Service gateway ESR-1000

  • IPSec VPN
  • Next Generation Firewall protection and NAT
  • L2TP, PPTP
  • Conversion from IPv4 to IPv6 (6to4, 4to6)
  • Network Data Filtering
  • Detection and prevention of network activity in relation to applications and users
  • Backup connections to network providers


The family of ESR routers are a universal hardware platform capable of performing a wide range of tasks related to network security. The lineup includes application-oriented models to be used in networks of various sizes - from small business networks to carrier networks and data centres. 

Typical tasks performed by service routers:

  • Providing NAT, Firewall services
  • Organization of secure network tunnels to combine different offices of companies (IPsec VPN)  
  • Organization of remote access to local resources in enterprise networks (L2TP, PPTP)  
  • Means for the gradual transition from IPv4 addressing to IPv6 (6to4, 4to6) 
  • Filtering of network data by various criteria  
  • Detection and prevention of network intrusion attempts, protection against data loss  
  • Analysis of network traffic and network activity in relation to applications and users  
  • Reservation of connections to networks of Internet-providers  
  • A number of other tasks being constantly added to the list due to development of data networks and the emergence of new network services 
These functions are combinable with traditional services. The devices have features of L2 switch and L3 router. 


The key elements of ESR-1000 are data processing hardware acceleration equipment ensuring high levels of productivity. Hardware and software processing is distributed among the units of the device. 

The table below shows the device performance depending on its mode of operation. 


  • Firewall performance (large packets) - 9.7 / 800 Gbps / Kpps
  • Performance NAT (big packets) - 9.7 / 800 Gbps / Kpps
  • Performance IPsec VPN (big bags) - 3.4 / 289 Gbps / Kpps (aes128bit-sha1)
  • VPN tunnels - 500
  • Static routes - 11K
  • The number of concurrent sessions - 512K


  • 24 Ethernet port 10/100/1000Base-T
  • 2 port 10G Base-R SFP + /1000 Base-X
  • 2 USB2.0 ports
  • Slot for SD-cards


  • RAM - up to 8 GB
  • Built-in Flash-memory - 1 GB
  • Power supply - 220V AC / 48V DC
  • Power consumption 75 watts
  • Duplication of power supply modules, hot-swappable
  • Interchangeable ventilation modules

Hardware Features

  • Hardware encryption acceleration
  • Hardware acceleration DPI
  • Hardware support for L2 and L3 functions

Server VPN

  • L2TP
  • PPTP
  • OpenVPN


  • GRE
  • IPIP
  • L2TPv3

L2 functions

  • Packet switching (bridging)
  • STP, RSTP, MSTP 802.1d, 802.1Q
  • LAG/LACP 802.3ad
  • VLAN 802.1Q
  • Port Isolation
  • Private VLAN Edge (PVE)

L3 functions (IPv4/IPv6)

  • SNAT, DNAT, Static NAT (IPv4 only) addresses translation
  • Static routes
  • Dynamic routing protocols RIPv2, OSPFv2, BGP, OSPFv3
  • VRF Lite
  • PBR
  • Prefix-List

IP addressing management (IPv4/IPv6)

  • Static addresses
  • DHCP client, PPPoE client
  • Embedded DHCP server
  • DHCP Relay

Quality of Service (QoS)

  • Up to 8 priority queues per port
  • L2 and L3 traffic prioritization (802.1p, DSCP, IP presedence)
  • Queues overload management RED, GRED
  • Port prioritizing , VLAN
  • Remarking of priorities resources
  • Policy enforcement (policing)
  • Bandwidth management (shaping)
  • Hierarchical QoS
  • Sessions marking

Network reliability assurance support

  • Dual homing
  • VRRP
  • WAN interfaces load balancing, data stream redirection
  • High availability: connection reservation
  • Two devices stacking , configuration, on-line data, link redundancy

Network security functions

  • Network interfaces zoning
  • Zone isolation, firewall, data filtering rules
  • IPSec
  • Encryption of connections (DES, 3DES, AES), Blowfish, Camellia
  • Logs authentication MD-5, SHA-1, SHA-2
  • Access Control List based on MAC, IP

Monitoring and control:

  • Standard SNMP MIB support
  • Management of access level
  • Authentication on the local user database, RADIUS, TACACS+, LDAP
  • Protection against configuration errors, configuration recovery
  • Management Interfaces CLI
  • Syslog
  • Use of system resources monitor
  • ping, traceroute (Ipv4, Ipv6)
  • Upload and download configuration via TFTP
  • Online Software Updating, via USB -drive, SD card
  • Software updating, upload and download of configuration via TFTP, SCP, FTP
  • IP SLA Wellink (wiSLA) (continuos monitoring of VPN L2 and VPN L3)
  • NTP
  • Netflow v5/v9/v10
  • Local management - console RS-232
  • Remote management (Ipv4, Ipv6) - telnet, SSH

Monitoring functions

  • Load testing of channel capacity: up to 150 Mbps
  • TWAMP: up to 100 tests at the same time
  • Reflector: TWAMP, UDP-Echo, L2
  • Services monitoring TCP: up to 100 tests at the same time
  • Services monitoring HTTP: up to 100 tests at the same time
  • DNS: up to 100 tests at the same time
  • Simultaneous controlled services amount: more than 100

Physical characteristics and environment features

  • Power supply source: circuit of alternating current 220V+-20%,50 GHz
  • Power consumption less than 75 W
  • Weight less than 3,6 kg
  • Dimensions (WхHхD):430x44x352 mm
  • Temperature range from -10 to +45°С
  • Temperature range for storage from -40 to +70°С