H3C SecPath F1020 Firewall Host
Product Feature
- High-performance hardware and software processing platform
- Strong security protection, Flexible and scalable integrated DPI deep security
- High reliability of carrier-class device
- Industry-leading IPv6
- Next-generation multi-service features
- Professional intelligent management
- Description
- Reviews
-
Product Overview
The H3C SecPath F1000 Series firewall is New H3C’s next-generation high-performance firewall product, which is launched with the advent of the Web2.0 era for small and medium-sized enterprises, campus network Internet exportation and WAN branch markets in combination with the current technology trend of the convergence of security and network.
The H3C SecPath F1000 Series firewall supports multi-dimensional integrated security protection, which can implement integrated security access control such as IPS, AV, and DLP from multiple dimensions such as user, application, time and quintet, effectively ensuring network security. It supports multiple VPN services, such as L2TP VPN, GRE VPN, IPSec VPN and SSL VPN, and enables mobile office through connecting to smart terminals. It provides abundant routing capabilities, including supporting RIP/OSPF/BGP routing policies and application-based and URL-based policy routing. It enables state protection and attack defense against IPV6 while supporting IPv4/IPv6 dual stack.
The H3C SecPath F1000 Series firewall uses dual power supplies (1+1 backup) that are mutually redundant backups. It supports SCF technology in dual-computer cluster deployment, fully meeting the requirements of high-performance networks for reliability. Meanwhile, it can provide a maximum of 24 Gigabit interfaces and two 10 Gigabit interfaces in the 1U-high device.
Click Here to Download Datasheet
Hardware Specifications
Item
F1003-L/
F1005-L
F10005/F1010
F1020/F1030
F1050/F1060
F1070/F1080
Interface
8 Electrical Ports
1 configuration port (CON);
Host with 8 Gigabit Electrical + 2 Gigabit Combo + 2 Gigabit Electrical Bypass
1 configuration port (CON);
Host with 8 Gigabit optical ports + 16 Gigabit electrical ports
1 configuration port (CON);
Host with 8 Gigabit optical ports + 16 Gigabit electrical ports + 2 10 Gigabit optical ports
Expansion slot
N/A
N/A
2 (F1020: 1 expansion slot )
Expansion board type
N/A
N/A
4 Gigabit PFC interface module, 4 Gigabit optical interface module, 4*10GE optical interface module
Storage medium
Not support hard disk
1*500G HDD
1*(480G SSD/500G HDD/1T HDD)
Note: F1020 doesn’t support hard disk.
2*(480G SSD/500G HDD/1T HDD)
4G LTE
4G FDD LTE/TDD LTE
Not support
Ambient temperature
Working: 0~45℃
Non-working: -40~70℃
Run mode
Routing mode, transparent mode, promiscuous mode
AAA service
Portal authentication, RADIUS authentication, HWTACACS authentication, PKI/CA (X.509 format) authentication, domain authentication, CHAP authentication, PAP authentication
Firewall
SOP virtual firewall technology, supporting complete virtualization of hardware resources such as CPU, memory, storage, etc.;
Safe area division;
Defend against various malicious attacks, such as Land, Smurf, Fraggle, Ping of Death, Tear Drop, IP Spoofing, IP partitioned message, ARP spoofing, ARP active inverse query, illegitimate TCP message flag bits, super-large ICMP packet, address scan, port scan, SYN Flood, UPD Flood, ICMP Flood and DNS Flood;
Basic and extended access control list;
Interval-based access control list;
User-based, application-based access control list;
ASPF application layer packet filtering;
Static and dynamic blacklisting;
MAC and IP binding;
MAC-based access control list;
Supporting 802.1q VLAN transparent transmission
Virus protection
Test based on virus signatures;
Supporting manual and automatic upgrading of virus library;
Stream processing mode of messages;
Supporting HTTP, FTP, SMTP and POP3 protocols;
Supporting these virus types: Backdoor, Email-Worm, IM-Worm, P2P-Worm, Trojan, AdWare, Virus, etc.;
Supporting virus logs and reports
Intrusion defense-in-depth system
Supporting common attack defenses such as hackers, worms/viruses, Trojans, malicious codes, spyware/adware, DoS/DDoS, etc.;
Supporting defenses against such attacks as buffer overflow, SQL injection, IDS/IPS escape, etc.;
Supporting classification of signature database for attacks (classified according to attack type and target system), grading (4 grades: High, medium, low and prompt grades);
Supporting manual and automatic upgrading of signatures database for attacks (TFTP and HTTP)
Supporting P2P/IM recognition and control such as BT
Mail/Web/Application layer filtering
Mail filtering
SMTP mail address filtering
Mail header filtering
Mail content filtering
Email attachment filtering
Web filtering
HTTP URL filtering
HTTP content filtering
Application layer filtering
Java Blocking
ActiveX Blocking
SQL injection attack prevention
NAT
Supporting multiple internal addresses to be mapped to the same public network address;
Supporting multiple internal addresses to be mapped to multiple public network addresses;
Supporting internal addresses to be mapped to public network addresses one by one;
Supporting simultaneous conversion of source and destination addresses;
Supporting external network hosts to access internal servers;
Supporting internal addresses to be directly mapped to IP addresses of public networks for the interface;
Supporting DNS mapping function;
Configuring valid time for supporting address translation;
Supporting various NAT ALGs, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP, SIP, etc.
VPN
L2TP VPN、IPSec VPN、GRE VPN、SSL VPN
IPv6
IPv6-based stateful firewall and attack defense;
IPv6 protocols: IPv6 forwarding, ICMPv6, PMTU, Ping6, DNS6, TraceRT6, Telnet6, DHCPv6 Client, DHCPv6 Relay, etc.;
IPv6 routing: RIPng, OSPFv3, BGP4+, static routing, policy routing, PIM-SM, PIM-DM, etc.
IPv6 security: NAT-PT, IPv6 Tunnel, IPv6 Packet Filter, Radius, IPv6 inter-domain policy, IPv6 connection limit, etc.
High reliability
Supporting SCF 2:1 virtualization
Supporting dual-computer hot standby (Two kinds of work mode: Active/Active and Active/Backup);
Supporting dual-computer configuration synchronization;
Supporting IKE state synchronization of IPSec VPN
Supporting VRRP
Easy maintainability
Supporting command line-based configuration management;
Supporting remote configuration management in web mode;
Supporting H3C SSM security management center for device management;
Supporting standard network management of SNMPv3 and compatibility with SNMP v1 and v2;
Intelligent security strategy
Environmental protection and certification
Supporting Europe's strict RoHS environmental certification
-
