MPSec-IFW400-X3-AC Firewall Maipu NGFW High-Performance

Datasheet Firewall Maipu MPSec-IFW400-X3-AC

Hardware Specification

Hardware Version

V1

CPU

4-Core 2.0GHZ (ARM)

Memory

16GB

Flash

8GB

HDD Disk (Optional)

1TB

Interface

Default 1G Interfaces

16*1G Base-T+12*1GE SFP

Default 10G Interfaces

6*10G SFP+

Console Port

1

USB Port

2

Default Bypass Port

GE0/2---GE0/3 GE0/4---GE0/5

Performance

Default L2&L3 Throughput (1518 Bytes)

10Gbps (Default)

Max. L2&L3 Throughput (1518 Byte)

22Gbps (Performance License)

Max. Throughput (APP)

3.9Gbps

Max. Throughput (AV)

3.4Gbps

Max. Throughput (IPS)

3.4Gbps

Max. Throughput (APP+AV+IPS)

2.8Gbps

Max. Concurrent Connection

8M

New TCP Connection/Sec.

80K

New HTTP Connection/Sec.

60K

Recommend Users

2K

Recommend IPSec Tunnels

1K-2K

Power Supply

Power Supply

Dual Power Slots

Power Input

100-240V/50-60HZ

Anti-Surge

±6KV@1.2/50us

Dimension

W*D*H(mm)

440*500*88mm

Weight(kg)

7.02KG

Environment

Working Temperature

0-45℃

Storage Temperature

-25-70℃

Working Humidity

5％-90％, no-condensing

Storage Humidity

5%-95%, no-condensing

Basic Networking Capabilities

Deployment Mode

Supports five working modes: transparent, routing, hybrid, bypass, and virtual line

Routing Characteristics

Supports static routing, policy routing, dynamic routing RIPv1/2, OSPFv2, BGP4, route health check, supports equal-cost routing, source in and source out based on source address preservation and five-tuple

IP Protocol

Support IPv4/IPv6 dual protocol stack

NAT

Supports source NAT, destination NAT, static NAT, transparent NAT, and NAT backflow. The NAT address pool selection algorithm supports source and destination address hashing, polling, and source address retention.

ISP Routing

Supports ISP routing, built-in multiple operator address libraries, supports health check, and supports multi-path selection based on source IP and connection

Internet Service

Support DHCP server and relay, support excluded IP, support DHCP status monitoring, support DNS domain name resolution; support DNS server; support DNS transparent proxy function, support DNS transparent proxy function based on multiple exits

VPN

Supports IPSec VPN protocol, supports gateway-to-gateway and remote access deployment modes; supports GRE over IPSec VPN; supports SSL VPN protocol;

High Reliability

Supports active-active and active-standby modes, interface linkage, and link detection; supports standard VRRP protocol; HA monitoring supports health check, interface monitoring, and link aggregation monitoring

Fine-Grained Access Control

Access Control

Support IPv4/IPv6 8-tuple firewall policy based on source/destination interface/security domain, source/destination IP address/geographical area object, user, service, application, time; support configuration of intrusion prevention, virus protection, WEB access control, application filtering, and other security protection functions; support session restrictions based on source IP and new limit per second; support layer 2 and layer 3 network IP-MAC binding; support adding attack source IP to the blacklist, support automatic addition or manual addition, support blacklist life cycle management; supports restricted host or access interface access to local services, such as DNS, https and other services; supports protocol custom session timeout management

Application Identification

Supports application identification and application behavior identification, supports desktop, Web and mobile application identification, inbuilt with 5000+ applications, supports overseas application libraries and local application libraries; supports custom applications, defining unknown applications based on protocols, ports, IP, domain names and other dimensions; supports manual, automatic and regular updates of the feature database; supports application control policies based on applications, behaviors, and content, and can control and record logs of applications, application behaviors and content such as IM, streaming media, P2P, games, and stocks; support filtering the subject, text keyword, recipient, sender, file name and length of incoming and outgoing emails

Internet Behavior Audit

Supports QQ, WeChat, WhatsApp account, login, sending and receiving files and other action audits; supports FTP/HTTP file transfer, network disk file upload and download audit; supports website access audit based on URL classification library; supports audit whitelist based on user and IP address; supports all application audits, including audit of accounts, user names, application names, messages sent and received, content, etc.

