Datasheet

DEC600 Series
Desktop Security Appliance

(c) 2024 Deciso B.V., All Rights Reserved. [rev.05062024]

2.5 Gigabit performance
This embedded appliance delivers 2.5 gigabit ethernet
performance yet doesn't make a sound. The specially designed cooling
profile allows for cool operation even when stressed to the max.

5.000Mbps Throughput Guard Web Access Filtering (SSL) Proxy

420.000 Packets per Second Captive Portal with Voucher support

540Mbps Inline High Speed Intrusion Up to 256Gb NVMe Offering Sufficient

Prevention & SSL Finger Printing Space for Logging & Reporting

Fast Filtering System wide two-factor authentication.

Low Latency ~125uS Compatible with Google Authenticator.

Hardware Assisted Encryption

600Mbps IPsec (AES256GCM16)

Deciso Sales B.V. +31 187 744 020 sales@[Link] [Link]

DEC600 Series - Desktop Security Appliance

At the heart of this small desktop, AMD's

G-Series SOC powers the Netboard A8
OPNsense®
It's four independent 2.5 Gpbs Ethernet ports can be configured any certified

way you want.

DEC600 Series
Bundled with a free year
OPNsense® Business Edition
A 5-star experience
✱ Commercial firmware repository
✱ Official OPNsense Open Virtualisation Image
✱ Integrated GeoIP database
✱ Free E-Book (English & German)
✱ Free professional plugins:
• Web Application Firewall
• Proxy Access
• Extended Blocklist
• OPNcentral™

OPNcentral™
Central Management,
the OPNsense® way
• Provisioning
• Multi tenancy using host groups
• Centralised Backups
• Centralised Firmware Upgrades
• Monitoring:
• Machine state
• Firmware version
• Resources

Deciso Sales B.V. +31 187 744 020 sales@[Link] [Link]

DEC600 Series - Desktop Security Appliance

Software
Versatile, open
source and
fully featured
OPNsense is Deciso’s fast growing
open source firewall and security
platform released under an Open
Source Initiative approved license.
Its rich feature set is combined with
the benefits of open and verifiable
sources.

All features can be used from within Businesses

DEC600 Series
the easy to use graphical interface,
equipped with a build-in search Protect your business network and secure your connections. From
feature for quick navigation. Protec- the stateful inspection firewall to the inline intrusion detection &
ting your network has never been this prevention system everything is included for [Link] the traffic
easy with features such as; the shaper to enhance network performance.
integrated intrusion prevention sys-
tem and two-factor authentication
Schools
for safely connecting mobile users.
Limit and share available bandwidth evenly amongst students and
utilise the category based web filtering to filter unwanted traffic
such as adult content and malicious websites. It is easy to setup as
no additional plugins nor packages are required.

Hotels
OPNsense offers a captive portal to control guest internet ac-
cess for a limited duration. Vouchers can easily be created via the
graphical user interface.

On the road
Even on the road OPNsense is a great asset to your business as it
offers OpenVPN and IPSec VPN solution with road warrior support
and two-factor authentication. The easy client exporter make con-
figuring your OpenVPN SSL client setup a breeze.

Remote Offices / Branches & SOHO

The integrated site to site VPN (IPsec or SSL VPN) can be used
to create a secure network connection to and from your remote
offices. Enjoy the easy configuration and online searchable docu-
mentation with simple how-to type of articles to get you started,
quickly. Pluggable support is offered for ZeroTier, Tinc as well as
Wireguard.

Deciso Sales B.V. +31 187 744 020 sales@[Link] [Link]

