Each integrated appliance includes antivirus, firewall, intrusion detection & prevention, content filtering, VPN connectivity, device monitoring, network management, and reporting. Maintenance and support service complements each SNAP VPN appliance, and includes 24/7 technical and product support, and future policy and definitions updates (antivirus, intrusion detection & content filtering)
ClearPath’s patent pending integration technology enables the delivery of each network security service within a single appliance – a revolutionary breakthrough. Now, the complexity and costs typically associated with an enterprise-class network security solution are no longer applicable.
Key Features and Benefits
1) Antivirus Protection:
Each SNAP VPN appliance is capable of scanning for worms, viruses, and Trojan horses at the network level using Trend Micro. Traffic is inspected for any of over 80,000 virus signatures. Every SNAP device scans HTTP, SMTP, and POP3 packets.
2) Firewall Protection:
The SNAP firewall is a stateful inspection firewall, which operates by fully inspecting the packet as opposed to “packet filtering,” which simply looks at the packet’s header to make filtering decisions.
3) Intrusion Detection and Prevention:
The SNAP VPN Intrusion Detection and Prevention System will perform real-time traffic analysis, establish log files, and take corrective action each time an intrusion attempt is detected on your network.
4) Content Filtering:
ClearPath maintains and updates data tables with over 1 million URL addresses classified by category type. These definitions and all future updates are incorporated within each subscriber’s service. Each security setting may be adjusted through SNAP View’s web-based user-interface. Both “white listing” and “Blacklisting” are supported, as well as the ability to define parameters for different users or groups of users.
5) Site to Site VPN:
As SNAP VPN is plug & play, time consuming and complex installation challenges are eliminated. SNAP VPN’s web-based management interface (SNAP View) enables easy management and monitoring of each VPN connection, the status of that connection and the means to monitor and adjust security settings instantly in real-time. SNAP VPN establishes secure SSL tunnels to transport data between appliances. Utilizing this technology has several advantages over other types of VPN encryption protocols. With SSL encryption a single tunnel is created between sites reducing the complexity and the overhead required to move packets between network locations.
6) Remote Access VPN
SNAP VPN Remote is a software-based service that takes the hassle out of remote access management and security for remote clients. One license is included with each SNAP VPN appliance purchase. This client is currently available for use on MS Windows operating systems.
7) SNAP View – Network Management
SNAP View – Network Management is delivered via a secure SSL connection over the public Internet. SNAP View provides a single user interface that enables you to manage all security, connectivity, and management services within your W/LANs. Multiple accounts may be aggregated within a single user login, ideal for Managed Security Services Provider partners.
8) SNAP View – Network Reporting
SNAP View – Network Reporting delivers the ability to view each circuit on your network, and to know, in real-time, when an issue occurs and what the circuit performance is. Application performance may be optimized and improved while employee productivity is maximized.
Each recorded value within SNAP View – Network Reporting is stored in a round robin database. This means that data will be kept for a specific amount of time, at which point it will be dropped. Graphs are generated every five minutes to reflect the new polled data. Four graphs are generated for each polled item, including a view of daily, weekly, monthly, and yearly values.
9) SNAP View – Device Monitoring
ClearPath Networks’ Device Monitoring service is an extension of SNAP View – Network Reporting in that other Simple Network Management Protocol (SNMP) MIB supplied poll data may be programmed for data capture.
10) 24/7 Automatic Updates
Updates are pushed from ClearPath Networks configuration servers to all connected SNAP VPN devices whenever they are made available. New antivirus definitions from Trend Micro as well as new attack signatures for the SNORT IDS/IPS engine are added to the device with no user intervention required.
11) Auto VPN Tunnel Provisioning
SNAP VPN includes revolutionary “plug and play” capabilities, which allow you to simply enter a registration key to activate your device. This simple task is performed once through an online interface (SNAP View). Then, your SNAP VPN appliance is security enabled and ready to pass traffic. Each location is automatically programmed for every other location and will establish a tunnel the moment the device becomes available and online. No matter how many sites exist in your network, each SNAP VPN appliance will establish the appropriate tunnel or tunnels and begin sending “keep alive” packets through the tunnels thereby creating a fully meshed VPN without any additional configuration necessary by the user or administrator.
Features:*Antivirus
Embedded scan engine Yes
Antivirus signatures > 80,000
Automatic virus definition
updates Yes
Supported protocols POP3, SMTP, HTTP
*Firewall
Stateful protocol signatures Yes
Deep inspection firewall Yes
Individual user policies Yes
Group user policies Yes
Protocols supported Any IP Protocol
*Intrusion Detection and Protection
Network attack profiles > 2,300
Modify Profile Action Yes
Network attack detection Yes
Automatic profile updates Yes
DoS and DDoS protections Yes
Multi-rule search capability Protocol field, content search, packet anomaly
Rule detection protocols HTTP, FTP, SMTP, ICMP, RPC, SNMP & Others
*Content Filtering:
Black list filtering Yes
White list filtering Yes
URL database entries >1MM
Automatic URL updates Yes
Content policy profiles Unlimited
Unique profile by username Yes
Group user profiles Yes
*VPN
Tunnel firewall traversal Yes
Tunnel NAT traversal Yes
DES, 3DES, and AES encryption Yes
Manual Key, IKE, PKI Yes
Remote access VPN enabled Yes, 1 License included
Additional remote access
VPN licenses available Yes
Redundant VPN gateways Yes Network Management
*Network Reporting
Bandwidth utilization (down/up) Yes
Packet delivery Yes
Latency / delay Yes
Network availability Yes
Jitter - voice services only Yes
Device monitoring – SNMP 10 elements
Additional licenses available Yes
*Network Management
Site performance metrics Yes
Online trouble ticket interface Yes
Custom user privileges or profiles Yes
Remote access management Yes
E-mail licenses management,
including antivirus / anti-spam Yes
Priority-bandwidth utilization Yes
DiffServ stamp Yes
*Appliance Configuration
Embedded ASIC architecture Yes
Interfaces (3) 10/100 Base-T
Layer 3 mode (route and/or NAT mode) Yes
NAT / PAT Yes
DMZ / second port Yes
Policy-based NAT Yes
Port forwarding Yes
Static NAT Yes; unlimited
Web-based interface Yes
*Routing
Static routes Unlimited
Source-based routing Yes
*IP Address Assignment
Static, DHCP, PPPoE client Yes
Internal DHCP server Yes
DHCP relay Yes
*Certifications
Safety UL, CSA, JET, GS, CCC
EMC FCC class B, CE class B