CEP10G

Certes Enforcer Appliance

CEP10G

The Certes Net Enforcer Variable Speed Encryptors (VSEs) are bandwidth customizable multi-layer encryption appliances that provide tunnel-less data protection, including Ethernet frame encryption for Layer 2 networks, IP packet encryption for Layer 3 networks, and Layer 4 data payload encryption for IP and MPLS networks. The VSEs offer full-duplex encryption at 15 standardized rates ranging from 3Mbps to 10Gbps using the AES-256 algorithm. The VSEs enable organizations to standardize on a single platform capable of encrypting at various throughputs, based on software licenses. This allows organizations to continue to use the same encryption hardware as their bandwidth needs increase, providing both flexibility and investment protection. The VSEs integrate easily into any existing network, operating transparently to the network infrastructure. They ensure data transmissions are encrypted,
without compromising performance.

Scalable and Secure Group Encryption – The VSEs use scalable group encryption to provide encrypted and authenticated low-latency any-to-any connectivity. CryptoFlow Net Creator, Certes Networks’ web-based management platform, manages the VSEs to securely generate and distribute group keys to authorized endpoints. By avoiding the use of IPsec tunnels, group encryption greatly reduces deployment complexity and provides fully meshed encryption that is easy to manage. The solution is also compatible with load balancing, highly available network designs, QoS and network monitoring tools.

Ethernet Frame Encryption – The VSEs are compatible with all Layer 2 unicast, multicast, point-to-point, and multi-point-to-multipoint topologies. They also authenticate all Ethernet frames, preventing man in the middle attacks. Encryption polices can be based on VLAN ID’s Ethertype (L2 option) for crypto-graphic segmentation of data or can be set to encrypt all Ethernet frames. Persistent authentication of frames ensures that the data received at the remote end of a connection originated from a trusted source. While encryption directly protects data, without authentication, data streams remain vulnerable to modification from man in the middle attacks. Unlike many encryption solutions, the VSE’s provide continuous authentication to ensure that both the data and the communication streams are uncompromised. Without both, the network and data are less than secure.

IP Packet Encryption – Using the IP Security (IPsec) protocol, the VSEs provide full data encryption for Layer 3 IP networks. The VSE family utilizes the Certes Networks Encapsulating Security Payload protocol (CN-ESP) to encrypt the IP packet, while preserving the original IP header. This unique functionality maintains network transparency while
providing maximum data protection. By preserving the original header and encrypting only the payload, the VSEs can protect data over any IP infrastructure including multi-carrier, load-
balanced, and high availability networks.

Payload Only Encryption – In addition to standard IPsec encryption, (which encrypts the Layer 4 header), the VSEs offer a Layer 4 compatible “payload only” encryption option. This unique, patent-pending capability allows network services, such as Net flow/Jflow, and Class of Service (CoS) based traffic shaping, to be maintained through the service provider network while the payload itself is encrypted.

Central Policy Management – The VSEs can be configured and centrally managed via the CryptoFlow Net Creator software. CryptoFlow Net Creator allows both security and network administrators to quickly and easily manage network security from a centralized interface with simple, yet powerful, drag-and-drop policy creation capability. Encryption policies can be based on source or destination IP addresses, source or destination port numbers, protocol
IDs, or VLAN tags. Policies can be quickly and easily modified in seconds on even the largest networks, without traffic disruptions or interaction with remote personnel. CryptoFlow Net Creator also provides logging and audit capabilities.

Technical Specifications

ENCRYPTION ALGORITHMS

  • 500, 650Mbps and 1, 2.5, 5 and 10Gbps *
  • Dependent on packet size of 512 or larger

ENCRYPTED THROUGHPUT

  • AES-CBC-256
  • 3DES

MESSAGE AUTHENTICATION & INTEGRITY ALGORITHMS

  • SHA1
  • SHA2

NETWORK SUPPORT

  • Ethernet
  • VLAN tag preservation
  • MPLS tag preservation
  • IPv4
  • IPv6
  • NTP

POLICY SELECTOR OPTIONS

  • Source or destination IP address Source or destination port number Protocol ID (L3 and L4 options) VLAN ID (L2 option)
  • Multicast address

DEVICE MANAGEMENT

  • CryptoFlow Net Creator Command Line Interface
  • Out-of-band management Alarm condition detection and reporting
  • Syslog support
  • SNMPv2c and SNMPv3 managed object support Audit Log

MANAGEMENT COMMUNICATION SECURITY OPTIONS

  • X.509 v3 digital certificates
  • TLS (full authentication)
  • SSH

ENVIRONMENTAL

  • Operating temperature: 0° to 40° C (32° to 104° F)
  • EU WEEE
  • EU RoHS-5

REGULATORY

  • Safety: UL 60950-1
  • Emissions: FCC part 15 subpart B class A

INDICATORS

  • Power
  • Alarm
  • LED Status
  • Link Status, Encrypting and 2x8 segment display
  • Encrypting

PHYSICAL

  • 2U tamper resistant chassis
  • Dimensions: 17”W x 3.5”H x 15”D
  • Rack mountable in standard 19” rack
  • Power: 100-240V A/C @ 4A, 50/60Hz, auto-sensing
  • Dual hot-swappable internal power supplies- AC or DC (-48V)
  • Customer replaceable fan assemblies
  • FIPS 140-2 Level 2 validated (certificate #1797)
  • Hardware designed to meet FIPS 140-2 Level 3 requirements
  • Common Criteria EAL4+ Certified

INTERFACES

  • Data: Two full-duplex 10 Gigabit Ethernet ports with SFP+ interfaces (single mode, multimode or copper)
  • Management: One 10/100/1000 Ethernet RJ45, one Gigabit Ethernet (SFP) and one RJ45 serial port
  • Three full-duplex Gigabit Ethernet ports with SFP interfaces (single mode, multimode or copper) or three full-duplex 10/100/1000 Ethernet ports with RJ45 interfaces (reserved for future use)
  • Two USB ports (reserved for future use)

About USAccess, LLC

USAccess, LLC has been in business since 1997 as a Telecom Consultancy representing 40 Carriers serving domestic and International markets. We are also a Value Added Reseller of Network Security Products and Services providing data protection for corporate digital assets and cloud applications.

Call us today for pricing on Certes Networks - Security Networks Solutions.  Your data assets are valuable, so don’t settle for less if you can have the best!

"It was a pleasure working with USAccess. They gave us huge discounts and the quality of their product is top-notch."
sd-wan_users
Hannah S.
IT Expert
“Glad I found USAccess, they are one of the best consultants in the market today. Two thumbs up!"
sd-wan_users_2
Ella C.
CEO

Copyright © 2017. USAccess LLC. All Rights Reserved

×

SCHEDULE A 30 MINUTE SD-WAN WEBINAR

×
×

SCHEDULE A 30 MINUTE GEMALTO WEBINAR

×
×

GET A QUOTE

×

GET A QUOTE

×

GET A QUOTE

×

GET A QUOTE

×