H3C SecPath F100-C-A Series Enterprise Firewall With Multi Dimensional Security

H3C SecPath F100-C-A1/A2/A3/A5 desktop firewall is a next-generation high-performance firewall product launched by H3C Technology Co., Ltd. (hereinafter referred to as H3C) with the advent of the Web 2.0 era and the current technology trend of deep integration of security and networking, targeting small and medium-sized enterprises, campus network Internet exports, and WAN branch markets.

H3C SecPath F100-C-A1/A2/A3/A5 desktop firewall supports multi-dimensional integrated security protection, which can carry out integrated security access control such as IPS, AV, DLP and other traffic from multiple dimensions such as user, application, time, and pentagram, which can effectively ensure network security. It supports a variety of VPN

• The H3C SecPath F100-C-A1 and F100-C-A2 feature the latest 64-bit ARM multi-core multi-threaded processor architecture.
• The H3C SecPath F100-C-A3 and F100-C-A5 feature the latest advanced 64-bit MIPS multi-core multi-threaded processor architecture.

• It adopts the software and hardware platform of H3C company with independent intellectual property rights. The product has been used by telecom operators to small and medium-sized enterprise users for many years.

• Support rich attack prevention functions. These attacks include Land, Smurf, Fraggle, Ping of Death, Tear Drop, IP Spoofing, IP Sharded Packets, ARP Spoofing, ARP Active Reverse Query, Unlawful TCP Packet Flag Bits, Oversized ICMP Packets, Address Scanning, Port Scanning, and other attacks, as well as SYN Flood, UPD Flood, ICMP Flood, and DNS Detection and defense against common DDoS attacks such as Flood.
• Support safe zone management. Security zones can be divided based on interfaces and VLANs.
• Package filtering is supported. Filter packets by using standard or extended access control rules between security zones and using information such as UDP or TCP ports in packets. In addition, it can be filtered by time period.
• Support application-based and user-based access control, treat applications and users as the basic elements of security policies, and combine defense-in-depth to achieve next-generation access control functions.
• Support Application Layer State Packet Filtering (ASPF) function. By checking application layer protocol information (e.g., FTP, HTTP, SMTP, RTSP, and other TCP/UDP-based application layer protocols) and monitoring the connection-based application layer protocol status, it dynamically determines whether packets are allowed through the firewall or dropped.
• Validation, authorization, and billing (AAA) services are supported. Including: certification based on RADIUS/HWTACACS+, CHAP, PAP, etc.
• Support static and dynamic blacklists.
• NAT and NAT multi-instance are supported.
• Support VPN function. Including: support L2TP, IPSec/IKE, GRE, SSL, etc., and realize docking with intelligent terminals.
• Supports rich routing protocols. It supports static routing, policy routing, and dynamic routing protocols such as RIP and OSPF.
• Support for security logs.
• Support traffic monitoring statistics and management.

• An integrated security service processing platform that is highly integrated with basic security protection.
• Comprehensive application layer traffic identification and management: Through H3C's long-term accumulation of state machine detection and traffic interaction detection technology, it can accurately detect Thunder/Web Thunder, BitTorrent, eMule/eDonkey, QQ, MSN, PPLive and other P2P/IM/online games/stock trading/network video/network multimedia applications; It supports the P2P traffic control function, which can accurately identify P2P traffic by matching network packets with P2P protocol packet characteristics, and can provide different control strategies to achieve flexible P2P traffic control.
• High-precision, high-efficiency intrusion detection engine. It adopts H3C's FIRST (Full Inspection with Rigorous State Test) engine. The FIRST engine integrates a number of detection technologies to achieve comprehensive detection based on accurate state, with extremely high intrusion detection accuracy. At the same time, the FIRST engine adopts parallel detection technology, and the software and hardware can be flexibly adapted, which greatly improves the efficiency of intrusion detection.
• Real-time virus protection: Kaspersky's stream engine antivirus technology is used to quickly and accurately detect viruses and other malicious code in network traffic.
• Fast URL classification filtering: Provides basic URL blacklist and whitelist filtering, and you can configure the URL classification filtering server for online query.
• Comprehensive and timely security feature library. Through years of operation and accumulation, H3C has a senior attack signature library team in the industry, and is equipped with a professional attack and defense laboratory to keep up with the latest developments in the field of network security, so as to ensure the timely and accurate update of the feature library.

• IPv6 state firewall is supported, which truly realizes the firewall function under IPv6 conditions and completes IPv6 attack prevention.
• It supports IPv4/IPv6 dual protocol stacks, and supports IPv6 data packet forwarding, static routing, dynamic routing, and multicast routing.
• It supports various IPv6 transition technologies, including NAT-PT, IPv6 over IPv4 GRE tunneling, manual tunneling, 6to4 tunneling, IPv4 compatible IPv6 automatic tunneling, ISATAP tunneling, NAT444, DS-Lite, etc.
• It supports IPv6 ACL, Radius, and other security technologies.

• Integrate link load balancing features to effectively realize multi-link automatic balancing and automatic switching of enterprise Internet egress through link status detection, link busy protection, and other technologies.
• It can not only combine USB-Key and SMS for mobile user identity authentication, but also combine with the original authentication system of the enterprise to achieve integrated authentication access.
• DLP basic function support, support email filtering, provide SMTP email address, title, attachment, and content filtering; Support web filtering, provide HTTP URL and content filtering; Support file filtering for network transmission protocols; Support application-layer filtering to prevent Java/ActiveX blocking and SQL injection attacks.

• Support intelligent security policies: Implement policy redundancy detection, policy matching optimization suggestions, and dynamically detect intranet services to dynamically generate security policies and recommend them.
• SNMPv3 is supported and is compatible with SNMP v1 and v2.
• Provides a graphical interface for simple and easy-to-use web management.
• Device management and firewall function configuration can be carried out through the command line interface to meet the needs of professional management and mass configuration.
• The H3C IMC SSM security management center realizes unified management, integrating security information and event collection, analysis, response and other functions, solving the problems of network and security equipment isolation from each other, unintuitive network security status, slow security incident response, and difficulty in network fault location, so that IT and security administrators can get rid of cumbersome management work, greatly improve work efficiency, and focus on core business.
• Based on advanced deep mining and analysis technology, it provides users with centralized log management functions by actively collecting and passively receiving, and normalizes logs in different types of formats (syslog, binary stream logs, etc.). At the same time, high-polymerization compression technology is used to store massive events, and log files can be automatically compressed, encrypted, and saved to external storage systems such as DAS, NAS, or SAN to avoid the loss of important security events.
• Provides rich reports, mainly including application-based reports and network flow-based analysis reports.
• Support output in various formats such as PDF, HTML, WORD, and TXT.
• The report can be customized through the web interface, including the time range of the data, the source device of the data, the generation cycle, and the output type.