Radware DefensePro IPS & Behavioral protection: Specification Sheet

DefensePro IPS and Behavioral Protection

Technical Product Information

Product Models
DefensePro x412 Series
Designed for large data centers protection deployed by large
enterprises, eCommerce and service providers
Models:

DefensePro 12412 (up to 12Gbps)

DefensePro 8412 (up to 8Gbps)

DefensePro 4412 (up to 4Gbps)

Upgrade options are available from model 4412 and up to 12412

DefensePro x016 Series

Designed for medium sized data centers protection deployed by
large enterprises, eCommerce and service providers
Models:

DefensePro 3016 (up to 3Gbps)

DefensePro 2016 (up to 2Gbps)

DefensePro 1016 (up to 1Gbps)

Upgrade options are available from model 1016 and up to 3016
DefensePro x06 Series
Designed for small to medium sized data centers protection and
Internet Gateway
Models:

DefensePro 2006 (up to 2Gbps)

DefensePro 1006 (up to 1Gbps)

DefensePro 506 (up to 500Mbps)

Upgrade options are available from model 506 and up to 2006

Page 1

Radware DefensePro IPS & Behavioral protection: Specification Sheet

Product Features
Feature
Protections
Network Wide Protections
Behavioral DoS

Protect against known and zero-minute DoS/DDoS flood attacks that misuse network
bandwidth resources including: TCP Floods, UDP floods, ICMP floods, IGMP floods and
fragmented attacks.
DNS Protection

Protect DNS critical infrastructure against flood attack that misuse DNS server resources.
Malware Propagation

Prevent zero-minute malware spread by already infected hosts.

Prevention and Anti

Prevents network pre-attack probes (Reconnaissance) including horizontal and vertical TCP
Scanning
& UDP scanning, stealth scanning and ping sweeps.
RSA FraudAction

Real-time Anti-Trojan and Anti-Phishing service, targeted to fight against financial fraud,
feeds
information theft and malware spread. Based on real-time reputation feeds from RSA Anti
Fraud Command Center (AFCC).
Server Protections
SYN Protection

Protect against any type of SYN flood attacks using advanced SYN authentication
mechanisms
HTTP flood protection

Protect against HTTP page flood attacks that misuse web server resources.
Server-Cracking

Block brute force and dictionary attacks targeting to defeat server authentication schemes
Protection
including Mail servers (SMTP, POP3, IMAP), FTP servers, SIP servers, MS-SQL and
MYSQL servers.

Web sites application vulnerability scanning and hacking protection.

SIP Invite and Bye floods prevention.

Connection Limit
Defend against connection based attacks such as half open SYN attacks, request attacks and
full session attacks.
Vulnerability-based protections
Signature Protections
Protects against known application vulnerabilities and common malware including:

Web application protection, Mail servers protection, FTP servers protection, DNS
Vulnerabilities, SIP vulnerabilities, SNMP Vulnerabilities, Microsoft vulnerabilities, Worms
and Viruses, Backdoors and Trojans, Cross-Site Scripting, SQL Injections, Spyware, LAN
Protocol and Services Protection (RPC, NetBIOS, Telnet etc.), Generic Payloads (Remote
Execution, Shellcodes).

Security updates service (SUS) - weekly updates and emergency updates.

User-defined Attack Signatures.

Stateful Inspection

RFC compliance and state machine verification for various protocols including TCP, ICMP,
DNS, HTTPS, SMTP, IMAP, POP3, FTP, SSH.
Stateful Operation
TCP Stream Reassembly, IP Defragmentation.
SSL Attack Prevention
Available for DefensePro series X16 and X412 in conjunction with AppXcel.
Bandwidth Management and Access Control
Bandwidth

Guarantee bandwidth per application (granular, per user or session basis).

Management

Limit bandwidth per application.

Limit P2P protocol traffic per session.

Access Control
Access Lists per IP address & protocol; Black/White Lists per IP address per feature.
Supported protocols
More than 100 protocols are supported including TCP, ICMP, DNS, HTTP, HTTPS, SMTP,
IMAP, POP3, FTP, Telnet, SSH, SIP, Skinny (SCCP), H.223, RTP, SNMP, MySQL, MS-SQL
(TDS) and LAN-centric protocols (RPC, NetBIOS) etc. Additional protocols can be defined by the
user.
Management
Alerting
SNMP V1, 2C &3, Log File, Syslog, E-mail.
Forensics
Attack Packet Logging, In-depth Attack Footprint Analysis, Attack Details and Statistics.
Configuration
SNMP V1, 2C, 3, HTTP, HTTPS, SSH, Telnet, SOAP API, Console (user selectable).
Time Synchronization
Network Time protocol (NTP)
Export Real-Time
Northbound XML interface exporting behavioral parameters such as:
Signature information

Normal traffic patterns.

Attacks real-time signatures of ongoing DoS/DDoS attacks and malware propagation and
anti scanning.

