Firewall H3C SecPath NS-F1000-AI-10

Dimensions (W × D × H)

440mm×260mm×44.2mm

USB 3.0

2

rack mounted

Yes

Weight

3.7kg

Power Supply

AC

Power consumption

39W

MTBF(Year)

77.36

Ports

1 × Console port (CON)

2 × Management port

18 × Gigabit Ethernet copper ports

4 × Gigabit Ethernet Bypass ports

8 ×Gigabit Ethernet Combo ports

2 × 10-Gigabit Ethernet fiber ports

Expansion slots

0

Interface modules

N/A

Storage

480G M.2

Flash

4GB

SDRAM

2GB

Temperature

Operating: 0°C to 45°C (32°F to 113°F)

Storage: –40°C to +70°C (–40°F to +158°F)

Operation modes

Route, transparent, and hybrid

AAA

Portal authentication

RADIUS authentication

HWTACACS authentication

PKI/CA (X.509 format) authentication

Domain authentication

CHAP authentication

PAP authentication

Firewall

SOP virtual firewall technology, which supports full virtualization of hardware resources, including CPU, memories, and storage

Security zone allocation

Protection against malicious attacks, such as land, smurf, fraggle, ping of death, teardrop, IP spoofing, IP fragmentation, ARP spoofing, reverse ARP lookup, invalid TCP flag, large ICMP packet, address/port scanning, SYN flood, ICMP flood, UDP flood, and DNS query flood

Basic and advanced ACLs

Time range-based ACL

User-based and application-based access control

ASPF application layer packet filtering

Static and dynamic blacklist function

MAC-IP binding

MAC-based ACL

MAC-Limitation

802.1Q VLAN transparent transmission

Bandwidth control

Antivirus

Signature-based virus detection

Manual and automatic upgrade for the signature database

Stream-based processing

Virus detection based on HTTP, FTP, SMTP, and POP3

Virus types include Backdoor, Email-Worm, IM-Worm, P2P-Worm, Trojan, AdWare, and Virus

Virus logs and reports

Deep intrusion prevention

Prevention against common attacks such as hacker, worm/virus, Trojan, malicious code, spyware/adware, DoS/DDoS, buffer overflow, SQL injection, and IDS/IPS bypass

Attack signature categories (based on attack types and target systems) and severity levels (including high, medium, low, and notification)

Manual and automatic upgrade for the attack signature database (TFTP and HTTP).

P2P/IM traffic identification and control

Email/webpage/application layer filtering

Email filtering

SMTP email address filtering

Email subject/content/attachment filtering

Webpage filtering

HTTP URL/content filtering

Java blocking

ActiveX blocking

SQL injection attack prevention

NAT

Many-to-one NAT, which maps multiple internal addresses to one public address

Many-to-many NAT, which maps multiple internal addresses to multiple public addresses

One-to-one NAT, which maps one internal address to one public address

NAT of both source address and destination address

External hosts access to internal servers

Internal address to public interface address mapping

NAT support for DNS

Setting effective period for NAT

NAT ALGs for NAT ALG, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP, and SIP

VPN

L2TP VPN

IPSec VPN

GRE VPN

SSL VPN

IPSEC VPN

ESP-DES-CBC/ESP-3DES-CBC/ESP-AES-128-CBC/ESP-AES-192-CBC/ESP-AES-256-CBC/ ESP-AES-128-GCM/ESP-NULL/SM1-cbc-128/SM4-cbc

IPSEC VPN

Authentication Algorithm

MD5/SHA1/SM3

IPv6

IPv6 status firewall

IPv6 attack protection

IPv6 forwarding

IPv6 protocols such as ICMPv6, PMTU, Ping6, DNS6, TraceRT6, Telnet6, DHCPv6 Client, and DHCPv6 Relay

IPv6 routing: RIPng, OSPFv3, BGP4+, static routing, policy-based routing

IPv6 multicast: PIM-SM, and PIM-DM

IPv6 transition techniques: NAT-PT, IPv6 tunneling, NAT64 (DNS64), and DS-LITE

IPv6 security: NAT-PT, IPv6 tunnel, IPv6 packet filter, RADIUS, IPv6 zone pair policies, IPv6 connection limit

IEEE

IEEE 802.1X

High availability

SCF 2:1 virtualization

Active/active and active/standby stateful failover

Configuration synchronization of two firewalls

IKE state synchronization in IPsec VPN

VRRP

Configuration management

Configuration management at the CLI

Remote management through Web

Device management through H3C IMC SSM

SNMPv3, compatible with SNMPv2 and SNMPv1

Intelligent security policy

Environmental protection

EU RoHS compliance

EMC

FCC Part 15 (CFR 47) CLASS A

ICES-003 CLASS A

VCCI CLASS A

CISPR 22 CLASS A

EN 55022 CLASS A

AS/NZS CISPR22 CLASS A

CISPR 32 CLASS A

EN 55032 CLASS A

AS/NZS CISPR32 CLASS A

CISPR 24

EN 55024

EN 61000-3-2

EN 61000-3-3

ETSI EN 300 386

GB 9254

GB 17625.1

YD/T 993

Safety

UL 60950-1

CAN/CSA C22.2 No 60950-1

IEC 60950-1

EN 60950-1

AS/NZS 60950-1

FDA 21 CFR Subchapter J

GB 4943.1