Firewall H3C SecPath F5060/F5060-D F5080/F5080-D

Firewall H3C SecPath F5060/F5060-D F5080/F5080-D

H3C’s SecPath F5000 Series is a next-generation, high-performance firewall designed for large enterprise campus networks, service provider networks, and data centers.

F5000 Series firewalls meet Web 2.0 requirements and support the following security and networking features:

  • Security and access control based on users, applications, time, set of five TCP parameters/ IP (source address/port number, destination address/port number and protocol type), and content security. Standard security features include intrusion protection, antivirus, and data loss prevention (DLP).
  • VPN services including IPsec VPN, SSL VPN, L2TP VPN, GRE VPN, and ADVPN.
  • Routing features including static routing, RIP, OSPF, BGP, routing policies, and application-based and URL-based policy routing.
  • Dual IPv4 protocol stacks and IPv6, as well as state protection and attack prevention for IPv6.

F5000 Series firewalls can be equipped with one AC or DC power supply, or two power supplies of the same type for redundancy. H3C’s SecPath F5000 firewalls are 2U high and feature high-density GE and 10GE ports. The F5000 series supports stateful failover for high availability in busy networks. The F5030/5060/5080 and F5030-D/5060-D/5080-D dual MPU models include replaceable fan modules that provide front-to-back airflow to meet data center requirements.

Based on the latest round of ICSA Labs firewall security certification testing, H3C’s next-generation firewalls are found to meet all ICSA Labs security requirements for enterprise-grade and core-capability firewalls. As a result, the H3C SecPath firewall family has been awarded Firewall Certification from ICSA Labs, confirming that it meets all testing requirements.

High-performance software and hardware platforms

This series of firewalls uses modern 64-bit multi-core processors and cache memory.

n

Carrier-grade high availability

Built on proprietary H3C high availability hardware and software platforms, successfully used by many telecom operators, as well as small and medium-sized enterprises.

Supports H3C SCF technology, which allows you to virtualize multiple devices into one device to redundant services and improve system performance.

n

Advanced security functionality

Attack protection – detects and prevents various attacks, such as Land, Smurf, Fraggle, ping of death, Tear Drop, IP spoofing, IP fragmentation, ARP response spoofing, reverse ARP lookups, TCP invalid flags, ICMP large packets, IP/port scanning, as well as common types of distributed denial of service (DDoS) attacks, such as SYN flood, UDP flood, DNS flood, and ICMP flood.

VirtualizationSOPaccording to scheme b>N:1 – use of container virtualization technologies. The F5000 firewall can be virtualized into multiple logical firewalls that provide the same functionality as a physical firewall. Each of the virtual firewalls can have its own security policy defined, and they can be managed independently of each other.

Security zones< /strong> – the ability to configure security zones based on interfaces and VLANs.

Packet filtering – The ability to apply standard or extended ACLs between security zones to implement packet filtering based on information contained in the packets, such as UDP and TCP port numbers. In addition, it is possible to configure the time intervals during which packet filtering will be applied.

ASPF – dynamic decision-making about forwarding or discarding a packet based on the results of checking the information and state of the application layer protocol. ASPF supports analysis of FTP, HTTP, SMTP, RTSP and other application layer protocols based on TCP/UDP.

Authentication, authorization and accounting (< b>AAA) – support for authentication using RADIUS/HWTACACS+, CHAP, PAP and LDAP.

Blacklists – support for static and dynamic blacklists.

Network Address Translation (NAT) and NAT with support VRF.

Virtualprivatenetwork (VPN) – support for virtual private networks based on L2TP, IPsec/IKE, GRE and SSL. Ability to connect to virtual private networks of smart devices

Routing – support for static routing, RIP, OSPF, BGP, routing policies and policy-based routing based on applications and URLs.

Logs< /b>Security – Supports operational logs, paired zone policy mapping logs, attack prevention logs, DS logs -LITE and NAT444 logs.

Monitoring traffic, FIRST) and various intrusion control technologies to accurately identify intrusions based on application state. The FIRST module also supports simultaneous monitoring of software and hardware to improve inspection efficiency.

