U2000 2-WAN Security Gateway/VPN Firewall
U2000 is the best choice of economic firewall for medium and large-sized enterprises.
With high-performance Intel IXP network processor, U2000 delivers higher availability of Internet access control and network protection against hacker attacks and intrusions. Besides, it also supports various VPN functions such as IPSec, L2TP and PPTP in easily establishing VPN connections.
Super abilities of defense against internal/external attacks: ARP spoofing attacks, port scanning, DoS/DDoS attacks, Worm.Blaster, Worm.Sasser, SQL slammer, etc. Ensure the stability and security of your router and network.
Support packet filtering based on source/destination IP address, protocols, ports, source/destination MAC address; Support application layer filtering based on URL and keywords; Support schedule-based ACL; Control the Internet access and protect the internal network against external attacks.
Support various VPN functions such as IPSec, L2TP and PPTP, which can be used alone or combined; Support dynamic IP address VPN connections; Support Site-to-site VPN, remote access VPN (client-to-site); VPN tunnels are restricted to 16, up to 16 concurrent tunnels. IPSec provides features of auto key (IKE) and manual key, ESP/AH protocols, DES/3DES/AES encryption algorithm, MD5/SHA-1 hash algorithm, main mode and aggressive mode, Anti-Replay and NAT Traversal.
2 WAN Ports and NAT
2 WAN ports are provided, which support mixed connections of DSL, fiber optical and Cable Modem. Under the PPPoE mode, 3 dial modes are provided: Always On, On Demand and Manual. Support Link Quality Monitoring (LQM); Offer management of dialing time (start time and end time), to prevent network waste from negligence. Under the DHCP mode, MAC address modification and cloning are available.
2-WAN ports design provides 2 Internet connections; Support load balancing and real-time backup; Support network flow distribution based on bandwidth ratio to optimize the bandwidth utilization; Support policy-based routing of different ISPs.
Support NAPT/NAT, routing and hybrid mode, which meet the needs of complicated networks; Support port forwarding and DMZ host for external services like HTTP, telnet and FTP, etc; Support NAT re-routing, reverse NAT and NAT ALG: FTP, PPTP and IPSec ESP, etc.
By introducing policy database, UTT router will process several complex policy-based routings as a policy database. The database can be auto updated similar to Windows Update. It simplifies the configuration and avoids cumbersome maintenance for customers. To solve the frequent updating problems of various software like QQ, MSN, P2P, UTT employees will collect all the information and update policy database immediately.
Policy database realizes the convenient one-click operations of ARP Spoofing defense, DoS/DDoS attack defense, virus attack defense, IM (QQ, MSN) blocking and P2P (emule, BitTorrent) blocking, which greatly simplify the configuration.
Provide policy-based routing of different ISPs. Instead of adding static routings one by one, what you should do is only to update the policy database.
Algorithm-based bandwidth control will optimize the bandwidth utilization. Restrict software such as BT, P2P effectively. Enable the normal hosts to exceed the max speed occasionally and reduce the speed of the hosts which usually use P2P software.
Support bandwidth control based on schedule; when the network is high loaded, bandwidth control will be enabled to ensure all the users can receive rational bandwidth; while the network is low loaded, bandwidth control will be disabled. Therefore, administrator will easily maintenance the network and make sure that all users can access to the Internet with high speed.
Restrict the max number of concurrent NAT sessions, TCP sessions, UDP sessions and ICMP sessions, which will effectively prevent overloading download software like P2P and ensure the other hosts' connections smooth from stopping the bandwidth waste of PCs which suffered from computer virus.
Offer personal policy to realize the requirements for UTT customers. Each computer of internal network can take different policy (bandwidth limit, Max NAT sessions, IM block, P2P block. etc) according to the needs of customers. This user administration enhances the flexibility of management and reduces the workload of the network administrator.
Support IP/MAC address binding, invalid IP address or MAC address filtering and easy blacklist and whitelist setting. What's needed to pay attention is that UTT router supports binding all the dynamic IP/MAC entries with only one-click operation. Besides, with the function of ARP broadcast control, the router can protect LAN hosts against ARP spoofing attacks.
Support port mirroring; Offer real-time details on each port; Provide ability of sending a copy of all network packets seen on one switch port to a network monitoring connection on another switch port. Port mirroring will simplify network monitoring so that the administrator can control network flow, analyze performance and diagnose faults easily.
Offer different modes of monitoring and diagnosis, which can monitor network access dynamically and help the administrator to trap and resolve the network fault quickly. This function can especially enable ability of discovering the network abnormality and abnormal hosts.
Network administrators can quickly discover the abnormal phenomena of slow network through watching the bandwidth of each port, the uploading/downloading bandwidth of each user and NAT sessions of each user.
Configuration and Management
Offer user-friendly Web interface which delivers an easy-to-use platform with rich functions. Quick Wizard will help customers to complete the initial settings in short time. Support traditional Command Line Interface (CLI) with more functions. You can use both Web and CLI to manage the remote devices.
Support configuration backup and restore through TFTP and Web, etc. You can save the current configuration file into your computer and import the configuration file into the UTT router.
Support SNMP interface for remote management of SNMP server. Support Syslog for remote messages forwarding from Syslog server.
- Support connection via DSL, FTTx+LAN and Cable Modem
- 4 LAN ports, 2 WAN ports
- 10/100M LAN/WAN port, auto MDI/MDIX, Auto-Negotiation
- Support express forwarding, throughput up to 200 Mbps, 80 Kpps
- Packet filter based on address, protocol and port
- Layer 7 filter based on URL, keyword and website
- Support NAT session limit
- Support bandwidth control
- Support DHCP Server, DHCP Client, and DHCP Static Binding
- Support IP/MAC binding
- Support DDNS
- Support DNS Proxy
- Support port mirroring
- Support schedule management
- Support SNTP
- Support port-based VLAN
- Support MSN traversal
- Support UPnP
- Support VPN pass-through of L2TP, PPTP and IPSec
- Support IPSec, L2TP and PPTP VPN
- UTT routers: http://uttglobal.com/products.php?typeid=27