SSL VPN
advertisement
Qno Technology Inc. Multi-Core Router Expert Presentation of QVF7411 & 7412 Broadband Product Series FQR Broadband Saring Series ARM FQR7103 3WAN MIPS64 Dual-Core FQR7111 2WAN FQR7109 2WAN FQR7110 4WAN FQR7200 3~4WAN MIPS64 Dual-Core 1G FQR7201 5WAN MIPS64 Advance Dual-Core FQR7202 4WAN FQR7203 5WAN FQR7204 8WAN 10/100M Gigabit VPN Product Series QVF VPN Series IPSec, PPTP ARM QVF7301 3WAN IPSec: 10 MIPS64 Dual-Core QVF7307 2WAN IPSec: 40 MIPS64 Single-Core QVF7303 2WAN IPSec: 100 MIPS64 Dual-Core QVF7305 4WAN IPSec: 200 MIPS64 Dual-Core 1G MIPS64 Advanced MIPS64 Advanced Dual-Core All-in-One QVF7411 2WAN SSL: 35 QVF7412 4WAN SSL: 60 QVF7413 5WAN SSL: 100 QVF7306 4WAN IPSec: 1000 FQR7414 4WAN SSL: 100~300 FQR7415 4WAN SSL: 100~700 10/100M Gigabit QVF Features I Online behavior management improves working efficiency → Block online video, stock websites, P2P software and special files Co-control of Qno Classical QoS and SmartQoS → Classical QoS for important services and SmartQoS for allocating bandwidth flexibly Exclusive Web QoS for Bandwidth Management can restrict the bandwidth of webpage browsing and videoing → No more slow speed of browsing the webpage because of web video viewing. High-Speed transmitting rate allows to connect several Internet lines → The transmitting rate of 64 byte packet surpasses 96Mbps Group Setting →IP/Application Services can be arranged in group for easy set up QnoDDNS →Free & stable DDNS service, assisting companies to establish own Domain Names QVF Features II E-Bulletin presents newest Information → Noticeable information will pop up when users open the browser. Allows to redirect users to specific web site when they close the pop out page. QRTG presenting the usage of CPU, RAM, WAN →Intuitive figure of using ratio. Don’t need to calculate by numbers any more High Availability, back up each other or use both devices at the same time → It used to be implemented in high-end equipment and is realized in FQR7109 & 7110(Optional). Inbound load balance distributes all the incoming traffic equally to each lines → Users don’t need to spend huge money on buying big bandwidth to offer application services such as web service(Optional) Coordinating with QnoSniff →Mirror port connects with QnoSniff to monitor online activities and network resources ( Optional) Typical Application Topology Administration Dept. ... Sales Dept. Finance Dept. ... OA Server ERP Server E-Mail Server Webpage Server… Intranet Switch Switch SSL VPN Internet VPN QnoSniff Mirror Port QVF7412 QVM Series IPSec VPN SSL VPN QVM VPN Branch I IPSec VPN Mobile User IPSec VPN QVM Series Branch II QVM Series Branch X….. - ERP - Webpage E-Mail - My Desktop - Network Neighborhood All-in-One VPN Multiple choices to establish VPN Different internet environment, different people( Executives, Sales & Technical Person and Customer services), could choose the most appropriate VPN Type Headquarter SSL/ QnoKey SSL On the way QnoKey PPTP In business SSL/ QnoKey SSL/QnoKey IPSec / QVM Internet Cafe Branch/Standalone Cooperation/ Supplier SSL VPN Connect to Headquarter safely anytime anywhere Access by opening the webpage SSL VPN Safe Access and Anti-Cracking - Anti password cracking -Graphic code for certification - On screen keyboard Fast SSL VPN Quickly establish safe tunnel Fast SSL VPN - Virtual Passage safe tunnel - Webpage services: webpage application(ERP, CRM..), internal pages(Intranet) - FTP services SSL VPN Host safety check Double-check mechanism - Account/Password Access - Host safety check (Windows XP) Antivirus software version Browser version Firewall Registry Specific files Access SSL VPN Virtual Routing - This function allows IP visiting to the 3rd ISP’s webpage and gaming server - Gaming players、VoIP caller、Web surfers can breakthrough the filter among nations Browsing news webpage/playing games Web Server SSL VPN Center ISP No. 3 Internet SSL Connection Gaming Server China IP SSL VPN Demanding different requirement Informational Applications in Businesses People in different position access different application services Businessmen Financial person Qno SSL Internet Technical person AD/Radius Database Control on user privilege simply by Identification SSL VPN Work anywhere even there is no computers News editor without notebook Authentication & Authorization Qno SSL VPN SSL Internet Mobile user Encryption Internet café/Other PC Editors could finish the article and send the E-mail even there is no Word/Outlook in Internet café/PC ! Encryption Intranet Well done! Servers SSL VPN User Portal UI after access Different privilege access different user portal Bookmarker can be self-defined SSL VPN Access Control Qno SSL Access Control Permission Legend Different privilege access different resources Open all the resources Open Remote Desktop, Network Neighborhood and VPN, but Internet items is only FTP Executives Mobile users Administrator Only open Internet service FTP and Microsoft Terminal Services Partners SSL VPN Easy managing configuration Administrators can set different privileges for different