Firewall H3C SecPath F5030/F5030-D

Firewall H3C SecPath F5030/F5030-D

H3C’s SecPath F5000 Series is a next-generation, high-performance firewall designed for large enterprise campus networks, service provider networks, and data centers.

F5000 Series firewalls meet Web 2.0 requirements and support the following security and networking features:

  • Security and access control based on users, applications, time, set of five TCP parameters/ IP (source address/port number, destination address/port number and protocol type), and content security. Standard security features include intrusion protection, antivirus, and data loss prevention (DLP).
  • VPN services including IPsec VPN, SSL VPN, L2TP VPN, GRE VPN, and ADVPN.
  • Routing features including static routing, RIP, OSPF, BGP, routing policies, and application-based and URL-based policy routing.
  • Dual IPv4 protocol stacks and IPv6, as well as state protection and attack prevention for IPv6.

F5000 Series firewalls can be equipped with one AC or DC power supply, or two power supplies of the same type for redundancy. H3C’s SecPath F5000 firewalls are 2U high and feature high-density GE and 10GE ports. The F5000 series supports stateful failover for high availability in busy networks. The F5030/5060/5080 and F5030-D/5060-D/5080-D dual MPU models include replaceable fan modules that provide front-to-back airflow to meet data center requirements.

Based on the latest round of ICSA Labs firewall security certification testing, H3C’s next-generation firewalls are found to meet all ICSA Labs security requirements for enterprise-grade and core-capability firewalls. As a result, the H3C SecPath firewall family has been awarded Firewall Certification from ICSA Labs, confirming that it meets all testing requirements.

High-performance software and hardware platforms

This series of firewalls uses modern 64-bit multi-core processors and cache memory.

n

Carrier-grade high availability

Built on proprietary H3C high availability hardware and software platforms, successfully used by many telecom operators, as well as small and medium-sized enterprises.

Supports H3C SCF technology, which allows you to virtualize multiple devices into one device to redundant services and improve system performance.

n

Advanced security functionality

Attack protection – detects and prevents various attacks, such as Land, Smurf, Fraggle, ping of death, Tear Drop, IP spoofing, IP fragmentation, ARP response spoofing, reverse ARP lookups, TCP invalid flags, ICMP large packets, IP/port scanning, as well as common types of distributed denial of service (DDoS) attacks, such as SYN flood, UDP flood, DNS flood, and ICMP flood.

VirtualizationSOPaccording to scheme b>N:1 – use of container virtualization technologies. The F5000 firewall can be virtualized into multiple logical firewalls that provide the same functionality as a physical firewall. Each of the virtual firewalls can have its own security policy defined, and they can be managed independently of each other.

Security zones< /strong> – the ability to configure security zones based on interfaces and VLANs.

Packet filtering – The ability to apply standard or extended ACLs between security zones to implement packet filtering based on information contained in the packets, such as UDP and TCP port numbers. In addition, it is possible to configure the time intervals during which packet filtering will be applied.

ASPF – dynamic decision-making about forwarding or discarding a packet based on the results of checking the information and state of the application layer protocol. ASPF supports analysis of FTP, HTTP, SMTP, RTSP and other application layer protocols based on TCP/UDP.

Authentication, authorization and accounting (< b>AAA) – support for authentication using RADIUS/HWTACACS+, CHAP, PAP and LDAP.

Blacklists – support for static and dynamic blacklists.

Network Address Translation (NAT) and NAT with support VRF.

Virtualprivatenetwork (VPN) – support for virtual private networks based on L2TP, IPsec/IKE, GRE and SSL. Ability to connect to virtual private networks of smart devices

Routing – support for static routing, RIP, OSPF, BGP, routing policies and policy-based routing based on applications and URLs.

Logs< /b>Security – Supports operational logs, paired zone policy mapping logs, attack prevention logs, DS logs -LITE and NAT444 logs.

Monitoring traffic, FIRST) and various intrusion control technologies to accurately identify intrusions based on application state. The FIRST module also supports simultaneous monitoring of software and hardware to improve inspection efficiency.

