Contact Us Now
  Request a Call Back
  Request a Free Quote

Request a Demo >>

Let us demonstrate to you how BCM system Can transform your business >


Contact Us >>

Contact us now for fantastic
telephone system sales, support
and advice

Contact us now >>

Switched Firewall 5100 Series

The Nortel Switched Firewall 5100 series is ideal for standalone deployments at small or medium sized sites, that need network and application protection. Integrated with Nortel's Threat Protection System the Switched Firewall provides an adaptive defense against hacks, attacks, worms and viruses.

Key Features:
  • Protects and supports SIP, VoIP, wireless and other advanced services with no performance impact.
  • Combines Check Point security with Nortel networking to create a security solution that eliminates boundaries while protecting resources.
  • Improves the performance compared to server-based firewall deployments.
Features & Benefits

The Switched Firewall 5100 Series guards the network against:

  • Denial of Service attacks
  • Oversized packets
  • SYN floods
  • Fragmentation attacks
  • Nimda
  • Code Red
  • Cross Site Scripting, and other network- or application-based attacks.

The Switched Firewall 5100 Series ensures that any web services deployment can traverse the Switched Firewall without performance limitations. Application examples include:

  • Microsoft CIFS
  • SMTP, FTP, HTTP, DNS and telnet traffic
  • Instant Messaging and Peer-to-Peer Applications
  • Windows Media, RealVideo and Session Initiation Protocol (SIP)
  • H.323-based services, including Voice over IP (VoIP) and NetMeeting
  • Oracle SQL and ERP

As well, comprehensive inspection and security for Voice over IP (VoIP) makes this the only VoIP security solution to provide Denial of Service (DoS) protection for all the major VoIP protocols, including H.323, SIP and MGCP.

Easy migration of Check Point Firewall-1 or VPN-1 Pro to the switched platform.

Technical Specifications

Model / Feature 5111 5114 / 5124
Throughput (Gbps) 1.2 1.6
Session Connections per sec 12,000 10,000
Total concurrent sessions 300,000 500,000
VPN Throughput 3DES1 (Mbps) 88 88 / 350
VPN concurrent tunnels 10,000 25,000
Layer 3 protocols OSPF OSPF
Layer 2 / Layer 3 Mode Yes Yes
VLANs/IEEE 802.1q Yes Yes
Single system image upgrade Yes Yes
Expansion options No Via upgrade
High availability Yes Yes
Ethernet TX ports: 10/100 0 0
Ethernet TX ports: 10/100/1000 6 2
Ethernet Fiber ports 0 2 x 1000SX


Stateful VPN-Firewall High-performance stateful firewall appliance for perimeter deployment

• Deployed to protect medium to large branch offices

• Secured by Check Point VPN-1 Power technology

• Site-to-site and client-to-site IPsec VPN connectivity

• Key element in the Nortel Layered Defense architecture

• Protection of IT assets from a growing number of sophisticated attacks

• Layer 2 and Layer 3 deployment flexibility

• Firewall Clustering with Single System Image for pay-as-you-grow scalability and central management

High level of security for critical applications
• Integrated with Nortel Threat Protection System to prevent real-time threats and attacks

• Deep Packet Inspection with Check Point SmartDefense for extra protection from sophisticated hacks and attacks

• Multimedia and security for VoIP, SIP, Windows Media and RealVideo

• Support for Nortel VoIP portfolio (e.g., Multimedia Communication Server 5100 and Communication Server 1000)

• Built-in protection from Denial of Service attacks

Product Brief Nortel Switched Firewall 5100 Series

Network threats and attacks are on the rise. Organizations are using the network to gain a competitive advantage. Convergence of network resources drives cost savings and productivity while improving customer engagement. However, an unprotected or poorly protected network is not a competitive advantage. The network must be protected by the best security firewall available.

