McAfee L4 Networks Logo

Buy Now SG580

McAfee (formerly SnapGear) SG580

he McAfee Unified Threat Management (UTM) Firewall SG580 is a feature-rich, compact, network security appliance, which consolidates firewall, sophisticated intrusion-prevention, secure VPN access, anti-virus scanning and web content filtering on a single device. This reduces the complexity of network security deployments while lowering administration and maintenance requirements.

The SG580 is well suited to protecting central offices of small to medium-sized enterprises as well as branch offices of large enterprises. It enables offices to easily and safely connect their network of desktops, notebooks, PDAs, web and applications servers to the Internet via business-grade or consumer grade broadband, dedicated circuits from T-1 to T-3 or narrow-band connections (modem/ISDN). The SG580 provides connectivity and security features normally found in enterprise-class solutions.

With the inclusion of 5 Fast Ethernet ports, link fail-over and Internet session load balancing as well as multiple security zones, the SG580 can be deployed in a myriad environments. Should the primary broadband connection fail, the SG580 can fail over to a secondary link. Internet traffic can be balanced between them, increasing bandwidth for faster web pages and more concurrent downloads. Should there be a complete broadband failure the built-in dial-up connection can be automatically invoked. To further enhance web performance and reduce WAN bandwidth, the SG580 has a built-in Web proxy cache.

The SG580 provides layers of network protection. A powerful stateful-inspection firewall, service-based intrusion detection blocking and advanced Internet connection sharing protect the branch-office network from the Internet.

The SG580 also includes gateway e-mail virus scanning to stop many e-mail borne viruses before they reach desktop systems and servers. Finally, the SG580 also provides security policy enforcement across the network by probing desktops and servers in an attempt to identify vulnerable network services.

The SG580 provides default physical security zones (DMZ, Guest and LAN) on separate Ethernet segments. These can be reconfigured to create three departmental security zones or other custom configurations. If only one WAN connection is required the other can be configured as a fourth security zone. A remote office network can safely become part of a central office network, as the SG580 is also a cost-effective VPN appliance. The SG580 includes industry-standard secure VPN access methods (IPSec, PPTP, L2TP) with hardware-accelerated encryption. It is complementary to the SG710 and CyberGuard TSP appliances for medium to large-scale branch office to head office VPN deployments. For smaller multi-site deployments, the SG580 provides a cost-effective head office solution with SG300 or SG560 appliances installed as VPN end points at remote office locations.

Anti-Virus Features
The McAfee SG appliance’s antivirus capabilities shield your LAN from viruses that propagate through email, the web and FTP. An antivirus subscription is not required and virus definitions are automatically kept up-to-date. The McAfee SG appliance is equipped with proxies for POP, SMTP, HTTP and FTP that facilitate the transparent scanning of files passing through it. If a virus is detected, the user on your LAN sending or receiving the infected file or email is informed by an error message or error email, and the infected file or email is not delivered to its destination.

Web Cache Features
TWeb browsers running on PCs on your LAN can use the McAfee SG appliance’s proxy-cache server to reduce Internet access time and bandwidth consumption. A proxy-cache server implements Internet object caching. This is a way to store requested Internet objects (i.e., data available via HTTP, FTP, and other protocols) on a server closer to the user's network than on the remote site. Typically the proxy-cache server eliminates the need to re-download Internet objects over the available Internet connection when several users attempt to access the same web site simultaneously. The web site’s contents are available in the cache (server memory or disk) and quickly accessible over the LAN rather than the slower Internet link.

The McAfee SG appliance’s web cache may also be configured to pass off web transation requests or responses to a third-party ICAP server for processing, using its ICAP client. This is typically used to integrate a third-party virus scanning, content filtering or complete CSM solution, such as WebWasher

Features

Recommended for:

  • Full IPSec, PPTP & L2TP VPN client and server
  • Link Fail-over & Load Balancing
  • Intrusion Detection and Prevention
  • DMZ, Guest and LAN security zones
  • Web console for configuration and management
  • Snort IDS/IPS
  • Anti-virus (HTTP, POP, SMTP, FTP)
  • Web Cache
  • Fully interoperable with McAfee SG and TSP appliances and other standards-based security devices
  • SME and large branch offices
  • Central VPN for small multi-site networks
  • Networks with mobile and remote workers
  • Complementary VPN end-point for CyberGuard TSP Appliances
  • Suitable for ADSL, Cable and T1 to T3 circuits
  • Suitable for VPN up to 40Mbps (broadband and LAN-to-LAN)

