Firewall H3C SecPath F1000-AI-60/70

Firewall H3C SecPath F1000-AI-60/70

H3C’s SecPath F1000-AI Series firewalls offer innovative artificial intelligence (AI) capabilities and are designed for small and medium enterprises, campus network gateways, and distributed branch offices. WAN networks.

H3C’s SecPath F1000-AI Series is Web 2.0 compliant and supports the following security and networking features:

  • Security and access control depending on users, applications, time, a set of five TCP/IP parameters (source address/port number, address/number destination port and protocol type), as well as other parameters. Standard security features include intrusion protection, antivirus, and data leak prevention (DLP).
  • VPN services including L2TP VPN, GRE VPN, IPsec VPN and SSL VPN.
  • Routing functions including static routing, RIP, OSPF, BGP, routing policies and policy-based routing depending on applications and URLs.
  • Dual IPv4 and IPv6 protocol stacks, plus state protection and attack prevention for IPv6.

High-performance software and hardware platforms

F1000 series devices feature state-of-the-art 64-bit multi-core processors and cache memory.

High availability of carrier class

H3C’s own hardware and software platforms are used, which have proven themselves among telecom operators, as well as medium and small businesses .

Supports H3C SCF technology, which allows you to virtualize multiple devices into a single device for unified resource management, service redundancy and improved system performance.


Powerful security features

Protection fromattacks – Detect and prevent various attacks such as Land, Smurf, Fraggle, ping of death, Tear Drop, IP spoofing, IP fragmentation, ARP response forgery, reverse ARP lookups, invalid TCP flags, large packets ICMP, IP address/port scanning, and common distributed denial of service (DDoS) attacks such as SYN flood, UDP flood, DNS flood, and ICMP flood.

< p style="font-weight: 400;">VirtualizationSOPby< /strong>schemeN:1< /b> – use of container virtualization technologies. The F1000 Series firewall can be virtualized into multiple logical firewalls that provide the same functionality as a physical firewall. Each of the virtual firewalls can have its own security policy defined, and they can be managed independently of each other.


Zonessecurity – ability to configure security zones based on interfaces and VLANs.< /p>

Identificationandcontroltraffic strong>applied< b>level.

Use of technology state machines and traffic inspection to detect peer-to-peer (P2P) traffic, instant messaging (IM), online gaming, trading systems, network video, and networked multimedia applications such as Thunder, Web Thunder, BitTorrent, eMule, eDonkey, WeChat , Weibo, QQ, MSN and PPLive.

Using deep packet analysis technology to accurately identify P2P traffic and the ability to apply various policies for flexible control and management of P2P traffic .

The most accurate and efficient intrusion control mechanism –uses a proprietary full analysis module with strict state checking from H3C (Full Inspection with Rigorous State Test, FIRST) and various intrusion control technologies for accurate intrusion identification based on application state. The FIRST module also supports simultaneous monitoring of software and hardware to improve inspection efficiency.

Protection< b>fromviruses< /strong>in realtime – using the antivirus streaming module for prevent, detect and remove malicious code from network traffic.

Antivirus(AV) – uses a high-performance virus detection engine and a daily updated signature database to prevent attacks from more than 5 million viruses.

Protection fromunknown threats – Leverages a situational awareness platform to quickly detect and contain threats, enabling the firewall to trigger global security measures. security immediately upon detection of an attack on any individual node.

Intelligent management

Intelligent management of security policies – detection of duplicates policies, optimization of matching rules in policies, detection and dynamic recommendations for security policies in the internal network.

SNMPv3 – compatible with SNMPv1 and SNMPv2.

Configuration and management via the command line interface (CLI).

Management via simple and convenient graphical Web interface.

Unified management using H3C IMC SSM – collection and analysis of security information, as well as visual display of the situation in the network and system security, which reduces labor costs and increases management efficiency.

Centralized log management using advanced tracking and data analysis mechanisms – the ability to issue requests and obtain information to generate audit trails logs, converting various log formats (including syslog and bitstream logs) to a common format, and compressing and storing large logs. Saved logs can be encrypted and exported to external storage devices such as direct-attached storage (DAS), network-attached storage (NAS), and storage area networks (SAN) to prevent the loss of important security logs.

Wide range of reports – includes application reports and flow analysis reports.

Export reports in various formats – in including PDF, HTML, Word and txt.

Additional information

USB port


Power supplies

Two AC or post. AC hot-swappable


180 W

Expansion slots


Interface modules

4-Port 10-GE Fiber Interface Module, 4-Port GE Fiber Interface Module, 4-Port GE PFC Interface Module, 6-Port 10-GE Fiber Interface Module


2 SSD 480 GB

Flash memory


Random access memory (SDRAM)

8 GB

Ambient temperature

Operating: 0°C to 45°C (32°F to 113°F), Storage: –40°C to +70°C (–40°F to +158°F)

Operating modes

Routing, transparent or hybrid


802.1Q Based VLAN Transparent Passing, ACLs for different time periods, Application level packet filtering using ASPF, Basic and Advanced Access Control Lists (ACLs), Dynamic Packet Filtering, MAC Address Based Access Control Lists (ACLs), MAC Address Binding to IP Addresses, Security Zone, Static and dynamic blacklists, User and application level access control, Virtual Firewall


Manual and automatic updating of the signature database, Stream processing, Various types of detected viruses, including backdoors, email and worms, Trojans, adware distributed through instant messengers and P2P exchange systems and viruses, Virus detection by signatures, Virus detection in HTTP, FTP, SMTP and POP3 protocols




IPv6 Attack Protection, IPv6 Forwarding, IPv6 Multicast: PIM-SM and PIM-DM, IPv6 Protocols such as ICMPv6, PMTU, Ping6, DNS6, IPv6 Routing: RIPng, OSPFv3, BGP4+, Static Routing, Policy Routing, IPv6 Security: NAT-PT, IPv6 Tunneling, IPv6 Packet Filtering, RADIUS, IPv6 Pair Zone Policy Mapping, IPv6 Connection Limiting, IPv6 transition technologies: NAT-PT, IPv6 tunneling, NAT64 (DNS64) and DS-LITE, Stateful Firewall for IPv6, TraceRT6, Telnet6, DHCPv6 client and DHCPv6 relay

High Availability

2:1 Virtualization using SCF, Active/Active and Active/Standby Stateful Failover, IKE State Synchronization in IPsec VPN, Synchronizing Dual Firewall Configurations, VRRP

Electromagnetic compatibility

AS/NZS CISPR22 CLASS A, AS/NZS CISPR32 CLASS A, CISPR 22 CLASS A, CISPR 24, CISPR 32 CLASS A, EN 301 489-1, EN 301 489-17, EN 301 489-52, EN 301 511, EN 301 908-1, EN 55022 CLASS A, EN 55024, EN 55032 CLASS A, EN 61000-3-2, EN 61000-3-3, EN 61000-6-1, ETSI EN 300 386, FCC Part 15 (CFR 47 ) CLASS A, GB 17625.1, GB/T 9254, ICES-003 CLASS A, VCCI CISPR32 CLASS A, VCCI-3 CLASS A, VCCI-4 CLASS A, YD/T 993


AS/NZS 60950-1, CAN/CSA-C22.2 No.60950-1, EN 60950-1/A11, FDA 21 CFR Subpart J, GB 4943.1, IEC 60950-1, UL 60950-1



The page is under development

This section is under development.

We apologize for the temporary inconvenience

Let call
Please enable JavaScript in your browser to complete this form.