Protection< b>fromviruses< /strong>in real time – the firewall uses a streaming antivirus module to prevent, detect and remove malicious code from network traffic.

Filter by category for a large number of URLs – use a hybrid local and cloud mode that provides 139 categories of URL libraries and over 20 million URL filtering rules, simple blacklisting of URLs, and the ability to send online requests to a filtering server for a specific URL category.

Complete and up-to-date security signature database – H3C has a team of leading signature database experts and a professional laboratory protection against attacks, together they can ensure that the signature database is accurate and up-to-date

Industry-leading IPv6 functionality

Stateful firewall for IPv6.

Protection against attacks targeting IPv6.

IPv6 data forwarding, IPv6 static and dynamic routing, IPv6 multicast.

IPv4 to IPv6 transition technologies, including NAT-PT, IPv6 over IPv4 using GRE tunnels, manual tunnels, IPv6 to IPv4 tunnels, IPv6 automatic tunneling for IPv4 compatibility, ISATAP, NAT444 and DS-Lite tunnels.

Access control lists and RADIUS functions for IPv6.

Next generation multi-service functionality

Built-in channel load balancing functions: use technologies for channel state analysis and channel congestion detection, providing load balancing when applied to outgoing traffic.

Built-in support SSLVPN: this The feature supports the use of USB keys, SMS messages and the enterprise’s existing authentication system to authenticate users and provide secure access to a large number of users to the corporate network.

Data leak protection system (DLP): The firewall supports SMTP email address, subject, attachment and content filtering, URL and content filtering for HTTP, FTP file transfer filtering, and application-level filtering (including Java/ActiveX blocking and attack protection). SQL code injection).

Intrusion Prevention System (IPS): Supports attack detection and prevention via the Web, including cross-site scripting (XSS) and SQL injection (SQLi).

Antivirus (AV): The firewall has a high-performance antivirus module that provides protection against more than 5 million different viruses and Trojans. The virus signature database is automatically updated every day.

Protection against unknown threats: using the situational intelligence platform awareness to quickly detect and contain threats. Thanks to this, the firewall is able to activate global security measures immediately upon detecting an attack on any individual node.

Intelligent management

Intelligent and unified security policy management allows you to detect duplicate policies, optimize policy matching rules, and discover and dynamically recommend internal network security policies.

SNMPv3, compatible with SNMPv1 and SNMPv2.

Configuration and management via command line interface (CLI).

Management through a simple and convenient graphical Web interface.

Unified management using H3C IMC SSM – collection and analysis of security information, and also clearly displays the network and security situation, which reduces labor costs and increases management efficiency.

Centralized log management using advanced tracking and data analysis mechanisms is possible sending requests and retrieving information to generate audit trails, converting logs of various formats (including syslog and binary stream logs) into a common format, and compressing and storing large logs. Stored logs can be encrypted and exported to external storage devices such as Attachable storage systems (DAS), network attached storage (NAS) and storage area networks (SAN) to avoid loss of critical security logs.

Wide range of reports, including application reports and flow analysis reports.

Export reports in various formats such as PDF, HTML, Word and txt.

n

Customizing reports via the Web interface. To customize the contents of reports, you can specify time ranges, data source devices, compilation period and export format.

Service chain

Service chaining is a forwarding technology used to route network traffic through service nodes. It is based on overlay technology coupled with the idea of

Additional information

USB port

2

Power supplies

AC or post. current, with redundancy

Power

650 W

Drives

2 SSD 480 GB

Flash memory

4 GB (EMMC)

Random access memory (SDRAM)

32 GB/32 GB/64 GB/64 GB

Fixed GE ports

4 x GE combo ports, 8 x 10/100/1000Base-T ports (fixed in slot 4), 8 x 10G SFP+ ports (fixed in slot 1), 8 x SFP ports (fixed in slot 5)

Expansion slots

5/4/5/4;, For F5060-D/5080-D: slots 1, 4 and 5 are occupied; one main control module is preinstalled in slot 7, For F5060/80: slots 1, 4 and 5 are occupied;, Slots 2 and 3 are for high-speed modules (SFP+/QSFP+), slot 6 is for low-speed modules (PFC/GE/ SFP); slot 8 – for redundancy of the main control module, Slots 2 and 3 are for high-speed modules (SFP+/QSFP+), slots 6/7/8 – for low-speed modules (PFC/GE/SFP)

Interface modules

8*SFP/8*GE/4*GE Bypass/8*SFP+/2*QSFP+/4SFP and 4SFP+

Ambient temperature

Operating: 0°C to 45°C (32°F to 113°F), Storage: –40°C to +70°C (–40°F to +158°F)

Operating modes

Routing, transparent or hybrid

Firewall

802.1Q Based VLAN Transparent Passing, ACLs for different time periods, Application level packet filtering using ASPF, Basic and Advanced Access Control Lists (ACLs), Dynamic Packet Filtering, MAC Address Based Access Control Lists (ACLs), MAC Address Binding to IP Addresses, Security Zone, Static and dynamic blacklists, User and application level access control, Virtual Firewall

Load Balancing

Health monitoring via ICMP, UDP and TCP, Intelligent route selection based on application and ISP, Load balancing across links and servers, Port-based binding methods, HTTP and SSL to ensure bandwidth utilization and fault protection

Антивирус

Manual and automatic updating of the signature database, Stream processing, Various types of detected viruses, including backdoors, email and worms, Trojans, adware distributed through instant messengers and P2P exchange systems and viruses, Virus detection by signatures, Virus detection in HTTP, FTP, SMTP and POP3 protocols

Behavior and content control

User-level content auditing and tracking

File filtering

Identifies file typessuch as Word, Excel, PPT, PDF, ZIP, RAR, EXE, DLL, AVI and MP4, and filters sensitive information in files

URL filtering

Over 50 types of URL filtering rules by signature, with the ability to drop, reset, redirect, register and blacklist packets matching the description of the rules

VPN

GRE VPN, IPSec VPN, L2TP VPN, SSL VPN

Routing

BGP and IS-IS, OSPF, Routing protocols such as RIP

VXLAN networks

VXLAN service chains

IPv6

IPv6 Attack Protection, IPv6 Forwarding, IPv6 Multicast: PIM-SM and PIM-DM, IPv6 Protocols such as ICMPv6, PMTU, Ping6, DNS6, IPv6 Routing: RIPng, OSPFv3, BGP4+, Static Routing, Policy Routing, IPv6 Security: NAT-PT, IPv6 Tunneling, IPv6 Packet Filtering, RADIUS, IPv6 Pair Zone Policy Mapping, IPv6 Connection Limiting, IPv6 transition technologies: NAT-PT, IPv6 tunneling, NAT64 (DNS64) and DS-LITE, Stateful Firewall for IPv6, TraceRT6, Telnet6, DHCPv6 client and DHCPv6 relay

High Availability

2:1 Virtualization using SCF, Active/Active and Active/Standby Stateful Failover, IKE State Synchronization in IPsec VPN, Synchronizing Dual Firewall Configurations, VRRP

Electromagnetic compatibility

AS/NZS CISPR22 CLASS A, AS/NZS CISPR32 CLASS A, CISPR 22 CLASS A, CISPR 24, CISPR 32 CLASS A, EN 301 489-1, EN 301 489-17, EN 301 489-52, EN 301 511, EN 301 908-1, EN 55022 CLASS A, EN 55024, EN 55032 CLASS A, EN 61000-3-2, EN 61000-3-3, EN 61000-6-1, ETSI EN 300 386, FCC Part 15 (CFR 47 ) CLASS A, GB 17625.1, GB/T 9254, ICES-003 CLASS A, VCCI CISPR32 CLASS A, VCCI-3 CLASS A, VCCI-4 CLASS A, YD/T 993

Safety

AS/NZS 60950-1, CAN/CSA-C22.2 No.60950-1, EN 60950-1/A11, FDA 21 CFR Subpart J, GB 4943.1, IEC 60950-1, UL 60950-1

Brand

H3C

The page is under development

This section is under development.

We apologize for the temporary inconvenience

Let call
Please enable JavaScript in your browser to complete this form.