Sophos in 45 Minutes SG Series

Document technical information

Format pdf
Size 2.3 MB
First found Nov 13, 2015

Document content analysis

Language
English
Type
not defined
Concepts
no text concepts found

Organizations

Transcript

Sophos in
45 Minutes
SG Series
Lutz Linzenmeier
Director Sales Engineering NEEMEA
1
Your Speaker Today
Karlsruhe - Germany
Lutz Linzenmeier
Director Sales Engineering NEEMEA
[email protected]
2
Agenda
•
•
•
•
•
•
New SG series models
Performance improvements
Sizing
Competition
Tips and tricks for the admin
Roadmap SG appliances
3
New SG Models
4
Sophos SG 1U appliances
SG 2xx/3xx/4xx
5
General Hardware Strategy
Key facts
• Renewal of complete UTM appliance series
○
○
Start with 1U series
Desktop and 2U series later (October/November)
• More models (~12)
○
○
Meet (beat) price/performance points of competitors (e.g. SonicWall)
Keep meaning of existing model numbering (2xx/3xx/4xx)
• Significant performance increase (2-3 times)
○
○
Based on newest Intel technology
Fast SSD storage, huge memory capacity
• High LAN port flexibility and density
○
Modular LAN ports (copper/fiber/10GbE) on every rackmountable model
• Shorter hardware release cycle
6
Sophos SG 2xx/3xx/4xx
Model Specifications
Model*
CPU, Cores (Threads)
RAM
Disks
Max Ports
SSG210
2(2) Cores Celeron 2.7 GHz
8
250 GB HDD
14 (6 + 1
module*)
SSG230
2(2) Cores Pentium 3.2 GHz
8
120 GB SSD
14 (6 + 1
module*)
SSG310
2(4) Cores i3 3.5 GHz
12
180 GB SSD
18 (8 + 2SFP + 1
module*)
SSG330
4(4) Cores i5 2.9 GHz
12
180 GB SSD
18 (8 + 2SFP + 1
module*)
SSG430
4(4) Cores Xeon E3 3.6 GHz
16
240 GB SSD
24 (3 modules)
SSG450
4(8) Cores Xeon E3 3.9 GHz
16
2*240 GB
SSD (RAID-1)
24 (3 modules)
*Modules:
• 8 GE copper
• 8 GE SFP
• 2 10GE SFP+
Model
Expansion bays
SG 210
SG 230
1
SG 310
SG 330
1
Other
redundant
hot swap
power supply
SG 430
SG 450
3
1 x 8 port copper incl.
7
FleXi Port Modules
• Same type as existing UTM525/625 modules but not compatible
• All modules supported on all 1U SG models
• SFP+ module is dual rate 1/10 Gbps)
○
Auto-negotiate speed when using 1/10 dual rate GBICs (available on Sophos
pricelist)
• Support same GBICs as UTM425/525/625
8 port 1 GbE Copper
8 port 1 GbE SFP
2 port 1/10 GbE SFP+
• Requires SFP compatible
mini-GBICs (TX, SX, LX)
 Requires SFP+ compatible miniGBICs (SR, LR)
 Supports dual rate 1/10 GbE
8
Product details SG 4xx
• 10 GbE SFP+ modules can be used in any new SG model
○
use slot A or C if you require 10Gbps+ performance
• Configure unit via separate MGMT port
• New Joystick for navigating through LCD menu
○
LEFT/RIGHT/UP/DOWN, Press for Enter
• Two redundant SSD on SG 450 -> replace complete unit if one SSD fails
• Redundant power supply module for SG 450 only (option)
Slot A:
Optional
module
Slot B:
Slot C:
default module Optional
( 8*GE)
module
MGMT
(Eth0)
Joystick
9
Performance
& Sizing
10
Performance
IPS Performance optimization
 Automatic adjustment of the IPS settings depending on
hardware( CPU-Cores, RAM)
 Optimized Rule Sets
50% higher performance
Hardware
 New hardware appliance types will bring huge performance
gains compared to actual revisions
~ 100%-300% higher performance
11
UTM vs. SG appliances
Performance
Positioning
625
525
650
550
625
525
450
425
320
430
330
425
230
320
310
220
230
650
550
450
430
330
310
220
210
135
125
210
120
115
110
105
110 BG
100 BG
135
125
115
115 BG
105 BG
Sophos UTM
SSG
Sophos UTM
120
110
100
SSG
12
Performance
13
Sizing
SG1xx
SG5xx | SG6xx
14
