CyberGuard TSP enterprise gateway security appliance provides proactive, positive security model protection against generalized and application-specific attacks. TSP's architecture enforces explicit security policies to permit only valid and authorized traffic, while automatically protecting against potentially malicious URLs, content, or scripts embedded in HTTP.
 |
Model 110 & 210 - Mini-1U platform |
 |
Model 410 & 510 - small 1U platform |
|
Model 1100 - enterprise 1U platform |
 |
Model 2100 & 2150 - 2U platform |
 |
Model 4150 - 5U platform |
TSP performance
Secure Computing’s CyberGuard brand of Firewall/VPN appliances are known for their ability to deliver blazing-fast application and network layer performance. Competing, well-known brands of firewalls simply cannot scale layer 7 deep packet inspection to the Gigabit throughput levels which are business-as-usual for the mid-to-high-end models of the TSP appliance line.
| CyberGuard TSP Firewall/VPN features and benefits | |
| Ultra-hardened secure operating system | Fully integrated proprietary hardened Linux-based OS with Multi Level Security (MLS) and Mandatory Access Control (MAC) built into the kernel of the OS. This provides fine grained protection over all software running on the appliances against every class of known and unknown attack. |
| Contextual aggregation for layer 7 inspection | Assembles packets into session contexts in order to identify and secure the use of restricted commands and content. |
| Packet filtering and Stateful Inspection | Packet filtering and Stateful Inspection |
| Application awareness and control | 79 application-layer inspection points for adherence to application-specific security requirements. |
| Protocol anomaly detection |
Protocol anomaly detection ensures that all traffic conforms to RFC specifications and acceptable use policies. |
| Enhanced content security | HTTP header filtering, CVP and ICAP support strengthen the solution by examining both the packet headers and payload. |
| Intrusion prevention | Regular expression inspection identifies malicious signatures. |
| Positive security model enforcement | "White List" inclusive patterns allow only the legitimate traffic while automatically blocking abnormal behavior. |
| Session creation throttle | Ensures that performance will not be degraded under a DOS attack scenario. |
| Adaptive response | Terminates packet filter sessions on selective alerts by dynamic creation of a deny rule for the offending IP. |
| IPSec VPN | Scalable IPSec VPN Tunnels with AES and 3DES acceleration for large-scale enterprise deployments. |
| VLAN segmentation policy enforcement | Create "virtual" groupings of endpoints located on disparate physical networks with specific authentication policies for each group. |
| Tools | Ethereal™ is provided for network troubleshooting. |
TSP product highlights
TSP Firewall/VPN appliances, typically installed at the edge of networks performing as multi-protocol security gateways, provide proactive, positive security protection against generalized and application-specific attacks. TSP appliances offer a hybrid approach to securing the edge of your network, offering a complete set of inspection techniques including basic packet filtering, ICSA certified stateful packet inspection, socket layer proxies, and highly-intelligent purpose-built application proxies with in-depth application awareness and control. Simply choose the inspection technique you prefer for each application and/or group of users that are allowed to pass through the TSP appliance.
All eight of the powerful TSP appliances (models 110, 210, 410, 510, 1100, 2100, 2150 and 4150) can enforce content-based security policies. TSP includes 79 application-layer inspection points for strict adherence to application-specific security requirements. And all eight of the appliances are built on an ultra-hardened version of Linux, called CGLinux. This fully integrated proprietary hardened Linux-based OS with Multi Level Security (MLS) and Mandatory Access Control (MAC) built into the kernel of the OS means the platforms simply can't be compromised. The MLS technology provides non-by-passable protection over all software running on the appliances against every class of known and unknown attack. This means that your TSP appliances will never need to apply an emergency security patch.
TSP administration features
TSP enterprise gateway security appliances offer highly flexible and easily managed application gateway security. Asset-specific role-based administration, bulk set-up, complete help utility, comprehensive content inspection modules, and extensive command line support offer an intuitive operational experience. Policy enforcement is the key to securing enterprise assets. TSP provides unmatched set of security features to enable the definition of “best practice” Adaptive Policies that are invoked on the basis of user and session characteristics instead of the use of general purpose ACLs.
TSP appliances arrive pre-loaded and hardware-optimized for rapid deployment using the Get Started wizard. TSP management is done from an intuitive object-oriented GUI with context-sensitive help accessible via the network or VGA console. Command line access to log data provides real-time or retrospective views of user activity, traffic patterns, and policy-enforcement decisions. Passport One with SSL extensions enables time limited, user-authenticated security policies. Configuration back-up and rapid system recovery tools are included with all TSP appliances. Comprehensive alerting is supported via SNMP Trap, e-mail, and pager. All appliances also include comprehensive hardware health monitoring. Role-based administration access restricts the ability to view and modify configurations based on administrator login credentials.
TSP central management features
Security policies are becoming ever more complex and demanding. Sure, you still need to restrict which employees can access a particular server or application. But governments and regulatory agencies worldwide are imposing stringent new rules to protect individual privacy, enhance homeland security and support law enforcement efforts. To meet these challenges, you need an enterprise-class central management solution that enables you to implement security policies—and policy changes—quickly, easily, and accurately across your entire security infrastructure. You need a robust and fault-tolerant solution that lets you monitor policy compliance across hundreds of devices and stop attacks before they compromise your network. You need Global Command Center, the next-generation central management solution from Secure Computing.
