HOTLINE
0909648899 028 62578355
NS-F1000-AI-80 - H3C SecPath F1000-AI Firewall :
Thiết bị tường lửa Firewall H3C NS-F1000-AI-80
| Model | F1000-AI-80 |
| Dimensions (W × D × H) | • 440mm×435mm×44.2mm |
| USB 3.0 | • 2 |
| rack mounted | • Yes |
| Weight | • 10.0kg |
| Power Supply | • Dual hot-swappable, AC or DC |
| Power consumption | • 180W |
| MTBF(Year) | • 43.2 |
| MTTR(h) | • 1 |
| Ports | • 1 × Console port (CON) • 2 × Management port • 8 × Gigabit Ethernet fiber ports • 14 × Gigabit Ethernet copper ports • 8 × 10-Gigabit Ethernet fiber ports |
| Expansion slots | • 4 |
| Interface modules | • 4-port GE PFC interface module • 4-port GE fiber interface module • 4-port 10-GE fiber interface module • 6-port 10-GE fiber interface module |
| Storage | • 2 × 480G SSD |
| Flash | • 8GB |
| SDRAM | • 16G |
| Temperature | • Operating: 0°C to 45°C (32°F to 113°F) • Storage: –40°C to +70°C (–40°F to +158°F) |
| Operation modes | • Route, transparent, and hybrid |
| AAA | • Portal authentication • RADIUS authentication • HWTACACS authentication • PKI/CA (X.509 format) authentication • Domain authentication • CHAP authentication • PAP authentication |
| Firewall | • SOP virtual firewall technology, which supports full virtualization of hardware resources, including CPU, memories, and storage • Security zone allocation • Protection against malicious attacks, such as land, smurf, fraggle, ping of death, teardrop, IP spoofing, IP fragmentation, ARP spoofing, reverse ARP lookup, invalid TCP flag, large ICMP packet, address/port scanning, SYN flood, ICMP flood, UDP flood, and DNS query flood • Basic and advanced ACLs • Time range-based ACL • User-based and application-based access control • ASPF application layer packet filtering • Static and dynamic blacklist function • MAC-IP binding • MAC-based ACL • MAC-Limitation • 802.1Q VLAN transparent transmission • Bandwidth control |
| Antivirus | • Signature-based virus detection • Manual and automatic upgrade for the signature database • Stream-based processing • Virus detection based on HTTP, FTP, SMTP, and POP3 • Virus types include Backdoor, Email-Worm, IM-Worm, P2P-Worm, Trojan, AdWare, and Virus • Virus logs and reports |
| Deep intrusion prevention | • Prevention against common attacks such as hacker, worm/virus, Trojan, malicious code, spyware/adware, DoS/DDoS, buffer overflow, SQL injection, and IDS/IPS bypass • Attack signature categories (based on attack types and target systems) and severity levels (including high, medium, low, and notification) • Manual and automatic upgrade for the attack signature database (TFTP and HTTP). • P2P/IM traffic identification and control |
| Email/webpage/application layer filtering | • Email filtering • SMTP email address filtering • Email subject/content/attachment filtering • Webpage filtering • HTTP URL/content filtering • Java blocking • ActiveX blocking • SQL injection attack prevention |
| NAT | • Many-to-one NAT, which maps multiple internal addresses to one public address • Many-to-many NAT, which maps multiple internal addresses to multiple public addresses • One-to-one NAT, which maps one internal address to one public address • NAT of both source address and destination address • External hosts access to internal servers • Internal address to public interface address mapping • NAT support for DNS • Setting effective period for NAT • NAT ALGs for NAT ALG, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP, and SIP |
| VPN | • L2TP VPN • IPSec VPN • GRE VPN • SSL VPN |
| IPSEC VPN | • ESP-DES-CBC/ESP-3DES-CBC/ESP-AES-128-CBC/ESP-AES-192-CBC/ESP-AES-256-CBC/ ESP-AES-128-GCM/ESP-NULL/SM1-cbc-128/SM4-cbc |
| IPSEC VPN Authentication Algorithm | • MD5/SHA1/SM3 |
| IPv6 | • IPv6 status firewall • IPv6 attack protection • IPv6 forwarding • IPv6 protocols such as ICMPv6, PMTU, Ping6, DNS6, TraceRT6, Telnet6, DHCPv6 Client, and DHCPv6 Relay • IPv6 routing: RIPng, OSPFv3, BGP4+, static routing, policy-based routing • IPv6 multicast: PIM-SM, and PIM-DM • IPv6 transition techniques: NAT-PT, IPv6 tunneling, NAT64 (DNS64), and DS-LITE • IPv6 security: NAT-PT, IPv6 tunnel, IPv6 packet filter, RADIUS, IPv6 zone pair policies, IPv6 connection limit |
| IEEE | • IEEE 802.1X |
| High availability | • SCF 2:1 virtualization • Active/active and active/standby stateful failover • Configuration synchronization of two firewalls • IKE state synchronization in IPsec VPN • VRRP |
| Configuration management | • Configuration management at the CLI • Remote management through Web • Device management through H3C IMC SSM • SNMPv3, compatible with SNMPv2 and SNMPv1 • Intelligent security policy |
| Environmental protection | • EU RoHS compliance |
| Performance | |
| Firewall Throughput (1518Bytes) | • 20Gbps |
| Application layer throughput(DPI) | • 6Gbps |
| Application layer throughput(DPI+IPS) | • 6Gbps |
| NGFW throughput(DPI+IPS+AV) | • 5.5Gbps |
| IPSec tunnel (site-to-site) | • 8000 |
| IPSec throughput | • 3.5G |
| SSL VPN users | • 8000 |
| SSL VPN throughput | • 800M |
| Maximum concurrent sessions | • 10M |
| Maximum New Connections per second | • 150K |
| Latency | • <15μs |