The Nortel Switched Firewall, based on Check Point Software, a leader in firewall technology, is a key component in Nortel’s Layered Defense. Operating as standalone appliances, the Nortel Switched Firewall 5111, 5114 and 5124 are ideal for small and medium-sized sites. The 5100 Series is certified under the Check Point Open Platform for Security (OPSEC) criteria and enhances the Firewall-1 deployment by providing a platform that is network-based, highly reliable and able to grow to support increased demand and new services.

Switched Firewall — defined
Today’s firewalls must be application aware. This means that policy inspection occurs within the application data to help ensure that no attacks, viruses or worms are transported across the firewall. While performing this basic function, the Nortel Switched Firewall 5100 Series also provides the following benefits:

> Simplified network topology for easy management and troubleshooting
> Protection from application-level attacks via Check Point SmartDefense functionality
> Availability for both site-to-site and client-to-site IPsec VPN with Check Point VPN-1
> Stateful Policy Inspection — Inspecting all traffic and comparing it to defined security rules
> Policy Enforcement and Data Forwarding — Forwarding or blocking traffic based on the rules and signatures

The Nortel Switched Firewall System 6416 or 6616 is used to provide an even higher level of performance, reliability and service. Please see the Nortel Switched Firewall 6000 Series product brief for more details. Solution applications and benefits

Layer 2 or Layer 3 mode deployment
The Switched Firewall 5100 Series supports flexible deployment in both Layer 2 and Layer 3 mode. Customers easily deploy the 5100 Series into existing topologies in Layer 2 mode. No address or routing changes are required. Network segments can then be migrated port-by-port to Layer 3 mode if desired.

Voice and multimedia services
Companies are deploying voice over IP (VoIP) and Session Initiation Protocol (SIP) services to enhance productivity. The added flexibility and mobility from these services means that VoIP and SIP traffic will need to traverse the firewall. This can present many problems. Traditional firewalls may not support the complexity of signaling used by these services. Many existing firewall implementations add too much delay or jitter into the media path and adversely affect the voice or multimedia quality. With VoIP and SIP application awareness, the Nortel Switched Firewall 5100 series can provide virtually jitterfree performance. The 5100 series firewall has been successfully tested with Nortel’s widely deployed multimedia devices (e.g., Multimedia Communication Server 5100 and Communication Server 1000).

Device Load Balancing
Up to two Firewalls can be load balanced in a cluster. Health checks are performed to ensure availability of the firewalls.

VLAN Tagging
With IEEE 802.1q support, each VLAN is supported as a separate firewall interface. Up to 242 individual VLANs are supported. Unique security policies may be implemented and enforced for each VLAN. This makes the Nortel Switched Firewall 5100 series ideal for deployment in multitenant or multi-department environments where unique security policies and inter-VLAN policy inspection are required. Examples include airports, government offices, malls, stadiums, banks, schools, universities and hospitals.

Network Address Translation
The 5100 Series firewall supports Network Address Translation (NAT) to preserve and hide organizational IP addresses without performance or throughput degradation.

Threat protection
Nortel’s Threat Protection System uses intrusion detection and real-time threat intelligence to analyze and detect network threats. An intelligent, automatic update to the Nortel Switched Firewall blocks threats before they harm the network.

Low cost of operation
Network traffic is growing. Organizational dependence on communication and interaction means that security solutions that are cost-effective and can grow to meet future demand must be deployed. The Nortel Switched Firewall 5100 Series can grow to meet increasing demand. An initial system with one Switched Firewall supports up to 12,000 connection requests per second. To get redundancy, load balancing and a high supporting volume of traffic, another firewall can be added in the cluster with minimum manual intervention. This new cluster can support up to 500,000 total concurrent connections. Single System Image controls all configuration data, including physical interfaces, VLANs, IP interfaces, routing protocols and administrative settings to be replicated securely and automatically across the Firewall cluster. The cluster is managed through a single IP address, making it easy to perform configuration changes, backup configuration data and update software for all units in the cluster. Existing Check Point customers may re-use their existing license to easily move their firewall onto any Nortel Switched Firewall System.