Secure Computing's Global Command Center™ (GCC) software is an optional enterprise-class central management solution that enables you to implement security policies and policy changes quickly, easily, and accurately. This central management solution also enables configuration back-up, software updates pushes and log management. Today GCC is capable of centrally managing Secure Computing's CyberGuard® TSP, Classic, SnapGear™, and Webwasher® products.
TSP high availability features
With today's escalating dependence on the Internet for communication and business transactions, highly available information security is essential. Businesses and governments around the world must protect critical information assets around the clock. They can't afford a lapse. They can't afford downtime.
When one major US-based international telecommunications company estimated that each minute of downtime cost $185,000, the company turned to CyberGuard for a high availability security solution. In fact, more and more companies around the world are implementing high availability to provide the redundancy and reliability they need to assure that they have continuous network protection. In the event that an active firewall/VPN appliance fails, a standby is ready in an instant to take over automatically, which means a network can be up 24/7.
| Consider these TSP high availability advantages: | |
| • Intelligent monitoring of the active appliance by the standby • Automatic configuration synchronization between units • State-synchronized, transparent failover of firewall |
• Active and inactive roles exchange automatically at failover • Dual heartbeat interfaces • VPN failover recovery through automatic SA deletions |
TSP VPN features
Business success today depends on being connected—to remote locations, to business partners, to customers and clients, and to employees who travel or telecommute. With the demand for 24/7 connectivity comes a corresponding requirement for strong, sophisticated, ubiquitous network security to assure that business can be conducted without compromising data integrity.
Securing connections across an enterprise is precisely what CyberGuard’s VPN is designed to do. Because it is integrated into the world’s most secure firewall appliances, the CyberGuard VPN delivers the same levels of security, performance, and ease-of-use features that security professionals have come to expect from CyberGuard. Whether the need is to connect securely on a local, regional, national or worldwide scale, CyberGuard has the right VPN solution for your needs.
When you choose CyberGuard’s integrated VPN solution, you are partnering with a company that has built its reputation on providing the highest levels of security in firewall technology. Our firewall appliances have earned the industry’s most stringent independent security certifications, including Common Criteria Evaluation Assurance Level 4+ (EAL4+), ITSEC E3, and the West Coast Labs.
| CyberGuard TSP Firewall/VPN Specifications | ||||||||
|---|---|---|---|---|---|---|---|---|
 |
 |
 |
 |
 |
 |
 |
 |
|
| Physical size | Mini 1U | Mini 1U | Small 1U | Small 1U | Enterprise 1U | 2U | 2U | 5U |
| Recommended users/sizing | Small-Remote Office up to 75 users | Small-Medium Office up to 150 users | Small-Medium Office up to 300 users | Medium Office up to 600 users | Medium to large office | Medium to large office | Large office | Enterprise office |
| Max. outbound IP addresses | 100 | 200 | 400 | 700 | Unlimited | Unlimited | Unlimited | Unlimited |
| Packet Filtering throughput (TCP) | 150 Mbps | 180 Mbps | 275 Mbps | 650 Mbps | 1.6 Gbps | 1.8 Gbps | 2.6 Gbps | 3.2 Gbps |
| Stateful throughput | 140 Mbps | 170 Mbps | 250 Mbps | 600 Mbps | 1.5 Gbps | 1.7 Gbps | 2.4 Gbps | 3 Gbps |
| Concurrent connections | 10,000+ | 50,000 | 100,000 | 500,000 | 1,000,000 | 1,200,000 | 1,600,000 | 2,000,000 |
| Application throughput | 100 Mbps | 140 Mbps | 230 Mbps | 250 Mbps | 1.2 Gbps | 1.3 Gbps | 1.8 Gbps | 2.25 Gbps |
| IPSec VPN AES throughput / concurrent connections | 60 Mbps / 75 | 80 Mbps / 125 | 160 Mbps / 200 | 160 Mbps / 250 | 240 Mbps / 350 | 300 Mbps / 400 | 350 Mbps / 500 | 400 Mbps / 600 |
| Interfaces (min/max) | 4 - 10/100 | 4 - 10/100 | 4/6 - 10/100 | 4/6 - Gigabit | 8/14 - Gigabit | 8/20 - Gigabit | 8/20 - Gigabit | 14/26 - Gigabit |
| Fiber option | N/A | N/A | 4 | 4 | 4 | 6 | 6 | 10 |
| Power supply | Single | Single | Single | Single | Single - dual option | Single - dual option | Dual | Dual |
| RAID | N/A | N/A | N/A | N/A | RAID 1 | RAID 1 | RAID 5 | RAID 5 |
Secure Computing’s portfolio of network gateway security appliances deliver virtual private network (VPN) capabilities and provide network and application-level protection from known, unknown, and emerging internet security threats through its anti-virus, anti-spam, anti-spyware, anomaly detection, and IDS/IPS protection capabilities. Secure Computing’s application-layer Sidewinder® and CyberGuard TSP (total stream protection) unified threat management (UTM) appliances carry the highest Common Criteria certification. SnapGear™ network security products provide complete office-in-a-box Internet security appliance solutions for small and medium businesses (SMBs).