H3C secpath F100-C-A3-W F100-C-A5-W
- Категория: Firewall & VPN >>>
- Поставщик: XWITS,(Shenzhen),Co.,Ltd
Поделиться:
Описание и отзывы
Трекер стоимости
| Месяц | Минимальная цена | Макс. стоимость |
|---|---|---|
| Aug-17-2025 | 1378.18 $* | 1406.50 $* |
| Jul-17-2025 | 1118.74 $* | 1140.11 $* |
| Jun-17-2025 | 1356.63 $* | 1383.49 $* |
| May-17-2025 | 1345.70 $* | 1372.8 $* |
| Apr-17-2025 | 1074.90 $* | 1095.46 $* |
| Mar-17-2025 | 1324.74 $* | 1350.46 $* |
| Feb-17-2025 | 1313.66 $* | 1339.74 $* |
| Jan-17-2025 | 1302.15 $* | 1328.25 $* |
Характеристики
High-performance hardware and software processing platform
Using a dedicated 64-bit multi-core high-performance processor and high-speed memory, it can provide 100M security business processing performance below 1G.
The CPU+Switch architecture is adopted, the CPU performs security service processing, and the Switch realizes the expansion of multi-service ports.
Comprehensive network security protection capabilities
Ultra-rich feature library. For the most popular virus detection, it supports the killing of zombies and worms, taking into account performance and recognition rate, and can prevent more than 100 million viruses. Identify 6000+ popular applications that meet national conditions, support security zone management, and divide security zones based on interfaces, VLANs, IPs, and VM names.
Abundant attack defense technologies. Both IPv4 and IPv6 are supported. In addition to providing common stateful firewall security isolation technology, it also supports abnormal packet attacks such as Land, smurf, Fraggle, WinNuke, Ping of Death, Tear Drop, TCP packet flags, address spoofing attacks such as IP spoofing, and scanning attacks such as IP address attacks, port attacks, abnormal traffic attacks such as Ack Flood, DNS Flood, Fin Flood, HTTP Flood, ICMP Flood, ICMPV6 Flood, Reset Flood, SYNACK Flood, SYN Flood, UDP Flood, etc. can provide effective protection.
Rich VPN applications
The CPU has a built-in high-performance encryption engine to ensure that complex encryption and decryption operations will not affect the CPU's processing of other firewall services, while ensuring the processing performance of the VPN.
Support GRE VPN, L2TP VPN, IPsec VPN, DVPN, SSL VPN and the combined application of multiple VPN technologies.
Support IPv6 IPsec VPN, IPv6 GRE VPN.
Support the combination of multiple VPN technologies such as IPsec Over GRE, L2TP over IPsec, etc.
Comprehensive monitoring means
Supports device management through various means such as Web-GUI, CLI, and SSH.
The role-based function authorization mechanism can realize access control to functions, command lines, and menu levels.
The unified SSM management platform can realize device configuration management, performance monitoring, and log auditing.
Abundant MIB nodes facilitate performance monitoring of external devices.
open system interface
Open interface: The traditional network operating system is a closed system with a dedicated system concept and processing flow, which lacks openness. Comware V7 uses the general Linux operating system and returns to the mainstream software implementation. Provides an open standard programming interface for users to use the basic functions provided by Comware V7 to realize their own special functions. Currently, it is mainly based on the Netconf interface.
TCL script: Comware V7 has a built-in TCL script execution function. Users can use TCL script language to directly write scripts, and use the command line, SNMP Get, and SET operations provided by Comware V7, as well as the programming interface released by Comware V7, to realize required functions.
EAA: Predefined actions can be performed when the system changes. While improving the maintainability of the system, it also satisfies some individual needs of users.
Carrier Grade Reliability
Support hot standby for firewall, NAT, attack, and VPN services.
Fault isolation: software modularization technology enables each part of the software to achieve fault isolation. The modular design of Comware V7 ensures that the abnormality of one process will not affect the normal operation of other processes and the kernel. The failure of the software can also be recovered by itself without affecting the operation of the hardware
Process-level GR: The perfect process-level GR technology ensures that abnormal processes can be recovered without affecting system services.
Using a dedicated 64-bit multi-core high-performance processor and high-speed memory, it can provide 100M security business processing performance below 1G.
The CPU+Switch architecture is adopted, the CPU performs security service processing, and the Switch realizes the expansion of multi-service ports.
