OPNsense A10 Dual Core Rack Series DEC2600, DEC2610 (c) 2018 Deciso B.V., AllRights Reserved. [rev.190618] 2018(c) Deciso B.V.,
The OPNsense A10 Dual Core Rack secures your network with high-end features such as inline intrusion prevention, virtual private networking, two factor authentication, captive portal and filtering web proxy. The optional high availability setup ensures stable network performance with automatic failover and synchronised states, minimising disruption. Keep your network secure and the good packets flowing.
Guard Web Access 900Mbps Throughput Filtering (SSL) Proxy 75.000 Packets per Second Captive Portal with Voucher support
100Mbps Inline High Speed 16GB / 128GB SSD Intrusion Prevention & Offering Sufficient Space for SSL Finger Printing Logging & Reporting (SSD version)
Fast Filtering System wide two-factor 10.000 connections P/Second authentication. Compatible with Google Authenticator.
Hardware Assisted Encryption 300Mbps IPsec (AES256GCM16)
Se����n� Ne�w��k�
DATASHEET Deciso Sales B.V. • +31 187 744 020 • [email protected] • www.deciso.com HARDWARE DUTCH QUALITY - MADE IN THE NETHERLANDS
DEC2600 & DEC2610
DEC2600 & DEC2610
Se����n� Ne�w��k�
Deciso Sales B.V. • +31 187 744 020 • [email protected] • www.deciso.com SOFTWARE VERSATILE - OPEN SOURCE - FULLY FEATURED
OPNsense is Deciso’s fast growing open source firewall and security platform released under an Open Source Initiative approved license. It’s rich feature set is combined with the benefits of open and verifiable sources.
All features can be used from within the easy to use graphical interface, equipped with a build-in search feature for quick navigation. Protecting your network has never been this easy, utilise the integrated intrusion prevention capable of blacklisting based on SSL fingerprints and the two-factor authentication for safely connecting mobile users.
Keep full insight on the traffic flowing trough your firewall at all times, with its advanced Netflow capture, aggregate & reporting tool ‘Insight’.
High-end Security Made Easy™
Businesses School networks Protect your business network and secure Limit and share available bandwidth your connections. evenly amongst students and utilise the From the stateful inspection firewall to the category based web filtering to filter inline intrusion detection & prevention unwanted traffic such as adult content and system everything is included for free.Use malicious websites. Its easy to setup as no the traffic shaper to enhance network additional plugins nor packages are performance and prioritise you voice over required. ip above other traffic. Backup your configuration to the cloud automatically, no need for manual backups.
Hotels & Campings On the road Hotels and campings usually utilise a Even on the road OPNsense is a great captive portal to allow guests (paid) asset to your business as it offers access to internet for a limited duration. OpenVPN and IPSec VPN solution with Guests need to login using a voucher they road warrior support and two-factor can either buy or obtain for free at the authentication. The easy client exporter reception. OPNsense has a build-in make configuring your OpenVPN SSL captive portal with voucher support and client setup a breeze. can easily create them on the fly.
Remote Offices & SOHO Utilise the integrated site to site VPN (IPsec or SSL VPN) to create a secure network connection to and from your remote offices. Enjoy the easy configuration and online searchable documentation with simple how-to type of articles to get you started, quickly.
