network security solution that unifies layers
of defense and response mechanisms with centralized
management can provide increased protection
against blended threats.
SG580 is a feature-rich, compact, network security
appliance, which consolidates firewall, sophisticated
intrusion-prevention, secure VPN access, and
web content filtering on a single device. This
reduces the complexity of network security deployments
while lowering administration and maintenance
requirements. The SG580 is well suited to protecting
central offices of small to mid-sized enterprises
as well as branch offices of large enterprises.
It enables offices to easily and safely connect
their network of desktops, notebooks, PDAs,
web and applications servers to the Internet
via business- and consumer-grade broadband,
dedicated circuits from T-1 to T-3 or narrow-band
provides connectivity and security features
normally found only in enterprise-class solutions.
With the inclusion of five Fast Ethernet ports,
link fail-over and Internet session load balancing
as well as multiple security zones, the SG580
can be deployed in a myriad of environments.
Should the primary broadband connection fail,
the SG580 can fail over to a secondary link.
Internet traffic can be balanced between links,
increasing bandwidth for faster web page delivery
and more concurrent downloads. Should there
be a complete broadband failure, the built-in
dial-up connection can be invoked automatically.
To further enhance web performance and reduce
WAN bandwidth, the SG580 has a built-in Web
SG580 provides layers of network protection.
powerful stateful-inspection firewall,
service-based intrusion detection blocking
and advanced Internet connection sharing
protect the branch-office network from
detection system adds an extra security layer
by detecting suspicious activity through a database
of thousands of attack signatures. It can alert
an administrator so that countermeasures can
be implemented quickly before the network is
compromised. It can also be configured to respond
by adjusting the firewall automatically, effectively
preventing intrusions. Finally, the SG580 also
provides security policy enforcement across
the network by probing desktops and servers
in an attempt to identify vulnerable network
services. Systems that are deemed vulnerable
are blocked from Internet access or access to
other security zones. This reduces the possibility
of staff spreading viruses, worms and Trojans.
provides default physical security zones (DMZ,
Guest and LAN) on separate Ethernet segments.
The DMZ segment can be used for publicly accessible
servers (e-mail, file download); the Guest segment
enables mobile staff or visitors to have general
Internet access only, while the LAN segment
connects the entire office network. These can
be reconfigured to create three departmental
security zones or other custom configurations.
If only one WAN connection is required the other
can be configured as a fourth security zone.
remote office network can safely become
part of a central office network, since
the SG580 is also a cost-effective VPN
includes industry-standard secure VPN access
methods (IPsec, PPTP, L2TP) with hardware-accelerated
encryption. It is complementary to the SG710
and CyberGuard TSP appliances for VPN deployments
at mid- to large-sized branch offices and head
office. For smaller multi-site deployments,
the SG580 provides a cost-effective head office
solution with smaller CyberGuard appliances
installed as VPN endpoints at remote office
locations. Mobile and remote workers can also
gain access to the central location across the
Internet by using an SG300 device or through
VPN client software.