Filter
Top Products
12 Introduction March 2004
Avaya SG203/SG208 Security Gateway Hardware Installation Guide
Data authenticity is assured by using HMAC-MD5™ or HMAC-SHA-1
packet signatures to reject altered or forged packets. All security
mechanisms employed by the security gateway conform to IPSec
standards, in order to provide interoperability and broaden the use of VPN
technology.
Performance
For maximum network flexibility, the SG203 security gateway supports
four 10/100BASE-T Ethernet interfaces, and the SG208 supports four 10/
100/1000BASE-T Ethernet interfaces.
When packets are encrypted and authenticated according to IPSec
protocol guidelines, additional bytes, in the form of IPSec headers, must
be added to packets. In many cases, the additional packet overhead
imposes a performance penalty in return for security. The extra bytes tend
to lengthen packets and reduce the throughput (measured in packets per
second). The overhead depends on the IPSec policy and could be up to
63 bytes.
Table 2 SG203/208 performance specifications
SG203 SG208
IKE Sessions 3000 8000
IPSec Sessions 12,000 16,000
Subnets supported 21
Firewall TCP/UDP
Sessions
200,000 300,000
VPNremote users
(Default/Max)
100/3000 100/8000
Site to Site (Default/Max) 50/300 100/1000
Protected FW/VPN
Devices
3000 8000