Se����n� Ne�w��k�
Deciso Sales B.V. • +31 187 744 020 • [email protected] • www.deciso.com SOFTWARE FEATURE OVERVIEW
• GUI ๏ Inline Prevention ๏ History & Diff support • SSH / Console ๏ Integrated rulesets ๏ File Backup Certificates • SSL Blacklists ๏ Cloud Backup Stateful firewall ๏ Certificate Authority • Feodo Tracker SNMP ๏ Filter by • Create or Import CA’s • Geolite2 Country IP ๏ Monitor & Traps • Source • Create or Import Certificates • Emerging Threats ETOpen Diagnostics • Destination ๏ Let’s Encrypt (Plugin) ๏ SSL Fingerprinting ๏ Filter reload status • Protocol • Automated (Trusted) CA ๏ Auto rule update using ๏ Firewall Info (pfInfo) • Port 802.1Q VLAN support configurable cron ๏ Top Users (pfTop) • OS (OSFP) ๏ max 4096 VLAN’s Captive Portal ๏ Firewall Tables ๏ Limit simultaneous connections on Link Aggregation & Failover ๏ Typical Applications • Aliases a per rule base ๏ Failover • Guest Network • Bogons ๏ Log matching traffic on a per rule ๏ Load Balance • Bring Your Own Device (BYOD) ๏ Current Open Sockets bases ๏ Round Robin • Hotel & Camping Wifi Access ๏ Show All States ๏ Policy Based Routing ๏ Cisco Ether Channel (FEC) • Template Management ๏ State Reset ๏ Packet Normalisation ๏ 802.3ad LACP • Multiple Zones ๏ State Summary ๏ Option to disable filter for pure Other Interface types ๏ Authenticators ๏ Wake on LAN router mode ๏ Bridged interfaces • All available authenticators ๏ ARP Table Policy organisation ๏ Generic Tunnel Interface (GIF) • None (Splash Screen Only) ๏ DNS Lookup ๏ Alias Support ๏ Generic Routing Encapsulation ๏ Voucher Manager ๏ NDP Table • IP addresses ๏ 802.1ad QinQ • Multiple Voucher Databases ๏ Ping • Port ranges Network Address Translation • Export vouchers to CSV ๏ Packet Capture • Domain names (FQDN) ๏ Port forwarding ๏ Timeouts & Welcome Back ๏ Test Port ๏ Interface Groups ๏ 1:1 of ip’s & subnets ๏ Bandwidth Management ๏ Trace route • Create security zones with equal ๏ Outbound NAT • Use Traffic Shaper Monitoring rules ๏ NAT Reflection ๏ Portal bypass ๏ Zabbix Agent (Plugin) ๏ Rule Category Traffic Shaping • MAC and IP whitelisting ๏ Monit (Plugin) • Easy access rule sets ๏ Limit bandwidth ๏ Real Time Reporting • Proactive System Monitoring Granular control state table ๏ Share bandwidth • Live top IP bandwidth usage Enhanced Reporting ๏ Adjustable state table size ๏ Prioritise traffic • Active Sessions ๏ Network Flow Analyser ‘Insight’ ๏ On a per rule bases ๏ Rule based matching • Time left • Fully Integrated • Limit simultaneous client • Protocol • Rest API • Detailed Aggregation connection • Source Virtual Private Networks • Graphical Representation • Limit states per host • Destination ๏ IPsec • Clickable and Searchable • Limit new connections per • Port • Site to Site • CVS Exporter second • Direction • Road Warrior ๏ System Health • Define state timeout IGMP Proxy ๏ OpenVPN • Round Robin Data • Define state type ๏ For multicast routing • Site to Site • Selection & Zoom ๏ State types Universal Plug & Play • Road Warrior • Exportable • Keep ๏ Fully supported • Easy client configuration ๏ Traffic Graph • Sloppy Dynamic DNS exporter • Live Traffic Monitoring • Modulate ๏ Selectable form a list ๏ Tinc (Plugin) Network Monitoring • Synproxy ๏ Custom • Full mesh routing ๏ Netflow Exporter • None ๏ RFC 2136 support ๏ ZeroTier (Plugin) • Version 5 & version 9 ๏ Optimisation options DNS Forwarder • VPN, SDN & SD-WAN • Local for ‘Insight’ • Normal ๏ Host Overrides ๏ PPTP (Legacy) Firmware • High latency ๏ Domain Overrides ๏ LT2P (Legacy) ๏ Support Virtual Installs • Agressive DNS Server High Availability • VMware tools (Plugin) • Conservative ๏ Host Overrides ๏ Automatic hardware failover • Xen Guest Utilities (Plugin) Authentication • A records ๏ Synchronised state table ๏ Easy Upgrade ๏ External Servers • MX records ๏ Configuration synchronisation • Reboot warning for base • LDAP ๏ Access Lists Caching Proxy upgrades • Radius DNS Filter ๏ Multi interface ๏ SSL Flavour selectable ๏ Integrated Servers ๏ Supports OpenDNS ๏ Transparent Mode • OpenSSL • Local User Manager DHCP Server ๏ Support SSL Bump • LibreSSL • Vouchers / Tickets ๏ IPv4 & IPv6 ๏ SSL Domain only (easy filtering) ๏ Selectable Package Mirror • FreeRadius (Plugin) ๏ Relay Support ๏ Access Control Lists ๏ Reinstall Single Package Authorisation ๏ BOOTP options ๏ Blacklists ๏ Lock Package (prevents upgrade) ๏ User Interface Multi WAN ๏ Category Based Web-filter ๏ Audit Feature • Local User Manager ๏ Load balancing ๏ Traffic Management • Check installed packages for Accounting ๏ Failover ๏ Auto sync for remote blacklists known security vulnerabilities ๏ FreeRadius (Plugin & External) ๏ Aliases ๏ ICAP (supports virus scan engine) ๏ Plugin Support ๏ Vouchers / Tickets Load Balancer Virus scanning REST API 2-Factor Authentication ๏ Balance incoming traffic over ๏ External engine support (ICAP) ๏ ACL support ๏ Supports TOTP multiple servers ๏ ClamAV (Plugin / C-ICAP) Online Documentation ๏ Google Authenticator Network Time Server Reverse Proxy ๏ Free & Searchable ๏ Support services: ๏ Hardware devices ๏ HAProxy - Load balancer (Plugin) • Captive Portal • GPS Online Identity Protection • Proxy • Pulse Per Second ๏ Tor - Anonymity online (Plugin) • VPN Intrusion Detection & Prevention Backup & Restore Se����n� Ne�w��k�
Deciso Sales B.V. • +31 187 744 020 • [email protected] • www.deciso.com SPECIFICATIONS PERFORMANCE & FEATURES
DEC2600 DEC2610 Hardware Specifications GbE RJ45 Ports [ 10/100/1000Mbps ] 3 3 USB Ports 1 1 Console Port 1 1 Internal Storage 16GB 128GB Memory 4GB DDR3 4GB DDR3 CPU Cores 2 (1.0Ghz) 2 (1.0Ghz) Virtual Interfaces (802.1q VLANS)1 4093 4093 System Performance Firewall Throughput 900 Mbps 900 Mbps Firewall Packets Per Second 75000 75000 Firewall Port to Port Throughput 850Mbps 850Mbps Firewall Port to Port Packets Per Second 70000 70000 Concurrent Sessions 3000000 3000000 New Connections Per Second 10000 10000 Firewall Policies (Recommended Maximum)1 5000 5000 IPsecimum) VPN Throughput 300 300 SSL VPN Throughput (single tunnel) 85Mbps 85Mbps Threat Protection Throughput (IPS) 100Mbps 100Mbps High Availability with State Synchronisation Requires Two Requires Two Dimensions Height x Width x Length (mm) 44 x 485 x 335 44 x 485 x 335 Height x Width x Length (inches) 1.74 x 19 x 13.2 1.74 x 19 x 13.2 Form Factor Rack Mount 1U Rack Mount 1U Weight (Kg) 3.70 3.80 Environment Power Requirements 100-240VAC, 50-60Hz 100-240VAC, 50-60Hz Maximum Current 0.8A 0.8A Power Consumption (Typical) 15W 20W Heat Dissipation 85 BTU/hr 85 BTU/hr Operating Temperature 0 to +45°C 0 to +45°C Storage Temperature -20 to +70°C -20 to +70°C Humidity 10-90% non-condensing 10-90% non-condensing Regulatory Compliance FCC part 15 Class A, CE, Rohs FCC part 15 Class A, CE, Rohs
1 The user interface is designed for normal business usage, large rulesets, high number of users or interface assignments may be less practical. All measurements are based upon TCP traffic unless stated otherwise. Total Firewall Throughput is calculated based on system utilisation and port-to-port performance test in full duplex. Maximum PPS is measured using 216 byte packets. Latency is Measured using the Real Time Response Under Load test with active Traffic Shaper - shaping up to line speed - and the CoDel scheduling algorithm. IPS performance is measured using a http simulation with random sized small (400-800 bytes) send packages and 1K-8K response packages with 150 simultaneous emulated users and 21000 rules enabled. SSL VPN is measured using AES256GCM16+SHA512 and total throughput is calculated based on system load.Concurrent sessions are based upon memory available, where one state consumes 1KB of memory and 1GB of memory is reserved for system tasks.
Se����n� Ne�w��k�
Deciso Sales B.V. • +31 187 744 020 • [email protected] • www.deciso.com