Enterprise firewall products &VPN

Platform architecture advanced

SecPath F1000-A-EI uses H3C Telecom hardware platform, through the demand of safety equipment to realize linear processing ability of the core enterprise user multi core system.

Safety protection function and market leading

Enhanced state security filtering: support virtual firewall technology, support the safety of inter regional default access control; support base, expansion and interface state detection based on packet filtering technology, support for filtering according to time period; support H3C unique ASPF application layer packet filtering (Application Specific Packet Filter) protocol, support for maintenance and monitoring and dynamic filtration data packets each connection state information, support for FTP, HTTP, SMTP, RTSP, H.323 (including Q.931, H.245, RTP/RTCP etc.) state monitoring of application layer protocol, state monitoring for TCP/UDP applications.

The anti attack ability of prevention: including a variety of DoS/DDoS attack prevention (CC, SYN flood, DNS Query Flood), ARP spoofing prevention, provide ARP active reverse query, TCP message flag illegal attack prevention, super ICMP packet attack prevention, address / port scanning prevention, ICMP redirection or unreachable message control function, Tracert packet control function, with record route option IP packet control function; static and dynamic black list function; MAC and IP binding function; support intelligent preventing worm virus technology.

Application layer content filtering: can identify and effective control network in the application of various P2P modes, and take control measures to limit the flow of these applications, the effective protection of network bandwidth; to identify and control IM protocol, such as QQ, MSN etc; support email filtering, provide the SMTP mail address, title, accessories and content filtering; support Webpage filter, provide HTTP URL and content filtering; support the application layer filtering, providing Java/ActiveX Blocking and SQL injection attack guard.

A variety of security certification services: support RADIUS certification and HWTACACS protocol and area; support the digital certificate based on PKI/CA system (X.509) certification function; support for user identity management, identity of different users have different command execute permissions; support user view classification, different levels of user configuration management authority endowed with different.

IPv4/IPv6 protocol stack: support the complete IPv4/IPv6 protocol stack, can provide support for a variety of IPv4/IPv6 applications. With the network security issues have become increasingly prominent, the strengthening of the IPv4/IPv6 protocol stack safety, enhance the ability to resist the attack of network equipment.

Centralized management and audit: to provide all kinds of log function, flow statistics and analysis function, various kinds of event monitoring and statistical functions, message alarm function.

Comprehensive NAT application support: provide a many to one, many to many, the static segment, bidirectional conversion, Easy IP and DNS mapping mode of NAT applications;

Support for multiple should be the correct use of NAT through agreement, provide DNS, FTP, H.323, NBT NAT ALG supports unlimited NAT conversion function.

Support GRE VPN, IPSec VPN and other VPN business mode.

To support the expansion of IPS, AV and other application layer security protection function

Integrated intelligent network

Support routing, transparent and mixed operation mode.

Support static routing protocol, routing strategy and policy based routing.

Support RIP v1/2, OSPF, BGP dynamic routing protocol.

Support based on 802.1Q VLAN.

DHCP Client/Server/Relay.

Telecom equipment with high reliability

State support dual hot backup function, support for Active/Active and Active/Passive two kinds of working mode, realizing load sharing and service backup.

36 years, the mean time to failure (MTBF).

The key components of equipment adopt redundancy design.

To support the automatic detection of internal chassis temperature of environment, and can automatically collect information through the network management alarm.

Double power supply redundancy backup

Intelligent graphical management

Support the management of remote configuration through Web.

Support the uniform management and network equipment through the realization of H3C network management software.

Support to provide intelligent and efficient management of large number, position disperse devices through the H3C BIMS system.

Through the support of the H3C VPN Manager system for dynamic and graphical business management and condition monitoring of VPN.