1. Introduction

Fisherman's SSL VPN Security Gateway (SJJ1319) provides an alternative option for customers to remote access with a higher security, richer access policy, and support for a wider range of client devices. The gateway makes it possible for enterprises to provide differentiate identity-based access methods for remote access users. It fully satisfies the communication requirements from different levels on the Internet. Fisherman SSL VPN National Cipher Security Gateway is a professional high-speed VPN gateway product. It adopts standard SSL and TLS protocols and fully supports the national cryptographic algorithms SM1, SM2, SM3 and SM4 designated by the State Cryptography Administration. It contains comprehensive certificate authentication system (supporting third-party CA), providing high-intensity authentication based on digital certificates, high-intensity data encryption transmission, integrity verification and digital signature and verification services, ensuring the interconnection and intercommunication among internal networks and Internet branches, external personnel such as staffs on business trips, protects the internal server groups of the enterprise and ensures the security of remote access to internal network resources.

Application fields: government, public security, taxation, finance, enterprises, universities, and other fields.

Commercial cryptographic product model: SJJ1319.

2.Features

Protocols and standards: Follow the latest "SSL VPN Technical Specifications" issued by the State Cryptography Administration, fully support the national cipher SSL protocol, and support the SM1, SM2, SM3, SM4 national cryptographic algorithm protocol suite.

Terminal support: Full support for PCs of all versions of Windows operating systems.

Application support: Full support for various B/S applications and C/S architecture applications based on IP protocols, such as WEB, EMAIL, FTP, CRM, ERP, OA, file sharing, etc.

Single sign-on: Supports single sign-on functions for various B/S and C/S architectures; supports one-to-many master-slave accounts.

Data encryption transmission: The SM1/SM4 cryptographic algorithm specified by the State Cryptography Administration is used to implement high-intensity encrypted transmission of data.

Virtual DNS: Provides a DNS service that allows users to access internal servers through a customized domain name.

Local authentication: Provides a CA center, which can issue CA certificates for user login authentication, support certificate validity period control, and support the issuing certificate to be saved as a file or saved to USBKEY.

Third-party certification: Supports linkage with third-party CA centers.

User management: Supports flexible management based on "role + group" architecture, supports administrator roles, SSL user roles, and custom roles. User roles and permissions can be freely configured, user permissions are safely separated, and various users can be managed base on their level and privilege.

Firewall: Supports packet filtering firewall and string filtering, and can defend against multiple attacks such as DOS, SYN Flood, ICMP Flood, and fragmentation attacks. It supports time-based access and customized rules.

Network management: Support network interface configuration and provide route forwarding. It can be configured with various methods such as IP address, network mask, DNS, PPPOE dialing, static and dynamic IP, and various routing and forwarding modes can be configured.

Status monitoring: Support system self-test, and display system operation status, system connection, system performance, network performance, network connection, routing entries, etc. through various modes such as charts, and provide intuitive status monitoring means.

Log management: support system operation, running log records and auditing; support log download and hierarchical management, and support intelligent management of log capacity.

3.Superiority

Follow the latest "SSL VPN Technical Specifications" issued by the State Cryptography Administration, fully support the national secret SSL protocol;

fully support the SM1, SM2, SM3, SM4 commercial cryptographic algorithms approved by the State Cryptographic Authority, which has higher security rate.

Independent hardware crypto card:

Fisherman SSL VPN security gateway adopts the high-speed crypto card independently developed by Fisherman Co., which separates the encryption/decryption process that needs more resources from the CPU and improves the performance of the SSL VPN gateway.

Load balancing:

Load balancing algorithm is used to ensure resources access load are balanced and access servers are dynamically selected to improve access efficiency.

Built-in CA system, support for third-party CA:

Fisherman digital certificate authentication system is built in the VPN. Clients can also build their own complete identity authentication system. VPN server certificate and personal identity certificate service are provided, and digital certificates of third-party digital certificate centers are also seamlessly supported.

Support multiple authentication methods:

Support digital certificate, username/password, LDAP, Radius, SMS modem + SMS gateway and other authentication methods.

4. certificate