DefensePro IPS & Behavioral protection: Specification Sheet

DefensePro IPS and Behavioral Protection

Technical Product Information

Product Models
DefensePro x420 Series
Designed for large data centers protection deployed by large enterprises, eCommerce and service providers
Models:

DefensePro 40420 (up to 40Gbps)

DefensePro 30420 (up to 30Gbps)

DefensePro 20420 (up to 20Gbps)

DefensePro 10420 (up to 10Gbps)

Upgrade options are available from model 10420 and up to 40420
DefensePro x412 Series
Designed for large data centers protection deployed by large
enterprises, eCommerce and service providers
Models:

DefensePro 12412 (up to 12Gbps)

DefensePro 8412 (up to 8Gbps)

DefensePro 4412 (up to 4Gbps)

Upgrade options are available from model 4412 and up to 12412
DefensePro x016 Series
Designed for medium sized data centers protection deployed by
large enterprises, eCommerce and service providers
Models:

DefensePro 3016 (up to 3Gbps)

DefensePro 2016 (up to 2Gbps)

DefensePro 1016 (up to 1Gbps)

Upgrade options are available from model 1016 and up to 3016
DefensePro x06 Series
Designed for small to medium sized data centers protection and
Internet Gateway
Models:

DefensePro 2006 (up to 2Gbps)

DefensePro 1006 (up to 1Gbps)

DefensePro 506 (up to 500Mbps)

Upgrade options are available from model 506 and up to 2006

Page 1

DefensePro IPS & Behavioral protection: Specification Sheet

Product Features
Feature
Protections
Network Wide Protections
Behavioral DoS

Protect against known and zero-minute DoS/DDoS flood attacks that misuse network
bandwidth resources including: TCP Floods, UDP floods, ICMP floods, IGMP floods and
fragmented attacks.
DNS Protection

Protect DNS critical infrastructure against flood attack that misuse DNS server resources.
Malware Propagation

Prevent zero-minute malware spread by already infected hosts.

Prevention and Anti

Prevents network pre-attack probes (Reconnaissance) including horizontal and vertical TCP
Scanning
& UDP scanning, stealth scanning and ping sweeps.
RSA FraudAction

Real-time Anti-Trojan and Anti-Phishing service, targeted to fight against financial fraud,
feeds
information theft and malware spread. Based on real-time reputation feeds from RSA Anti
Fraud Command Center (AFCC).
Server Protections
SYN Protection

Protect against any type of SYN flood attacks using advanced SYN authentication
mechanisms
HTTP flood protection

Protect against HTTP page flood attacks that misuse web server resources.
SSL attacks protection

Protect against HTTPS attacks

Server-Cracking

Block brute force and dictionary attacks targeting to defeat server authentication schemes
Protection
including Mail servers (SMTP, POP3, IMAP), FTP servers, SIP servers, MS-SQL and
MYSQL servers.

Web sites application vulnerability scanning and hacking protection.

SIP Invite and Bye floods prevention.

Connection Limit
Defend against connection based attacks such as half open SYN attacks, request attacks and
full session attacks.
Vulnerability-based protections
Signature Protections
Protects against known application vulnerabilities and common malware including:

Web application protection, Mail servers protection, FTP servers protection, DNS
Vulnerabilities, SIP vulnerabilities, SNMP Vulnerabilities, Microsoft vulnerabilities, Worms
and Viruses, Backdoors and Trojans, Cross-Site Scripting, SQL Injections, Spyware, LAN
Protocol and Services Protection (RPC, NetBIOS, Telnet etc.), Generic Payloads (Remote
Execution, Shellcodes).

Security updates service (SUS) - weekly updates and emergency updates.

User-defined Attack Signatures.

Protocol Compliance

RFC compliance for various protocols including TCP, ICMP, DNS, HTTPS, SMTP, IMAP,
POP3, FTP, SSH.
Stateful Operation
TCP Stream Reassembly, IP Defragmentation.
Bandwidth Management and Access Control
Bandwidth

Guarantee bandwidth per application (granular, per user or session basis).

Management

Limit bandwidth per application.

Limit P2P protocol traffic per session.

Access Control
Access Lists per IP address & protocol; Black/White Lists per IP address per feature.
Supported protocols
More than 100 protocols are supported including TCP, ICMP, DNS, HTTP, HTTPS, SMTP,
IMAP, POP3, FTP, Telnet, SSH, SIP, Skinny (SCCP), H.223, RTP, SNMP, MySQL, MS-SQL
(TDS) and LAN-centric protocols (RPC, NetBIOS) etc. Additional protocols can be defined by the
user.
Management
Alerting
SNMP V1, 2C &3, Log File, Syslog, E-mail.
Forensics
Attack Packet Logging, In-depth Attack Footprint Analysis, Attack Details and Statistics.
Configuration
SNMP V1, 2C, 3, HTTP, HTTPS, SSH, Telnet, SOAP API, Console (user selectable).
Time Synchronization
Network Time protocol (NTP)
Export Real-Time
Northbound XML interface exporting behavioral parameters such as:
Signature information

Normal traffic patterns.

