|
|
|
|
|
 
Home > Products > Firewall/VPN
     
 
Firewall/VPN
Summary
Firewall blocks unauthorized access to Intranet from Internet, and at the same time allows Intranet users to access Internet. There has been two generations of firewalls, packet filter firewall and stateful inspection firewall. Packet filter firewall filters data in each IP packet. As firewall is working on the Network Layer and Transport Layer, it does not inspect any data content or attacks from application Layer and can not avoid vicious attacks of forged data packet. Stateful inspection firewalls can keep track of the state of packet connections. It monitors each packet according to state of the connection and can determine whether the packet correctly matches the state. Stateful inspection firewall can monitor application layer protocols based on connections by checking information of message, such as its protocol, port, etc. The content of data is still left unchecked.
Previous generations of firewalls can perform coarse-grained application protection. On today’s network, lots of applications are based on simple protocols, like HTTP, and port numbers are no longer fixed. Sometimes, method such as SSL encryption is used to protect contents. IP address no longer determines user, protocol port number no longer determines application, and packet cannot be related to user behavior simply. Internet bandwidth increases fast, from gigabit to 10G, even 100G, demanding a firewall strong enough for such conditions. Furthermore, with increasing popularity of telecommuting, the firewall not only needs to fight with external attacks, but also need to provide remote access and handle security inspection of VPN encrypted data. Firewall of Hillstone Networks is a combination of state-of-art hardware and software, and can provide application security and VPN functions at high speed.

Product Characteristics
Deep Application Security
  • Support control of P2P/IM/Games/office applications and protocols such as SIP/H.323/HTTP etc. Hundreds of applications can be dynamically identified and application signatures can be updated.
  • Cross Inspection technology can correlate and identify applications by analyzing user status, application status, and behavior status.
  • Control based on the type of sensitive file, key word, URL, Java or Active X plug-ins, etc.
Security Visibility
  • Role Based Network Service (RBNS) gives user a more straightforward and fine grained control. Different users or even users from different location or at different time can have different security profile. Content of user access can also be logged and stored in the storage module or storage server. Searching using user name also makes auditing much easier.
  • Role based management consists of 3 parts: user based access control, user based resource allocation, and user based logging and auditing. Through authentication that identifies each user, the access rights can be determined; resource and bandwidth can be properly assigned. This can avoid data leakage due to IP spoofing or victims PC being improperly used.
High Performance and Capacity
  • With Multi-core G2 architecture and the new generation paralleled stream based engine, Hillstone appliance can achieve an 5 fold performance advantage over devices with comparable hardware. The firewall can support 200,000/sec session ramp-up, 20Gbps throughput and 10,000,000 concurrent sessions.
  • All Hillstone platforms support IPSec acceleration through hardware. Each CPU core has an embedded IPSec processing engine. This ensures that the IPSec performance scales with the number of CPU cores and the engine will not be the bottleneck. Hillstone devices support up to 30000 IPSec tunnels. All 30000 IPSec tunnels are setup through IKE negotiations. The scalability nature of the implementation means that VPN throughput for 30000 tunnels is similar to throughput with 1 tunnel. Hillstone device can reach a throughput of 8Gbps.
Support Pluggable Hardware Module
  • SG-6000 Series Security Gateway supports three types of modules: interface extension module, storage extension module, and AV processing module.
Strong Anti-defense Ability
  • Independent control plane makes it possible to manage device and record log messages when dealing with large amount of traffic or abnormal attacks at the same time.
  • The number of TCP session processed by the device is 5 times of comparable products. This ensures that the device has superb DDoS attack defense ability.
Perfect VPN Solution
  • With patent pending PnPVPN (Plug-n-Play VPN), branch office VPN can be setup with just a username and password. Parameters and local configuration can be downloaded when the VPN is established. This greatly reduces the maintenance of branch office connection within the enterprise. PnPVPN makes IPSec VPN easy to deploy.
  • Support a rich set of VPN configuration. Support route based VPN and policy based VPN. Support static IP peer, dynamic IP peer and dialup VPN peer.
  • Support VPN/GRE/L2TP/GRE over IPSec/L2TP over IPSec
  • IPSec VPN follows the RFC international standard and support interoperability with major network vendors. Supports DES/3DES/AES128/AES192/AES256, etc.
Flexibly Deployment
  • Firewall can be deployed in route mode, transparent mode and mixed mode.
  • Offer one-to-one, many-to-one, many-to-many NAT; support NAT traversal based on multiple application protocols. Support ALG including H.323, SIP, FTP, TFTP, RSH, RTSP, SQL Net, HTTP, MS-RPC, PPTP/GRE, SUN-RPC etc.
 
 
     
 
   
Contact Us  Strategy Statement  
Copyright © 2010-2012 Hillstone Networks,Inc. ICP07018022