User Authentication

Support automatic user identification, support WEB, local, Portal authentication, third-party server, SMS authentication, visitor QR code authentication, hybrid authentication, AD domain single login, authentication-free and other identity authentication methods

File Filtering

Supports filtering based on file type

Email Filtering

Supports filtering the subject, text keyword, recipient, sender, file name and length of incoming and outgoing emails

Url Filtering

Supports filtering, URL query, blocking and logging based on URL classification library, supports URL keyword filtering, supports local URL classification library and overseas URL, classification library

Intelligent Flow Control

Supports 4-level nested application flow control management policies based on lines and channels, supports upstream and downstream management of total bandwidth based on interfaces and security domains, supports five-tuple channel matching policies for applications, users, source addresses, services, and time, and supports bandwidth restriction, bandwidth guarantee and flexible bandwidth, support per-IP speed limit, per- user speed limit, and support user-based and address-based exclusion policies

Integrated Threat Protection

Attack Protection

Supports IPv4/6 anti-application DOS attack protection, such as HTTP Flood, DNS query flood and other attack protection; supports anti-traffic attack protection, such as SYN Flood, UDP Flood, ICMP Flood, TCP Flood and other attack protection; supports IPv4/6 Anti-DOS attack protection, such as Jolt2, Land-base, Ping-of-Death SYN Flag, Teardrop, Win-nuke, Smurf, IP Spoof, etc.; supports Anti-ARP Spoofing, Anti-ARP Flood attack; supports control of ARP learning mechanism; supports scanning protection based on TCP, UDP and ICMP; supports firewall self-scanning protection

Virus Protection

Supports virus scanning for HTTP, HTTPS, FTP, POP3, SMTP, and IMAP protocols, automatic updating of virus databases, virtual unpacking, customized scanning file size, suspicious virus scanning, suspicious scripts, picture viruses, and viruses contained in email text, attachments, web pages and downloaded files; supports the scanning and killing of more than 2 million viruses, the virus database is updated regularly and timely, and supports custom virus signatures based on MD5

Intrusion Prevention

Supports multiple detection technologies such as pattern matching, anomaly detection, statistical analysis, and anti-IDS/IPS escape, and supports online and bypass deployment; supports 8000+ release library event sets, supports 11000+ detection libraries, compatible with CVE/CNCVE, and supports events Set customization, support manual, automatic or regular upgrades; support IPS custom rules; can analyze HTTP, SMTP, POP3, FTP, Telnet, VLAN, MPLS, ARP, GRE and other protocols; support SQL injection detection, Trojan backdoor attack protection, security vulnerability attack protection, denial of service attack protection, weak password detection and other suspicious behavior protection, worm virus protection, network database attacks, CGI access, CGI attacks, IPS advanced alarms, etc.

Visual Intelligent Management

Device Management

Supports WEB (HTTP/HTTPS), SSH, TELNET, and Console for management configuration, supports host name and device DNS settings, and supports custom HTTP/HTTPS management ports

Administrative Permissions

Supports administrator authority division, supports predefined configuration, auditing, security administrators, separation of three powers, and supports administrator settings and grouping

Diagnostic Tools

Supports network debugging and diagnostic commands in web graphics mode, and can conduct traffic debugging based on protocols, IPv4/v6, source and destination addresses, etc.; supports export of diagnostic information/exception information; supports ping\trace\token tool; supports session or interface traffic capturing, capturing based on protocols and IP addresses, and multiple interfaces can be captured simultaneously;

Policy Analysis

Supports policy analysis, supports detection of redundant policies, hidden policies, conflicting policies, mergeable policies, empty policies, and expired policies, and provides optimization suggestions

Log Output

Supports log policy setting, supports local storage and outgoing of logs, supports system logs, flow logs, security logs and audit logs. All logs support query, export and clearing; supports interface, HA, routing and health check logs and other system operation log; supports all application names and behavior logs, logs are stored locally, hard disk, and out- sending; supports local export to excel, txt, and xml formats;

Statistical Analysis

Supports real-time traffic statistics and analysis functions, supports TOP10 application traffic ranking, supports traffic trend display, supports TOP50 application traffic data analysis, supports TOP50 user traffic statistics; supports traffic report export;

Monitoring and Analysis

Support online user monitoring and management, support system information alarms, such as CPU, memory, hard disk occupancy, etc., support outgoing alarm logs, syslog, email, etc.;

AD120M-HS0N

AC Power Module, AC input 100-240VAC/2A, Supports hot swapping

MPSec-IHD-1T

MPSec-HD-1T, 1TB HDD Module, Optional

IFW400-X3-IAA-1Y

IFW400-X3-IAA-1Y, Software library 1-year upgrade license, such as application identification library, URL classification feature library, virus protection feature library, intrusion prevention library.

IFW400-X3-IAA-3Y

IFW400-X3-IAA-3Y, Software library 3-year upgrade license, such as application identification library, URL classification feature library, virus protection feature library, intrusion prevention library.

IFW400-X3-1G-LIC

IFW400-X3-1G-LIC, firewall performance upgrade license, each license provides 1Gbps network throughput expansion.