The Nortel Switched Firewall 5100 Series supports the following High Availability modes:
> Active-Active
> Active-Standby
> Check Point Cluster-XL

Total threat protection
The Nortel Switched Firewall is a key component of the Nortel Layered Defense Architecture. It provides the highest level of security, combined with high performance and low latency, as demanded by today’s leading enterprise and carrier customers. The Nortel Switched Firewall is an important pillar in the complete Nortel security solution that includes the Nortel Application Switch, Nortel Secure Network Access Switch and Nortel Threat Protection System. When combined, the comprehensive solution provides total threat protection.

Product Specifications

Part numbers and description
• EB1639127E5 – Switched Firewall 5111: 6 x 10/100/1000BASE-TX ports
• EB1639128E5 – Switched Firewall 5114: 2 x 10/100/1000BASE-TX ports, 2 x 1000BASE-SX ports
• EB1639129E5 – Switched Firewall/VPN 5124: 2 x 10/100/1000BASE-TX ports, 2 x 1000BASE-SX ports and VPN-acceleration card

• 10/100/1000BASE-TX Port 10/100/1000 full or half-duplex (auto-negotiation) with RJ-45 UTP port
• 1000BASE-SX Port full-duplex Gigabit Ethernet with SC fiber connector
• RS-232C Console DB-9 serial connection, female DCE interface for out-of-band management

• Height 1.75 inches (4.44 cm)
• Width 16.69 inches (42.39 cm)
• Depth 16.53 inches (42.01 cm)
• Weight 19 lbs (8.6 kg)
• Standard 19” EIA 1U rack mountable

Network protocol and standards compatibility
• 10BASE-T/100BASE-TX/1000BASE-TX (IEEE 802.3-2000)
• 1000BASE-SX/LX (IEEE 802.3z)
• Logical link control (IEEE 802.2)
• Flow control (IEEE 802.3x)
• Link negotiation (IEEE 802.3z)
• Port Trunking (IEE 802.3d)
• VLANs (IEEE 802.1Q): Frame tagging on all ports when LANs enabled — up to 250 VLANs
• IP (RFC 791)
• ICMP (RFC 792)
• ARP (RFC 826)
• OSPF with md5 authentication (RFC 2328)
• VRRP (RFCC 2338)
• CIDR (RFC 1519)
• TFTP (RFC 783), FTP (RFC 959)
• Telnet (RFC 854)
• SSH v1/v2
• SSL/TLS (RFC 2246 )
• DVMRP (RFC 1075)
• IGMP (RFC 2236)
• Bootp/DHCP Relay (RFC 2131)
• SNMPv2c (RFCs 1901, 1905, 1906, 1907, 2578, 2579, 2580)
• SNMPv3 (RFCs 2570, 2571, 2572, 2573, 2574, 2575)

Power specifications
• Auto-ranging power supply: 00-240 VAC @ 3.5 Amps, 50-60 Hz
• Maximum power consumption: 250 Watts
• MTBF: >50,000 hours

Environmental specifications
• Operating temperature: 10 to 35º C (+45° to +100° F)
• Operating humidity: 8% to 80% (non-condensing)

Certifications EMC: (Electromagnetic requirements)
• USA: FCC Part 15, Subpart B Class A
• Australia: AS/NZS CISPR 22:2002
• Canada: ICES-003
• Japan: VCCI Class A
• Europe: EN 300 386 v1.3.1 (2001-09)
• Taiwan: BSMI Registration Certificate
• Rest of World: CISPR 22 Class A

• US — FCC Class B
• Canada — DOC Class B
• Europe — CE Mark to EN55022/EN50082-1/ICE 801-2/ICE 801-3/ ICE 801-4


• EAL-4

If you have any queries or would like more information about any of the solutions outlined, please contact us or request a call back. Alternately, you can call us on 905 695 2241 or 877 888 3588 for more immediate help and advice.

Services | Solutions | Telephone Systems | System Add Ons | Telephones | Headsets | Data Products | Support | Case Studies

All Brand Names, Manufacturer Names, Marks and Logos are registered trademarks of their respective organizations.
Copyright © 2009 All rights reserved.Powered by Rebelnetworks