GRISM GRISM GRISM GRISM
GRISM

Pervasive Inspection

Security Function Offloading

Perimeter Defense

Contact Us
Key Functions
Netflow
Netflow
Extract the network metadata from packet streams.
Service Bypass
Service Bypass
Make the low-risk traffic skip security inspection.
Deduplication
Deduplication
Remove L3-above duplicated packets.
Load Balance
Load Balance
In-line or OOB session-based traffic load balance with HA configuration.
Aggregate
Aggregate
Collect traffic from several sources or interfaces.
Filter
Filter
L2 to L7 session-based or packet-based filtering.
Massive Blockin
Massive Blocking
Detect and block sessions by a massive list of IPs/Domains.
Tunnel
Tunnel
Tunnel for traffic span to support cross-site or VM2VM monitoring.
Packet Slicing
Packet Slicing
Removing specific section from packet.

Detail

Features

Architecture diagram

Hardware Spec

Any-to-Any Delivery

Each interface can be INPUT or OUTPUT

1-to-many, many-to-1, many-to-many

To any selected interface after filtering

Advanced Distribution

Filter Processor Composed of a set of rules with AND / OR operation Session-based filtering and packet-based filtering L2-L4 header filtering rule: MAC address, Ethertype, VLAN ID, IP range, TCP/UDP port…

DPI-enabled Filter Processor L4-L7 Pattern-based filtering Pattern format: HEX, ASCII strings and Regular Expression

Tunnel-awareness filter Apply all filtering rules on in-tunnel packets where GRE / VxLAN / QinQ / MPLS Tunnel ID (ERSPAN/X-tunnel) filtering

Processor Chain User-defined graphs of Filter Processors

Out-of-band Load balance

Same Dst IP / Src IP / Dst Port / Src Port sticky to same egress ports

Same 5-tuple hash sticky to same egress ports

Delivery HA: Re-distribute to link-up egress ports

Balance port groups: Max 8 egress ports

Packet Engineering

Tag removal: MPLS / VLAN / QinQ…

Unpacking Tunnel
(Tag removal and re-encapsulation):
GRE / GTP / ERSPAN / NvGRE / VxLAN

User-defined VLAN tagging for input packets or output packets

Packet Deduplication

Monitoring Network Virtualization

GRISM to GRISM tunnel

Encapsulation: GRE, VxLAN, ERSPAN, X-tunnel

Network Traffic Intelligence Extraction

Generate Netflow V5 / V9

Generate HTTP log

Generate DNS log

Sensitive Data Protection

Packet slicing Preserve N bytes Remove TCP / UDP payload

Data mask Replace sensitive data segment in TCP / UDP payload Data segment can be defined in regular expression

In-Line Aggregation and Re-Distribution

N network links X M monitoring links (N X M)

In-line session-based load balance with HA strategy

Intelligent content-based bypass IP address List User-defined pattern in regular expression

PCAP File Prcoessing

Stream snapshot in PCAP format

Filter PCAP files with timestamp persistance

Remote recording agent over L2-L4 switch

Telecom Correlation Processing

Mobile 3G / LTE data netwok Filter GTP-C / GTP-U by IMSI/IMEI Subscriber-based load balance

Fixed ISP network Filter user-plane packets by RADIUS ID subscriber-based load balance

Virtual Machine Traffic

VM traffic redirection by GRISM-V (as a VM instance)

Supporting environment KVM VMware ESXi / vSphere

System Control and Operation

Web GUI agent for authenticated users

Advanced Control XML script over HTTP

Management protocol: Telnet, HTTP, SNMP V2

Front-line Security

Massive Blocking IP / Domain / URL Max 2,000,000 entries

3rd party threat intelligence import

Grism architecture
GRISM-G8
GRISM-G8
GRISM-T16
GRISM-T16
GRISM-T2G8
GRISM-T2G8
GRISM-F2T12
GRISM-F2T12
GRISM G8
GRISM T2G8
GRISM T16
GRISM T32
GRISM T20/F2T12/F4T4
Dimension
17.3" W x 8.6" D x 1.7" H
17.3" W x 13.7" D x 1.7" H
17.3" W x 16.5" D x 1.7" H
17.3" W x 16.5" D x 5.2" H
17.3" W x 21" D x 1.7" H
Network Interface
1G RJ45*8
10G SFP+*2 1G RJ45*8
10G / 1G SFP+*16
10G / 1GSFP+*32
"10G SFP+*20
40G QSFP*2+10G*12
40G QSFP*4+10G*4"
Management Interface
1G RJ45*1
1G RJ45*1
1G RJ45*1
1G RJ45*1
1G RJ45*1
Management Protocol
HTTP/HTTPS SNMP V2
HTTP/HTTPS SNMP V2
HTTP/HTTPS SNMP V2
HTTP/HTTPS SNMP V2
HTTP/HTTPS SNMP V2
Data Format
1.Ethernet 2.PCAP file
1.Ethernet 2.PCAP file
Ethernet
Ethernet
Ethernet
Storage
SATA2*1
SATA2*2
2GB (virtual disk)
2GB (virtual disk)
2GB (virtual disk)
Forwarding or Replication
8Gbps
56Gbps
160Gbps
640Gbps
400Gbps
1:1NetFlow Processing
Max 3Gbps
Max 10Gbps
Max 30Gbps
Max 60Gbps
Max 50Gbps
Mechanical
1U Appliance
1U Appliance
ATCA 1U, one blade
ATCA 3U, two blade
1U Appliance
Power
AC 110V-220V input
AC 110V-220V input
1.Dual DC -48V input
2.Dual AC 110V-220V input (with external PDU)
Dual AC
110-220V input
Dual AC
110-220V input

Download