|
Datasheet firewall Maipu MPSec IFW400-X1-AC
|
|
Hardware Specification
|
|
Hardware Version
|
V1
|
|
CPU
|
4-Core 2.0GHZ (ARM)
|
|
Memory
|
8GB
|
|
Flash
|
8GB
|
|
HDD Disk (Optional)
|
1TB
|
|
Interface
|
|
Default 1G Interfaces
|
8*1G Base-T+2*1G SFP
|
|
Default 10G Interfaces
|
2*10G SFP+
|
|
Console Port
|
1
|
|
USB Port
|
2
|
|
Default Bypass Port
|
GE0/2---GE0/3 GE0/4---GE0/5
|
|
Performance
|
|
Default L2&L3 Throughput (1518 Bytes)
|
3Gbps (Default)
|
|
Max. L2&L3 Throughput (1518 Byte)
|
10Gbps (Performance License)
|
|
Max. Throughput (APP)
|
3.8Gbps
|
|
Max. Throughput (AV)
|
3.3Gbps
|
|
Max. Throughput (IPS)
|
3.3Gbps
|
|
Max. Throughput (APP+AV+IPS)
|
2.7Gbps
|
|
Max. Concurrent Connection
|
4M
|
|
New TCP Connection/Sec.
|
50K
|
|
New HTTP Connection/Sec.
|
40K
|
|
Recommend Users
|
1K
|
|
Recommend IPSec Tunnels
|
500-1K
|
|
Power Supply
|
|
Power Supply
|
Dual Power Slots
|
|
Power Input
|
100-240V/50-60HZ
|
|
Anti-Surge
|
±6KV@1.2/50us
|
|
Dimension
|
|
W*D*H(mm)
|
440*330*44mm
|
|
Weight(kg)
|
5.24KG
|
|
Environment
|
|
Working Temperature
|
0-45℃
|
|
Storage Temperature
|
-25-70℃
|
|
Working Humidity
|
5%-90%, no-condensing
|
|
Storage Humidity
|
5%-95%, no-condensing
|
|
Basic Networking Capabilities
|
|
Deployment Mode
|
Supports five working modes: transparent, routing, hybrid, bypass, and virtual line
|
|
Routing Characteristics
|
Supports static routing, policy routing, dynamic routing RIPv1/2, OSPFv2, BGP4, route health check, supports equal-cost routing, source in and source out based on source address preservation and five-tuple
|
|
IP Protocol
|
Support IPv4/IPv6 dual protocol stack
|
|
NAT
|
Supports source NAT, destination NAT, static NAT, transparent NAT, and NAT backflow. The NAT address pool selection algorithm supports source and destination address hashing, polling, and source address retention.
|
|
ISP Routing
|
Supports ISP routing, built-in multiple operator address libraries, supports health check, and supports multi-path selection based on source IP and connection
|
|
Internet Service
|
Support DHCP server and relay, support excluded IP, support DHCP status monitoring, support DNS domain name resolution; support DNS server; support DNS transparent proxy function, support DNS transparent proxy function based on multiple exits
|
|
VPN
|
Supports IPSec VPN protocol, supports gateway-to-gateway and remote access deployment modes; supports GRE over IPSec VPN; supports SSL VPN protocol;
|
|
High Reliability
|
Supports active-active and active-standby modes, interface linkage, and link detection; supports standard VRRP protocol; HA monitoring supports health check, interface monitoring, and link aggregation monitoring
|
|
Fine-Grained Access Control
|
|
Access Control
|
Support IPv4/IPv6 8-tuple firewall policy based on source/destination interface/security domain, source/destination IP address/geographical area object, user, service, application, time; support configuration of intrusion prevention, virus protection, WEB access control, application filtering, and other security protection functions; support session restrictions based on source IP and new limit per second; support layer 2 and layer 3 network IP-MAC binding; support adding attack source IP to the blacklist, support automatic addition or manual addition, support blacklist life cycle management; supports restricted host or access interface access to local services, such as DNS, https and other services; supports protocol custom session timeout management
|
|
Application Identification
|
Supports application identification and application behavior identification, supports desktop, Web and mobile application identification, inbuilt with 5000+ applications, supports overseas application libraries and local application libraries; supports custom applications, defining unknown applications based on protocols, ports, IP, domain names and other dimensions; supports manual, automatic and regular updates of the feature database; supports application control policies based on applications, behaviors, and content, and can control and record logs of applications, application behaviors and content such as IM, streaming media, P2P, games, and stocks; support filtering the subject, text keyword, recipient, sender, file name and length of incoming and outgoing emails
|
|
Internet Behavior Audit
|
Supports QQ, WeChat, WhatsApp account, login, sending and receiving files and other action audits; supports FTP/HTTP file transfer, network disk file upload and download audit; supports website access audit based on URL classification library; supports audit whitelist based on user and IP address; supports all application audits, including audit of accounts, user names, application names, messages sent and received, content, etc.
