B DOUBNSFDPONHDTOPH

Highlights

• Advanced Application Control:

Easily manage access to Web Applications like Facebook, LinkedIn, Google, Twitter, Dropbox, among others.

• Advanced Threat Protection:

Innovative security against advanced malware and call back.

• Centralized Management:

Easily manage multiple devices with Blockbit GSM (Global Security Management), which has native integration with Blockbit Next-Generation Firewall. Manage device profiles, administration and automation, inventory and monitoring.

• Unified Policy and Reporting Dashboard:

Agile access control, with application of policies by groups of users, which unifies resources in a simple and innovative way. Customize and automate management and detailed reports.

• Timeline:

Timeline per user showing the history with all accesses, applications and threats detected in a simple way.

• Reduce cost and time to implement:

Centralize settings and automatically distribute them to remote assets. With the ZTP (Zero-Touch Provising) feature, it is possible to reduce time and cost with the implementation.

Key Features

Next-Generation Firewall The Blockbit Platform is much more than a firewall. Combining the most advanced network management technology with advanced detection and protection capabilities against digital attacks and threats. Blockbit NGFW (Next-Generation Firewall) simplifies the creation of complex security rules and policies, using addresses, users, user groups, applications, threats and services in their settings, which can be named to facilitate understanding of policies and ensure total control of your environment.

Zero-Touch Providing With the ZTP (Zero-Touch Provising) feature, it is possible to pre-configure security policies and automatically implement them on the linked remote device, as soon as it receives a network connection. This reduces the complexity of the installation and, consequently, the saving of financial and technical resources.

SSL Inspection Most information that travels on the web uses encrypted connections. Blockbit Platform features SSL decryption for traffic inspection, ensuring full access control and applying advanced features such as ATP, Content Filter and Anti-Malware.

Content Filtering The Blockbit Platform has more than 46 million addresses classified in more than 88 categories. This information, together with SSL inspection, allows you to fully control access to online content, which can be configured by user, user groups, IPs, bandwidth, connection priority, links, different browsers and their versions. You can also set limits on the size of files to download, running web applications, allowed browsing time and more.

Application Control The advancement of the Internet has allowed the creation of applications such as Facebook, Youtube, Google Apps, Twitter, LinkedIn and Dropbox, which have become very popular and can impact the productivity of their teams if not used correctly. Blockbit Platform allows you to fully control Web Applications, restricting or allowing access according to your business rules.

IPS – Intrusion Prevention System Blockbit Platform continuously protects your network against the growing number of digital threats. O IPS has thousands of signatures for identifying threats in a database updated daily by Blockbit Labs. It is possible to create multiple protection profiles to apply them to different types of network traffic. In addition, the dashboard displays information about threats detected in detail, allowing a quick and efficient risk analysis.

ATP – Advanced Threat Protection Blockbit Platform has sophisticated security and intelligence technologies that detect and protect your company against known and unknown threats. Blockbit Platform can detect advanced malware such as Trojans and viruses, advanced persistent threats and malicious callback attacks. ATP can also block IPs with bad reputation in different categories (abusers, anonymizers, attackers, malware, reputation, spam) in addition to geolocation attacks.

SSL VPN The Blockbit Platform allows you to create secure access to applications on your network through a web portal that can be quickly configured and executed in any browser. The platform also supports client-to-site connection.

IPSec VPN The Blockbit Platform allows you to create virtual private networks with native tunneling encryption, which ensures interoperability with other products and increases security. Supports hub and spoke IPSec VPN architecture for both site-to-site ("Full Meshed" and "Star") and client-to-site (remote access) topologies.

QoS – Quality of Service The Blockbit Platform has an exclusive QoS feature that allows, via a centralized and local graphical interface, to prioritize traffic and control bandwidth according to the configured security and compliance policies, in addition to the classification of packages (Shaping). The advanced QoS feature categorizes connections according to their importance and makes it possible to prioritize packets using DSCP and TOS protocols.

SD-WAN Blockbit Platform offers a dynamic link balancing service for long distance connection, which allows you to connect your company to any location - branches, datacenters, cloud etc. You have more visibility about all activities in any location and integrate the SD-WAN with all Blockbit security features, being able to manage the entire environment from a single interface, making it easier to analyze results and make decisions about network optimizations.

