Insta SafeLink VPN Product

Secure networking for multi-site organisations

Insta SafeLink is a VPN product enabling secure connectivity for multi-site organisations. It is targeted especially for environments with top level information security requirements, such as governmental and military use as well as companies and organisations with security critical network connections.

In a solution based on Insta SafeLink, the network traffic is protected with VPN Gateways installed between the sites and the interconnecting network (WAN). The VPN Gateways create transparent, strongly encrypted tunnels through which the communication between the sites is directed.

Approved at the highest level

As a proof of ultimate security, Insta SafeLink is used by the Finnish Defence Forces in mission critical systems. In addition, the Finnish National Communication Security Authority (NCSA-FI) has approved the product to protect Finnish national information classified as CONFIDENTIAL (III) and RESTRICTED (IV).

The security is based on advanced security features such as state-of-the-art encryption algorithms, secure key handling and strong user authentication. The "heart" of the system, the VPN Gateway appliances, are equipped with special protection features to keep the critical encryption keys safe.

Peace of mind through long product life cycle

A challenge faced by organisations purchasing a modern communications system is shortening product life cycles. A long life cycle is guaranteed for Insta SafeLink, since the government and military customer base ensures an extended period for supplying and supporting the product. To be able to adapt to ever-changing security and network requirements, all system components are software based, making the product both efficient and fully upgradable.

 

Please donwload Insta Safelink brochure here.

A system wide security concept

  • Approved to protect Finnish national information classified up to CONFIDENTIAL (III)
  • State-of-the-art algorithms (AES256/Serpent, SHA2, ECC)
  • Hardware based key generation and protection
  • Smart card based user authentication in all system components
  • Role based access rights simplifies user management
  • An audit trail permits observation of security related user actions

Military grade physical security

  • A Crypto Ignition Key smart card provides an easy way to securely transfer and store the VPN Gateway
  • Tamper detection and response protect from physical intrusion
  • User-triggered hardware based self-neutralisation

Advanced built-in network functions

  • High security unicast and multicast encryption
  • Unicast and multicast routing (OSPF, BGP, PIM)
  • Stateful firewall

High performance

  • Up to 1 Gbps encryption (also 100Mbps version available)
  • Multicore and Quality of Service technologies guarantee stable operation even in maximum load scenarios
  • Single VPN Gateway can be shared between many services or organisations, even with different security levels

Integrated network and security management solution

  • Automatic generation of configurations based on a higher level network design
  • Full remote management from any site in the network
  • Key management station with security hardened key generation, transfer and storage
  • Support for fragmented networks provides extended reliability in crisis situations
Network Specifications

IPsec VPN

  • LAN-to-LAN VPN
  • Multicast over IPsec
  • 256-bit AES/Serpent encryption and SHA2 integrity protection
  • VPN authentication: X.509v3 RSA or ECC (Elliptic Curve Cryptography) certificate, IKE PSK (Pre Shared Keys)
  • Automatic Tunnel Establishment

Routing

  • Static
  • OSPF, BGP
  • PIM-SM, PIM-SSM
  • IGMPv2/v3

Firewall and QoS

  • Stateful packet inspection (SPI)
  • Differentiated Services with DSCP based classification and shaping
  • Guaranteed & Maximum bandwidth per class

Other protocols

  • VLAN (802.1Q)
  • SNMPv2c
  • Syslog
  • DHCP server
  • NTP client

VPN throughput

(AES-256/SHA-256)

Versions:
  • 100 Mbps
  • 1 Gbps
Physical Specifications

Mechanical

  • Rack mountable chassis, 19” x 45 mm x 500 mm (WxHxD)

 Interfaces

  • LAN ports: 3 x 1000Base-T
  • WAN port: 1000Base-T or 1000Base-LX (LC-connector)
  • Management ports: 2 x 1000Base-T (front and rear)
  • 2 smart card readers
  • USB port
  • Integrated front panel user interface

Power

  • Changeable power supply, options: 100-240 VAC, 18-36 VDC
  • Power consumption: 100 W (maximum)
Standards Compliance

Regulatory

  • CE marking
  • Safety: EN 60950
  • EMC: EN 55022:2006 class B, EN 55024

 Environmental

  • Temperature, shocks and vibration: EN 60721 (IE33)
  • Operating temperature: +5°C to +55°C
  • Transportation and storage temperature: -40°C to +70°C
  • Operating, transportation and storage humidity: up to 95% (non condensing)
  • MTBF (IEC/TR 62380:2004): 32000 h (at 22°C ambient temperature)