|
|
User Authentication
|
Support automatic user identification, support WEB, local, Portal authentication, third-party server, SMS authentication, visitor QR code authentication, hybrid authentication, AD domain single login, authentication-free and other identity authentication methods
|
|
File Filtering
|
Supports filtering based on file type
|
|
Email Filtering
|
Supports filtering the subject, text keyword, recipient, sender, file name and length of incoming and outgoing emails
|
|
Url Filtering
|
Supports filtering, URL query, blocking and logging based on URL classification library, supports URL keyword filtering, supports local URL classification library and overseas URL, classification library
|
|
Intelligent Flow Control
|
Supports 4-level nested application flow control management policies based on lines and channels, supports upstream and downstream management of total bandwidth based on interfaces and security domains, supports five-tuple channel matching policies for applications, users, source addresses, services, and time, and supports bandwidth restriction, bandwidth guarantee and flexible bandwidth, support per-IP speed limit, per- user speed limit, and support user-based and address-based exclusion policies
|
|
Integrated Threat Protection
|
|
Attack Protection
|
Supports IPv4/6 anti-application DOS attack protection, such as HTTP Flood, DNS query flood and other attack protection; supports anti-traffic attack protection, such as SYN Flood, UDP Flood, ICMP Flood, TCP Flood and other attack protection; supports IPv4/6 Anti-DOS attack protection, such as Jolt2, Land-base, Ping-of-Death SYN Flag, Teardrop, Win-nuke, Smurf, IP Spoof, etc.; supports Anti-ARP Spoofing, Anti-ARP Flood attack; supports control of ARP learning mechanism; supports scanning protection based on TCP, UDP and ICMP; supports firewall self-scanning protection
|
|
Virus Protection
|
Supports virus scanning for HTTP, HTTPS, FTP, POP3, SMTP, and IMAP protocols, automatic updating of virus databases, virtual unpacking, customized scanning file size, suspicious virus scanning, suspicious scripts, picture viruses, and viruses contained in email text, attachments, web pages and downloaded files; supports the scanning and killing of more than 2 million viruses, the virus database is updated regularly and timely, and supports custom virus signatures based on MD5
|
|
Intrusion Prevention
|
Supports multiple detection technologies such as pattern matching, anomaly detection, statistical analysis, and anti-IDS/IPS escape, and supports online and bypass deployment; supports 8000+ release library event sets, supports 11000+ detection libraries, compatible with CVE/CNCVE, and supports events Set customization, support manual, automatic or regular upgrades; support IPS custom rules; can analyze HTTP, SMTP, POP3, FTP, Telnet, VLAN, MPLS, ARP, GRE and other protocols; support SQL injection detection, Trojan backdoor attack protection, security vulnerability attack protection, denial of service attack protection, weak password detection and other suspicious behavior protection, worm virus protection, network database attacks, CGI access, CGI attacks, IPS advanced alarms, etc.
|
|
Visual Intelligent Management
|
|
Device Management
|
Supports WEB (HTTP/HTTPS), SSH, TELNET, and Console for management configuration, supports host name and device DNS settings, and supports custom HTTP/HTTPS management ports
|
|
Administrative Permissions
|
Supports administrator authority division, supports predefined configuration, auditing, security administrators, separation of three powers, and supports administrator settings and grouping
|
|
Diagnostic Tools
|
Supports network debugging and diagnostic commands in web graphics mode, and can conduct traffic debugging based on protocols, IPv4/v6, source and destination addresses, etc.; supports export of diagnostic information/exception information; supports ping\trace\token tool; supports session or interface traffic capturing, capturing based on protocols and IP addresses, and multiple interfaces can be captured simultaneously;
|
|
Policy Analysis
|
Supports policy analysis, supports detection of redundant policies, hidden policies, conflicting policies, mergeable policies, empty policies, and expired policies, and provides optimization suggestions
|
|
Log Output
|
Supports log policy setting, supports local storage and outgoing of logs, supports system logs, flow logs, security logs and audit logs. All logs support query, export and clearing; supports interface, HA, routing and health check logs and other system operation log; supports all application names and behavior logs, logs are stored locally, hard disk, and out- sending; supports local export to excel, txt, and xml formats;
|
|
Statistical Analysis
|
Supports real-time traffic statistics and analysis functions, supports TOP10 application traffic ranking, supports traffic trend display, supports TOP50 application traffic data analysis, supports TOP50 user traffic statistics; supports traffic report export;
|
|
Monitoring and Analysis
|
Support online user monitoring and management, support system information alarms, such as CPU, memory, hard disk occupancy, etc., support outgoing alarm logs, syslog, email, etc.;
|
Switch
.png){kind=icon}
.png){kind=logo}
Bạn đang cần tư vấn về sản phẩm: MPSec-IFW400-X1-AC ?