SVN5800 provides comprehensive security protection with excellent
access performance for medium and large enterprise networks. The
secure solution enables remote access, mobile office, branch
interconnection, cloud and multimedia tunnel access.
Secure, agile access anywhere protected by Secure Sockets Layer (SSL) and Internet Protocol Security (IPSec) Virtual Private Networks (VPNs) and encrypted transmission capabilities.
Safeguard your enterprise, government, or carrier’s cloud and networking access, support diverse terminals and branch interconnectivity with SVN5800 series end-to-end solutions.
The SVN integrates diversified functions, such as SSL VPN, IPSec VPN, GRE VPN, MPLS VPN, firewall, and attack defense. It also provides advanced Layer-3 features, such as IPv6, MPLS, dynamic routing, and policy-based routing to help enterprises, governments, and carriers reduce their deployment costs by running comprehensive security services on a single device.
The SVN supports multiple VPN access modes, such as SSL, IPSec, GRE, MPLS, and L2TP VPN to secure connections between the headquarters, branch offices, partners, and mobile workers on the Internet and provide low-cost VLAN solutions.
The SVN supports the setup of a local user database for user name and password authentication. Users do not need to set up extra authentication systems.
In addition, for enterprise customers who have established sound authentication systems, the SVN can support the following external authentication systems:
Third-party authentication servers, including Remote Authentication Dial in User Service (RADIUS), Light Directory Access Protocol (LDAP) servers, Active Directory (AD), and SecurID servers
Digital certificate authentication, including X.509 v3 and USB key+ digital certificates
The SVN supports certificate chains and the Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) check of the certificates to ensure the validity and security of the certificates.
In addition, the SVN supports graphic verification code, terminal ID verification to meet diverse user identification requirements.
The SVN provides the authorization method based on the association of roles and resources. Intranet resources are associated with user roles. Users of a role can have access only to the resources that are associated with the role. This method accommodates the personnel adjustment in an organization and reduces the workload of administrators.
The SVN can import authorization mappings from external groups, enabling the seamless integration between new and old user management systems. Some enterprises, with well-built IT environments, have already established strict user authority management systems whose configuration information exist in the form of user groups or organizations on authentication servers such as LDAP of RADIUS servers. To deal with this situation, the SVN can import user groups and organizations information saved on authentication servers, such as LDAP and RADIUS servers. After the SVN associates these user group and organizations with exact accessible resources, the user access authorization is complete.
The SVN delivers dynamic authorization based on terminal security check results. The administrator can configure the SVN to perform security check and associate the role of users based on the check result. For example, you can configure strict terminal security check policies for users that require to obtain high intranet resource access permissions.
Power supply module redundancy: The SVN supports two power supply modules that support mutual hot backup and hot swap. The power supply switchover does not interrupt system running.
Hot standby: Two systems can be deployed to form a backup group, with one system as the active device and the other as the standby device. HRP synchronizes important configuration information and session table information between the active and standby devices to ensure successful switchover.
Binding of multiple physical Ethernet interfaces into one logical Eth-Trunk interface: improves the maximum data transmission efficiency from point to point. Meanwhile, if one physical link of the Eth-Trunk link fails, other links take over its traffic. This feature enables the SVN to apply to various networking environments, delivering high availability and satisfying heavy traffic scenarios.
|Maximum number of concurrent SSL VPN users||6000||12,000||40,000||100,000|
|Maximum number of concurrent SSL VPN connections||15,000||30,000||150,000||150,000|
|IPSec VPN throughput||3Gbit/s||3Gbit/s||18Gbit/s||18Gbit/s|
|Concurrent IPSec VPN connections||4000||4,000||15,000||15,000|
|Maximum number of virtual gateways||256||256||512||512|
|Expansion card types||WSIC: 2×10GE（SFP+）+8×GE（RJ45)，8×GE（RJ45），8×GE（SFP），4×GE（RJ45）BYPASS|
|Dimensions (H x W x D) mm||43.6 x 442 x 421||130.5 x 442 × 415|
|Weight (fully configured)||10KG||22KG|
|HDD||Optional, 300 GB hot-swappable single hard disk||Optional, 300 GB hot-swappable dual hard disks (RAID1)|
|Redundant power supply||Optional||Standard|
|AC power supply||100 V to 240 V|
|Operating environment||Temperature: 0°C to 45°C (without hard disk)/5°C to 40°C (with hard disk), humidity: 10% to 90%|
|Non-operating environment (storage environment)||Temperature: –40ºC to 70ºC, humidity: 5% to 95% (non-condensing)|
Supports Web proxy, file sharing, port forwarding, network extension, and multimedia tunnel.