SG Licensing
License upgrades & HW refresh
• SG appliance require new license types, e.g. „SG 210“
• UTM licenses can be upgraded to SG licenses via MyUTM
• SG licenses can be upgraded to higher model via MyUTM
UTM220
SG210
SG230
SG310
UTM320
UTM425
SG330
SG430
SG450
15
How about
the competition?
16
Example
„SG 230“ compared to competitors
„SSG 230“
Flexible Deployment:
•
•
Up to14 Ports
Module for Fiber- and 10GbE-Ports
Optional Modul
(up to 8 Ports)
6*GE
Performance above average:
Fortinet
Sophos
Sophos new
Sonicwall
Watchguard
FG 200D
3000
UTM 320
3500
SSG230
UTM230
13000
NSA 3600
3.400
XTM 535
3000
VPN Throughput (Mbps)
1300
620
1000
1.500
550
IPS Throughput (Mbps)
1700
1300
2000
1.100
2400
AV Throughput (Mbps)
1100
375
800
600
1800
Model
Firewall Throughput (Mbps)
Attractive Price – comparable to FG 200D
FG 200D
2*GE WAN
NSA 3600
16*GE
2*SFP
2*SFP+ 4*SFP 12*GE
XTM 535
1*FE
6*GE
17
Competitive Advantages
Sophos UTM
Fortinet
SonicWall
Highest LAN port flexibility
• Modular LAN ports (copper/fiber/10GbE) on every
rackmountable model
• No modular ports
• Limited # of fiber /10
GbE ports
• No modular ports
• Limited # of fiber /10
GbE ports
Highest Firewall throughput
• >10 Gbps FW throughput on all 19-inch models
• >10 Gbps only on
500+ user model
• >10 Gbps only on
500+ user model
Fastest content scanning in secure proxy mode
• In memory scanning through high memory capacitiy
• Faster only in
streambased mode
(security limitations)
• No proxy mode
Easy box administration and status check
• LCD display & VGA port on all 19-inch models
• No LCD or VGA ports
• No LCD or VGA ports
Local storage of logging, reporting and quarantine data
without requiring external servers
• Fast integrated harddrive on every model
• Need external server
or optional expensive
harddrive, if available
• Need external server
No performance compromises on software/virtual
platforms
• Based on standard Intel technology not requiring
custom ASICs
• Performance in
virtual environments
is significantly lower
• No virtual platform
support
Easy performance scaling
• Dynamic clustering of up to 10 units
• Plug´n´play
• Manual cumbersome
config on command
line for max. 2 units
• Manual cumbersome
config on command
line for max. 2 units
18
Tips & Tricks
for Admins
19
WebAdmin offers identical functionality
20
How are the NICs numbered?
• For each slot there are eight port numbers reserved irrespective, if you plugged in a 8-port
module or only a 2-port module. This leads to the following configuration if a 2-port module is
plugged in slot A and a 8-port module is plugged in slot B & C:
• Example for a SG430:
eth1 [A1] eth2 [A2] eth9 [B1] ... eth16 [B8] eth17 [C1] …
eth0 (MGMT)
eth1 [A1]
eth2 [A2]
eth9 [B1]
...
eth16 [B8]
eth17 [C1]
…
Slot A:
Optional
module
Slot C:
Slot B:
Default module Optional
module
( 8*GE)
MGMT
(eth0)
• Depending on the configuration gaps can appear in the naming. This avoids that NICs get a
different name after an additional module has been plugged.
• Slot B is not designed to offer 10GB internally – that´s why the default module with 1GE only is
mounted in Slot B.
21
More Details about NICs
• Where can I find the eth0 port on a device without MGMT port?
 It is always the port which is located the furthest to the left.
• What to do, when I move a module from Slot B to Slot A?
 Assign via Webadmin e.g.: eth9[B1] becomes eth1[A1] (assignment also needed after
backup from UTMxxx to SGxxx in cases where the ports vary)
