IG2000-U is IntruGuard’s latest and highest capacity model useful for data centers. The model has higher capacity engine designed for higher granularity in parsing. This model has redundant power supplies and redundant hard disks. It supports copper or fiber interfaces. Initial license starts at 4 VIDs and 1 Internet link protection. These can be upgraded to 8 VIDs, 2 Internet links protection as the business grows. Such a license based upgrade ensures that the initial investment is protected for future.
| Feature |
IG2000-U |
| Submodels |
- IG2000-U-4 with 4 VIDs
- IG2000-U-8 with 8 VIDs
|
| Packet Inspection Technology |
- Granular Packet Inspection
- Stateful Analysis Firewall
- Chip(ASIC, FPGA)
- Continuous, Adaptive rate limiting
|
| Multi-Verification Process |
- Dynamic Filtering
- Active Verification
- Anomaly Recognition
- Protocol Analysis
- Rate Limiting
- White-list, Black-list, Non-tracked subnets
- State Anomaly Recognition
- Stealth Attack filtering
- Dark address scan prevention
- Source Tracking
- Legitimate IP address Matching (for anti-spoofing)
|
| Flood Prevention Schemes |
- SYN Cookie, ACK Cookie, SYN Retransmission
- Connection Limiting
- Aggressive Aging
- Legitimate IP Address Matching
- Source Rate Limiting
- Source Tracking
- Granular Rate-limiting
|
| Packet Inspection Depth |
|
| Layer 3 Floods Handled |
- Protocol Flood (all 256)
- Fragment Flood,
- Source Flood,
- Destination Flood,
- Dark Address Scan
|
| Layer 4 Floods Handled |
- TCP Ports (all 64K),
- UDP Ports (all 64K),
- ICMP Type/Codes (all 64K),.
- Connection Flood,
- SYN Flood,
- Excessive SYNs/Source/Second,
- Excessive Connections Establishment/second,
- Zombie Flood,
- Excessive Connection/Source flood,
- Excessive Connections/Destination flood,
- TCP state violation floods
|
| Layer 7 Floods Handled |
- Opcode Flood
- HTTP URL GET Flood
- User-agent Flood
- Referer Flood
- Cookie Flood
- Host Flood
|
| Realtime diagnostics |
- Top 100 Servers
- Top 100 Tuples
- Top 100 Ports
- Top 100 Currently Denied Sources
- Top 100 Sources
- Top 100 URLs
- Top 100 User-Agents
- Top 100 Referers
- Top 100 Hosts
|
| Visibility, ACLs, Bandwidth Controls |
Yes |
| Traffic and Event Analysis |
Yes |
| Reconnaissance and
Header and State Anomaly Prevention |
Yes |
| No. of Virtual Identifiers |
4, 8 |
| Aggregate Throughput |
2000 Mbps
(1000 Mbps Full Duplex) |
| Simultaneous Connections |
1,000,000 |
| Session Setup/Teardown Rate |
100,000/second |
| SYN Flood Handling capacity |
3M packets/second |
| Latency |
Under 50 microseconds |
| DDoS Attack Mitigation
Response Time |
Under 2 seconds |
| Physical Interfaces |
4×10/100/1000 Mbps Copper, optioal Fiber
(2 can be used for HA or for Forensics)
1×10/100 Mbps Copper for Management |
| Redundancy |
Redundant Power Supplies
Redundant Hard Disks |
| Propgate Link State Change (PLSC)/ Link Down Synchronization |
Yes |
| Chassis |
2-U rack mountable |
| Field Upgradability |
Can be upgraded in field through a license file to support 2000 Mbps (1000 Mbps Full Duplex) and up to 8VIDs |
| Management |
|
| Centralized Event Reporting |
- GUI
- SNMP
- Email/Pager
- Support for MRTG, Cacti
|
| Audit and Access Trails |
- Login trail
- GUI access trail
- Audit trail for configuration changes
|
| Links Protected |
One Internet Link is protected by default. Second link is protected on payment of additional license fees. |
Model
Feature |
IG2000-U-4 |
IG2000-U-8 |
| Power Supply |
Redundant |
Redundant |
| Hard Disk |
Redundant |
Redundant |
| Hard Disk Space (GB) |
750 |
750 |
| Interface speed (Mbps) |
1000 |
1000 |
| Interface Type |
Copper
Optional Fiber |
Copper
Optional Fiber |
| Packets per second handling capability under attack |
3 M PPS |
3 M PPS |
| Attack Mitigation Time |
<2 seconds |
<2 seconds |
| VIDs
(Independent policy sets) |
4 |
8 |
| Networks/ VID |
512 |
512 |
| Dark Address Subnets (for blocking continents, countries, subnets) |
512 |
512 |
| Non-tracked Subnets
(For whitelisting networks) |
512 |
512 |
| No. of Sources monitored |
1M |
1M |
| No. of Destinations monitored |
1M |
1M |
| No. of Concurrent Connections monitored |
1M |
1M |
| No. of concurrent three-way handshakes monitored |
2M |
2M |
| No. of ports monitored |
64Kx4 |
64Kx8 |
| Layer 7 Floods – HTTP URLs tracked |
64K/VID x 4 VIDs |
64K/VID x 8 VIDs |
| Layer 7 Floods- Cookie Flood, User-agent flood, Hostname Flood, Referer Flood |
512 hashes/VID for each of the items x 4 VIDs |
512 hashes/VID for each of the items x 8 VIDs |
