of activities, resources,
or services a user is permitted.
In addition, the use of other Internet-based applications
may as well result in security breach. It could bring along
high bandwidth consumption, information asset leakage,
and malicious code, etc. In answer to that, to ensure network
security, the device allows you to restrain P2P sharing
(eMule, BitTorrent, WinMX, eDonkey, Foxy, etc.),
multimedia streaming, Web-based email access, online
gaming, VPN tunneling, and remote controlling.
Accounting: Provides detailed session statistics and usage
information for network policy adjustment.
Remote Accessibility
The Web-based UI, available in English, Traditional Chinese,
and Simplified Chinese, allows configuration and management
to be made through any Web browser from anywhere and
consequently no software installation is required.
Deployment
Internet
ADSL / Cable
Modem
WAN 1
LAN 1
WAN 2
WAN 3
LAN 2
2
DMZ 1
Multi-Homing
Series
Multi-HomingGateway
Gateway Series
Nusoft．Internet Security Fighter
Product Highlights
Highlights
Third-Party Products
Benefits
Full IPv6 compatibility
Saves the budget for the implementation of an
IPv4-to-IPv6 gateway.
Either incompatible or with limited support.
Custom network interfaces
and groups
Enables you to define networks as needed and
offers a physical internal firewall due to its
grouping feature.
Either fixed to factory default or incapable of
load balancing.
Integrated policy
configuration
Provides an effortless operation experience
through a single Web-based UI.
A basic firewall with a few security features
added on to provide a rough protection.
LAN security
Secures your LAN network with anomaly flow
detection and co-defensive switch system.
No protection against packet flooding .
QoS management
Adds flexibility to bandwidth management by
QoS and P2P bandwidth limits.
Lacks flexibility and adaptability in individual
bandwidth management.
Total VPN solution
Securely tunnels your private connections using
PPTP/IPSec/SSL VPN along with trunking
capability and policy-based management.
Equips user only with PPTP and IPSec VPN,
lacking security and manageability.
SSL application and
hardware authentication
Establishes SSL VPN connections without the
need for login information due to its hardware
authentication; VNC connectivity and Wake-On
-LAN capability are made available through its
SSL application support .
Requires login information and expertise to
establish an SSL VPN connection.
Policy-based routing (PBR)
Allows in- / outbound traffic to be load balanced
based on network polices.
Only comes in outbound PBR capability and is
not configurable at all.
Application blocking
Restrains the use of Internet-based applications
such IM client, P2P software, etc.
Less effectively blocks the use of Internetbased applications by port number.
Web category filtering
Effortlessly regulates Website access by eight
categories and sixty-four subcategories.
Less effectively filters Website access by basic
criteria such as IP, domain, keyword, etc.
Bi-directional load balancing
Ensures access stability to both the LAN users
( outbound traffic ) and website visitors
( inbound traffic ).
Fails to meet the needs of all sizes of
businesses with just outbound load balancing.
IP-oriented connection
solution ( i. e., online
banking / gaming )
Avoids service disruption during an IP-oriented
connection such as online banking and gaming
due to IP change.
No solution available for service disruption
during online banking and gaming sessions.
IPv6
IPv4
IPv4/IPv6
Compatibility
Internet
LAN 2
User-Definable
Networks
VPN
SPI Firewall
Total VPN Solution
Multi-WAN
Load Balancing
Link Failover
18
Policy-Oriented
Management
User Authentication
Event Logging
Web-Based UI
PBR
Web Filtering
Anomaly Traffic
Detection
Co-Defense System
SPEED
60
LIMIT
最高限速
1 Mbit/sec
Up- / Download
Blocking
AAA Server
Application Blocking
QoS
3
Multi-Homing
Series
Multi-HomingGateway
Gateway Series
Nusoft．Internet Security Fighter
Model Comparison
MHG-1000
MHG-1500
MHG-2000
MHG-3000
4 GbE (RJ45)
6 GbE (RJ45)
7 GbE (RJ45)
(RJ45/Mini-GBIC)
(RJ45/Mini-GBIC)
Power Redundancy
X
X
X
Form Factor
1U RackMountable
1U RackMountable
1U RackMountable
2U RackMountable
2U RackMountable
Model Name
MHG-5000
Hardware Specifications
Port Density
Networking
12 GbE
12 GbE
User-Definable
Product Features
IPv6 Compatibility
Interface Grouping
SPI Firewall
Internal Firewall
Web Filtering
Load
Balancing
Outbound
Inbound
Policy-Based Routing
Authentication
AAA Server
Authorization
Accounting
QoS
Individual QoS
Up- / Download Blocking
Application Blocking
IPSec / PPTP VPN
VPN Trunking
VPN
SSL Web VPN
SSL Application
X
VLAN / VLAN Trunking
High Availability
X
Max. Concurrent Users
Unlimited
Unlimited
Unlimited
Unlimited
Unlimited
CPU Cores / Threads
1/1
2/2
2/2
8/8
8 / 16
Firewall Throughput
1.6 Gbps
2.5 Gbps
3.3 Gbps
3.4 Gbps
5.0 Gbps
CPU Consumption
(The lower, the better.)
75 %
40 %
37 %
11 %
3%
Max. Concurrent Sessions
582,000
1,000,000
1,000,000
2,000,000
2,000,000
Performance Statistics
Nusoft Corporation
Tel: +886-2-8226-6789 Fax: +886-2-8226-6488
Address: 3F.-1, No. 880, Zhongzheng Rd., Zhonghe Dist.,
New Taipei City 235-86, Taiwan (R.O.C.)
http://www.nusoft.com.tw
Sales Department : [email protected]
Technical Support: [email protected]
4