Protection< b>fromviruses< /strong>in real time – the firewall uses a streaming antivirus module to prevent, detect and remove malicious code from network traffic.

Filter by category for a large number of URLs – use a hybrid local and cloud mode that provides 139 categories of URL libraries and over 20 million URL filtering rules, simple blacklisting of URLs, and the ability to send online requests to a filtering server for a specific URL category.

Complete and up-to-date security signature database – H3C has a team of leading signature database experts and a professional laboratory protection against attacks, together they can ensure that the signature database is accurate and up-to-date

Industry-leading IPv6 functionality

Stateful firewall for IPv6.

Protection against attacks targeting IPv6.

IPv6 data forwarding, IPv6 static and dynamic routing, IPv6 multicast.

IPv4 to IPv6 transition technologies, including NAT-PT, IPv6 over IPv4 using GRE tunnels, manual tunnels, IPv6 to IPv4 tunnels, IPv6 automatic tunneling for IPv4 compatibility, ISATAP, NAT444 and DS-Lite tunnels.

Access control lists and RADIUS functions for IPv6.

Next generation multi-service functionality

Built-in channel load balancing functions: use technologies for channel state analysis and channel congestion detection, providing load balancing when applied to outgoing traffic.

Built-in support SSLVPN: this The feature supports the use of USB keys, SMS messages and the enterprise’s existing authentication system to authenticate users and provide secure access to a large number of users to the corporate network.

Data leak protection system (DLP): The firewall supports SMTP email address, subject, attachment and content filtering, URL and content filtering for HTTP, FTP file transfer filtering, and application-level filtering (including Java/ActiveX blocking and attack protection). SQL code injection).

Intrusion Prevention System (IPS): Supports attack detection and prevention via the Web, including cross-site scripting (XSS) and SQL injection (SQLi).

Antivirus (AV): The firewall has a high-performance antivirus module that provides protection against more than 5 million different viruses and Trojans. The virus signature database is automatically updated every day.

Protection against unknown threats: using the situational intelligence platform awareness to quickly detect and contain threats. Thanks to this, the firewall is able to activate global security measures immediately upon detecting an attack on any individual node.

Intelligent management

Intelligent and unified security policy management allows you to detect duplicate policies, optimize policy matching rules, and discover and dynamically recommend internal network security policies.

SNMPv3, compatible with SNMPv1 and SNMPv2.

Configuration and management via command line interface (CLI).

Management through a simple and convenient graphical Web interface.

Unified management using H3C IMC SSM – collection and analysis of security information, and also clearly displays the network and security situation, which reduces labor costs and increases management efficiency.

Centralized log management using advanced tracking and data analysis mechanisms is possible sending requests and retrieving information to generate audit trails, converting logs of various formats (including syslog and binary stream logs) into a common format, and compressing and storing large logs. Stored logs can be encrypted and exported to external storage devices such as Attachable storage systems (DAS), network attached storage (NAS) and storage area networks (SAN) to avoid loss of critical security logs.

Wide range of reports, including application reports and flow analysis reports.

Export reports in various formats such as PDF, HTML, Word and txt.

n

Customizing reports via the Web interface. To customize the contents of reports, you can specify time ranges, data source devices, compilation period and export format.

Service chain

Service chaining is a forwarding technology used to route network traffic through service nodes. It is based on overlay technology coupled with the idea of

Additional information

USB port

Power supplies

Power

Drives

Flash memory

Random access memory (SDRAM)

Fixed GE ports

, ,

Expansion slots

, , , ,

Interface modules

Ambient temperature

,

Operating modes

Firewall

, , , , , , , , , ,

Load Balancing

, , ,

Антивирус

, , , ,

Behavior and content control

File filtering

URL filtering

VPN

, , ,

Routing

, ,

VXLAN networks

IPv6

, , , , , , , ,

Бренды
High Availability

, , , ,

Electromagnetic compatibility

, , , , , , , , , , , , , , , , , , , , , , , ,

Safety

, , , , , ,

Brand

H3C

The page is under development

This section is under development.

We apologize for the temporary inconvenience

Let call
Please enable JavaScript in your browser to complete this form.