Huawei SVN5800 Secure Access Gateway

SVN5800 provides comprehensive security protection with excellent access performance for medium and large enterprise networks. The secure solution enables remote access, mobile office, branch interconnection, cloud and multimedia tunnel access.

Secure, agile access anywhere protected by Secure Sockets Layer (SSL) and Internet Protocol Security (IPSec) Virtual Private Networks (VPNs) and encrypted transmission capabilities.

Safeguard your enterprise, government, or carrier’s cloud and networking access, support diverse terminals and branch interconnectivity with SVN5800 series end-to-end solutions.

Huawei SVN5800 VPN gateway

Product Features

The SVN integrates diversified functions, such as SSL VPN, IPSec VPN, GRE VPN, MPLS VPN, firewall, and attack defense. It also provides advanced Layer-3 features, such as IPv6, MPLS, dynamic routing, and policy-based routing to help enterprises, governments, and carriers reduce their deployment costs by running comprehensive security services on a single device.

VPN access IPSec SSL MPLS VPLS MRE L2TP tunnels

Unified Remote VPN Access

The SVN supports multiple VPN access modes, such as SSL, IPSec, GRE, MPLS, and L2TP VPN to secure connections between the headquarters, branch offices, partners, and mobile workers on the Internet and provide low-cost VLAN solutions.

Besides, the SVN integrates routing and firewall functions to cope with multiple networkings , meet diversified user requirements, and reduce deployment costs.
  • The SVN supports various routing protocols, such as RIP, OSPF, and BGP, applies to various network environments, and can replace original routers or firewalls or be transparently connected to the original network.
  • The SVN supports such firewall functions as security policies, attack defense, and port scanning to easily cope with network-layer attacks or threats.

Diversified Permission Management Methods

The SVN supports the setup of a local user database for user name and password authentication. Users do not need to set up extra authentication systems.

In addition, for enterprise customers who have established sound authentication systems, the SVN can support the following external authentication systems:

  • Third-party authentication servers, including Remote Authentication Dial in User Service (RADIUS), Light Directory Access Protocol (LDAP) servers, Active Directory (AD), and SecurID servers

  • Digital certificate authentication, including X.509 v3 and USB key+ digital certificates

    The SVN supports certificate chains and the Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) check of the certificates to ensure the validity and security of the certificates.

In addition, the SVN supports graphic verification code, terminal ID verification to meet diverse user identification requirements.

Flexible User Authorization

The SVN provides the authorization method based on the association of roles and resources. Intranet resources are associated with user roles. Users of a role can have access only to the resources that are associated with the role. This method accommodates the personnel adjustment in an organization and reduces the workload of administrators.

The SVN can import authorization mappings from external groups, enabling the seamless integration between new and old user management systems. Some enterprises, with well-built IT environments, have already established strict user authority management systems whose configuration information exist in the form of user groups or organizations on authentication servers such as LDAP of RADIUS servers. To deal with this situation, the SVN can import user groups and organizations information saved on authentication servers, such as LDAP and RADIUS servers. After the SVN associates these user group and organizations with exact accessible resources, the user access authorization is complete.

The SVN delivers dynamic authorization based on terminal security check results. The administrator can configure the SVN to perform security check and associate the role of users based on the check result. For example, you can configure strict terminal security check policies for users that require to obtain high intranet resource access permissions.

High Availability

  • Device reliability

    Power supply module redundancy: The SVN supports two power supply modules that support mutual hot backup and hot swap. The power supply switchover does not interrupt system running.

  • Network reliability

    Hot standby: Two systems can be deployed to form a backup group, with one system as the active device and the other as the standby device. HRP synchronizes important configuration information and session table information between the active and standby devices to ensure successful switchover.

  • Link reliability

    Binding of multiple physical Ethernet interfaces into one logical Eth-Trunk interface: improves the maximum data transmission efficiency from point to point. Meanwhile, if one physical link of the Eth-Trunk link fails, other links take over its traffic. This feature enables the SVN to apply to various networking environments, delivering high availability and satisfying heavy traffic scenarios.

 

Product Specification

Model SVN5830 SVN5850 SVN5860 SVN5880
Maximum number of concurrent SSL VPN users 6000 12,000 40,000 100,000
Maximum number of concurrent SSL VPN connections 15,000 30,000 150,000 150,000
IPSec VPN throughput 3Gbit/s 3Gbit/s 18Gbit/s 18Gbit/s
Concurrent IPSec VPN connections 4000 4,000 15,000 15,000
Maximum number of virtual gateways 256 256 512 512
I/O
Fixed ports 8GE+4SFP 4*10GE+16GE+8SFP
Expansion slots 2WSIC 5WSIC
Expansion card types WSIC: 2×10GE(SFP+)+8×GE(RJ45),8×GE(RJ45),8×GE(SFP),4×GE(RJ45)BYPASS
Device Specifications
Form Factor 1U 3U
Dimensions (H x W x D) mm 43.6 x 442 x 421 130.5 x 442 × 415
Weight (fully configured) 10KG 22KG
HDD Optional, 300 GB hot-swappable single hard disk Optional, 300 GB hot-swappable dual hard disks (RAID1)
Redundant power supply Optional Standard
AC power supply 100 V to 240 V
Maximum power 170W 350W 700W
Operating environment Temperature: 0°C to 45°C (without hard disk)/5°C to 40°C (with hard disk), humidity: 10% to 90%
Non-operating environment (storage environment) Temperature: –40ºC to 70ºC, humidity: 5% to 95% (non-condensing)
Functions
SSL VPN

Supports Web proxy, file sharing, port forwarding, network extension, and multimedia tunnel.

