Allied Telesis
www.alliedtelesis.com
AT-AR415S
| Secure Modular Router
Firewall
Allied Telesis’ high performance Stateful Inspection
Firewall provides a high level of security by
supplying full application-layer awareness without
breaking the client/server model.
Allied Telesis’ Stateful Inspection Firewall:
•
Offers per packet dynamic access control (Stateful
Inspection) for all traffic reaching the firewall
•
Protects against a wide range of Denial of
Service (DOS) attacks, including Ping of
Death, Smurf attacks, port scans, fragment
attacks and IP Spoofing
•
Sends automatic email alerts to initiate
appropriate action
Software Quality of Service
The AlliedWare
TM
operating system provides
advanced Quality of Service (QoS) and traffic
shaping features.There are five key QoS features
available on the AT-AR415S:
•
Bandwidth Metering
•
RED Curves
•
Mixed Scheduling
•
Virtual Bandwidth
•
Dynamic Application Recognition (DAR)
Software QoS also supports eight queues per
interface. DAR is used to snoop for session
setup exchanges and dynamically create
classifiers that match the voice and video
packets in the session. For more information,
see the Allied Telesis Advanced QoS White
Paper available on our website.
Triggered Events and Scripts
A trigger sets off an ordered sequence of
scripts and router commands to be executed
when a certain event occurs.This is a powerful
mechanism for automating the execution of
router commands in response to specific
events. Each trigger may reference multiple
scripts and any script can be used by any
trigger. Using this feature, the AT-AR415S can,
for example, send an email alert to the network
manager when trouble occurs, or can
automatically shut down an interface to protect
against suspected attacks.
The scripting facility enables sequences of
commands to be stored in a script and replayed
at any time, allowing the AT-AR415S to be
easily configured or quickly re-configured.This is
useful when developing a complex
configuration, making the same configuration
change to several different routers, Layer 3
switches or security appliances, or introducing a
configuration change that must occur at a
particular time. Scripts can be created on a PC
and uploaded to the router, or they can be
created using the router's own integrated text
editor. They can be activated either from the
command line or from a trigger.
World Class Operating System
The AT-AR415S is shipped ‘ready to run’ with
AlliedWare, a comprehensive software suite
that includes all the features, management
capabilities and performance that today’s
networks demand.
AlliedWare is Allied Telesis’ feature rich
operating system (OS) that serves as the
foundation for its entire line of Layer 3 routers
and switches. Robust and reliable, the
AlliedWare OS offers a breadth of functionality
for any application.
AlliedWare also delivers a high level of flexibility
and investment protection. AlliedWare is a
common OS, so the AT-AR415S secure
modular router is able to interoperate
seamlessly with other Allied Telesis security
appliances and Layer 3 switches. As a standards-
based implementation, AlliedWare also assures
full interoperability with all other major network
equipment vendors.
Feature licenses give access to a set of
progressive features:
•
The Advanced Layer 3 Upgrade provides a
set of cutting edge protocols such as IPv6,
BGP-4 and Server Load Balancing.
•
The Firewall Licensing Upgrade can increase
the concurrent firewall sessions from 2000 to
4000 or 8000.
•
VPN Licensing Upgrades allow for the base
unit with a single VPN tunnel to be upgraded
to 5, 10, 25 or 50 concurrent users.
Graphical User Interface
The AT-AR415S’ Graphical User Interface (GUI)
allows for swift, pain free configuration and
management.
The following major features are incorporated
in the AT-AR415S GUI:
•
Easy configuration for connection to the
Internet
•
PPP over Ethernet configuration and
monitoring
•
DHCP server configuration and monitoring
•
Firewall configuration and monitoring, ability
to view events, logs and device status
•
IPsec configuration
•
Site-to-site and Remote Access VPN wizards
3
Hardware Features
•
1 x 10/100Mbps Ethernet WAN port
•
4 x 10/100Mbps Ethernet LAN ports
•
1 x asynchronous port (RS-232)
•
1 x PIC bay
•
802.1q tagged VLANs, with support for up to
any 64 VLAN IDs of a possible 4094 (LAN
ports only)
•
Automatic MDI/MDI-X crossover with user
override via software commands (LAN ports only)
•
266MHz CPU
•
32MB SDRAM
•
16MB of Flash memory enabling storage of 2
software releases
•
On-board hardware security processor
enabling the following advanced encryption
function:
- Complete processing of IPsec header and
trailer
- Support for 3DES, DES, DES-MAC, AES,
SHA-1 and MD-5
- PKI acceleration for Diffie-Hellman, RSA and
DSA
- D-H negotiation (with 1024-bit modulus,
180-bit exponent)
- 1024-bit sign and verify RSA and DSA
Real Time Clock
The real time clock (RTC) keeps track of
current date and time. During times when the
system has been powered down, a backup
battery supplies power to the RTC.
Port Interface Cards
AT-AR020
Single configurable E1/T1
interface that supports
channelized/unchannelized
Primary Rate ISDN/Frame
Relay
AT-AR021S (V3)
4
Single Basic Rate ISDN
(S/T) interface
AT-AR023
Single Synchronous port
up to 2Mbps to an
external CSU/DSU (AT-
V.35-DTE-00 or AT-X.21-
DTE-00 cable required)
AT-AR024 Four
Asynchronous
RS232
interfaces to 115Kbps
AT-AR027
Two VoIP FXS ports
3
Available in AlliedWare 2.9.1
4
AR021S (V3) requires AlliedWare
®
Operating System
version 2.9.1-13 or later
