Datasheets firewall Cisco ISA-3000-2C2F-FTD
|
Specification
|
Port
|
2x 10/100/1000Mbps RJ45 ports
2x 1G SFP ports
|
Hardware
|
● 4-core Intel ® Atom ® processor (industrial temp.)
● 8-GB DRAM (soldered down)
● 16-GB onboard flash memory
● mSATA 64GB
● 1-GB removable SD flash memory card (industrial temp.)
● Mini-USB connector for console
● RJ-45 traditional console connector
● Dedicated 10/100/1000 management port
● Hardware-based anti-counterfeit, anti-tamper chip
● Factory reset option
|
Alarm I/O
|
● Two alarm inputs to detect dry contact open or closed
● One Form C alarm output relay
|
Dimensions (WxHxD)
|
● 11.2 x 13 x 16 cm (4.41 x 5.12 x 6.30 in.)
|
Weight
|
● 1.9 kg (4.2 lb)
|
Power supply and ranges
|
● Dual internal DC
● Nominal: ± 12V DC, 24V DC, or 48V DC
● Maximum range: 9.6V DC to 60V DC
● Power consumption: 24W
|
Mean time between failures (MTBF)
|
● ISA-3000-2C2F: 376,580 hours
|
Performance
|
Throughput: NGIPS (1024B)
|
500 Mbps
|
Throughput: Firewall (FW) + Application Visibility and Control (AVC) (1024B)
|
375 Mbps
|
Throughput: FW + AVC + Intrusion Prevention System (IPS) (1024B)
|
350Mbps
|
Maximum concurrent sessions, with AVC
|
50
|
Maximum new connections per second, with AVC
|
2700
|
IPsec VPN throughput
(1024B TCP with Fastpath)
|
50 Mbps
|
Maximum VPN peers
|
25
|
Application Visibility and Control (AVC)
|
Standard, supporting more than 4000 applications as well as geo locations, users, and websites
|
URL filtering
|
More than 80 categories
More than 280 million URLs categorized
|
Defined interfaces
|
200, 400 (with SecPlus license on ASA), 400 (FTD)
|
VLAN counts
|
5, 100 (with SecPlus license on ASA), 100 (FTD)
|
IPv4 MACsec Access Control Entries (ACEs)
|
1000 with default TCAM template
|
NAT
|
Bidirectional, 128 unique subnet NAT entries, which can expand to tens of thousands of translated entries if designed properly
|
Feature
|
Proven, extensible access control
|
● Enforces ISA99/IEC 62443 segmentation needs
● Stateful inspection (Layers 2 through 7)
● Transparent and routed firewall operation modes
● Provides features to enable electronic security perimeter (ESP) for NERC-CIP compliance
● Next-Generation Intrusion Prevention System (NGIPS)
● Identity-based access control policies (users, devices, SGTs, etc.)
● VPN: Remote Access, site-to-site
|
Application control
|
● Visibility and control of all DMZ infrastructure
● Visibility and control of industrial applications
● Visibility and control of individual protocol commands and values
● ICS/OT protocol visibility and/or control
|
Remote access enablement and control
|
● Network access control via Cisco AnyConnect ®
● Cisco ISE support
● Site-to-site VPN
● Remote Access VPN
● Cisco Secure Desktop
● Support for Citrix and VMware clientless connections
|
Multilevel access controls
|
● Global block lists — automated or manual
● Global allow lists
● Third-party intelligence feed utilization
● File allow lists
● File block lists
● Application-level access control
● 802.1X support
|
Cisco TrustSec® controls
|
● In-band and out-of-band identity
● Active Directory integration
● Policy based on SGTs
● 802.1X support
● MACsec and MAC Authentication Bypass (MAB) support
● Enforces endpoint security state for remote access
|
Uncompromising threat detection and protection
|
● Leverages industry-leading rules developed by Cisco Talos research teams
● Over 55,000 rules, providing the widest range of protection anywhere
● Hundreds of industrial-focused rules
● Industrial equipment exploit protection rules
● Protocol abuse identification
● Protection for web-based control systems
● Network behavior analytics
● Passive device discovery
|
Threat network mapping
|
● Passive device identification
● Mobile device identification
● Application host network mapping
● Vulnerability/host network mapping
● User/host network mapping
|
Threat discovery
|
● Indicators of Compromise (IoC) tracking
● OpenAppID — open community ID system
● Correlation policies and responses
● Traffic variance detection
● Router-based remediation actions
● NetFlow tracking
● 55,000+ threat identifiers
● Customizable identifiers
● Can create wholly new identifiers
● Widest identifier contributorship
|
File tracking
|
● Approved file trace
● Suspect file trace
● Malware match
|
DMZ infrastructure
|
● DNS services
● Dynamic Host Configuration Protocol (DHCP) services
● Authentication, authorization, and accounting (AAA) support
● IP routing (v4 and v6)
|
Layer 3 routing
|
● IPv4 static routing
● Dynamic routing (Routing Information Protocol [RIP], Enhanced Internet Gateway Routing Protocol [EIGRP], Intermediate System to Intermediate System [IS-IS], Open Shortest Path First [OSPF], and Border Gateway Protocol [BGP])
|
Network Address Translation (NAT)
|
● Static NAT
● With port translation, one-to-many, nonstandard ports
● Dynamic NAT
● Dynamic Port Address Translation (PAT)
● Identity NAT
|
Layer 2 IPv6
|
● IPv6 host support, HTTP over IPv6, Simple Network Management Protocol (SNMP) over IPv6
|
Trunking
|
● 802.1q trunks supported
|
Logging
|
● Local logs, syslog, Security Analytics and Logging (SAL), eStreamer, and Log in the management application
● Proven integration with leading security information and event management (SIEM) systems (QRadar, Splunk, etc.)
|
Bạn đang cần tư vấn về sản phẩm: ISA-3000-2C2F-FTD ?