12 Introduction
Issue 1, June 2003
Avaya SG203/SG208 Security Gateway Hardware Installation Guide
Data authenticity is assured by using HMAC-MD5™ or HMAC-SHA-1
packet signatures to reject altered or forged packets. All security
mechanisms employed by the security gateway conform to IPSec
standards, in order to provide interoperability and broaden the use of VPN
technology.
Performance
For maximum network flexibility, the SG203 security gateway supports
four 10/100BASE-T Ethernet interfaces, and the SG208 supports four 10/
100/1000BASE-T Ethernet interfaces.
When packets are encrypted and authenticated according to IPSec
protocol guidelines, additional bytes, in the form of IPSec headers, must
be added to packets. In many cases, the additional packet overhead
imposes a performance penalty in return for security. The extra bytes tend
to lengthen packets and reduce the throughput (measured in packets per
second). The overhead depends on the IPSec policy and could be up to
63 bytes.
Table 2
SG203/208 performance specifications
Plug-and-Play installation
The auto sensing interfaces of the security gateway enables installation
into any Ethernet network. By default, the security gateway functions as a
DHCP client on the public interface and as a DHCP server on the private
interface. Immediately after receiving IP connectivity, the network
administrator can locate the security gateway via https://192.168.1.1 on
SG203
SG208
IKE Sessions
3000
8000
IPSec Sessions
12,000
16,000
Subnets supported
2
1
Firewall TCP/UDP
Sessions
200,000
300,000
VPNremote users
(Default/Max)
100/3000
100/8000
Site to Site (Default/Max)
50/300
100/1000
Protected FW/VPN
Devices
3000
8000