Avaya SG203 Manuel D’Utilisation
12 Introduction
March 2004
Avaya SG203/SG208 Security Gateway Hardware Installation Guide
Data authenticity is assured by using HMAC-MD5™ or HMAC-SHA-1
packet signatures to reject altered or forged packets. All security
mechanisms employed by the security gateway conform to IPSec
standards, in order to provide interoperability and broaden the use of VPN
technology.
packet signatures to reject altered or forged packets. All security
mechanisms employed by the security gateway conform to IPSec
standards, in order to provide interoperability and broaden the use of VPN
technology.
Performance
For maximum network flexibility, the SG203 security gateway supports
four 10/100BASE-T Ethernet interfaces, and the SG208 supports four 10/
100/1000BASE-T Ethernet interfaces.
four 10/100BASE-T Ethernet interfaces, and the SG208 supports four 10/
100/1000BASE-T Ethernet interfaces.
When packets are encrypted and authenticated according to IPSec
protocol guidelines, additional bytes, in the form of IPSec headers, must
be added to packets. In many cases, the additional packet overhead
imposes a performance penalty in return for security. The extra bytes tend
to lengthen packets and reduce the throughput (measured in packets per
second). The overhead depends on the IPSec policy and could be up to
63 bytes.
protocol guidelines, additional bytes, in the form of IPSec headers, must
be added to packets. In many cases, the additional packet overhead
imposes a performance penalty in return for security. The extra bytes tend
to lengthen packets and reduce the throughput (measured in packets per
second). The overhead depends on the IPSec policy and could be up to
63 bytes.
Table 2
SG203/208 performance specifications
SG203
SG208
IKE Sessions
3000
8000
IPSec Sessions
12,000
16,000
Subnets supported
2
1
Firewall TCP/UDP
Sessions
Sessions
200,000
300,000
VPNremote users
(Default/Max)
100/3000
100/8000
Site to Site (Default/Max)
50/300
100/1000
Protected FW/VPN
Devices
Devices
3000
8000