High Availability The Blockbit Platform has native support for H.A. (high availability) implementations. The feature maintains a backup appliance, which goes into service immediately if the primary appliance fails. H.A. support mirrors firewall and user authentication sessions between the primary and secondary devices so that the switch over is transparent and fast.

Captive Portal The Blockbit Platform makes it easy to manage visitor access through authentication that the web browser uses. Captive Portal allows self-registration, personalization of access policies, content control, user management, exchange of passwords and personalized reports. In addition, it is possible to authenticate via social media accounts (Facebook, Google and Twitter).

Centralized Management Blockbit NGFW has native integration with GSM (Global Security Management), which makes it possible to manage multiple devices, with encrypted and authenticated connection through a central point. Enables centralized and local management of IPS / IDS and Anti-Malware functionalities, monitoring your events in an integrated manner.

Appliance Models

Model BB1* | BB2* | BB5* | BB10* Small enterprises

Model BB30* Small enterprises

Model BB50* | BB100* Medium-sized enterprises

Model BB500* | BB1000* | BB2000* Large Enterprises

Model BB10000* Corporations and Datacenters

Virtual Appliances

Firewall Throughput (UDP) Minimum Segments Maximum Segments

BBV 2 900 Mbps 2 4 BBV 5 2.0 Gbps 2 4 BBV 10 3.0 Gbps 2 4 BBV 50 4.0 Gbps 2 6 BBV 100 8.0 Gbps 2 6 BBV 500 12 Gbps 2 24 BBV 1000 20 Gbps 2 24 BBV 2000 30 Gbps 2 24 BBV 10000 40 Gbps 2 34

* merely illustrative images

Security Policies • Filtering Web content Web applications • Inspections SSL, IPS (Intrusion Prevention System). ATP

(Advanced Threat Protection) • QoS (bandwidth control/prioritization) • Multiple services • Security rules editor (Filtering policies) Enable and disable logs Types of action: allow, deny and reject Traffic simulator and policy finder Confliting Policy Detector

Web Cache • Proxy Transparent Active • Support for web services (HTTP and HTTPS

versions 1.0, 1.1 and FTP) • Configuration of web cache in memory and disk • Enabling dynamic contente web caching

(Facebook, Google Maps, MSN Video, Sourceforge Downloads, Windows Update, Youtube)

• Cache exception, configurable by regular expressions

• Proxy hierarchy with and without authentication • Support for HTTP Anti-Virus integration through

proxy hierarchy • Blocking message for the end user

Firewall • Policy with authentication option NAT (SNAT and DNAT) • Security DoS (Denial Of Service) Protection PortScan Protection Protection of invalid packages ICMP Sweep Protection Flood Protection (SYN, ICMP, UDP) ICMP (controls, transmission, redirection) PING (Echo/Request) Source routing Checksum Invalid logs TCP_be_liberal IP spoofing • TCP/UDP/ICMP/IP connection controls • Supports transparente mode (layer 2) • Supports gateway mode (layer 3) • Supports real time protocols

QoS – Quality of Service • Packet marking for traffic priorization (TOS and

DSCP) • Traffic control and bandwidth guarantee per

policy

IPS Intrusion Prevention System • Detection and prevention of attacks and intrusions

based on +60 thousand signatures and +65 categories • Preprocessors • Impact Levels Low Medium High • Protection agains threats at the application layer

(Exploit, Shellcode etc.) • Protection against malformed packages • DoS and DDoS Prevention • Prevention against PORT SCAN • Prevention of protocol anomalies (HTTP, SMTP, NTP,

NetBIOS, HTTPS, FTP, DNS, SMB, RPC, SSH and Telnet)

• Support for exception configuration by source or destination subscription

• Log record of incidences for each type of attack identified

• Automatic and periodic update • Decodes multiple Unicode formats • IP fragmentation and defragmentation • Policies applied to interfaces or security zones • Inline implementation support (bridge / transparent

mode)

Threat Protection

• Antivirus and Anti-Malware HTTP, HTTPS, FTP, POP3 and SMTP (native in the

solution) • Protection against unauthorized applications o (Packed, PwTool, NetTool, P2P, IRC, RAT, Tool, Spy) • Password protection against files • Anti-Malware Quarantine • Scanned file report • Identifies, classifies and blocks malware such as trojans,

spyware, worms and viruses • Allow reputation blockbing of the address classified in

