CS-2001

UTM Content Security Gateway

 
 
The innovation of the Internet has created a tremendous worldwide opportunities for e-business and information sharing; however, it also brings network security issues. The request of information security becomes the primary concern for the enterprises. To fulfill the demand, PLANET introduces the UTM Content Security Gateway CS-2001, the next generation of the CS-2000, to support the enterprises build up the secure network protection. For further IP compatibility, it supports IPv6 as well.
 
The CS-2001 adopts Heuristics Analysis to filter spam emails and virus, and its auto-training system can increase the spam emails identification. The CS-2001 has built-in 500GB Hard Disk to store the spam email in quarantine. The Anti-Virus application has dual virus scan engines - Clam and Sophos to effectively detect viruses, worms and other threats from emails and Internet. Moreover, it helps the administrators to monitor the email status easily via email reports by Daily, Weekly, Monthly and Yearly
 
Besides filtering spam and virus emails, the CS-2001 presents the IDP (Intrusion Detection and Prevention) and firewall functions to defense hackers and blaster attacks from Internet or Intranet. The comprehensive functions in one device provide enterprises security solutions for better secure environment than ever.
 
The CS-2001 supports most of popular security features including Content Blocking to block specific URL, Scripts, IM/P2P program, Authentication, IPSec, PPTP VPN server/Client, SSL VPN, QoS, High Availability, Inbound Load-Balancing and etc. Furthermore, it provides higher performance with all Gigabit Ethernet interfaces which offer faster speeds for your network applications. The Gigabit user defined interfaces flexibly fulfill the network requirement nowadays, and the multiple WAN interfaces enable the CS-2001 to support Outbound/Inbound load balance and WAN fail-over features. As the result, the VPN not only can configure Trunk mode but also provide VPN fail-over and load balance features which is a VPN redundant mechanism to keep the VPN always alive.
 
Ordering Information
CS-2001 UTM Content Security Gateway
UTM Content Security Gateway

PLANET UTM Content Security Gateway, CS-2001, is a specially designed security gateway with virus and spam filtering features. As the gatekeeper of corporate security network, the CS-2001 prevents corporate intranet from being infected by virus and its network resource being occupied by useless spam emails. Furthermore, IDP, User Authentication and Content Filter features of the security gateway offer the corporate intranet highly secure protection. The CS-2001 also provides the IPSec, SSL VPN, and PPTP VPN solutions for secure data delivery via VPN tunnel.
 
 
Ordering Information
CS-2001 UTM Content Security Gateway
• All Gigabit user defined Interface: 
The CS-2001 not only supports all Gigabit Ethernet interfaces to provide higher performance but is also able to be defined the interface role for your network environment.

• IPv6: 
IPv6 is designed to success the IPv4 version. The CS-2001 implements the new IP version for further compatibility of network environment.

• Anti-Spam Filtering: 
Multiple defense layers (Spam Fingerprint, Blacklist & Whitelist,Bayesian Filtering, Spam Signature, Graylist, Checking sender account and IP address in RBL), and Heuristics Analysis help to block over 95% of spam mails. Customizable notificationoptions and spam mail report are provided for the administrators. Varied actions to spam mails include Delete, Deliver, Forward and Store in the quarantine. It also has built-in auto-training system to improve the spam emails identification substantially.

• Anti-Virus Protection: 
Built-in dual virus scan engines can detect viruses, worms and other threats from email transfer and can scan mission-critical content protocols, SMTP and POP3 in real time to provide maximum protection. It provides customizable notification options and virus mail report for the administrators. Varied actions to virus mails include Delete, Deliver, Forward and Store in the quarantine.

• Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS:
The CS-2001 can filter the virus from various protocols. The virus pattern can be updated automatically or manually.

• VPN Connectivity:
The CS-2001 supports several VPN features -- IPSec VPN, SSL VPN and PPTP server/client. The VPN Tunnel with DES / 3DES / AES encryption and SHA-1 / MD5 authentication provides secure network traffic over public Internet. VPN Wizard helps the administrators to configure VPN settings easily.

• SSL VPN:
SSL VPN allows users to easily establish VPN connections for transferring the data by SSL encryption via web browser without the need of any software or hardware installation. 

• VPN Trunk:
VPN trunk function provides VPN load balance and VPN fail-over feature to keep the VPN connection more reliable.

• Content Filtering:
The CS-2001 can block network connection based on URLsScripts (The Pop-up, Java Applet, cookies and Active X), P2P (eDonkey, Bit Torrent, WinMX and more), Instant Messaging (MSN, Yahoo Messenger, ICQ, QQ, Skype and Google Talk) and Download / Upload. If there are update versions of P2P or IM software in client side, the CS-2001 will detect the difference and update the Content Filtering pattern to renew the filtering mechanism.

• IM Recording:
Built-in IM Recoding function can help you record and monitor the use of MSN and QQ messenger. This can prevent productivity losses from personal use and confidentiality breaches from information leaks.

• IDP(Intrusion Detection and Prevention):
Built-in IDP function can detect the intrusions and prevent the network from Hacker attacks, Anomaly Flow and Signatures from the Internet. The CS-2001 provides three kinds of the signatures to complete the intrusion detection system. Users can select to configure "Anomaly","Pre-defined" and "Custom" according to the current environment request. 

• Policy-Based Firewall:
The built-in Policy-Based firewall prevents many well-known hacker attacks including SYN attack, ICMP flood, UDP flood, Ping of Death, and etc. The access control function specifies WAN or LAN users to use authenticated network services only on specified time.

