Stonesoft 3201
The Stonesoft 3201 appliance is a versatile and modular Security Engine-powered solution designed to meet the performance and scalability requirements of data centers and large-sized network central sites. It can be used as a Layer 3 device for secure routing, NAT and IPsec VPN gateway purposes. In a Layer 2 configuration it presents itself as an IDS sensor, inline IPS or Layer 2 firewall. All this is available with a single unified software image, adaptable with just a configuration change.
In the Layer 3 role, as a routing firewall and IPsec VPN gateway solution, the 3201 appliance provides high performance with unique clustering capabilities up to 16 nodes. This provides very high IPSec VPN speeds, as well as high performance content and application inspection where needed.
In Layer 2 roles the Security Engine becomes transparent to surrounding network devices. The inline IPS and Layer 2 Firewall roles combine deployment flexibility, AET-ready network security and application control into one dedicated appliance.
Designed to cut your future costs
The Stonesoft 3201 is built on the platform of the Stonesoft Security Engine (NGN). It can transform its role as your organization grows and your needs change. A unified design, and the ability to make deployment changes remotely and automatically via license, helps to cut operating costs and eliminate unnecessary future capital investment rounds.
The Stonesoft Management Center (SMC) gives you the ability to automate workflows, easily define policies, swiftly define and deliver advanced visualizations, and provides class-leading situational awareness. Administering the Stonesoft 3201 with SMC enables security administrators to run an agile, secure and fast network that drives safe productivity for your business.
Stonesoft 3201 Specifications
| Maximum performance | L3 FW/VPN | L2 FW / IPS / IDS |
| Throughput (UDP 1514 byte packets, no inspection) |
20 Gbps | - |
| Throughput (UDP 1514 byte packets, with inspection) |
7 Gbps | 7 Gbps |
| 64 byte packets per second (no inspection) |
10 million | - |
| HTTP inspection (21 kB payload) | 3 Gbps | 3 Gbps |
| SSL inspection throughput | 1 Gbps | 1 Gbps |
| New TCP connections/sec (no inspection) |
200 000 | - |
| New inspected HTTP connections/sec (21 kB payload) | 13 000 | 13 000 |
| Concurrent connections | 20 million | - |
| Inspected concurrent connections | 5 million | 5 million |
| VLANs | Unlimited | Unlimited |
| VPN throughput (AES-128-GCM) | 10 Gbps | n/a |
| VPN tunnels | 40 000 | n/a |
| Concurrent mVPN Clients | Unlimited | n/a |
| Licensed Performance | Firewall/VPN 3201 appliance | Firewall/VPN 3201-P appliance |
| Throughput (UDP 1514 byte packets, no inspection) |
10 Gbps | 20 Gbps |
| VPN throughput (AES-128-GCM) | 5 Gbps | 10 Gbps |
| Network interfaces | ||
| Fixed | 2 x 10/100/1000 Mbps copper | |
| Module slots | 3 (Available modules listed at the product codes section) | |
| Connectors | 4 x USB, 1 x serial, VGA, IPMI Ethernet | |
| Measurements | ||
| Form factor | 2U 19” rack unit | |
| Dimensions (W x H x D) | 437 x 89 x 450 mm / 17.2" x 3.5" x 17.7" | |
| Net weight | 15 kg / 33 lbs | |
| Safety/EMC certifications | CE, FCC, CB, Gost-R, RoHS | |
| Power | ||
| Power supply | 1+1 Redundant 700W + 700W, AC Input 100-240 VAC, 50-60 Hz | |
| Typical power consumption | 240 W | |
| Other | ||
| Operating temperature/humidity | +10—+35°C (+50—+95°F) 8%—90%, non condensing humidity (RH) | |
| Storage temperature/humidity | -40—+70°C (-40—+158°F) 5%—95%, non condensing humidity (RH) | |
| MTBF | 120 000 hours | |
| Rack mounting | Rack kit APP-RACK3-3200 for 68 cm – 92 cm deep rack included by default | |
| Support | ||
| Replacement service | 15 months or 39 months replacement service for non-complying hardware | |
| Premium support | 24/7-call logging via web, email and phone, two-hour response time, software updates, hardware replacement service | |
| Basic support | 8/5-call logging via web, email and phone, next business day response time, software updates, hardware replacement service | |
| Product codes ** | ||
| APP-FW-3201-C1 | Stonesoft Firewall/VPN 3201 appliance | |
| APP-FW-3201-C1-P | Stonesoft Firewall/VPN 3201P appliance | |
| APP-IPS-3201-C1 | Stonesoft IPS/IDS 3201 appliance | |
| APP-NGN-3201-C1 | Stonesoft 3201 Security Engine | |
| Feature pack codes | ||
| FP-1Y-AS-1 | One year Antispam subscription for NGN-3201, FW-3201, FW-3201P appliance | |
| FP-1Y-AV-12 | One year Antivirus subscription for NGN-3201, FW-3201, FW-3201P appliance | |
| FP-1Y-WF2-172 | One year Web filtering subscription for FW-3201 appliance | |
| FP-1Y-WF2-171 | One year Web filtering subscription for NGN-3201, FW-3201P appliance | |
| FP-1Y-UTM-16 | One year UTM subscription bundle (AV, AS, WF) for FW-3201 appliance | |
| FP-1Y-UTM-6 | One year UTM subscription bundle (AV, AS, WF) for NGN-3201, FW-3201P appliance | |
| FP-FW-FDPI-5 | Full deep inspection for FW-3201, FW-3201P | |
| Interface modules | ||
| MOD-EM1-GE-6 | Six Port Gigabit Ethernet Copper Module | |
| MOD-EM1-GE-8 | Eight Port Gigabit Ethernet Copper Module | |
| MOD-EM1-GE-SFP-4 | Quad Port SFP Gigabit Ethernet Module | |
| MOD-EM1-10G-SFP-2 | Dual Port SFP+ 10GB Module | |
| MOD-EM1-GE-4-B | Quad Port Gigabit Ethernet Copper Bypass Module | |
| MOD-EM1-GE-SX-4-B | Quad Port Gigabit Ethernet Fiber (SX) Bypass Module | |
| MOD-EM1-10G-SR-2-B | Dual Port Fiber (SR) 10GB Bypass Module | |
| MOD-EM1-10G-LR-2-B | Dual Port Fiber (LR) 10GB Bypass Module | |
| Add-on product codes | ||
| APP-RACK2-3200 | Rack mounting kit for 50 cm – 68 cm deep rack | |
| SP-PSU-DC-3200 | DC power supply for 3200 series appliance | |
* Supported encryption algorithms depend on used license. ** -R license codes are without strong encryption (DES only)
Free Consultation
Unbeatable Prices
Professional Services
24x7 Tech Support