H3C SecPath F1000-S-AI firewall

Advanced platform architecture
   The SecPath F1000-S-AI adopts the H3C carrier-class hardware platform to realize the core enterprise users' demand for linear processing capability of security devices through multi-core systems.
Market-leading basic security features
   Enhanced stateful security filtering: Supports virtual firewall technology, supports default access control between security zones; supports basic, extended, and interface-based stateful inspection packet filtering technologies, supports filtering by time period; supports H3C-specific ASPF application layer packet filtering ( Application Specific Packet Filter) protocol, which supports maintenance monitoring of each connection status information and dynamically filters data packets, supporting FTP, HTTP, SMTP, RTSP, H.323 (including Q.931, H.245, RTP/RTCP). Etc.) Status monitoring of the application layer protocol, supporting state monitoring of TCP/UDP applications.
   Anti-attack defense capability: includes multiple types of DoS/DDoS attack defense (CC, SYN flood, DNS Query Flood, etc.), ARP spoofing attack defense, ARP active reverse query, TCP packet flag illegal attack prevention, and large ICMP Packet attack defense, address/port scanning prevention, ICMP redirection or unreachable packet control, Tracert packet control, IP packet control with route record option, static and dynamic blacklist functions, and MAC and IP binding Fixed function; supports intelligent worm protection technology.
   Application layer content filtering: support mail filtering, provide SMTP mail address, title, attachment and content filtering; support web filtering, provide HTTP URL and content filtering; support application layer filtering, provide Java/ActiveX Blocking and SQL injection attack prevention.
   Multiple security authentication services: support RADIUS and HWTACACS protocols and domain authentication; support digital certificate (X.509 format) authentication function based on PKI/CA system; support user identity management, users with different identities have different command execution rights; support User view classification, different levels of users give different management configuration permissions.
   IPv4/IPv6 protocol stack: Supports the complete IPv4/IPv6 protocol stack and provides support for various IPv4/IPv6 applications. As network security issues become more prominent, the security of the IPv4/IPv6 protocol stack is enhanced, and the ability of network devices to resist attacks is improved.
   Centralized management and auditing: Provides various log functions, traffic statistics and analysis functions, various event monitoring and statistics functions, and email alarm functions.
   Comprehensive NAT application support: Provide multi-to-one, many-to-many, static network segment, bidirectional conversion, Easy IP and DNS mapping and other NAT application modes; support multiple application protocols to correctly traverse NAT, provide DNS, FTP, H.323, NBT Wait for NAT ALG function; support unlimited NAT conversion.
   Supports multiple VPN service modes such as GRE VPN and IPSec VPN.
Flexible and scalable deep security
   An integrated security business processing platform that is highly integrated with basic security protection.
   Comprehensive application layer traffic identification and management: Through state machine detection and traffic interaction detection technology accumulated by H3C for a long time, it can accurately detect Thunder/Web Thunder, BitTorrent, eMule/eDonkey, QQ , MSN, PPLive and other P2P / IM / online games / stocks / network video / network multimedia applications; support P2P flow control function, through the use of deep detection of traffic, that is, through the network packets and P2P protocol message characteristics Matching can accurately identify P2P traffic to achieve the purpose of managing P2P traffic, and provide different control strategies to achieve flexible P2P traffic control.
   High-precision, high-efficiency intrusion detection engine. FIRS (Full Inspection with Rigorous State Test) engine using H3C's proprietary intellectual property rights. The FIRST engine integrates multiple detection technologies to achieve comprehensive detection based on accurate state and has extremely high intrusion detection accuracy. At the same time, the FIRST engine adopts parallel detection technology, which can flexibly adapt software and hardware, greatly improving the intrusion detection. effectiveness.
 Real-time virus protection: Kaspersky's flow engine virus detection technology is used to quickly and accurately detect malicious code such as viruses in network traffic.
   Comprehensive and timely security feature library. Through years of operation and accumulation, H3C has a team of experienced attack signatures in the industry, and is equipped with a professional offensive and defensive laboratory to keep up with the latest developments in the field of network security to ensure timely and accurate update of the signature database.
Intelligent network integration
   Support for routing, transparent and mixed mode of operation.
   Supports static routing protocols, routing policies, and policy routing.
   Supports RIP v1/2, OSPF, and BGP dynamic routing protocols.
   Support for 802.1q based VLANs.
   DHCP Client/Server/Relay.
Carrier-class equipment with high reliability
   It supports dual-system hot backup and supports Active/Active and Active/Passive modes to implement load balancing and service backup.
   36 years of mean time between failures (MTBF).
   The key components of the equipment are designed with redundancy.
   Supports automatic detection of the internal environment temperature of the chassis and automatically collects alarm information through the network management.
   Dual power redundancy backup
Intelligent graphical management
   Support remote configuration management through the web.
   Supports unified management of network devices through H3C network management software.
   Support intelligent and efficient management of a large number of geographically dispersed devices through the H3C BIMS system.
   Supports dynamic and graphical service management and status monitoring of VPNs through the H3C VPN Manager system.