Specifications


VPN - IPSec

  • VPNC-certified interoperability
  • Peer-to-peer (initiate and terminate)
  • ESP and AH payloads
  • Supports aggressive mode
  • Dead peer detection
  • Compression (deflate / gzip type algorithm)
  • DES 56-bit, 3DES 168-bit, AES 256-bit encryption
  • Hashes HMAC - MD5 and SHA-1 authentication
  • IKE/ISAKMP Diffie-Hellman key exchange
  • Diffie-Hellman Groups (1,2,5) and Oakley Groups (14,15,16) t4096-bits
  • X.509 certificates DER, PEM formats
  • Pre-shared secrets
  • Dynamic IP address end-points
  • Dynamic DNS IPSec support
  • Authentication up t2048-bit for RSA key signatures
  • Multiple subnets
  • NAT traversal
  • Up t200 IPSec tunnels
  • 42 Mbps IPSec 3DES(VPN/firewall)
  • 68 Mbps IPSec 3DES (VPN only)

VPN - L2TP

  • IPSec config Wizard
  • L2TP over IPSec
  • Autonomous L2TP
  • Client: NAT, default route via L2TP
  • Server: specify client IP address range

VPN - PPTP

  • v2 client and server
  • Pass-through mode als
  • MPPE 40 t128-bit RC4 encryption
  • PAP/CHAP/MS CHAPv2 authentication
  • L2TP & GRE tunneling extensions
  • Up t10 PPTP client tunnels
  • Up t25 PPTP server tunnels
  • Up t12 Mbps RC4 throughput

Firewall

  • Dynamic stateful inspection firewall
  • ICSA-certified
  • NAT - static and dynamic
  • NAPT/PAT - port forwarding
  • Connection sharing
  • 200 Mbps firewall performance
  • Intrusion Protection (Snort)
  • Security Policy Enforcement (Nessus)
  • Web proxy cache based on Squid
  • Ant-virus e-mail scanning
    - ClamAV (V2.3 firmware)

Network

  • Traffic shaping (QoS)
  • IP aliases
  • DHCP - client and server
  • PPPoE (for ADSL support)
  • Bridging (802.1d)
  • RIP, RIPv2, BGP, OSPF
  • RAS (dial-in)
  • Dial on demand
  • Fail-over / high availability
  • Traffic Load Balancing
  • DNS enhanced caching, masquerading, proxy, multiple DNS server proxying
  • 200 Mbps routed throughput
  • 200 Mbps PPPoE throughput

Management

  • Logging (local and remote)
  • NTP client and server
  • Web management
  • CLI (Telnet or SSH) device recovery
  • Initial set-up via either static IP address or dynamic IP address (DHCP client)
  • Administratin user accounts
    RADIUS / TACACS+

Hardware

  • Status LEDs
  • WAN port - 1x10/100BaseT
  • LAN ports - 4x10/100BaseT
    • WAN2, DMZ, Guest, LAN
  • Serial ports - 1 (dial-in, or dial-on-demand)
  • Memory - 16MB Flash, 64MB RAM
  • Real time clock
  • Power - 5V 1.5A
  • Weight - 1lb (500g)
  • Dimensions - 6.5"x4.5"x1" (168mmx115mmx26mm)
  • Operating temperature 0C t40C
  • Storage temperature -20C t70C
  • Humidity 0 t95%, non-condensing
  • Certification - home and office
  • Warranty - 1 year**
  • Ooptional Extended Three Year Warranty

**Except where required tbe 2 years by law


Description
1 Year Warranty
Upgrade 24x7 Phone Support & Next Business Day Hardware Replacement Warranty - 12 Mo nths
McAfee's Web Protection Service (learn more)
  • Anti-Malware (Antivirus & Anti-spyware)
  • URL Web filtering – preventing surfing to unwanted sites
  • Granular policies, Category based and customized rules based on employee needs and requirements
  • True reputation-based fltering Dynamic policy updates incorporating up-to-the-moment intelligence
  • Active web security Real-time scanning of web content to defend against both known and unknown threats
  • Transparent user identification Seamless and automatic enforcement of policies
  • Customizable alerts
  • Excellent reporting tools with user configurable dashboards (learn more)

 
TrustedSource AntiSpam Control for McAfee UTM/ Snapgear (learn more)

Buy Now