Allot Multiservice Platforms

Secure Service Gateway

Meeting Your Need for The necessity for your employees and customers to
connect and work productively with mission-critical
Network Visibility, Security applications, from any location and at any time,
significantly increases your need for full network
and Control visibility, security and control.

The performance and efficiency of your network can

be easily compromised by the ever-increasing demand
for LAN, WAN and Internet bandwidth driven by cloud,
mobile and video applications. Moreover, the growing
use of BYOD and shadow IT have opened complex
attack vectors for web threats to infect user devices, get
into your network, and harm business productivity and
viability.

Allot Secure Service Gateway (SSG) supports your

demands with a single, scalable solution for your
evolving requirements for application and user visibility,
performance, and security.

Benefits
o  Complete Visibility and Control o  High Performance and Reliability
Allot provides live traffic monitoring and usage reporting according Allot Secure Service Gateway is built on the same carrier-class
to traffic policies that are mapped to your complex datacenter and performance and reliability that Allot brings to many of the world’s
cloud applications, giving you full visibility and control of application largest network operators. Flexible redundancy configurations plus
performance, web access, user quality of experience, shadow IT passive bypass with automatic port failover maximize uptime and
and web threats. availability.

o  Powerful Web Security and DDoS Protection o  Scalability and Lower TCO
Allot helps you embrace and maximize the business value of cloud Allot Secure Service Gateway integrates multiple functions in an
(web) applications by detecting and blocking malware, phishing and Intel-based platform that protects your investment and lets you
other web threats before they harm application performance and scale from 2 to 20 ports of 1GE/10GE network connectivity in a
user productivity. Allot also detects and surgically filters DDoS and single appliance.
bot traffic before it affects your network.

See. Control. Secure.

 Features Features

Full Traffic Visibility Web Security DDoS and Bot Protection

Efficient and high performing networks begin with your ability to obtain Left unprotected, your business can easily fall victim to malware, Allot Secure Service Gateway employs carrier-proven anomaly
a 360° view of network traffic and the QoE that your employees, ransomware and other web threats. Allot Secure Service Gateway detection technologies to protect your network and data center
customers, and branches are getting from datacenter and cloud combines superior application visibility and control with SSL inspection resources against DDoS and bot attacks that are designed to flood your
applications. It also sheds light on shadow IT, BYOD, and mobile app and web security powered by Kaspersky Lab, BitDefender and Sophos network and disrupt service availability. Every inbound and outbound
usage that might otherwise go unnoticed. technologies, so you can prevent malicious attacks from threatening packet is inspected to ensure no threat goes undetected. Dynamic
your optimized network while enabling employees and customers to creation of filtering rules and surgical filtering of DDoS attack packets
Allot Secure Service Gateway monitors network traffic in real time use the Internet and cloud applications safely and productively. Key web avoids over-blocking and allows legitimate traffic to flow unimpeded,
and delivers full Layer 7+ visibility of application performance, security capabilities include: keeping your business online and protected at all times. Allot also
capacity utilization and network health. Integration with Microsoft help you pinpoint host infection and abusive behavior according to
Active Directory provides traffic intelligence per user and per o  Internet Threat Visibility: Get a clear picture of online usage abnormal outbound connection activity and malicious connection
group, so you can understand how employees consume business and understand how web security threats are impacting business patterns, so you can treat the root cause of outbound spam, worm
applications and network resources. The granular traffic intelligence Enforcement Policy Editor productivity and viability. propagation and port scanning, and eliminate the additional load it puts
you get with Allot accelerates root cause analysis so you can o  Web Filtering: Assure safe Internet use and prevent employee on your network.
pinpoint the cause of service degradation and quickly resolve the Granular Traffic Control exposure to illegal or inappropriate web content in the workplace.
problem at its source. Set the URLs and content categories you want to filter; limit access

