Based on the vendor's Halon Operating System (H/OS), which in turn is based on BSD, the Halon Security Gateways are individual appliances deployed at the network gateway that provide combined services, including VPN (site to site and client to site), firewall (stateful packet and content filtering, intrusion detection), and routing (static and dynamic--RIP, OSPF, BGP) features. The products are served in the vendor's SX series of appliances.

Features in common to all models include management via a Web browser GUI or an SSH/console accessible command line; both application and protocol level filtering capabilities (via built-in protocol, FTP proxy, and HTTP proxy engines; the latter of which supports access control settings via URL, address, mime-type, and more); support for IPSec and PPTP VPN connections; session-aware failover (when two or more units are deployed); support for bandwidth priority and ECN-enabled QoS settings; and TCP reassembly capabilities in which weak TCP sequences, identification numbers, or keys, can be transparently replaced by the firewall with a randomly generated value. On the higher models, load balancing for up to 32 nodes is also supported.

The SX series is currently served in two primary flavors, with two additional models described on the site as due later this year.

The SX 101 is targeted to SMB/department deployments, and includes 4 100 Mb/sec Ethernet ports. Up to 100,000 concurrent connections are supported, with no built-in limit on concurrent VPN tunnels (A/B). The SX 101 is actually offered in three different configurations: The "A" configuration includes VPN acceleration, failover, and load balancing features; the "B" model drops the load balancing capabilities, and the "C" model includes none of these additional features. The "C" model additionally supports only 50 concurrent VPN tunnels.

The SX 200 is targeted to enterprise deployments, and includes 8 10/100/1000 ports. Throughput metrics are listed at wirespeed (1 Gb/sec) for intrusion detection, and 250 Mb/sec for AES, 3DES, and VPN encapsulation connections. Up to 500,000 concurrent connections are supported, and 1,000 VPN tunnels.

In addition to its higher performance, additional features in the SX 200 include support for Web and application level authentication; IKE-based key management; support for deployment in transparent bridge mode; support for up to 1,024 VLANs; and support for virtual firewall settings.

Listed as due this year on the vendor's Web site is the SX-50, for SOHO deployments; and the "Enterprise Series" SX 300s, with higher performance for Enterprise deployments.

The SX-101 and SX-200 gateways are available now. Contact Halon Security for further information.

product submission by EITPlanet Staff

E-Mail this page to a colleague
send info about Halon Security Gateways

Suggest a link
for the Halon Security Gateways fact sheet