Attacks real-time signatures of ongoing DoS/DDoS attacks and malware propagation and
anti scanning.

Page 2

DefensePro IPS & Behavioral protection: Specification Sheet

Product Specifications

DefensePro
Model

506 IPS &

Behavioral
Protection

1006 IPS &

Behavioral
Protection

2006 IPS &

Behavioral
Protection

1016 IPS &

Behavioral
Protection

2016 IPS &

Behavioral
Protection

3016 IPS &

Behavioral
Protection

Network
Perimeter
Core Network
Location
Hardware
OnDemand Switch VL-S1; Dual PS option is:
OnDemand Switch 2S1; Dual PS option is: OnDemand
Platform
OnDemand Switch VL-S2
Switch 2S2
1
Performance
2
Capacity
500Mbps
1Gbps
2Gbps
1Gbps
2Gbps
4Gbps
3
Throughput
500Mbps
1Gbps
2Gbps
1Gbps
2Gbps
3.6Gbps
Max
2,000,000
2,000,000
Concurrent
Sessions
Maximum
1,000,000 packets per second
5,000,000 packets per second
DDoS Flood
Attack
Prevention
Rate
Latency
< 60 micro seconds
< 60 micro seconds
Real time
Detect and protect attacks in less than 18 seconds
Detect and protect attacks in less than 18 seconds
signatures
Inspection Ports
10/100/1000
4
12
Copper
Ethernet
GE (SFP)
2
4
10GE (XFP)
10/100/1000
2
2
Copper
Ethernet
RS-232
1
1
Operation Mode
Network
Transparent L2 Forwarding
Operation
Deployment
In-line; SPAN Port Monitoring; Copy Port Monitoring; local out-of-path; Out-of-path mitigation (scrubbing center
Modes
solution)
Tunneling
VLAN Tagging, L2TP, MPLS, GRE, GTP
protocols
support
IPv6
Support IPv6 networks and block IPv6 attacks
Jumbo Frame
Supported
Inspection
Policy Action
Block & Report, Report Only
Block Actions
Drop packet, reset (source, destination, both), suspend (source, src port, destination, dest port or any combination),
Challenge-Response for HTTP and DNS attacks

Actual performance figures may change per network configuration, traffic type, etc.
Capacity is measured as maximum traffic forwarding when no security profiles are configured.
3
Throughput is measured with behavioral IPS protections and signature IPS protections using eCommerce protection
profile.
2

Page 3

DefensePro IPS & Behavioral protection: Specification Sheet

High Availability
Fail-open /
Internal fail-open/fail-close for copper ports; internal
Internal fail-open/fail-close for copper ports; internal fail5
fail-close
fail-close for SFP ports; optional fail-open for SFP
close for SFP ports; optional fail-open for SFP ports
4
ports
Dual Power
Optional
Optional
Supply
Advanced
Yes
Yes
internal
overload
6
mechanism
ActiveYes
Yes
Passive
cluster
Physical
Dimensions
424x457x44
424x600x44 (1U)
(W x D x H)
Dual PS option: 424x600x88 (2U)
mm
Weight (lb, kg)
15.9, 7.2
20.9, 9.5
Dual PS option is 19.2, 8.7
Dual PS option is 24.0, 10.9
Power Supply
Auto range: 100V-120V/200V-240V AC 47-63Hz or
Auto range: 100V-120V/200V-240V AC 50-60Hz or -36-36-72VDC
72VDC
Power
177W
302W
Consumption
Dual PS option is 147W
Dual PS option is 312W
Heat
604
1029
Dissipation
Dual PS option is 501
Dual PS option is 1064
(BTU/h)
Operating
0-40C
Temperature
Humidity
5% to 95%
(noncondensing)
Safety
EN 60950-1:2006, CB - IEC 60950-1, cTUVus
EN, UL, CSA, IEC #60950-1
Certifications
EMC
EN 55022, EN 55024, FCC Part 15B Class A
EN 55022, EN 55024, FCC Part 15B Class A
Other
CE, FCC, VCCI, CB, TUV, UL/cUL, CCC, C-Tick,
CE, FCC, VCCI, CB, TUV, UL/cUL, CCC, C-Tick, RoHS
Certifications
RoHS
Warranty
1-year hardware and software maintenance
Support
Certainty Support Program

External fiber fail-open switch with SFP ports is available at additional cost.
External fiber fail-open switch with SFP ports is available at additional cost.
6
Overload mechanism is designed to obtain maximum security coverage under extreme traffic loads.
5

