SEL released new firmware for the SEL-3620 and SEL-3622 Security Gateways on June 8. This release (Version R206) enhances the AAA (authentication, authorization, and accounting) proxy feature set and proxy performance. These customer-requested enhancements make the SEL-3622 and SEL-3620 more flexible and easy to use.
Device Checkout/Check-In—The device checkout feature temporarily sets the managed device access levels the user has permission to access back to their initial values. This allows users to more easily access relays directly when needed, such as when performing calibration tests. Secure passwords are restored either when the user checks the device back in or when the checkout timer expires.
Common Passwords—A common ACC password provides users easy access to relays without risking security because the relays only support read operations at the ACC level.
Password Persistence—Users can also set passwords to be persistent. In other words, a batch password change operation will not change them, preserving easy access and the functionality of scripts that use these passwords.
Password Generation Selection—The SEL-3620 and SEL-3622 now support a selection of devices for which they generate passwords. This increase in flexibility speeds up password change operations during managed device replacement, additions to the protected network, and site maintenance activities.
Managed Device Enable/Disable—To support users that don’t have managed devices powered up or online, the SEL-3620 and SEL-3622 now have an option to include or exclude devices in the connection directory during their management activities. Excluded devices are not accessible to users via the scripted master port nor are they managed during password generation or application tasks. This prevents unnecessary timeouts and failure messages caused by managed devices unavailable for management. It also allows the protected site to be secured before it is completely installed.
For those using the SEL-3620 or SEL-3622 for password management in larger installations, SEL has improved productivity by optimizing many tasks the gateways perform.
Specified Supported Number of Devices—The SEL-3620 now supports 150 managed devices. Assuming that these managed devices are all SEL-400 series relays with 7 access levels each, the SEL-3620 supports 1,050 passwords. The SEL-3622 supports 25 managed devices, or 175 passwords.
Password Generation Time—It now takes the SEL-3620 less than 20 minutes to generate 1,050 passwords, compared with over 6 hours in the previous version! It takes the SEL-3622 less than 10 minutes to generate 175 passwords.
Password Application Time—The performance of password applications and other proxy functions is improved. Exactly how much improvement is hard to determine because execution times depend on many external factors, such as network health, communications medium (Ethernet or serial), number of tiered devices, and types of tiered devices. In the SEL test configuration, an SEL-3620 application of 1,050 passwords dropped from over 17 hours to under 2.5 hours!