6 categories: Spam, reputation, malware, attacks, anonymous and abuse

• Automatic and periodic update

SD-WAN

• Support for multiple configuration profiles Failover, Load Balance, Spillover and Performance • Monitoring link availability Verification by TCP, ICMP and HTTP protocol • Analysis for bandwidth consumption, packet loss,

jitter, latency • Analysis by bandwidth, packet loss, jitter, latency

Zero-touch Provisioning

• Automatic provisioning • Apply security templates at initial installation

Content Filtering • Content Filter • 88 categories, +47 million cataloged URLs,

Google domain login control, SafeSearch integration, Google, Bing and Yahoo, end user block message

• SSL Inspection Integration with ATP inspection • Web Application Control Facebook (Post, Like, Comment), LinkedIn (job

search), Gmail (Attachment), Twitter, Instagram and more

• SNI control by category • Website filtering, categorizing and reclassifying

by URL • LDAP, Radius and Microsoft Active Directory

User Authentication • Blocking by creating specific filters with textual

search engine • Invalid certificates blocking • Custom lists (whitelist and blacklist) • Captive Portal with social login (Facebook,

Twitter, Google) • Navigation quotas by time and/or traffic volume

VPN IPSec and VPN SSL

• VPN tunnel (LAN to LAN) • RAS VPN (remote access allows VPN cliente

access or direct support at the station without client)

• Authentication Pre-Shared Key, X-Auth (AD, LDAP, Local,

RADIUS), Digital Certificate, EAP (MSCHAPv2) • High Availability FQDN (Full Quality Domain Name) DDNS Support • NAT-T (UDP encapsulation) • DPD (Dead Peer Detection) • Exchange mode Main mode Aggressive mode • Compressed data support • Fragment Size (MTU) • Protocols IKEv1 and IKEv2 (for phase 1 and phase 2) ESP • VPN Clients • Suporta Auto-Discovery VPN (AD-VPN) Allows multiple devices (Spokes) with

centralized gateway (hub) Supports type-tunnels (Site-to-Site, Full Mesh,

Star) • Supports RSA and Diffie-Hellman algorithms • Supports X.509 v3 digital certificate • Supports enrollment of certification authorities • Support for RIPv2 and OSPFv3 routing

protocols • Support for certificates issued by certification

authority in the ICP-Brasil standard • Support for certificate revocation list (CRL)

verification • Clientless VPN • SSL certificate management (X.509)

Other Features • Interfaces o Ethernet o VLAN (IEEE 802.1q) up to 4096 per interface o DSL • SNMP v2 and v3 protocol support • H.A. (High Availability) / Active-Active and Active-

Passive • Date and time update with support for Network

Time Protocol (NTP) servers • Option of automatic and periodic updates of the

system for corrections and HTTPS web releases • Management dashboard • Disaster recovery (backup /restore) • Link aggregation o Ethernet bonding (802.3ad) • TCPDUMP (allows capture and download in

PCAP format) o User registration in authentication events, access,

blocking and threat events • Detailed event preview window • Disk maintenance tool • Proxy Services (HTTP, FTP, SMTP, POP3) • Exporting reports in multiple formats (PDF, CSV,

HTML)

• IPv6 NAT64, NAT46 and NAT66 • Storage o NFS o DISK (HDD) o SSH • Dynamic Routing BGP4 OSPF3 RIPv2 • Static routing (source and destination IP and port) • Policy-based routing • Synchronization of users and groups with servers • Windows AD and LDAP servers • Authentication • Local, Windows, AD / LDAP, SSO Windows (single

sign on) – unified authentication, X-Auth for VPN services, authentication on Radius servers, RSSO (radius single sign on), password complexity identifier

• TACACS+ support for administration users and firewall users

• LDAP integration for Blockbit Platform administration

• Snapshot • Support for multiple domain authentication • Resource objects o IP address o MAC address o Port services and protocols o Timetable o Table of period and dates o Dictionaries (set of words and/or regular

expressions) o Content types • DHCP (dynamic host configuration protocol) Relay Server • Recursive DNS • DDNS Client (dynamic DNS) NoIP.org DynDNS.com • Remote Syslog • CLI (command line interface for management

and diagnostics) • System and Security Notifications

Performance Specifications and Options

BB 1

BB 2

BB 5

BB 10

BB 30

BB 50

BB 100

BB 500

BB 1000

BB 2000

BB 10000

Firewall Throughput (UDP)

