| NSsp 12400 | NSsp 12800 | |
|---|---|---|
| TotalSecure Advanced Firewall Overview | ||
| Deep Packet Inspection Firewall | ||
| Stateful Packet Inspection Firewall | ||
| Unlimited File Size Protection | ||
| Protocols Scanned | ||
| Threat Prevention Services Available | ||
| Application Intelligence and Control | ||
| Intrusion Prevention Service | ||
| Gateway Anti-Virus and Anti-Spyware | ||
| Content & URL Filtering (CFS) | ||
| SSL Inspection (DPI SSL) | ||
| Capture Advance Threat Protection | ||
| Content Filtering Client (CFC)1 | Optional | Optional |
| Enforced Client Anti-Virus and Anti-Spyware1 | Optional | Optional |
| 24x7 Support | ||
| Firewall General | ||
| Interfaces | 4 x 40-GbE QSFP+, 16 x 10-GbE SFP+, 1 GbE Management, 1 Console | 4 x 40-GbE QSFP+, 16 x 10-GbE SFP+, 1 GbE Management, 1 Console |
| Management | CLI, SSH, Web UI, Capture Security Center, GMS | CLI, SSH, Web UI, Capture Security Center, GMS |
| Nodes Supported | Unrestricted | Unrestricted |
| Site-to-Site VPN Tunnels | 25,000 | 25,000 |
| IPSec VPN Clients (Maximum) | 2,000 (10,000) | 2,000 (10,000) |
| SSL VPN NetExtender Clients (Maximum) | 2 (3,000) | 2 (3,000) |
| VLAN Interfaces | 512 | 512 |
| Wireless Controller | ||
| Firewall/VPN Performance | ||
| Firewall Inspection Throughput2 | 58.4 Gbps | 120.3 Gbps |
| Threat Prevention Throughput3 | 33.5 Gbps | 67.5 Gbps |
| Application Inspection Throughput3 | 45.5 Gbps | 91.0 Gbps |
| IPS Throughput3 | 36.8 Gbps | 73.0 Gbps |
| Anti-Malware Inspection Throughput3 | 33.5 Gbps | 67.5 Gbps |
| IMIX Throughput | 14.8 Gbps | 29.0 Gbps |
| SSL DPI Throughput3 | 8.1 Gbps | 17.6 Gbps |
| VPN throughput4 | 24.5 Gbps | 47.0 Gbps |
| Maximum Connections (SPI) | 40,000,000 | 80,000,000 |
| Maximum Connections (DPI) | 16,000,000 | 32,000,000 |
| Maximum Connections (DPI SSL) | 800,000 | 1,600,000 |
| New Connections/Sec | 430,000/sec | 860,000/sec |
| Features | ||
| Logging | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog |
| Network Traffic Visualization | ||
| NetFlow/IPFIX Reporting | ||
| SNMP | ||
| Authentication | LDAP, XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) | LDAP, XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) |
| Dynamic Routing | BGP, OSPF, RIP | BGP, OSPF, RIP |
| Single Sign-on (SSO) | ||
| Voice over IP (VoIP) Security | ||
| PortShield Security | ||
| Port Aggregation | ||
| Link Redundancy | ||
| Policy-based Routing | ||
| Route-based VPN | ||
| Dynamic Bandwidth Management | ||
| Stateful High Availability | ||
| Multi-WAN | ||
| Load Balancing | ||
| Object-based Management | ||
| Policy-based NAT | ||
| IKEv2 VPN | ||
| TLS/SSL/SSH Decryption and Inspection | ||
| SSL Control | ||
| Auto-provision VPN | ||
| Biometric Authentication | ||
| DNS Proxy | ||
| Hardware Failover | Active/Standby with State Sync, Active/Active DPI with State Sync, Active/Active Clustering | Active/Standby with State Sync, Active/Active DPI with State Sync, Active/Active Clustering |
1. Services must be purchased separately.
2. Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
3. Full DPI/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. Threat Prevention throughput measured with Gateway AV, Anti-Spyware, IPS and Application Control enabled.
4. VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544.