Page 2

Radware DefensePro IPS & Behavioral protection: Specification Sheet

Product Specifications

DefensePro Model

506 IPS &

Behavioral
Protection

1006 IPS &

Behavioral
Protection

2006 IPS &

Behavioral
Protection

Network Location
Hardware Platform

Perimeter
OnDemand Switch VL

1016 IPS &

Behavioral
Protection

Latency
Real time
signatures
Inspection Ports
10/100/1000
Copper Ethernet
GE (SFP)
10GE (XFP)
Management
Ports
10/100/1000
Copper Ethernet
RS-232
Operation Mode
Network Operation
Deployment
Modes
Tunneling
protocols support
IPv6
Policy Action
Block Actions
High Availability
Fail-open / failclose

Dual Power

500Mbps
500Mbps
2,000,000

1GMbps
1GMbps
2,000,000

2Gbps
2Gbps
2,000,000

3016 IPS &

Behavioral
Protection

4412 IPS &

Behavioral
Protection

Core Network
OnDemand Switch 2S1; Dual PS
option is: OnDemand Switch 2S2

Performance
2
Capacity
3
Throughput
Max Concurrent
Sessions
Maximum DDoS
Flood Attack
Prevention Rate

2016 IPS &

Behavioral
Protection

1Gbps
1Gbps
2,000,000

2Gbps
2Gbps
2,000,000

4Gbps
3.6Gbps
2,000,000

8412 IPS &

Behavioral
Protection

12412 IPS &

Behavioral
Protection

Core Network
On Demand Switch 3S2

4Gbps
4Gbps
4,000,000

8Gbps
8Gbps
4,000,000

14Gbps
12Gbps
4,000,000

1,000,000 1,000,000
1,000,000
packets
packets
packets
per
per
per
second
second
second
< 60 micro seconds
Detect and protect attacks in less
than 18 seconds

5,000,000
5,000,000
5,000,000
packets
packets
packets
per
per
per
second
second
second
< 60 micro seconds
Detect and protect attacks in less
than 18 seconds

10,000,00
10,000,00
10,000,000
0 packets
0 packets
packets per
per
per
second
second
second
< 60 micro seconds
Detect and protect attacks in less than
18 seconds

12

12

12

2
-

2
-

2
-

4
-

4
-

4
-

4
4

4
4

4
4

Transparent L2 Forwarding
In-line; SPAN Port Monitoring; Copy Port Monitoring; local out-of-path; Out-of-path mitigation (scrubbing center solution)
VLAN Tagging, L2TP, MPLS, GRE, GTP
Support IPv6 networks and block IPv6 attacks
Block & Report, Report Only
Drop packet, reset (source, destination, both), suspend (source, src port, destination, dest port or any combination),
Challenge-Response for HTTP and DNS attacks
Internal fail-open/fail-close for copper
ports; internal fail-close for SFP
ports; optional fail-open for SFP
4
ports
No
No
No

Internal fail-open/fail-close for copper

ports; internal fail-close for SFP ports;
5
optional fail-open for SFP ports
Optional

Optional

Optional

Internal fail-open/fail-close for copper

ports; internal fail-close for SFP and
XFP ports; optional fail-open for SFP
6
and XFP ports
Yes hot
Yes hot
Yes hot

Actual performance figures may change per network configuration, traffic type, etc.
Capacity is measured as maximum traffic forwarding when no security profiles are configured.
3
Throughput is measured with behavioral IPS protections and signature IPS protections using eCommerce protection
profile.
4
External fiber fail-open switch with SFP ports is available at additional cost.
5
External fiber fail-open switch with SFP ports is available at additional cost.
6
External fiber fail-open switches with SFP or XFP ports are available at additional cost.
2

Page 3

Radware DefensePro IPS & Behavioral protection: Specification Sheet

Supply
Advanced internal
overload
7
mechanism
Active-Passive
cluster
Physical
Dimensions (W x
D x H) mm
Weight (lb, kg)
Power Supply
Power
Consumption
Heat Dissipation
(BTU/h)
Operating
Temperature
Humidity (noncondensing)
Safety
Certifications
EMC
Other
Certifications
Warranty
Support

Yes

Yes

Yes

Yes

Yes

Yes

swappable
Yes

swappable
Yes

swappable
Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

424x457x44
15.8, 7.2
Auto range: 100V-120V/200V-240V
AC 47-63Hz or 38-72VDC
128W
436.5

424x600x44 (1U)
Dual PS option: 424x600x88 (2U)
20.9, 9.5
Dual PS option is 24.0, 10.9
Auto range: 100V-120V/200V-240V
AC 50-60Hz or 38-72VDC
302W
Dual PS option is 312W
1029
Dual PS option is 1064
0-40C

424x600x88
39.0, 18.0
Auto range: 100V-120V/200V-240V
AC 50-60Hz or 38-72VDC
476W
1623

5% to 95%
EN 60950-1:2006, CB - IEC 60950-1,
cTUVus
EN 55022, EN 55024, FCC Part 15B
Class A
CE, FCC, VCCI, CB, TUV, UL/cUL,
CCC, C-Tick, RoHS

EN, UL, CSA, IEC #60950-1

EN 55022, EN 55024, FCC Part 15B Class A
CE, FCC, VCCI, CB, TUV, UL/cUL, CCC, C-Tick, RoHS
1-year hardware and software maintenance
Certainty Support Program

Patent protected behavioral analysis technology

Radware DefensePro has been successfully awarded multiple United States patents based on real-time signatures, which
protect and secure applications and network traffic. DefensePro technology is protected by the following patents:

Patent No. 7,607,170 Stateful Attack Protection

Patent No. 7,617,170 Generated Anomaly Pattern for HTTP Flood Protection

Patent No. 7,624,084 Method for Generating Anomaly Pattern for HTTP Flood Protection

Patent No. 7,681,235 Dynamic network protection

Patent No. 7,836,496 Dynamic network protection II

Patent No. 11/869,067 Automatic Signature Propagation Network

Patent No. 11/835,503 Method, system and computer program product for preventing sip attacks
Specifications subject to change without notice.

Overload mechanism is designed to obtain maximum security coverage under extreme traffic loads.

Page 4