Comprehensive network security protection capabilities
Ultra-rich feature library. For the most popular virus detection, it supports the killing of zombies and worms, taking into account performance and recognition rate, and can prevent more than 100 million viruses. Identify 6000+ popular applications that meet national conditions, support security zone management, and divide security zones based on interfaces, VLANs, IPs, and VM names.
Abundant attack defense technologies. Both IPv4 and IPv6 are supported. In addition to providing common stateful firewall security isolation technology, it also supports abnormal packet attacks such as Land, smurf, Fraggle, WinNuke, Ping of Death, Tear Drop, TCP packet flags, address spoofing attacks such as IP spoofing, and scanning attacks such as IP address attacks, port attacks, abnormal traffic attacks such as Ack Flood, DNS Flood, Fin Flood, HTTP Flood, ICMP Flood, ICMPV6 Flood, Reset Flood, SYNACK Flood, SYN Flood, UDP Flood, etc. can provide effective protection.
Rich VPN applications
The CPU has a built-in high-performance encryption engine to ensure that complex encryption and decryption operations will not affect the CPU's processing of other firewall services, while ensuring the processing performance of the VPN.
Support GRE VPN, L2TP VPN, IPsec VPN, DVPN, SSL VPN and the combined application of multiple VPN technologies.
Support IPv6 IPsec VPN, IPv6 GRE VPN.
Support the combination of multiple VPN technologies such as IPsec Over GRE, L2TP over IPsec, etc.
Comprehensive monitoring means
Supports device management through various means such as Web-GUI, CLI, and SSH.
The role-based function authorization mechanism can realize access control to functions, command lines, and menu levels.
The unified SSM management platform can realize device configuration management, performance monitoring, and log auditing.
Abundant MIB nodes facilitate performance monitoring of external devices.
open system interface
Open interface: The traditional network operating system is a closed system with a dedicated system concept and processing flow, which lacks openness. Comware V7 uses the general Linux operating system and returns to the mainstream software implementation. Provides an open standard programming interface for users to use the basic functions provided by Comware V7 to realize their own special functions. Currently, it is mainly based on the Netconf interface.
TCL script: Comware V7 has a built-in TCL script execution function. Users can use TCL script language to directly write scripts, and use the command line, SNMP Get, and SET operations provided by Comware V7, as well as the programming interface released by Comware V7, to realize required functions.
EAA: Predefined actions can be performed when the system changes. While improving the maintainability of the system, it also satisfies some individual needs of users.
Carrier Grade Reliability
Support hot standby for firewall, NAT, attack, and VPN services.
Fault isolation: software modularization technology enables each part of the software to achieve fault isolation. The modular design of Comware V7 ensures that the abnormality of one process will not affect the normal operation of other processes and the kernel. The failure of the software can also be recovered by itself without affecting the operation of the hardware
Process-level GR: The perfect process-level GR technology ensures that abnormal processes can be recovered without affecting system services.
model | F100-C-A3-W, F100-C-A5-W | SecPath F100-C-A6-WL | ||
interface | 1 configuration port (CON) | 1 configuration port (CON) | ||
1 external USB host interface | 1 external USB host interface | |||
8 Gigabit Ethernet ports | 8 Gigabit Ethernet ports | |||
WLAN | Support 802.11ac, 802.11n wireless access | Support 802.11ac, 802.11n wireless access | ||
SIM card slot | none | Support TD-LTE, FDD-LTE standard | ||
expansion slot | none | none | ||
HDD expansion slot | none | none | ||
Dimensions (W×D×H) | 330*230*43.6 | 330*230*43.6 | ||
(unit: mm) | ||||
ambient temperature | Working: 0~45℃, | Working: 0~45℃, | ||
Non-working: -30~70℃ | Non-working: -30~70℃ | |||
environment humidity | Working: 10~80%, non-condensing | Working: 10~80%, non-condensing | ||
Non-working: 5~95%, non-condensing | Non-working: 5~95%, non-condensing | |||
