Innominate mGuard delta w/VPN-10 BD-201000 User Manual

Conventional gateway appliances normally protect

entire networks or network segments with a uniform

security standard. In such cases, varied levels of

security, individually restricted access rights or exact-

ly stipulated access times are virtually impossible to

realize. Moreover, conventional gateway appliances

also entail access lists or firewall rules that are main-

tained in the backbone, quickly becoming complex

and unintelligible – raising the risk of security gaps.

With the mGuard delta, you can assign each produc-

tion system or network segment its own security

components: with individual security levels, specific-

ally configured access rights and numerous other

unique advantages.

The basis of the integrated security solution is the

embedded Linux configured by Innominate, running

on a special network processor with XScale core by

Intel (IXP 42x), with 533 MHz processor capacity, 128

Mbytes of SDRAM working memory and 16 Mbytes

of Flash memory. The Intel processor features hard-

wired rules for the DES, 3DES and AES encryption

procedures. This guarantees maximum data through-

put for firewall (up to 99 Mbit /s) and VPN connections

(up to 70 Mbit/s).

The mGuard delta is a compact security appliance

which can be used in enterprise networks for both

production environments as well as in the back-of-

fice. Particularly in the case of logically segmented

networks, a distributed security function is often

required. The intelligent, high-performance security

functions of the mGuard delta can be combined with

the advantages of a standard Ethernet / Fast Ethernet

switch.

In the process, the mGuard delta offers all the bene-

fits of „device attached security“ – a concept with

clear advantages over classic office firewalls or soft-

ware-based solutions for the protection of dedicated

systems or different network segments.

Two mGuard delta devices can be operated redun-

dantly in the High Availability Mode. Here, the active

mGuard delta transmits the firewall statuses to the

standby unit. In the event of outfall of the principle

mGuard delta, uninterrupted protection as well as

high availability of the overall system is thus assured

(mGuard Redundant Firewall Option).

The user firewall only allows users with dynamic IP

addresses (e.g. service technicians) access to inter-

nal or external resources after they have logged onto

the mGuard appliance. Passwords can be stored

locally on the appliance or centrally on the company’s

RADIUS server.

The mGuard delta security solution

from Innominate unites all the func-

tions necessary to reliably safeguard

IP connections:

■

Configurable firewall protects the

system from unauthorized access

from 

„

outside

“

. The Stateful

Inspection Firewall filters data

packets based on the originating

and target address, blocking

undesired data traffic – also from

„

inside

“

.

■

VPN (optional) for secure data

transmission via public networks

(hardware-based DES, 3DES and

AES encryption, IPsec protocol).

■

Integrated anti-virus protection

(optional) with support for the

HTTP, FTP, SMTP and POP3 proto-

cols. Anti-virus protection takes

place outside of the system, offe-

ring a higher level of system avai-

lability and full performance for

production and the back-office.

■

The mGuard delta is equipped

with a 4 port 10 /100 TX Ethernet

switch which distributes the secu-

rity functionality to a maximum of

four network segments.