Allot Secure Service Gateway also integrates comprehensive web Allot Secure Service Gateway allows you to virtually partition LAN,
to certain times of the day; enable unblock requests; and receive Scalability and Lower TCO
admin alerts on filtering events.
threat visibility, enabling you to neutralize the impact of malware, WAN and Internet resources so that users and applications no longer
compete with one another for bandwidth and Quality of Service (QoS). o  Anti-Malware: Prevent viruses, worms, Trojans, spyware, adware, Modular licensing of capacity and functionality gives you the ability
phishing, and other web threats as well as inappropriate content that
The highly granular visibility provided by Allot allows you to act with the phishing, and other malware from damaging mobile devices, to tailor the security and performance levels of Allot Secure Service
often accompanies recreational web usage and may cause legal or
same level of granularity to maintain optimal network efficiency and infiltrating your network and causing loss of business data. Gateway to the evolving needs of your organization. Allot maximizes
compliance concerns for your business. Key visibility features include:
high application performance. Powerful policy tools help you define Requires no action from users and no resources from their devices. your investment and dramatically lowers TCO by integrating visibility,
o  Layer 7 application visibility and enforce Acceptable Use Policy and prioritize applications that are o  Risky Apps Control: Block or limit use of risky applications that security and control in a single appliance, and providing out-of-the-box
critical to your business. For example, to improve user experience, you are often a conduit for malware insertion, data leakage and support for more static and dynamic QoS policies than any comparable
o  SSL encrypted traffic visibility
can dedicate minimum bandwidth to collaboration applications or circumvention of your security measures. solution in the market.
o  Web content and web threat visibility prioritize real-time point-of-sale and inventory transactions over non-
o  User and endpoint visibility with L4-L7 QoE KPIs essential traffic. Likewise, you can block access to shadow IT or limit the
o  Dashboard monitoring and analytics use of recreational apps that could impact networkand data security.
Key control capabilities include:
o  Live, self-refreshing performance metrics reporting
in a granularity of seconds
o  Central and simple QoS policy management
o  Supporting hundreds of thousands of dynamic traffic policies
o  Automated QoS policy propagation to all deployed appliances
Dynamic Actionable o  Asymmetric QoS policy synchronized in real time
Recognition across multiple datacenters
o  Threshold-based enforcement (e.g., CER, live connections)
Technology (DART)
o  Actionable alarms
Allot’s DART engine, embedded
in the platform inspects every
single packet and classifies traffic
per application, user, IP address,
location, and by any static or
dynamic policy element you
define. Allot’s extensive signature
library identifies thousands of web
applications and protocols and also
supports user-defined signatures.
Automated DART protocol pack
updates from the Allot cloud keep
your deployment up to date with
the latest application and web
developments to ensure accurate Real-Time Monitor and Network
traffic classification. Metrics Dashboards

Allot Secure Service Gateway provides full visibility, security and control of
LAN, WAN, Data Center and Internet traffic in one solution
 Specifications Specifications Secure Service Gateway

SSG200/400 SSG500/600 V2 SSG800 V2

Maximum Capacity* Allot Secure Service
Throughput 1 Gbps (SSG200); 8 Gbps (SSG400) 8 Gbps (SSG500); 20 Gps (SSG600) 35 Gbps Gateway Virtual Edition
Web Security Throughput N/A 600 Mbps 1.2 Gbps
IP Flows 6,000,000 24 million 40 million
Allot Secure Service Gateway Virtual Edition supports popular virtualization platforms enabling easy deployment on any public or private
Traffic Control Policies: 512/250,000/500,000 512/50,000/200,000 512/150,000/600,000
Lines / Pipes / Virtual Channels cloud. Performance specifications are calculated on the basis of virtual cores and assuming an Intel® Xeon® processor with SR-IOV enabled. Actual
Employee Count 60,000 60,000 180,000 throughput performance will be affected by underlying hardware and hypervisor configurations, software licenses, and enabled policies.
System Interfaces
Network I/O ports (with Bypass Capacity) 8 x 1GE Copper (RJ45) 12x1GE/10GE (SFP+) 20 x 1GE/10GE (SFP+) Parameters SSG-VE01 SSG-VE04 SSG-VE08(*) SSG-VE16(*) SSG-VE32
+4 x1GE/10GE (SFP+) for internal
vCPU 4 4 8 16 32
steering (can't be used as Network
I/O) RAM 10G 10G 20G 40G 64G
Network Interfaces 1GBASE-T (Copper) 10GBASE-SR/LR 10GBASE-SR/LR Virtual Storage 100GB 100GB 100GB 100GB 100GB
1GBASE-LX/SX (Dual rate) 1GBASE-LX/SX (Dual rate)
Copper Copper OS Linus CentOS 7, 64-bit x86

