Firewall H3C NS-F1000-AI-25

Dimensions (W × D × H)

440mm×435mm×44.2mm

USB 3.0

2

rack mounted

Yes

Weight

5.4kg

Power Supply

Dual hot-swappable, AC or DC

Power consumption

23W

MTBF(Year)

53.38

Ports

1 × Console port (CON)

1 × Management port

6 × Gigabit Ethernet fiber ports

16 × Gigabit Ethernet copper ports

4 × Gigabit Ethernet Combo ports

2 × 10-Gigabit Ethernet fiber ports

Expansion slots

2

Interface modules

4-port GE PFC interface module

4-port GE fiber interface module

4-port 10-GE fiber interface module

Storage

1 × 480G SSD/

500G HDD/1TB

HDD

Flash

4GB

SDRAM

4GB/4GB/8GB

Temperature

Operating: 0°C to 45°C (32°F to 113°F)

Storage: –40°C to +70°C (–40°F to +158°F)

Operation modes

Route, transparent, and hybrid

AAA

Portal authentication

RADIUS authentication

HWTACACS authentication

PKI/CA (X.509 format) authentication

Domain authentication

CHAP authentication

PAP authentication

Firewall

SOP virtual firewall technology, which supports full virtualization of hardware resources, including CPU, memories, and storage

Security zone allocation

Protection against malicious attacks, such as land, smurf, fraggle, ping of death, teardrop, IP spoofing, IP fragmentation, ARP spoofing, reverse ARP lookup, invalid TCP flag, large ICMP packet, address/port scanning, SYN flood, ICMP flood, UDP flood, and DNS query flood

Basic and advanced ACLs

Time range-based ACL

User-based and application-based access control

ASPF application layer packet filtering

Static and dynamic blacklist function

MAC-IP binding

MAC-based ACL

MAC-Limitation

802.1Q VLAN transparent transmission

Bandwidth control

Antivirus

Signature-based virus detection

Manual and automatic upgrade for the signature database

Stream-based processing

Virus detection based on HTTP, FTP, SMTP, and POP3

Virus types include Backdoor, Email-Worm, IM-Worm, P2P-Worm, Trojan, AdWare, and Virus

Virus logs and reports

Deep intrusion prevention

Prevention against common attacks such as hacker, worm/virus, Trojan, malicious code, spyware/adware, DoS/DDoS, buffer overflow, SQL injection, and IDS/IPS bypass

Attack signature categories (based on attack types and target systems) and severity levels (including high, medium, low, and notification)

Manual and automatic upgrade for the attack signature database (TFTP and HTTP).

P2P/IM traffic identification and control

Email/webpage/application layer filtering

Email filtering

SMTP email address filtering

Email subject/content/attachment filtering

Webpage filtering

HTTP URL/content filtering

Java blocking

ActiveX blocking

SQL injection attack prevention

NAT

Many-to-one NAT, which maps multiple internal addresses to one public address

Many-to-many NAT, which maps multiple internal addresses to multiple public addresses

One-to-one NAT, which maps one internal address to one public address

NAT of both source address and destination address

External hosts access to internal servers

Internal address to public interface address mapping

NAT support for DNS

Setting effective period for NAT

NAT ALGs for NAT ALG, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP, and SIP

VPN

L2TP VPN

IPSec VPN

GRE VPN

SSL VPN

IPSEC VPN

ESP-DES-CBC/ESP-3DES-CBC/ESP-AES-128-CBC/ESP-AES-192-CBC/ESP-AES-256-CBC/ ESP-AES-128-GCM/ESP-NULL/SM1-cbc-128/SM4-cbc

IPSEC VPN

Authentication Algorithm

MD5/SHA1/SM3

IPv6

IPv6 status firewall

IPv6 attack protection

IPv6 forwarding

IPv6 protocols such as ICMPv6, PMTU, Ping6, DNS6, TraceRT6, Telnet6, DHCPv6 Client, and DHCPv6 Relay

IPv6 routing: RIPng, OSPFv3, BGP4+, static routing, policy-based routing

IPv6 multicast: PIM-SM, and PIM-DM

IPv6 transition techniques: NAT-PT, IPv6 tunneling, NAT64 (DNS64), and DS-LITE

IPv6 security: NAT-PT, IPv6 tunnel, IPv6 packet filter, RADIUS, IPv6 zone pair policies, IPv6 connection limit

IEEE

IEEE 802.1X

High availability

SCF 2:1 virtualization

Active/active and active/standby stateful failover

Configuration synchronization of two firewalls

IKE state synchronization in IPsec VPN

VRRP

Configuration management

Configuration management at the CLI

Remote management through Web

Device management through H3C IMC SSM

SNMPv3, compatible with SNMPv2 and SNMPv1

Intelligent security policy