people in the managing UI SSL VPN SSO-Single Sign on SSO (Single Sing On) only require users to login one time to get SSL VPN connection and application services. ERP Headquarter Agencies Temporary Areas Branch Partners IPSec VPN Able to connect with other VPN devices Headquarter VPN Branch VPN 1. Passing VPNC and compatible with all other VPN devices 2. Flexible in setting 3. Heartbeat can improve the stability of VPN connections Smart Link VPN Easy and quick to establish VPN Highly security: deploying IPSec encryption Simple to use: only need to set IP, account and password Headquarter Branch VPN VPN Smart Link VPN VPN Back-up Highlight:VPN Back-up – Establishing VPN from other WAN port when original one lost connection. Headquarter Multi-WAN VPN Branch Smart Link VPN VPN Hub Highlight: VPN Hub –realizing intercommunication among branches by each connecting to Headquarter, which simplifies the management and solves the problem of small bandwidth between branches Branch Headquarter Branch Branch Smart Link VPN Central Management Highlights: Central Management – directly get into each branches’ UI and make settings or check problems Headquarter QnoKey One-key VPN connection in Client Managing user, server and resources centrally QnoKey Managing Side ERP/OA Servers Qno VPN Router QnoKey Client IPSec VPN System Administrator Giving to use after doing QnoKey settings here Remote User Input PIN, and VPN will connect automatically Performance Improve 1.5 times Small & Medium businesses now can experience the extreme speed of QVF7411 & 7412. Comparison figure of Multi-core CPU, Intel IXP266,533 64BytePacket Forwarding Unit:Mbps 100 90 80 70 60 50 40 30 20 10 0 96Mbps 64 30 IXP 266 IXP 533 MIPS64 Dual-Core QVF7411、QVF7412 Comparing of Multi-core and IXP Platform Following figure shows the usage rate of Intel IXP and multi-core’s CPU when handling 40,000 sessions Router with Intel IXP CPU usage ration is increasing all the time and reaching nearly 40%. However, multi-core is keeping no more than 10% stably. 100.00 80.00 60.00 Intel IXP 40.00 20.00 MIPS64 Multi-Core 0.00 1 6 11 16 21 26 31 36 41 46 51 56 61 200 sessions/sec, Total volumn up to 40000 sessions Services Accelerating Be able to speed up specific services’ data transmitting By hardware optimization, you can set some application services (service ports) to have higher priority in tansmittion, thus realizing the speed accelerating. Top Priority Internet SmartQoS Smart QoS operates according to a Bandwidth Using Ratio. ! Detecting illegal usage When Bandwidth Using Ratio exceeds the setting value, SmartQoS will be automatically activated and take actions in case of bandwidth shortage/waste. Exclusive Web QoS for Bandwidth Management Under this function, users could set bandwidth for applications using port 80 respectively to avoid tarrific jam. For example, a rational bandwidth setting on web video could eliminate influent on web browsing and let users enjoy a smooth surfing. Internet Webpage Browsing Web Video Online Behavior Management I Restriction for Special Webpage Access Java、 Cookies 、ActiveX 、Access to HTTP Proxy Servers Services Could Block: Specific File Type Block: RAR、Zip、EXE、Type、Flash、Gif、JPEG、MP3、PDF、PNG Online Behavior Management II Online Video Websites Block Total 31 Websites Bi-direction ARP Binding Except Router can bind IP and MAC of intranet computers, users can also download ARP binding utility to bind IP and MAC of router to reach Router and Intranet PCs binding each other. E-Bulletin Administrators could put the noticeable information on E-Bulletin. When users get online and open browser, the bulletin will pop up immediately. Notice No online game during working hours Administration Dept. Qno DDNS Free Dynimic Domain Name Service Free to provide exclusive dynamic domain name, which helps administrator to manage the routers of headquarter and branches by the domain names QRTG Graphical statistic I Sessions and CPU usage status are displayed in figures QRTG Graphical statistic II The traffic through WAN ports is presented in figures HA (High Availability) Two Qno Routers can be placed in one site to back up each other when main device is broken or work at the same time to share the loading. Internet WAN 1 WAN 2 Work at the same time or Use 2nd device as Backup LAN Business men Technique staff others Inbound load balancing The incoming requests from Internet to the Router will be distributed equally to each active WAN port. 3 2 4 5 6 1 Internet WAN 1 2 3 7 4 Qno Router Switch Switch Intranet OA Server ERP Server E-mail Server Web Server USB Interface Support Wireless broadband accessing USB port could connect 3G/3.5G card to provide Wireless broadband Service. Load Balance& Back-up WAN USB Wireless Broadband Energy-Saving Mode Router can automatically detect wire Internet status. If the connection is lost or the using ratio is surpassing the threshold, 3G/3.5G Wireless will be turned on to back up or share the traffic loading. LAN LAN LAN Detect ADSLs & Traffic Application Server ERP, OA, Web, Email EX: 3G/4G ADSL ADSL Internet Q&A Thank you