Supports access to resources, such as Web, Client/Server application program, and multimedia resources, in IPv4 or IPv6
|VPN types||SSL VPN, IPSec VPN, GRE VPN, L2TP VPN, MPLS VPN|
Supports authentication methods, such as local password (VPNDB), AD, RADIUS, LDAP, SecurID, X.509 digital certificate, USB key, SMS, device ID, and CAPTCHA authentication. Supports hierarchical authentication, single sign-on (SSO), and software keyboard.
Supports role-based, external group mapping, and dynamic authorization based on the security level of the terminals
Provides fine-grained access control based on application, IP address, port, and URL and is able to identify over 6000 application protocols
|Supported operating systems||Supports Android, Windows, Mac OS, iOS, Linux, Symbian, and BlackBerry OS.|
|Terminal security||Supports terminal/host security check, cache cleaning, terminal ID binding, and DDoS attack defense at application and network layers.|
|Virtual gateway||Supports multiple virtual gateways on one physical gateway to allow for service and network virtualization and independent authentication, authorization, services, and resources management|
|Agile feature||Bandwidth management, intelligent ISP link selection|
|Network security||Supports access control, NAT, and attack defense.|
|Network protocols||Supports IPv4 and IPv6|
|Deployment and availability||Supports transparent, routing, and hybrid deployment modes and active/active and active/standby high availability (HA)|
|SVN5880-AC||SVN5880 AC Host(16GE(RJ45)+8GE(SFP)+4*10GE(SFP+),16G Memory,2 AC Power),with HW General Security Platform Software|
|SVN5860-AC||SVN5860 AC Host(16GE(RJ45)+8GE(SFP)+4*10GE(SFP),16GB Memory,2 AC Power),with HW General Security Platform Software|
|SVN5850-AC||SVN5850 AC Host(8GE(RJ45)+4GE(SFP),4GB Memory,1 AC Power),with HW General Security Platform Software|
|SVN5830-AC||SVN5830 AC Host(8GE(RJ45)+4GE(SFP),4GB Memory,1 AC Power),with HW General Security Platform Software|
|WSIC-8GE||8GE Electric Ports Interface Card,with HW General Security Platform Software|
|WSIC-4GEBYPASS||4GE Electric Ports Bypass Card,with HW General Security Platform Software|
|WSIC-8GEF||8GE Optical Ports Interface Card,with HW General Security Platform Software|
|WSIC-2XG8GE||2*10GE Optical Ports+8GE Electric Ports Interface Card,with HW General Security Platform Software|
|Hard Disk Module|
|SM-HDD-SAS300G-A||300GB 10K RPM SAS Hard Disk Unit|
|SM-HDD-SAS300G-B||300GB 10K RPM SAS Hard Disk for 1U rack Gateway|
|Power Supply Module|
|Power-AC-B||AC power module;-25degC~60degC;90V~290V;12V/14.2A|
|LIC-SVN-01-VGW-1||Add 1 Virtual Gateway,with HW General Security Platform Software|
|LIC-SVN-01-SEC||Encryption Function,With HW General Security Platform Software|
|Concurrent SSL VPN Users License|
|LIC-SVN-01-SSL-10||SSL VPN 10 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-25||SSL VPN 25 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-50||SSL VPN 50 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-100||SSL VPN 100 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-250||SSL VPN 250 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-500||SSL VPN 500 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-1000||SSL VPN 1000 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-2500||SSL VPN 2500 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-5000||SSL VPN 5000 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-7500||SSL VPN 7500 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-10000||SSL VPN 10000 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-15000||SSL VPN 15000 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-20000||SSL VPN 20000 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-40000||SSL VPN 40000 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-60000||SSL VPN 60000 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-80000||SSL VPN 80000 Concurrent Users,with HW General Security Platform Software|
|LIC-SVN-01-SSL-100000||SSL VPN 100000 Concurrent Users,with HW General Security Platform Software|
The development of networks allows enterprises to provide remote
access to branch offices, partners, customers, mobile employees, and
home offices so that they can access application and data resources,
such as OA, ERP, CRM, and SCM, on enterprise intranet. The access
networks are complex. Some access networks, such as branch office
and partner networks, can be managed by the enterprise. Some access
networks, such as home, public Wi-Fi, and 3G networks, are
geographically dispersed and out of the control of the enterprise.
Moreover, the devices that access the enterprise intranet are
diversifying. In addition to traditional terminals, such as desktop
computer and laptops, smart devices are increasingly used to access
enterprise networks. To facilitate business processing, enterprises
must ensure that legitimate users can easily access information
resources on the intranet from various devices on various networks,
without compromising intranet security.
SVN5800 products are the latest secure access gateway products, which are built on a carrier-class hardware platform, secure real-time embedded operating system, and many years of experience in communication and networking development and design. SVN5800 products meet demanding international certification standards to provide security solutions, such as remote access, mobile working, branch office interconnection, cloud access, and multimedia tunnel access.