Supports access to resources, such as Web, Client/Server application program, and multimedia resources, in IPv4 or IPv6

VPN types SSL VPN, IPSec VPN, GRE VPN, L2TP VPN, MPLS VPN
User authentication

Supports authentication methods, such as local password (VPNDB), AD, RADIUS, LDAP, SecurID, X.509 digital certificate, USB key, SMS, device ID, and CAPTCHA authentication. Supports hierarchical authentication, single sign-on (SSO), and software keyboard.

Authentication control

Supports role-based, external group mapping, and dynamic authorization based on the security level of the terminals

Provides fine-grained access control based on application, IP address, port, and URL and is able to identify over 6000 application protocols

Supported operating systems Supports Android, Windows, Mac OS, iOS, Linux, Symbian, and BlackBerry OS.
Terminal security Supports terminal/host security check, cache cleaning, terminal ID binding, and DDoS attack defense at application and network layers.
Virtual gateway Supports multiple virtual gateways on one physical gateway to allow for service and network virtualization and independent authentication, authorization, services, and resources management
Agile feature Bandwidth management, intelligent ISP link selection
Network security Supports access control, NAT, and attack defense.
Network protocols Supports IPv4 and IPv6
Deployment and availability Supports transparent, routing, and hybrid deployment modes and active/active and active/standby high availability (HA)

Ordering Information

Model No. Description
Host
SVN5880-AC SVN5880 AC Host(16GE(RJ45)+8GE(SFP)+4*10GE(SFP+),16G Memory,2 AC Power),with HW General Security Platform Software
SVN5860-AC SVN5860 AC Host(16GE(RJ45)+8GE(SFP)+4*10GE(SFP),16GB Memory,2 AC Power),with HW General Security Platform Software
SVN5850-AC SVN5850 AC Host(8GE(RJ45)+4GE(SFP),4GB Memory,1 AC Power),with HW General Security Platform Software
SVN5830-AC SVN5830 AC Host(8GE(RJ45)+4GE(SFP),4GB Memory,1 AC Power),with HW General Security Platform Software
Interface Card
WSIC-8GE 8GE Electric Ports Interface Card,with HW General Security Platform Software
WSIC-4GEBYPASS 4GE Electric Ports Bypass Card,with HW General Security Platform Software
WSIC-8GEF 8GE Optical Ports Interface Card,with HW General Security Platform Software
WSIC-2XG8GE 2*10GE Optical Ports+8GE Electric Ports Interface Card,with HW General Security Platform Software
Hard Disk Module
SM-HDD-SAS300G-A 300GB 10K RPM SAS Hard Disk Unit
SM-HDD-SAS300G-B 300GB 10K RPM SAS Hard Disk for 1U rack Gateway
Power Supply Module
Power-AC-B AC power module;-25degC~60degC;90V~290V;12V/14.2A
Function License
LIC-SVN-01-VGW-1 Add 1 Virtual Gateway,with HW General Security Platform Software
LIC-SVN-01-SEC Encryption Function,With HW General Security Platform Software
Concurrent SSL VPN Users License
LIC-SVN-01-SSL-10 SSL VPN 10 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-25 SSL VPN 25 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-50 SSL VPN 50 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-100 SSL VPN 100 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-250 SSL VPN 250 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-500 SSL VPN 500 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-1000 SSL VPN 1000 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-2500 SSL VPN 2500 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-5000 SSL VPN 5000 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-7500 SSL VPN 7500 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-10000 SSL VPN 10000 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-15000 SSL VPN 15000 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-20000 SSL VPN 20000 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-40000 SSL VPN 40000 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-60000 SSL VPN 60000 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-80000 SSL VPN 80000 Concurrent Users,with HW General Security Platform Software
LIC-SVN-01-SSL-100000 SSL VPN 100000 Concurrent Users,with HW General Security Platform Software

Trends and Challenges

The development of networks allows enterprises to provide remote access to branch offices, partners, customers, mobile employees, and home offices so that they can access application and data resources, such as OA, ERP, CRM, and SCM, on enterprise intranet. The access networks are complex. Some access networks, such as branch office and partner networks, can be managed by the enterprise. Some access networks, such as home, public Wi-Fi, and 3G networks, are geographically dispersed and out of the control of the enterprise. Moreover, the devices that access the enterprise intranet are diversifying. In addition to traditional terminals, such as desktop computer and laptops, smart devices are increasingly used to access enterprise networks. To facilitate business processing, enterprises must ensure that legitimate users can easily access information resources on the intranet from various devices on various networks, without compromising intranet security.

SVN5800 products are the latest secure access gateway products, which are built on a carrier-class hardware platform, secure real-time embedded operating system, and many years of experience in communication and networking development and design. SVN5800 products meet demanding international certification standards to provide security solutions, such as remote access, mobile working, branch office interconnection, cloud access, and multimedia tunnel access.