The Hillstone X Series Data Center Firewall offer outstanding performance, reliability, and scalability, for high-speed service providers, large enterprises and carrier networks. The products are based on an innovative fully distributed architecture that fully implements firewalls with high throughput, concurrent connections, and new sessions. Hillstone X Series also support large-capacity virtual firewalls, providing flexible security services for virtualized environments, and features such as application identification, traffic management, intrusion prevention, and attack prevention to fully protect data center network security.

Hillstone’s Elastic Security Architecture: A breakthrough technology for data centers

With traffic explosively increasing, data center firewalls need powerful capabilities to handle high traffic and massive concurrent user access, as well as the ability to effectively cope with sudden bursts of user activity. Therefore, data center firewalls must not only have high throughput but also extremely high concurrent connections and new session processing capabilities.

The Hillstone X Series Data Center Firewall adopt an innovative, fully distributed architecture to implement distributed high-speed processing of service traffic on Service Modules (SSMs) and Interface Modules (IOMs) through intelligent traffic distribution algorithms. Through patented resource management algorithms, they allow for the full potential of distributed multi-core processor platforms, to further increase the performance of firewall concurrent connections, new sessions per second, and achieve a fullly linear expansion of system performance. Moreover, the packet forwarding delay is less than 10us, which can fully meet a data center’s demand for real-time service forwarding.

Carrier-Grade Reliability

The hardware and software of the X Series data center firewall delivers 99.999% carrier-grade reliability. It can support active/active or active/passive mode redundant deployment solutions to ensure uninterrupted service during single failure. The entire system adopts a modular design, supporting control module redundancy, service module redundancy, interface module redundancy and switching module redundancy, and all modules are hot-swappable.

Leading virtual firewall technology

The X Series data center firewall can logically divide a physical firewall into upwards of 1000 virtual firewalls for the data center’s virtualization needs, providing virtual firewall support capabilities for large data centers. Each virtual firewall system of X Series data center firewalls not only has independent system resources, but also can be individually and granularly managed to provide independent security management planes for different services or users.

Granular application control and comprehensive security

The X Series data center firewall uses advanced in-depth application identification technology to accurately identify thousands of network applications based on protocol features, behavior characteristics, and correlation analysis, including hundreds of mobile applications and encrypted P2P applications. The X Series data center firewall provides intrusion prevention technology based on deep application identification, protocol detection, and attack principle analysis. In addition, The X Series data center firewall supports URL filtering for tens of millions of URL signature library.

Strong network adaptability

The X Series data center firewall fully supports next-generation Internet deployment technologies (including dual-stack, tunnel, DNS64/NAT64 and other transitional technologies). It also has mature NAT444 capabilities to support static mapping of fixed-port block of external network addresses to intranet addresses. In addition, the X Series data center firewall provides full compliance with standard IPSec VPN capabilities and integrates third-generation SSL VPN to provide users with high-performance, high-capacity, and full-scale VPN solution.

Resources