Ravlin 7160

VPN Connection for  Large Locations and Server Farms

The SonicWALL Ravlin® 7160 is  a Fast Ethernet-compatible security device, deployable in widely distributed 100Base-TX infrastructures. A Ravlin 7160 unit provides data privacy for LAN/WAN communications, using 168-bit Triple-DES encryption. It provides authentication and access control using the Digital Signature Standard (DSS) and X.509v.3 digital certificates. In most cases, a Ravlin 7160 resides between the local (protected) network and the access router at each site.

The Ravlin 7160 is a data center grade member of the Ravlin family of security devices. The Ravlin 7160, in concert with other Ravlin gateways and software clients, allows complete control of information policy using the 3VPN architecture developed by RedCreek Communications®. Speed capabilities and tunneling capacity make the Ravlin 7160 a natural candidate to connect large locations and server farms.

The Ravlin 7160 is connected to computing resources via any combination of two Ethernet interfaces. The RJ45 connectors automatically sense connection to 10BaseT and 100Base-TX devices, hubs, and networks. The Ravlin 7160 can behave as a router or bridge. Integrated power converters allow connection to AC power systems. RCOS™ firmware extends the VPN features based on the IPSec specification to include a full range of policy services including: address services, authentication services, bandwidth services (QoS/CoS), and firewall services.

The Ravlin 7160 supports the strongest suite of IPSec network security features commercially available today. Ravlin gateways implement all mandatory components of the Internet Engineering Task Force (IETF) IP Security (IPSec) standard for enhanced network security. The Ravlin 7160 provides data privacy using industry standard 168-bit triple DES (3DES) algorithms. Content integrity is provided via two Hashed Message Authentication Code (HMAC) algorithms. These are Message Digest 5 (MD5), and Secure Hash Algorithm (SHA-1). Secure channels are identified, authenticated and negotiated using Digital Signature Standard (DSS), Diffie-Hellman key exchange, X.509 v.3 digital certificates, and IKE key management. Ravlin's strict adherence to standards allows interoperability in several modes.

IPSec Services

Establishes and maintains secure communications using the Internet Key Exchange (IKE) Establishes tunneled connections using Encapsulating Security Payload Sequences packets to prevent replay attacks Header Message Authentication Codes (HMAC) using MD5 and SHA-1 Strong encryption with 168-bit triple DES

Authentication Services

Imbedded RADIUS agent for one time passwords (OTP) obtained from tokens or static names and passwords for domain logins Pass vendor specific attributes for DNS, etc… Unique embedded X.509 certificates for strong authentication Pre-shared key support for multi-vendor interoperability

Address Services

Forward local DHCP requests to allow address provision across tunnel Ports can request their own DHCP address NAPT allows IP address translation to support multiple users via single address

Firewall Services

Pre-configured capabilities to enable or disable applications Restrict to only IP traffic Remote proxy ARP capabilities Multiple action language allows user selectable disposition of packets