DEC600 Series - Desktop Security Appliance

Overview software features

Stateful firewall • Automated (Trusted) CA • Feodo Tracker � Cloud Backup
� Filter by • Emerging Threats ETOpen � Git Backup
• Source 802.1Q VLAN support � SSL Fingerprinting
• Destination � Max 4096 VLAN’s � Auto rule update using SNMP
• Protocol configurable cron � Monitor & Traps
• Port Link Aggregation & Failover
• OS (OSFP) � Failover Captive Portal Diagnostics
� Limit simultaneous connec- � Load Balance � Typical Applications � Filter reload status
tions on a per rule base � Round Robin • Guest Network � Firewall Info (pfInfo)
� Log matching traffic on a per � Cisco Ether Channel (FEC) • Bring Your Own Device � Top Users (pfTop)
rule bases � 802.3ad LACP (BYOD) � Firewall Tables
� Policy Based Routing • Hotel & Camping Wifi Access • Aliases
� Packet Normalisation Other Interface types • Template Management • Bogons
� Option to disable filter for � Bridged interfaces • Multiple Zones � Current Open Sockets
pure router mode � Generic Tunnel Interface (GIF) � Authenticators � Show All States
� Generic Routing • All available authenticators � State Reset
Policy organization Encapsulation • None (Splash Screen Only) � State Summary
� Alias Support � Voucher Manager � Wake on LAN
• IP addresses Network Address Translation • Multiple Voucher Databases � ARP Table
• Port ranges � Port forwarding • Export vouchers to CSV � DNS Lookup
• Domain names (FQDN) � 1:1 of ip’s & subnets � Timeouts & Welcome Back � NDP Table
� Interface Groups � Outbound NAT � Bandwidth Management � Ping

DEC600 Series
• Create security zones with � NAT Reflection • Use Traffic Shaper � Packet Capture
equal rules � Portal bypass � Test Port
� Rule Category Traffic Shaping • MAC and IP whitelisting � Trace route
• Easy access rule sets � Limit bandwidth � Real Time Reporting
� Share bandwidth • Live top IP bandwidth usage Monitoring
Granular control state table � Prioritize traffic • Active Sessions � Zabbix Agent (Plugin)
� Adjustable state table size � Rule based matching • Time left � Monit (Plugin)
� On a per rule bases • Protocol • Rest API • Proactive System Monitoring
• Limit simultaneous client • Source
connection • Destination Virtual Private Networks Enhanced Reporting
• Limit states per host • Port � IPsec � Network Flow Analyzer ‘Insight’
• Limit new connections • Direction • Site to Site • Fully Integrated
per second • Road Warrior • Detailed Aggregation
• Define state timeout IGMP Proxy � WireGuard (Plugin) • Graphical Representation
• Define state type � For multicast routing • Site to Site • Clickable and Searchable
� State types • Road Warrior • CVS Exporter
• Keep Universal Plug & Play � OpenVPN � System Health
• Sloppy � Fully supported • Site to Site • Round Robin Data
• Modulate • Road Warrior • Selection & Zoom
• Synproxy Dynamic DNS • Easy client configuration • Exportable
• None � Selectable form a list exporter � Traffic Graph
� Optimisation options � Custom � Tinc (Plugin) • Live Traffic Monitoring
• Normal � RFC 2136 support • Full mesh routing
• High latency � ZeroTier (Plugin) Network Monitoring
• Agressive DNS Forwarder • VPN, SDN & SD-WAN � Netflow Exporter
• Conservative � Host Overrides • Version 5 & version 9
� Domain Overrides High Availability • Local for ‘Insight’
Authentication � DNS Server � Automatic hardware failover
� External Servers � Host Overrides � Synchronized state table Firmware
• LDAP • A records � Configuration synchronisation � Support Virtual Installs
• Radius • MX records • VMware tools (Plugin)
� Integrated Servers � Access Lists Caching Proxy • Xen Guest Utilities (Plugin)
• Local User Manager � Multi interface � Easy Upgrade
• Vouchers / Tickets DNS Filter � Transparent Mode • Reboot warning for base
• FreeRadius (Plugin) � Supports OpenDNS � Support SSL Bump upgrades
� SSL Domain only (easy filtering) � SSL Flavour selectable
Authorization DHCP Server � Access Control Lists • OpenSSL
� User Interface � IPv4 & IPv6 � Blacklists • LibreSSL
• Local User Manager � Relay Support � Category Based Web-filter � Selectable Package Mirror
� BOOTP options � Traffic Management � Reinstall Single Package
Accounting � Auto sync for remote blacklists � Lock Package (prevents
� FreeRadius (Plugin & External) Multi WAN � ICAP (supports virus scan upgrade)
� Vouchers / Tickets � Load balancing engine) � Audit Feature
� Failover • Check installed packages for
2-Factor Authentication � Aliases Virus scanning (via plugins) known security vulnerabilities
� Supports TOTP � External engine support � Plugin Support
� Google Authenticator Load Balancer (ICAP)
� Supported services: � Balance incoming traffic over � ClamAV (Plugin / C-ICAP) REST API
• Captive Portal multiple servers � ACL support
• Proxy Reverse Proxy
• VPN Network Time Server � HAProxy - Load balancer Online Documentation
• GUI � Hardware devices (Plugin) � Free & Searchable
• SSH / Console • GPS
• Pulse Per Second Online Identity Protection
Certificates � Tor - Anonymity online (Plugin) For updated information on
� Certificate Authority Intrusion Detection & Prevention current release see:
• Create or Import CA’s � Inline Prevention Backup & Restore [Link]
• Create or Import Certificates � Integrated rulesets � History & Diff support
� Let’s Encrypt (Plugin) • SSL Blacklists � File Backup

