Unified Remote VPN Access

The SVN supports multiple VPN access modes, such as SSL, IPSec, GRE, MPLS, and L2TP VPN to secure connections between the headquarters, branch offices, partners, and mobile workers on the Internet and provide low-cost VLAN solutions.

Diversified Permission Management Methods

The SVN supports the setup of a local user database for user name and password authentication. Users do not need to set up extra authentication systems.

In addition, for enterprise customers who have established sound authentication systems, the SVN can support the following external authentication systems:

• Third-party authentication servers, including Remote Authentication Dial in User Service (RADIUS), Light Directory Access Protocol (LDAP) servers, Active Directory (AD), and SecurID servers

• Digital certificate authentication, including X.509 v3 and USB key+ digital certificates

  The SVN supports certificate chains and the Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) check of the certificates to ensure the validity and security of the certificates.

In addition, the SVN supports graphic verification code, terminal ID verification to meet diverse user identification requirements.

Flexible User Authorization

The SVN provides the authorization method based on the association of roles and resources. Intranet resources are associated with user roles. Users of a role can have access only to the resources that are associated with the role. This method accommodates the personnel adjustment in an organization and reduces the workload of administrators.

The SVN can import authorization mappings from external groups, enabling the seamless integration between new and old user management systems. Some enterprises, with well-built IT environments, have already established strict user authority management systems whose configuration information exist in the form of user groups or organizations on authentication servers such as LDAP of RADIUS servers. To deal with this situation, the SVN can import user groups and organizations information saved on authentication servers, such as LDAP and RADIUS servers. After the SVN associates these user group and organizations with exact accessible resources, the user access authorization is complete.

The SVN delivers dynamic authorization based on terminal security check results. The administrator can configure the SVN to perform security check and associate the role of users based on the check result. For example, you can configure strict terminal security check policies for users that require to obtain high intranet resource access permissions.

High Availability

• Device reliability

  Power supply module redundancy: The SVN supports two power supply modules that support mutual hot backup and hot swap. The power supply switchover does not interrupt system running.

• Network reliability

  Hot standby: Two systems can be deployed to form a backup group, with one system as the active device and the other as the standby device. HRP synchronizes important configuration information and session table information between the active and standby devices to ensure successful switchover.

• Link reliability

  Binding of multiple physical Ethernet interfaces into one logical Eth-Trunk interface: improves the maximum data transmission efficiency from point to point. Meanwhile, if one physical link of the Eth-Trunk link fails, other links take over its traffic. This feature enables the SVN to apply to various networking environments, delivering high availability and satisfying heavy traffic scenarios.