|Firewall Performance:||Throughput: 8Gbps|
Concurrent Connections: 2,000,000
3DES performance: 2Gbps
|Fixed interface:||1 configuration interface (CON)|
1 backup interface (AUX)
4 gigabit optical/electrical Combo interface
1 USB port works in the Host mode, and 1 USB port works in the Device mode.
|Slot:||2 HIM slots. Optional interface modules are of two types, 4GBE/8GBE.|
|DDR2 SDRAM configuration:||1G standard configuration; able to be expanded to 2G|
|CF card:||Built-in 256MB|
1 external CF card slot, which is optional
|Operation mode:||Routing mode|
|Network security:||AAA service|
PKI /CA (X.509 format) authentication
Basic and extended ACL
Time segment-based ACL
Dynamic packet filtering
l Application layer protocols: FTP, HTTP, SMTP, and RTSP, H.323 (Q.931, H.245, and RTP/RTCP)
l Transmission layer protocols: TCP and UDP
Land, Smurf, Fraggle, WinNuke, Ping of Death, Tear Drop, IP Spoofing, SYN Flood, ICMP Flood, UDP Flood, and ARP spoofing defense
ARP active reverse lookup
TCP packet illegal flag bit attack defense
Super large ICMP packet attack defense
Address/port scanning defense
DoS/DDoS attack defense
TCP Proxy function
ICMP redirection or unreachable packet control function
Tracert packet control function
IP packet control function with routing record option
Static and dynamic blacklist function
MAC and IP binding function
Support 802.1q VLAN transparent transmission
Mail/web page/application layer filtering
SMTP mail address filtering
Mail subject filtering
Mail content filtering
Mail attachment filtering
Web page filtering
HTTP URL filtering
HTTP content filtering
Application layer filtering
SQL injection attack defense
Security log and statistics
User behavior flow log
NAT conversion log
Attack real-time log
Address binding log
Traffic alarm log
Traffic statistics and analysis function
Global/security domain based connection rate monitoring
Global/security domain based protocol packet percentage monitoring
Security event statistics function
E-MAIL mail real-time alarm function
E-MAIL mail periodical information release function
Translates both source and destination addresses simultaneously
Allows the hosts on external networks to access the internal server
Maps an internal network address to the public IP address of an interface
Supports configuring validity period for address translation
Supports NAT ALG for multiple protocols, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP and SIP.
Support the initiation of connection to the specified LNS according to the complete user name of the VPN user and the user domain.
Support the distribution of addresses to the VPN users.
Support LCP re-negotiation and secondary CHAP authentication.
Support AH and ESP protocols.
Support the automatic establishment of a security alliance manually or through IKE.
ESP supports DES, 3DES and AES algorithms.
Support MD5 and SHA-1 authentication algorithms.
Support the IKE main mode and aggressive mode.
Support NAT traversing.
Support DPD detection.
|Network interconnection:||LAN protocol|
|Network protocol:||IP service|
Domain name resolution
|High reliability:||Dual-system state hot backup, Active/Active and Active/Passive work modes, and load sharing and service backup supported|
Key component redundancy design.
Host swapping of interface module
Automatic detection of chassis temperature
|Configuration management:||Command line interface|
Perform local configuration through the Console port.
Perform local or remote configuration through Telnet or SSH.
The leveled protection of the configuration command ensures that the unauthorized user cannot intrude the equipment.
Provide Chinese prompt and help information.
The detailed debugging information helps to diagnose network faults.
Provide network test tools, for example, Tracert, Ping, and HWPing commands, to quickly diagnose whether the network is normal.
Execute the Telnet command directly to access and management other equipment.
FTP Server/Client can use FTP download and upload to configure files and software applications.
Support the upload/download of files through TFTP.
Support the log function.
File system management
User-interface configuration provides multiple modes of authentication and authorization functions of the users.
Support standard network management SNMPv3. Compatible with SNMP v2c and SNMP v1.
Support NTP time synchronization.
Perform remote configuration management through the Web mode.
Support the H3C BIMS system to perform equipment management.
Support the H3C VPN Manager system to perform VPN service management and monitoring.
|Dimensions (H x W x D):||442mm x 460mm x 44mm|