Deciso Sales B.V. +31 187 744 020 sales@[Link] [Link]

DEC600 Series - Desktop Security Appliance

Specifications and model comparison

Models DEC677 DEC697

Software
Preinstalled software OPNsense® OPNsense®
License Open Source + 1 year free Business Edition Open Source + 1 year free Business Edition
Hardware Specifications
2.5 GbE RJ45 Ports [ 100/1000/2500Mbps ] 4 4
USB Ports 1 1
Console Port 1 1
Internal Storage 32GB Solid State Flash [integrated uSD] 256GB NVMe Solid State Flash
Memory 4GB DDR3 8GB DDR3

DEC600 Series
CPU Cores 4 (1.8Ghz) 4 (1.8Ghz)
Virtual Interfaces (802.1q VLANS)1 4093 4093
System Performance
Firewall Throughput 5000Mbps 5000Mpbs
Firewall Packets Per Second 420Kpps 420Kpps
Firewall Port to Port Throughput 2.30Gbps 2.3Gpbs
Firewall Port to Port Packets Per Second 195Kpps 195Kpps
Concurrent Sessions 3000000 7000000
Firewall Latency (RTT) 125us 125us
Firewall Policies (Recommended Maximum)1 10000 10000
IPsec VPN Throughput (AES256GCM16) 600Mbps 600Mbps
High Availability with State Synchronisation Requires Two Requires Two
Dimensions
Height x Width x Length (mm) 22 x 185 x 134 22 x 185 x 134
Height x Width x Length (inches) 0.9 x 7.55 x 5.47 0.9 x 7.55 x 5.47
Form Factor Desktop Desktop
Weight (appliance only) 0.56Kg 0.6Kg
Environment
Power Requirements 100-240VAC, 50-60Hz 100-240VAC, 50-60Hz
Power Consumption (Typical) 13W 13W
Heat Dissipation 44 BTU/hr 44 BTU/hr
Operating Temperature 0 to +40°C 0 to +40°C
Storage Temperature -20 to +70°C -20 to +70°C
Humidity 10-90% non-condensing 10-90% non-condensing
Regulatory Compliance
FCC part 15 Class A, CE, Rohs FCC part 15 Class A, CE, Rohs

1) The user interface is designed for normal business usage, large rulesets, high number of users or interface assignments may be less practical.

All measurements are based upon TCP traffic unless stated otherwise. Maximum PPS is a peak performance, measured using 500 byte [Link] Port
to Port package per seconds is the peak performance when using 1500 byte sized packages. Total Firewall Throughput is calculated by multiplying the maximum packets per second with a standard package size of
1500bytes. IPS performance is measured with aproximately 35000 rules enabled. IPsec VPN is measured using AES256GCM16+SHA512. Concurrent sessions are based upon memory available, where one state consumes
1KB of memory and 1GB of memory is reserved for system tasks. Latency is measured using netperf.

Deciso Sales B.V. +31 187 744 020 sales@[Link] [Link]