Management 2 x 1GE Copper 2 x 1GE Copper 2 x 1GE/10GE Copper Hypervisor VMware ESXi VMware vSphere 5.5 and above

Availability
Throughput 100Mbps 4Gbps 8Gbps 16Gbps 32Gbps
External Bypass Independent, passive bypass unit. All units are 1U 19" rack mount.
IP Flows 8M 8M 16M 32M 64M
HD Multi-Port Bypass Units 8-port unit 2.44kg (5.38lb); 16-port unit 2.64kg (5.82lb); 24-port unit 2.86kg (6.3lb)
Traffic Control Policies: 512/160k/320k 512/160k/320k 512/320k/640k 512/640k/1.3M 512/1.3M/2.6M
Management Active-Standby HA on management ports Lines / Pipes / Virtual Channels
System Redundancy for PSUs and fans Employee Count 500 240k 480k 960k 1.9M
Dimensions
(*) Available H1 2019
Appliance form factor Standard 1U by 19” rack mount Standard 2U by 19” rack mount Standard 2U by 19” rack mount
Size (L x W x H) 429 x 434.6 x 707 mm Height: 87 mm (3.4 in), width: 445 87 x 445 x 730 mm without Bezel
mm (17.5 in), depth: 720 mm (28.3 in)
Weight (max) 13.04 kg Approximal 20 kg (44 lb) Min 32.75 lb (14.9 kg),
Max 43 lbs (19.5 kg) per number of
NIC interfaces
Power
Input 100 to 120 VAC ,200 to 240 VAC Dual Hot Plug, 230/115VAC Dual Hot Plug, Redundant
100/240VAC or -48VDC, efficiency
of up to 94%, Energy star, 80PLUS
Number of PSUs 1 2 2
PSU Redundancy Optional Yes Yes
Total Output Power 500 Watts 750 Watts 800 Watts
Heat Dissipation 1979 BTU/hr (at 100 VAC), 1911 BTU/ 3269 BTU/hour 3207 BTU/hr
hr (at 200 VAC), 1965 BTU/hr (at 240
VDC) for China Only
Operating Environment
Temperature 10° to 35°C 10° to 35°C 10°C to 35°C (50°F to 95°F)
Humidity 8% to 90% Relative humidity (%RH) 8% to 90% Relative humidity (%RH) 8% to 90%
Management
Allot SSG Network Management System is available pre-installed on a 1U server appliance, or as software components designed to run on virtual machines:
VMWare ESXi (vSphere 5.5 or higher) or KVM (RedHat RHEV 3.5 and above). See Allot SSG Network Management System datasheet for details.
Standards Compliance
Safety UL60950, CE, CB UL60950, CE, CB UL60950, CE, CB
EMC (Electromagnetic Compliance) FCC ,CE , VCCI FCC ,CE , VCCI FCC ,CE , VCCI
Environmental RoHS, China ROHS RoHS, China ROHS RoHS, China ROHS
WEEE WEEE WEEE
REACH REACH REACH

* Actual throughput and performance metrics depend on enabled features, policy configuration, traffic mix, and other deployment characteristics.

P/N D240064 Rev.7

See. Control. Secure.

© 2019 Allot Ltd. All rights reserved. Allot Communications, Sigma and NetEnforcer and the Allot logo are trademarks of Allot Communications. All other brand or product names are the trademarks of
their respective holders. The information in this document is for reference purpose only and constitutes neither an offer, a commitment nor an acceptance. Allot may change the information at any time
without notice.
sales@allot.com | www.allot.com