• QoS:
Network packets can be classified based on IP address, IP subnet and TCP / UDP port number and offer guarantee of maximum bandwidth with three levels of priority.

• User Authentication:
Web-Based authentication allows users to be authenticated via web browser. User database can be configured on the CS-2001 and it also supports the authenticated database through external RADIUS, POP3 and LDAP server.

• WAN Backup:
The CS-2001 can monitor each WAN link status and automatically activate backup links when a failure is detected. The detection is based on the configurable target Internet address.

• Outbound Load Balancing:
The network sessions are assigned based on the user configurable load balancing modes including "Auto", "Round-Robin", "By Traffic", "By Session" and "By Packet". Users can also configure IP or TCP / UDP type of traffic and assign which one of the two WAN ports for connection.

• Inbound Load Balancing:
The CS-2001 provides the Inbound Load Balancing is provided for enterprises internal server to reduce the server loading and system crash risks in order to improve the server working efficiency.

• Multiple NAT:
Multiple NAT allow local ports to be set in multiple subnets and connect to the Internet through different WAN IP addresses.

• VLAN:
The CS-2001 provides IEEE 802.1Q Tagged VLAN and the VLAN groups which allows the administrator to install the network flexibly.

• High Availability:
The CS-2001 provides the High Availability function and the redundant system to keep the network traffic active when the device crash down.
 
Ordering Information
CS-2001 UTM Content Security Gateway
Hardware
Ethernet Undefined Ethernet port 4 x 10 / 100 / 1000Base-T RJ-45, Auto-Negotiation, Auto MDI / MDI-X
Console 1 x RS-232 (9600, 8, N, 1)
Hard Disk 500 GB
Hardware Watch-Dog Auto reboot when detecting system fail
Software
Management Web (English, Traditional Chinese, Simplified Chinese)
Operation Mode DMZ_Transparent, DMZ_NAT, NAT
Routing Protocol Static Route, RIPv2, OSPF, BGP
Concurrent Sessions 1,000,000
New session per second 10,000
Email Capacity per Day (mail size 1098 bytes) 2,000,000
Firewall Performance 1.6Gbps incoming and outgoing
SSL VPN Performance 80Mbps
IPSec VPN Performance (With 3DES) 100Mbps
Firewall Security ■ Policy-Based access control
■ Stateful Packet Inspection (SPI)
■ NAT / NAPT
Multiple subnet ■ Max Supports max 64 multiple subnets.
■ With VLAN id feature to assign multiple subnets
■ VLAN trunk support
VPN Tunnels (Connection / Configure) 200 / 1000
VPN Function ■ IPSec, SSL VPN, PPTP server and client
■ DES, 3DES and AES encrypting
■ SHA-1 / MD5 authentication algorithm
■ Remote access VPN (Client-to-Site) and Site to Site VPN
IM Recording ■ QQ / MSN Account Manager 
■ Periodic Report Scheduling / Send report to e-mail
■ IM Conversation logs and statistics chart
Content Filtering ■ URL Blocking
■ Script Blocking (Popup, Java Applet, cookies and Active X)
■ IM blocking (MSN, Yahoo Messenger, ICQ, QQ, Skype, Google Talk and more)
■ P2P blocking (eDonkey, Bit Torrent, WinMX and more)
■ Download and Upload blocking
IDP (Intrusion Detection and Prevention) ■ Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS
■ Automatic or manual update virus and signature database
■ Anomaly: Syn Flood, UDP Flood, ICMP Flood and more
■ Pre-defined: Backdoor, DDoS, DoS, Exploit, NetBIOS and Spyware
■ Custom: User defined based on TCP, UDP, ICMP or IP protocol
■ Yearly, Monthly, Weekly and Daily Report support
Anti-Spam ■ Inbound scanning for external and internal Mail Server
■ Support Spam Fingerprint, Bayesian, Signature, RBL and Graylistfiltering, checking sender account and IP to filter the spam mail 
■ Black list and white list support auto training system
■ Action of spam mail: Delete, Deliver to the recipient, forward to anaccount and store in quarantine
■ Yearly, Monthly, Weekly and Daily Report support
QoS ■ Policy-Based bandwidth management
■ Guarantee and maximum bandwidth with 3 priority levels 
■ Classify traffics based on IP, IP subnet, TCP / UDP port
User Authentication ■ Built-in user database with up to 500 entries
■ Supports local database, RADIUS, POP3 and LDAP authentication
Logs ■ Traffic Log, Event Log and Connection Log
■ Log can be saved from web, backup by e-mail or syslog server
Accounting Report ■ Record Inbound and Outbound traffic’s utilization by Source IP,Destination IP and Service
■ Backup Accounting Report for Outbound and Inbound traffic
Statistics WAN Ports traffic statistic and policies statistic with graph display
Others ■ Dynamic DNS
■ NTP support
■ Multiple Server load balancing
■ Outbound / Inbound load balancing
■ High Availability
■ SNMP v1, v2, v3

Ordering Information
CS-2001 UTM Content Security Gateway

Datasheet

Date Version Description Download
2012-05-18 1.0 CS-2001

Firmware

Date Version Description Download
2012-04-10 2.1100 Initial Release

Quick Guide

Date Version Description Download
2012-03-09 2.0 Initial Release

User's Manual

Date Version Description Download
2012-03-30 2.0 Initial Release

EC Declaration

Date Version Description Download
2012-08-10 2.0 EC Declaration
Ordering Information
CS-2001

UTM Content Security Gateway