| OVERVIEW |
WANGuard Sensor is the WANGuard Platform and WANGuard Lite component designed to do both incoming and outgoing traffic monitoring and accounting, as well as traffic anomalies detection ( feature unavailable in the Lite version ).
At it’s core, WANGuard Sensor has a highly scalable traffic correlation engine capable of continuously monitoring hundred of thousands of IP addresses. Complex statistical algorithms integrate traffic data to build an accurate and detailed picture of real-time and historical traffic flows across the network.
SUPPORTED TRAFFIC CAPTURING METHODS
WANGuard Sensor was designed to monitor the largest enterprises with hundreds of thousands of endpoints to the smallest branch office with tens of endpoints. The supported traffic capturing methods work with most switches, routers, firewalls and other network devices. The supported methods are:
Port Mirroring ( Switched Port Analyzer - SPAN, Roving Analysis Port ), Network TAP - The analysis of network packets sent by a monitoring port of a switch, router or network TAP. The WANGuard Sensor type that handles network packets is called WANGuard Sniff.
NetFlow® Monitoring - The analysis of pre-aggregated data flows sent by NetFlow® or NetStream® enabled routers and Layer 3 switches*. The WANGuard Sensor type that handles NetFlow® and NetStream® data is called WANGuard Flow.
In-line Deployment - The analysis of incoming and outgoing network packets that pass through a network card of an in-line deployed Linux server. From a software perspective this method is virtually identical with the Port Mirroring method, so WANGuard Sniff is used in this scenario too.
|
| DATASHEET |
|
WANGuard Sensor |
|
WANGuard Sniff |
WANGuard Flow |
| Traffic Capturing Technology |
Port Mirroring, Network TAP, In-line Deployment |
NetFlow® or NetStream® v.5 enabled network devices* |
| Maximum Traffic Capacity |
10 GigE > 150,000 endpoints** |
10 GigE < 100,000 endpoints** |
| Traffic Parameters Accuracy |
Highest ( 5 seconds averages ) |
High |
Traffic Anomalies Detection Time
|
< 5 seconds |
< flow export time + 5 seconds |
| Traffic Validation Options |
IP classes, MAC addresses, VLANs |
IP classes, Interfaces, AS Number |
| |
| Minimum System Requirements for analyzing 1 Gigabit Network Interface |
| |
| Architecture |
x86 ( 32 or 64 bit ) |
x86 ( 32 or 64 bit ) |
| CPU |
1 x Pentium IV 2.0 GHz |
1 x Pentium IV 1.6 GHz |
| RAM |
500 MBytes |
2 GBytes |
| Network Cards |
1 x Gigabit Ethernet ( with NAPI Support ) 1 x Fast Ethernet |
1 x Fast Ethernet |
| Operating System*** |
Red Hat Enterprise 5, CentOS 4, CentOS 5, OpenSuSE 10, SUSE Linux Enterprise 10, Debian Linux 4, Ubuntu Linux Server 8 |
Red Hat Enterprise 5, CentOS 4, CentOS 5, OpenSuSE 10, SUSE Linux Enterprise 10, Debian Linux 4, Ubuntu Linux Server 8 |
| Installed Packages |
tcpdump WANGuard-Sensor 3.1 WANGuard-Controller 3.1 |
WANGuard-Sensor 3.1 WANGuard-Controller 3.1 |
| Disk Space |
5 GB ( including OS ) |
5 GB ( including OS ) |
* Manufacturer devices supporting WANGuard Flow are: Cisco Systems (1400, 1600, 1700, 2500/2600, 3600, 4500/4700, AS5300/5800, 7200/7500, Catalyst 4500, Catalyst 5000/6500/7600, ESR 10000,GSR 12000), Juniper, Extreme Networks, Huawei, 3COM and others.
** An endpoint is an IP address that belongs to your ASN / clients / servers. The software is not limited by the number of connections between your IPs and remote IPs.
*** Other Linux distributions should work but haven't been tested yet.
|