Each integrated appliance includes antivirus, firewall, intrusion detection & prevention, content filtering, VPN connectivity, device monitoring, network management, and reporting. Maintenance and support service complements each SNAP VPN appliance, and includes 24/7 technical and product support, and future policy and definitions updates (antivirus, intrusion detection & content filtering)
ClearPath’s patent pending integration technology enables the delivery of each network security service within a single appliance – a revolutionary breakthrough. Now, the complexity and costs typically associated with an enterprise-class network security solution are no longer applicable.
Key Features and Benefits
1) Antivirus Protection:
Each SNAP VPN appliance is capable of scanning for worms, viruses, and Trojan horses at the network level using Trend Micro. Traffic is inspected for any of over 80,000 virus signatures. Every SNAP device scans HTTP, SMTP, and POP3 packets.
2) Firewall Protection:
The SNAP firewall is a stateful inspection firewall, which operates by fully inspecting the packet as opposed to “packet filtering,” which simply looks at the packet’s header to make filtering decisions.
3) Intrusion Detection and Prevention:
The SNAP VPN Intrusion Detection and Prevention System will perform real-time traffic analysis, establish log files, and take corrective action each time an intrusion attempt is detected on your network.
4) Content Filtering:
ClearPath maintains and updates data tables with over 1 million URL addresses classified by category type. These definitions and all future updates are incorporated within each subscriber’s service. Each security setting may be adjusted through SNAP View’s web-based user-interface. Both “white listing” and “Blacklisting” are supported, as well as the ability to define parameters for different users or groups of users.
5) Site to Site VPN:
As SNAP VPN is plug & play, time consuming and complex installation challenges are eliminated. SNAP VPN’s web-based management interface (SNAP View) enables easy management and monitoring of each VPN connection, the status of that connection and the means to monitor and adjust security settings instantly in real-time. SNAP VPN establishes secure SSL tunnels to transport data between appliances. Utilizing this technology has several advantages over other types of VPN encryption protocols. With SSL encryption a single tunnel is created between sites reducing the complexity and the overhead required to move packets between network locations.
6) Remote Access VPN
SNAP VPN Remote is a software-based service that takes the hassle out of remote access management and security for remote clients. One license is included with each SNAP VPN appliance purchase. This client is currently available for use on MS Windows operating systems.
7) SNAP View – Network Management
SNAP View – Network Management is delivered via a secure SSL connection over the public Internet. SNAP View provides a single user interface that enables you to manage all security, connectivity, and management services within your W/LANs. Multiple accounts may be aggregated within a single user login, ideal for Managed Security Services Provider partners.
8) SNAP View – Network Reporting
SNAP View – Network Reporting delivers the ability to view each circuit on your network, and to know, in real-time, when an issue occurs and what the circuit performance is. Application performance may be optimized and improved while employee productivity is maximized.
Each recorded value within SNAP View – Network Reporting is stored in a round robin database. This means that data will be kept for a specific amount of time, at which point it will be dropped. Graphs are generated every five minutes to reflect the new polled data. Four graphs are generated for each polled item, including a view of daily, weekly, monthly, and yearly values.
9) SNAP View – Device Monitoring
ClearPath Networks’ Device Monitoring service is an extension of SNAP View – Network Reporting in that other Simple Network Management Protocol (SNMP) MIB supplied poll data may be programmed for data capture.
10) 24/7 Automatic Updates
Updates are pushed from ClearPath Networks configuration servers to all connected SNAP VPN devices whenever they are made available. New antivirus definitions from Trend Micro as well as new attack signatures for the SNORT IDS/IPS engine are added to the device with no user intervention required.
11) Auto VPN Tunnel Provisioning
SNAP VPN includes revolutionary “plug and play” capabilities, which allow you to simply enter a registration key to activate your device. This simple task is performed once through an online interface (SNAP View). Then, your SNAP VPN appliance is security enabled and ready to pass traffic. Each location is automatically programmed for every other location and will establish a tunnel the moment the device becomes available and online. No matter how many sites exist in your network, each SNAP VPN appliance will establish the appropriate tunnel or tunnels and begin sending “keep alive” packets through the tunnels thereby creating a fully meshed VPN without any additional configuration necessary by the user or administrator.
Features:*Antivirus
– Embedded scan engine Yes
– Antivirus signatures > 80,000
– Automatic virus definition
– updates Yes
– Supported protocols POP3, SMTP, HTTP
*Firewall
– Stateful protocol signatures Yes
– Deep inspection firewall Yes
– Individual user policies Yes
– Group user policies Yes
– Protocols supported Any IP Protocol
*Intrusion Detection and Protection
– Network attack profiles > 2,300
– Modify Profile Action Yes
– Network attack detection Yes
– Automatic profile updates Yes
– DoS and DDoS protections Yes
– Multi-rule search capability Protocol field, content search, packet anomaly
– Rule detection protocols HTTP, FTP, SMTP, ICMP, RPC, SNMP & Others
*Content Filtering:
– Black list filtering Yes
– White list filtering Yes
– URL database entries >1MM
– Automatic URL updates Yes
– Content policy profiles Unlimited
– Unique profile by username Yes
– Group user profiles Yes
*VPN
– Tunnel firewall traversal Yes
– Tunnel NAT traversal Yes
– DES, 3DES, and AES encryption Yes
– Manual Key, IKE, PKI Yes
– Remote access VPN enabled Yes, 1 License included
– Additional remote access
– VPN licenses available Yes
– Redundant VPN gateways Yes Network Management
*Network Reporting
– Bandwidth utilization (down/up) Yes
– Packet delivery Yes
– Latency / delay Yes
– Network availability Yes
– Jitter - voice services only Yes
– Device monitoring – SNMP 10 elements
– Additional licenses available Yes
*Network Management
– Site performance metrics Yes
– Online trouble ticket interface Yes
– Custom user privileges or profiles Yes
– Remote access management Yes
– E-mail licenses management,
– including antivirus / anti-spam Yes
– Priority-bandwidth utilization Yes
– DiffServ stamp Yes
*Appliance Configuration
– Embedded ASIC architecture Yes
– Interfaces (3) 10/100 Base-T
– Layer 3 mode (route and/or NAT mode) Yes
– NAT / PAT Yes
– DMZ / second port Yes
– Policy-based NAT Yes
– Port forwarding Yes
– Static NAT Yes; unlimited
– Web-based interface Yes
*Routing
– Static routes Unlimited
– Source-based routing Yes
*IP Address Assignment
– Static, DHCP, PPPoE client Yes
– Internal DHCP server Yes
– DHCP relay Yes
*Certifications
– Safety UL, CSA, JET, GS, CCC
– EMC FCC class B, CE class B