• What will change if I replace (RMA) a defective module?
 Nothing, configuration is bound to port position, not MAC address
• Are the modules hot-pluggable?
 No, the appliance needs to be shut down before inserting or replacing a module.
• How does Auto-config HA work on systems with modules?
 Auto-config HA is typically activated on port eth3. SG appliances don’t have a fixed eth3
port or the module slot with this port number might not be in use, so this mode is being
deactivated by default. Activate manually via WebAdmin for any port of your choice.
http://www.sophos.com/de-de/support/knowledgebase/121091.aspx
22
High Availability
• Clustering
○ Clustering for SG is supported (as it is for existing UTM)
○ Clustering between SG and UTM appliances is not supported
○ Different model types = different licenses!
• Migration from UTM Cluster to SG Cluster
○ Backup of UTM master
○ Offline setup of new SG master (not yet connected with the productive network)
○ Restore the UTM backup on SG master
○ Setup of SG slave (connect HA cable with SG master, wait until SYNC is completed)
○ Check if SG cluster is working (failover?)
○ Turn off UTM cluster and disconnect from productive network
○ Connect SG cluster with the productive network
23
Roadmap
24
SG Appliance Roadmap
CY 2014
CY 2013
Q4
Q1
Q2
CY 2015
Q3
SG 2xx/3xx/4xx
Q4
Q1
Q2
Q3
SG1xx
SG 550
SG1xx-W
SG 650
Wireless
versions
of SG 1xx
New models SG 105/115/125/135
- Newest Intel technology (two platforms)
- 2-3x performance increase
- Same 4 models as wireless versions
New SG 550 and SG 650 models
- Based on latest Intel Ivy Bridge architecture
- Faster CPUs, more Cores, SSDs, more ports
- ~50% performance increase
Subject to be changed without notice.
25
SG 1xx Series
Tech Specs
Model
Cores
RAM
Disks
GE
Ports
other
SG105
SG105w
2
2
320 GB
HDD
4
fanless
SG115
SG115w
2
4
320 GB
HDD
4
fanless
SG125
SG125w
2
4
320 GB
HDD
8
Intel QuickAssist
support
SG135
SG135w
4
6
320 GB
HDD
8
Intel QuickAssist
support
All models:
• 2* USB 2.0 ports
• 1* VGA port
• 1*RJ45 console port
Subject to be changed without notice.
26
SG 550/650
Tech Specs
Model
Cores/
Threads
RAM
Disks
MaxPorts
SG550
12 (24)
24
2*Intel SSD DC S3500 Series 300GB
RAID-1 hot swap
24
(3 modules)
SG650
20 (40)
48
2*Intel SSD DC S3500 Series 480GB
RAID-1 hot swap
32
(4 modules)
All models:
• 2 GbE Mgmt ports (front)
• 1 Console port RJ45 (front)
• 2 USB ports (front)
• 1 USB port (rear)
• 1 VGA port (rear)
• 1 LCD orange (16*2)
• Dual hot swap power supply
• LSI RAID controller with cache
Subject to be changed without notice.
27
Documentation
• Sophos UTM
○
http://www.sophos.com/en-us/products/unified-threat-management.aspx
• Quick Start Guide, Operating Instructions and more for UTM & SG
○
http://www.sophos.com/en-us/support/documentation/sophos-utm.aspx
• Datasheet UTM & SG
○
http://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophosutmoverviewdsna.pdf?la=en
• Datasheet SG2xx/3xx/4xx
○
http://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophos-sg-series-appliances-brna.pdf
• SG Sales Tools (Sizing Guide, Competition and more)
○
https://partnerportal.sophos.com/en-us/blog/2014/04/sg-series-hardware-appliances-are-here.aspx
• SG Appliances as Movie Stars
○
http://vimeo.com/album/2911410/video/91756137
• Contact technical Pre-Sales:
○
[email protected]
28
Thank
you very
much!
Lutz Linzenmeier
Director Sales Engineering NEEMEA
[email protected]
29

Similar documents

×

Report this document