|
|
| The New Generation Firewall – Deep Application Security |
| |
|
 |
With the rapid development of internet, more and more application are now based on protocols such as HTTP/HTTPS. New security threats are becoming application based. Traditional stateful inspection firewall can only enforce security policy based on ports and protocols, without identifying the application that runs through. These devices thus cannot control today’s full spectrum of applications. Hillstone’s new generation of firewall can identify and control application based on characteristics and behavior of the traffic, even deal with encrypted traffic, allowing these traffic to be managed and controlled.
StoneOS® can identify hundreds of applications, including P2P, IM, games, office software and applications based on protocols such as SIP, H.323 and HTTP. New application can be supported through application signature updated in real-time, without a StoneOS upgrade. |
|
| |
|
|
|
New generation network security architecture
|
| |
| Comprehensive VPN Solutions |
| |
|
 |
SG-6000 series multi-core security appliance supports multiple types of IPSec VPN deployment. It is fully compatible with standard IPSec VPN. All the SG-6000 series platforms support hardware acceleration of VPN functionality (including SSL VPN). With the combination of hardware acceleration and multi-core processing ability, SG-6000 series products provide you with high-capacity and high-performance VPN solutions.
With patent pending PnPVPN functionality, VPN devices from the remote branches could automatically get the network and security configuration from the headquarters by simply providing a user name and password. This solves the hard-to-configure, hard-to-use, and hard-to-maintain problem shared by traditional IPSec VPN solutions.
SG-6000 security appliance also integrated third generation SSL VPN, providing role-based access control and an easy-to-configure and speedy remote access solution. |
|
| |
| Content Security (UTM Plus®) |
| |
|
 |
The UTM Plus® package of SG-6000 series security appliance includes the following functions: AV, IPS, content filter, network behavior control, and application traffic shaping. The security appliance can defend against different types of network attacks, both internal and external, from virus, spyware, worms, Trojan, to information leakage and illegal activities. The content filter functionality and Web URL filtering can help administrators easily block inappropriate web sites, to improve working efficiency and control access to harmful material. Virus database, IPS signature database, and URL database can be updated through the network at real time, ensuring a quickly response to new virus, attacks, and URLs. |
|
| |
| |
| Network Visibility – Role and Application Based Management |
| |
|
 |
There is no security with visibility. The application and user identification feature in StoneOS® help customers understand what is happening in their network and establish better security and traffic management policies.
Role based network services (RBNS) gives a fine grain visibility. Different users, even users from different locations or different times can have different access rights and can be managed differently. User activities can be logged and stored locally or in a server, making it easier to audit based on user name.
RBNS can be divided into three parts: access control, network resource allocation and audit log, all based on ‘user’. Through authentication and authorization for a user and identifying their security levels, information leakage due to IP spoofing or PC misuse can be avoided. |
|
| |
|
|
|
StoneOS system architecture
|
| |
| Fully Parallel Security Architecture (Multi-Core Plus® G2) |
| |
|
 |
StoneOS®, Hillstone’s proprietary 64-bit real-time operating system, has powerful parallel processing capability. With a patent pending architecture, StoneOS® realizes the full potential of multi-core processing in application security processing, compares to using multi-core and NP/ASIC only in layer 3 security processing, found in most of today’s security appliances. With this StoneOS advantage, SG-6000 series security appliances have an up to 5 times performance advantage in application processing when compared to other appliances with similar hardware configuration. This creates a strong foundation for an integrated security product, solving the performance issue faced by traditional appliances when multiple functionalities are turned on at the same time. |
|
| |
| Extensible Modularized Design (Multi-Core Plus® G2) |
| |
|
 |
Hillstone product supports three kinds of pluggable hardware modules: interface module, application processing module and storage module. The modularized design greatly protects customer’s investment. Interface modules enhance the connectivity of the device, so that the device will not be obsolete when the network grows. Application processing modules increase the security processing capability of the appliance, removing application security as a bottleneck. Storage modules can store logs and statistics collected by the device, as required by the monitoring and auditing functionalities. |
|
| |
| |
| |
|
|
 |
|
| |
|
Related Links
|
|
|
 |
|
|
|
|
|
|
|
|
|
