mGuard delta ¡V segmented security
The mGuard delta is a compact security appliance
which can be used in enterprise networks for both
production environments as well as in the back-office.
Particularly in the case of logically segmented
networks, a distributed security function is often
required. The intelligent, high-performance security
functions of the mGuard delta can be combined with
the advantages of a standard Ethernet / Fast Ethernet
switch.
In the process, the mGuard delta offers all the benefits
of ?device attached security¡§ ¡V a concept with
clear advantages over classic office firewalls or software-
based solutions for the protection of dedicated
systems or different network segments.
Redundant firewall (optional)
Two mGuard delta devices can be operated redundantly
in the High Availability Mode. Here, the active
mGuard delta transmits the firewall statuses to the
standby unit. In the event of outfall of the principle
mGuard delta, uninterrupted protection as well as
high availability of the overall system is thus assured
(mGuard Redundant Firewall Option).
User firewall
The user firewall only allows users with dynamic IP
addresses (e.g. service technicians) access to internal
or external resources after they have logged onto
the mGuard appliance. Passwords can be stored
locally on the appliance or centrally on the company¡¦s
RADIUS server.
The utmost in security
Conventional gateway appliances normally protect
entire networks or network segments with a uniform
security standard. In such cases, varied levels of
security, individually restricted access rights or exactly
stipulated access times are virtually impossible to
realize. Moreover, conventional gateway appliances
also entail access lists or firewall rules that are maintained
in the backbone, quickly becoming complex
and unintelligible ¡V raising the risk of security gaps.
With the mGuard delta, you can assign each production
system or network segment its own security
components: with individual security levels, specifically
configured access rights and numerous other
unique advantages.
Maximum data throughput for VPN and
firewall
The basis of the integrated security solution is the
embedded Linux configured by Innominate, running
on a special network processor with XScale core by
Intel (IXP 42x), with 533 MHz processor capacity, 128
Mbytes of SDRAM working memory and 16 Mbytes
of Flash memory. The Intel processor features hardwired
rules for the DES, 3DES and AES encryption
procedures. This guarantees maximum data throughput
for firewall (up to 99 Mbit/s) and VPN connections
(up to 70 Mbit/s).
Innominate Device Manager
With the Innominate Device Manager (IDM) large
populations encompassing several thousand mGuard
appliances can be efficiently configured and managed.
Due to the Innominate mGuard¡¦s templatebased
approach, the roll-out of numerous identicallyconfigured
appliances can be carried out quickly and
conveniently.
For intuitive monitoring and logging, the mGuards
communicate with all standard SNMP systems. The
full graphic integration can be realised on the Industrial
HiVision management platform from the firm
Hirschmann, for example.
At a glance: