Welcome to ICT store

Connect with Facebook


Product Description

H3C 0235A26G (NS-SecPath F1000-E-ACO) SecPath F1000-e vPn Multi-Gigabit Ethernet Advanced Firewall Security Platform. Alternative name: 0235A26G-US

Be the first to review this product

Condition: Refurbished
Packaging: Retail

Availability: 9



Quick Overview

H3C 0235A26G SecPath F1000-e VPn Firewall Security Platform


Double click on above image to view full picture

Zoom Out
Zoom In

More Views


  • SecPath F1000-E adopts the carrier-class hardware platform of H3C. It satisfies the requirement on the security equipment linear processing capability by the core enterprise users through the multi-core system.
  • Enhanced state security filtering: Support the virtual firewall technology. Support the default access control between security zones. Support the basic, extended and interface-based state detecting packet filtering technology. Support filtering based on time segment. Support the proprietary Application Specific Packet Filter (ASPF) protocol. Support the maintenance and monitoring of each piece of connection state information and dynamically filter packets. Support the state monitoring of FTP, HTTP, SMTP, RTSP, and H.323 (including Q.931, H.245 and RTP/RTCP) application layer protocols. Support the state monitoring of TCP/UDP.
  • Anti-attack defense capability:
    -Include DoS/DDoS attack defense (CC, SYN flood and DNS Query Flood) and ARP spoofing defense.
    -The following functions and features are provided:
    - ARP active reverse lookup
    - TCP packet illegal flag bit attack defense
    - Super large ICMP packet attack defense
    - Address/port scanning defense
    - ICMP redirection or unreachable packet control function
    - Tracert packet control function
    - IP packet control function with routing record option
    - Static and dynamic blacklist function
    - MAC and IP binding function
    - Intelligent defense of worm virus technology
  • Application layer content filtering:
    - Able to identify and control the IM protocol, for example, QQ and MSN.
    - Support mail filtering, and provide filtering by SMTP mail address, subject, attachment and content.
    - Support web page filtering, and provide filtering by HTTP URL and content.
    - Support application layer filtering and provide Java/ActiveX Blocking and SQL injection attack.
  • Multiple security authentication services:
    - Support RADIUS and HWTACACS protocols and domain authentication.
    - Support the authentication function of digital certificate (X.509 format) based on the PKI/CA system.
    - Support user identity management. Users with different identities own different command execution rights.
    - Support user view level division. Users at different levels are offered different management and configuration rights.
  • Centralized management and audit:
    - Provide different log functions, traffic statistics & analysis functions, monitoring and statistics function of different events, and mail alarm function.
  • All-round NAT application support:
    -Provide such NAT application modes as multiple-to-one, multiple-to-multiple, static network segment, bidirectional conversion, Easy IP and DNS mapping.
    -Support the correct traversing of multiple application protocols through NAT. Provide such NAT ALG functions as DNS, FTP, H.323 and NBT.
    -Support unlimited NAT conversion.
    -Support GRE VPN, IPSec VPN and other multiple VPN service modes.
  • Support routing, transparent and hybrid operation modes.
  • Support static routing protocol, routing policy and policy routing.
  • Support RIP v1/2, OSPF, and BGP dynamic routing protocols.
  • Support 802.1q VLAN.
  • Support DHCP Client/Server/Relay.
  • Dual-system state hot backup, Active/Active and Active/Passive work modes, and load sharing and service backup supported
  • 36 years of Mean Time Between Failure (MTBF)
  • The key components of the equipment adopt a redundant design.
  • Support the automatic temperature detection of the internal environment. Able to collect alarm information automatically through the network management system.
  • Support remote configuration management through the Web mode.
  • Support the unified management of network and equipment through the H3C network management system.
  • Support intelligent and effective management of a large number of widely distributed equipment through the H3C BIMS system.
  • Support service management and state monitoring of the VPN dynamically and graphically through the H3C VPN Manager system.


Firewall Performance:Throughput: 8Gbps
Concurrent Connections: 2,000,000
3DES performance: 2Gbps
Fixed interface:1 configuration interface (CON)
1 backup interface (AUX)
4 gigabit optical/electrical Combo interface
1 USB port works in the Host mode, and 1 USB port works in the Device mode.
Slot:2 HIM slots. Optional interface modules are of two types, 4GBE/8GBE.
DDR2 SDRAM configuration:1G standard configuration; able to be expanded to 2G
CF card:Built-in 256MB
1 external CF card slot, which is optional
Operation mode:Routing mode
Transparent mode
Hybrid mode
Network security:AAA service
RADIUS authentication
HWTACACS authentication
PKI /CA (X.509 format) authentication
Domain authentication
CHAP authentication
PAP authentication
Packet filtering
Basic and extended ACL
Interface-based ACL
Time segment-based ACL
Dynamic packet filtering
l Application layer protocols: FTP, HTTP, SMTP, and RTSP, H.323 (Q.931, H.245, and RTP/RTCP)
l Transmission layer protocols: TCP and UDP
Anti-attack feature
Land, Smurf, Fraggle, WinNuke, Ping of Death, Tear Drop, IP Spoofing, SYN Flood, ICMP Flood, UDP Flood, and ARP spoofing defense
ARP active reverse lookup
TCP packet illegal flag bit attack defense
Super large ICMP packet attack defense
Address/port scanning defense
DoS/DDoS attack defense
TCP Proxy function
ICMP redirection or unreachable packet control function
Tracert packet control function
IP packet control function with routing record option
Static and dynamic blacklist function
MAC and IP binding function
Transparent firewall
MAC-based ACL
Support 802.1q VLAN transparent transmission
Mail/web page/application layer filtering
Mail filtering
SMTP mail address filtering
Mail subject filtering
Mail content filtering
Mail attachment filtering
Web page filtering
HTTP URL filtering
HTTP content filtering
Application layer filtering
Java Blocking
ActiveX Blocking
SQL injection attack defense
Security log and statistics
User behavior flow log
NAT conversion log
Attack real-time log
Blacklist log
Address binding log
Traffic alarm log
Traffic statistics and analysis function
Global/security domain based connection rate monitoring
Global/security domain based protocol packet percentage monitoring
Security event statistics function
E-MAIL mail real-time alarm function
E-MAIL mail periodical information release function
Many-to-one NAT
Many-to-many NAT
One-to-one NAT
Translates both source and destination addresses simultaneously
Allows the hosts on external networks to access the internal server
Maps an internal network address to the public IP address of an interface
DNS mapping
Supports configuring validity period for address translation
Supports NAT ALG for multiple protocols, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP and SIP.
Support the initiation of connection to the specified LNS according to the complete user name of the VPN user and the user domain.
Support the distribution of addresses to the VPN users.
Support LCP re-negotiation and secondary CHAP authentication.
Support AH and ESP protocols.
Support the automatic establishment of a security alliance manually or through IKE.
ESP supports DES, 3DES and AES algorithms.
Support MD5 and SHA-1 authentication algorithms.
Support the IKE main mode and aggressive mode.
Support NAT traversing.
Support DPD detection.
Network interconnection:LAN protocol
802.1q VLAN
Network protocol:IP service
Domain name resolution
DHCP trunk
DHCP server
DHCP Client
IP routing
Static routing
RIP v1/2
Routing policy
Policy routing
High reliability:Dual-system state hot backup, Active/Active and Active/Passive work modes, and load sharing and service backup supported
Key component redundancy design.
Host swapping of interface module
Support VRRP.
Automatic detection of chassis temperature
QoS:Traffic policing
Configuration management:Command line interface
Perform local configuration through the Console port.
Perform local or remote configuration through Telnet or SSH.
The leveled protection of the configuration command ensures that the unauthorized user cannot intrude the equipment.
Provide Chinese prompt and help information.
The detailed debugging information helps to diagnose network faults.
Provide network test tools, for example, Tracert, Ping, and HWPing commands, to quickly diagnose whether the network is normal.
Execute the Telnet command directly to access and management other equipment.
FTP Server/Client can use FTP download and upload to configure files and software applications.
Support the upload/download of files through TFTP.
Support the log function.
File system management
User-interface configuration provides multiple modes of authentication and authorization functions of the users.
Support standard network management SNMPv3. Compatible with SNMP v2c and SNMP v1.
Support NTP time synchronization.
Perform remote configuration management through the Web mode.
Support the H3C BIMS system to perform equipment management.
Support the H3C VPN Manager system to perform VPN service management and monitoring.
Dimensions (H x W x D):442mm x 460mm x 44mm