Network security | Authentication, Authorization, and Accounting (AAA) Services | local authentication | ||
RADIUS authentication, support PAP and CHAP authentication methods | ||||
HWTACACS certification | ||||
AD/LDAP authentication | ||||
PKI certificate authentication | ||||
Firewall | Basic ACL and advanced ACL | |||
Security zone-based access control | ||||
Time period based access control | ||||
ASPF Stateful Firewall | ||||
DOS/DDOS attack defense: including SYN Flood, UDP Flood, ICMP Flood, ACK Flood, RST Flood, DNS Flood, HTTP Flood | ||||
Malformed packet attacks such as: Land, Smurf, Fraggle, WinNuke, Ping of Death, Tear Drop, IP Spoofing, IP Fragmented Packet Attack, Fragmented Packet Attack, TCP Packet Flag Bit Illegal Attack, Oversized ICMP Packet Attack , ICMP redirect or unreachable packets | ||||
Scanning and snooping attack defense: port scanning, address scanning, IP routing record option message, Tracert message | ||||
IP spoofing attack defense | ||||
Static and dynamic blacklist functions | ||||
Connection limit | ||||
Support N:1 SCF cluster technology | ||||
Support multiple device clusters | ||||
Unified management of cluster devices | ||||
Distributed processing of cluster device services | ||||
Support 1:N virtual firewall technology | ||||
Containerized virtualization technology, the characteristics of the virtual firewall are consistent with those of the physical wall | ||||
Virtual firewall independent GUI/CLI management | ||||
Virtual Firewall Standalone Configuration File | ||||
Virtual firewall independent log host and log audit | ||||
Virtual firewall resource allocation: throughput, concurrency, new creation, strategy | ||||
virtual firewall interface sharing | ||||
N:1:M virtualization: cluster multiple devices first, and then divide them into virtual firewalls | ||||
NAT | source address NAT | |||
Support specifying the converted address pool according to the policy | ||||
Support PAT, support NO-PAT | ||||
Supports unlimited connections | ||||
Support IP persistence to ensure that the address of the same source remains unchanged after conversion | ||||
Support Easy IP | ||||
destination address NAT | ||||
Support one-to-one mapping of address + port | ||||
Support multiple public network addresses to be converted to the same private network address | ||||
Support policy-based destination NAT | ||||
Support static NAT | ||||
Support one-to-one static NAT | ||||
Support net-to-net static NAT | ||||
Support NAT444 | ||||
Support static NAT444 | ||||
Support dynamic NAT444 | ||||
Support Fullcone, solve the problem of P2P traversal | ||||
Hairpin technology that supports C/S mode and P2P mode | ||||
Support port block incremental allocation | ||||
Support DNS Mapping | ||||
Support multiple ALGs, including FTP, DNS, TFTP, SQLNET, SIP, RTSP, H323, SCCP, RSH, MGCP, GTP, PPTP, QQ, MSN | ||||
DPI | support IPS | |||
Support application control and application bandwidth management | ||||
Support telnet, FTP, SMTP/POP3, HTTP content filtering | ||||
VPN | L2TP VPN | LNS support | ||
Support Auto-Initiated LAC | ||||
L2TP supports VRF | ||||
GRE VPN | GRE Over IPv4 | |||
GRE Over IPv6 | ||||
GRE supports VRF | ||||
IPsec/IKE | Security protocol supports AH/ESP | |||
Supports transport and tunnel modes | ||||
ESP supports DES, 3DES and AES three encryption algorithms | ||||
Support MD5 and SHA-1 authentication algorithm | ||||
Support to establish SA through manual or IKE | ||||
Support anti-replay attack | ||||
Support IPsec policy template | ||||
Support IPsec reverse route injection | ||||
Support IKEV1 | ||||
Support IKE main mode and aggressive mode | ||||
Support to verify IKE Peer identity through pre-shared key and certificate | ||||
Support DPD | ||||
Support IKE Keppalive | ||||
Support NAT traversal (aggressive mode and main mode) | ||||
VRF aware: Determine the VPN to which it belongs based on IKE peer information | ||||
Support IPsec dual-system hot backup | ||||
Support IKEv2 | ||||
Network protocol | LAN protocol | Ethernet_II | ||
802.1Q | ||||
Layer 2 protocol | STP | |||
RTSP | ||||
MSTP | ||||
IP service | ARP | |||
Static ARP | ||||
Dynamic ARP | ||||
ARP proxy | ||||
Gratuitous ARP | ||||
DNS | ||||
Local static domain name | ||||
DNS Client | ||||
DNS Proxy | ||||
DDNS dynamic domain name service | ||||
DHCP | ||||
DHCP relay | ||||
DHCP server | ||||
DHCP client | ||||
NTP | ||||
NTP Client | ||||
NTP Server | ||||