Page 4

DefensePro IPS & Behavioral protection: Specification Sheet

DefensePro
Model

4412 IPS &

Behavioral
Protection

8412 IPS &

Behavioral
Protection

12412 IPS &

Behavioral
Protection

10420 IPS &

Behavioral
Protection

20420 IPS &

Behavioral
Protection

30420 IPS &

Behavioral
Protection

40420 IPS &

Behavioral
Protection

Network
Core Network
Core Network
Location
Hardware
On Demand Switch 3S2
OnDemand Switch HT
Platform
7
Performance
8
Capacity
4Gbps
8Gbps
14Gbps
10Gbps
20Gbps
30Gbps
40Gbps
9
Throughput
4Gbps
8Gbps
12Gbps
10Gbps
20Gbps
30Gbps
36Gbps
Max
4,000,000
8,000,000
Concurrent
Sessions
Maximum
10,000,000 packets per second
25,000,000 packets per second
DDoS Flood
Attack
Prevention
Rate
Latency
< 60 micro seconds
< 60 micro seconds
Real time
Detect and protect attacks in less than 18 seconds
Detect and protect attacks in less than 18 seconds
signatures
Inspection Ports
10/100/1000
8
Copper
Ethernet
GE (SFP)
4
10GE
4 x XFP
20 x SFP+
40GE
4 x QSFP+
Management Ports
10/100/1000
2
2
Copper
Ethernet
Management
RS-232
RJ-45
Console
Operation Mode
Network
Transparent L2 Forwarding
Operation
Deployment
In-line; SPAN Port Monitoring; Copy Port
In-line; SPAN Port Monitoring; local out-of-path; Out-of-path
Modes
Monitoring; local out-of-path; Out-of-path mitigation
mitigation (scrubbing center solution)
(scrubbing center solution)
Tunneling
VLAN Tagging, L2TP, MPLS, GRE, GTP
VLAN Tagging, L2TP, MPLS, GRE, GTP, IPinIP
protocols
support
IPv6
Support IPv6 networks and block IPv6 attacks
Full IPv6 support for detection and mitigation
Jumbo Frame
Supported
Inspection
Policy Action
Block & Report, Report Only
Block & Report, Report Only

Actual performance figures may change per network configuration, traffic type, etc.
Capacity is measured as maximum traffic forwarding when no security profiles are configured.
9
Throughput is measured with behavioral IPS protections and signature IPS protections using eCommerce protection
profile.
8

Page 5

DefensePro IPS & Behavioral protection: Specification Sheet

Block Actions

Drop packet, reset (source, destination, both),

suspend (source, src port, destination, dest port or
any combination), Challenge-Response for HTTP
and DNS attacks

Drop packet, reset (source, destination, both), suspend

(source, src port, destination, dest port or any combination),
Challenge-Response for TCP, HTTP and DNS suspicious
traffic

High Availability
Dual Power
Yes hot swappable
Supply
Advanced
Yes
internal
overload
10
mechanism
ActiveYes
Passive
cluster
Physical
Dimensions
2U : 424mm x 600mm x 88mm
(W x D x H)
mm
Weight (Kg,
18.0 Kg (39.0 lbs)
Lbs)
Power Supply
Auto range: 100V-120V/200V-240V AC 50-60Hz or
-36-72VDC
Power
Consumption
Heat
Dissipation
(BTU/h)
Operating
Temperature
Humidity
(noncondensing)
Safety
Certifications
EMC
Other
Certifications

Yes
Yes

Yes

2U: 582mm x 482mm x 88mm

EIA Rack or Standalone: 482 mm (19 in)
15.1 Kg (33.2 lbs)

476W

Auto-range supply:
AC: 100-240 V, 47-63 Hz
DC: -36~-72 V
Dual power supply (AC/DC)
TBD

1623

TBD

0-40C

5-55 C (41-150 F)

5% to 95%

10% to 95%

EN, UL, CSA, IEC #60950-1

EN 60950-1:2006, CB - IEC 60950-1, CCC, cTUVus

EN 55022, EN 55024, FCC Part 15B Class A

CE, FCC, VCCI, CB, TUV, UL/cUL, CCC, C-Tick,
RoHS

Warranty
Support

EN 55022, EN 55024, EN 61000-3-2, EN 61000-3-3

IEC 61000 4-2 to 4-6 , IEC 61000 4-8 & IEC 61000-4-11,
FCC Part 15B Class A, ICES-003, VCCI, C-Tick
RoHS 6 Compliant
1-year hardware and software maintenance
Certainty Support Program

Patent protected behavioral analysis technology

Radware DefensePro has been successfully awarded multiple United States patents based on real-time signatures, which
protect and secure applications and network traffic. DefensePro technology is protected by the following patents:

Patent No. 7,607,170 Stateful Attack Protection

Patent No. 7,617,170 Generated Anomaly Pattern for HTTP Flood Protection

Patent No. 7,624,084 Method for Generating Anomaly Pattern for HTTP Flood Protection

Patent No. 7,681,235 Dynamic network protection

Patent No. 7,836,496 Dynamic network protection II

Patent No. 11/869,067 Automatic Signature Propagation Network

Patent No. 11/835,503 Method, system and computer program product for preventing sip attacks
Specifications subject to change without notice.
10

Overload mechanism is designed to obtain maximum security coverage under extreme traffic loads.

PRD-DP-IPS-TS-23-2012/11

Page 6