H3C SecPath F1020 Firewall Host


Product Feature

  • High-performance hardware and software processing platform
  • Strong security protection, Flexible and scalable integrated DPI deep security
  • High reliability of carrier-class device
  • Industry-leading IPv6
  • Next-generation multi-service features
  • Professional intelligent management

    • Description
    • Reviews
    • Product Overview

      The H3C SecPath F1000 Series firewall is New H3C’s next-generation high-performance firewall product, which is launched with the advent of the Web2.0 era for small and medium-sized enterprises, campus network Internet exportation and WAN branch markets in combination with the current technology trend of the convergence of security and network.

      The H3C SecPath F1000 Series firewall supports multi-dimensional integrated security protection, which can implement integrated security access control such as IPS, AV, and DLP from multiple dimensions such as user, application, time and quintet, effectively ensuring network security. It supports multiple VPN services, such as L2TP VPN, GRE VPN, IPSec VPN and SSL VPN, and enables mobile office through connecting to smart terminals. It provides abundant routing capabilities, including supporting RIP/OSPF/BGP routing policies and application-based and URL-based policy routing. It enables state protection and attack defense against IPV6 while supporting IPv4/IPv6 dual stack.

      The H3C SecPath F1000 Series firewall uses dual power supplies (1+1 backup) that are mutually redundant backups. It supports SCF technology in dual-computer cluster deployment, fully meeting the requirements of high-performance networks for reliability. Meanwhile, it can provide a maximum of 24 Gigabit interfaces and two 10 Gigabit interfaces in the 1U-high device.

      Click Here to Download Datasheet

      Hardware Specifications









      8 Electrical Ports

      1 configuration port (CON);

      Host with 8 Gigabit Electrical + 2 Gigabit Combo + 2 Gigabit Electrical Bypass

      1 configuration port (CON);

      Host with 8 Gigabit optical ports + 16 Gigabit electrical ports

      1 configuration port (CON);

      Host with 8 Gigabit optical ports + 16 Gigabit electrical ports + 2 10 Gigabit optical ports

      Expansion slot



      2 (F1020: 1 expansion slot )


      Expansion board type




      4 Gigabit PFC interface module, 4 Gigabit optical interface module, 4*10GE optical interface module

       Storage medium

       Not support hard disk

      1*500G HDD

      1*(480G SSD/500G HDD/1T HDD)

      Note: F1020 doesn’t support hard disk. 

      2*(480G SSD/500G HDD/1T HDD)

      4G LTE


      Not support

      Ambient temperature

      Working: 0~45℃

      Non-working: -40~70℃

       Run mode

       Routing mode, transparent mode, promiscuous mode

      AAA service

      Portal authentication, RADIUS authentication, HWTACACS authentication, PKI/CA (X.509 format) authentication, domain authentication, CHAP authentication, PAP authentication


      SOP virtual firewall technology, supporting complete virtualization of hardware resources such as CPU, memory, storage, etc.;

      Safe area division;

      Defend against various malicious attacks, such as Land, Smurf, Fraggle, Ping of Death, Tear Drop, IP Spoofing, IP partitioned message, ARP spoofing, ARP active inverse query, illegitimate TCP message flag bits, super-large ICMP packet, address scan, port scan, SYN Flood, UPD Flood, ICMP Flood and DNS Flood;

      Basic and extended access control list;

      Interval-based access control list;

      User-based, application-based access control list;

      ASPF application layer packet filtering;

      Static and dynamic blacklisting;

      MAC and IP binding;

      MAC-based access control list;

      Supporting 802.1q VLAN transparent transmission



      Virus protection

      Test based on virus signatures;

      Supporting manual and automatic upgrading of virus library;

      Stream processing mode of messages;

      Supporting HTTP, FTP, SMTP and POP3 protocols;

      Supporting these virus types: Backdoor, Email-Worm, IM-Worm, P2P-Worm, Trojan, AdWare, Virus, etc.;

      Supporting virus logs and reports

       Intrusion defense-in-depth system

      Supporting common attack defenses such as hackers, worms/viruses, Trojans, malicious codes, spyware/adware, DoS/DDoS, etc.;

      Supporting defenses against such attacks as buffer overflow, SQL injection, IDS/IPS escape, etc.;

      Supporting classification of signature database for attacks (classified according to attack type and target system), grading (4 grades: High, medium, low and prompt grades);

      Supporting manual and automatic upgrading of signatures database for attacks (TFTP and HTTP)

      Supporting P2P/IM recognition and control such as BT


      Mail/Web/Application layer filtering


      Mail filtering

      SMTP mail address filtering

      Mail header filtering

      Mail content filtering

      Email attachment filtering

      Web filtering

      HTTP URL filtering

      HTTP content filtering

      Application layer filtering

      Java Blocking

      ActiveX Blocking

      SQL injection attack prevention



      Supporting multiple internal addresses to be mapped to the same public network address;

      Supporting multiple internal addresses to be mapped to multiple public network addresses;

      Supporting internal addresses to be mapped to public network addresses one by one;

      Supporting simultaneous conversion of source and destination addresses;

      Supporting external network hosts to access internal servers;

      Supporting internal addresses to be directly mapped to IP addresses of public networks for the interface;

      Supporting DNS mapping function;

      Configuring valid time for supporting address translation;

      Supporting various NAT ALGs, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP, SIP, etc.





      IPv6-based stateful firewall and attack defense;

      IPv6 protocols: IPv6 forwarding, ICMPv6, PMTU, Ping6, DNS6, TraceRT6, Telnet6, DHCPv6 Client, DHCPv6 Relay, etc.;

      IPv6 routing: RIPng, OSPFv3, BGP4+, static routing, policy routing, PIM-SM, PIM-DM, etc.

      IPv6 security: NAT-PT, IPv6 Tunnel, IPv6 Packet Filter, Radius, IPv6 inter-domain policy, IPv6 connection limit, etc.


      High reliability


      Supporting SCF 2:1 virtualization

      Supporting dual-computer hot standby (Two kinds of work mode: Active/Active and Active/Backup);

      Supporting dual-computer configuration synchronization;

      Supporting IKE state synchronization of IPSec VPN

      Supporting VRRP



      Easy maintainability


      Supporting command line-based configuration management;

      Supporting remote configuration management in web mode;

      Supporting H3C SSM security management center for device management;

      Supporting standard network management of SNMPv3 and compatibility with SNMP v1 and v2;

      Intelligent security strategy


      Environmental protection and certification


      Supporting Europe's strict RoHS environmental certification

    You recently viewed

    Clear recently viewed