400 Mbps 900 Mbps 2 Gbps 3 Gbps 3 Gbps 4 Gbps 8 Gbps 12 Gbps 20 Gbps 30 Gbps 40 Gbps

Conexões Simultâneas 30.000 100.000 170.000 250.000 250.000 500.000 1.000.000 1.500.000 2.000.000 3.000.000 6.300.000

Conexões Novas por Segundo

6.000 13.000 14.000 17.000 17.000 30.000 55.000 80.000 110.000 150.000 200.000

NGFW Throughput (IMIX)1

50 Mbps 70 Mbps 100 Mbps 200 Mbps 200 Mbps 500 Mbps 800 Mbps 1.0 Gbps 1.3 Gbps 3.0 Gbps 4.0 Gbps

Web Filter Throughput 37 Mbps 100 Mbps 260 Mbps 500 Mbps 500 Mbps 900 Mbps 1.5 Gbps 2.0 Gbps 3.8 Gbps 8 Gbps 10 Gbps

SSL Inspection Throughput

30 Mbps 40 Mbps 100 Mbps 200 Mbps 200 Mbps 300 Mbps 420 Mbps 900 Mbps 1.2 Gbps 2.0 Gbps 3.0 Gbps

IPS Throughput 40 Mbps 500 Mbps 700 Mbps 1 Gbps 1 Gbps 1.2 Gbps 1.6 Gbps 4.0 Gbps 6.0 Gbps 7.0 Gbps 10 Gbps

Threat Protection Throughput

30 Mbps 44 Mbps 60 Mbps 130 Mbps 130 Mbps 150 Mbps 200 Mbps 800 Mbps 1.23 Gbps 1.9 Gbps 2.8 Gbps

IPSEC VPN Throughput (AES-128 + SHA256)

130 Mbps 250 Mbps 280 Mbps 350 Mbps 350 Mbps 700 Mbps 1.0 Gbps 1.5 Gbps 3.5 Gbps 6.0 Gbps 8.0 Gbps

SSL VPN Throughput (AES-128)

70 Mbps 100 Mbps 140 Mbps 250 Mbps 250 Mbps 520 Mbps 850 Mbps 1.3 Gbps 1.8 Gbps 3.0 Gbps 7.0 Gbps

Network Interfaces 4X GE RJ45

4X GE RJ45

4X GE RJ45

4X GE RJ45

6 X GE RJ45

6X GE RJ45

6X GE RJ45

8X GE RJ45

8X GE RJ45

8X GE RJ45

8X GE RJ45

Storage 32 GB

32 GB

32 GB

32 GB

32 GB

120 GB

120 GB

240 GB

240 GB

240 GB

480 GB

Optional

Solid State Drive (SSD) - 64/120 GB

64/120 GB

120/240 GB

120/240 GB

240 GB

240 GB

480 GB

480 GB

480 GB

600 GB

40GbE Network Module - 2 QSFP+ ports

- - - - - - - 1x 1x 1x 2x

10GbE Network Module - 4 SFP+ ports

- - - - - 1x 1x 1x 1x 1x 7x

1GbE Network Module - 4 SFP ports

- - - - - 1x 1x 1x 1x 1x 7x

1GbE Network Module - 8 RJ45 ports

- - - - - - - 1x 1x 1x 7x

10GbE Network Module - 2 SFP + ports

- - - - - 1x 1x - - - -

1GbE Network Module - 2 SFP ports

- - - - - 1x 1x - - - -

Redundant Power Source - - - - - - - Yes Yes Yes -

TESTS WERE PERFORMED IN LABORATORY USING AVALANCHE ON Blockbit Platform V1.5, WITHOUT USER SUMMARIZATION, IPS AND SERVICES, DISABLED APPLICATION DETECTORS, FIREWALL THROUGHPUT UDP 1518 BYTES PACKAGES , FIREWALL THROUGHPUT HTTP GET 1280Kb e PUT 1280K, IPS/ATP THROUGHPUT WITH FACTORY PATTERN SIGNATURES ENABLED. 1 NGFW performance is measured with Firewall, IPS and Application Control enabled, IMIX traffic.

Features by Subscription

Features Basic Standard Advanced

Next-Generation Firewall (NGFW)

Secure SD-WAN

WEB proxy

VPN IPSEC

VPN SSL

QoS

Cluster

Captive Portal

DHCP SERVER/RELAY

Hardware Warranty

URL Category Base

Intrusion Prevention System (IPS)

Gateway Antivirus

Threat Protection

Remote Support - 04 hours month