Application Firewall
Application Firewall
As a core security device, the firewall provides a fundamental function of access control. However, it is a difficult task to impose accurate restrictions on user access and identify related applications based on 5-Tuples access control. In addition to partition and access control generally available in traditional firewalls, the DPtech FW1000 next-generation application firewall enables user-specific permission setup. Integrating NAT, intrusion prevention, Antivirus protection, VPN, URL filtering and other features, the DPtech FW1000 next-generation application firewall fully supports IPv6 and helps its users address a variety of challenges of next-generation networks. It enables flexible deployment in complex scenarios such as Internet egress, data centers, and branch office security connections, serving the diverse needs from different users.
MoreIP addresses are subject to frequent alterations arising from any possible change in the user's access location. Many application protocols choose to transmit data through random ports. However, this access control method of combining IP addresses and ports, widely adopted in traditional firewalls, fails to meet current security requirements nowadays. The DPtech FW1000 Series products can implement user-specific application access control by giving play to precise application identification.
Given the enormous number of security policies in existing networks, it is extremely difficult for administrators to investigate into each individual network and verify its effectiveness. The DPtech FW1000 Series products can analyze logs within a certain period of time, statistics hit counts of security policies, and automatically learn and discover access traffic in the sessions. In this way, they help operation and maintenance personnel identify redundant security policies, organize the policies and make necessary optimization
In face of the general trend of IPv6 upgrade and transformation, traditional firewalls are struggling to cope with the new challenges brought by next-generation networks. DPtech FW1000 Series products realize smooth upgrade to IPv6 by adopting NAT64. Fully supporting IPv6 protocols, they help users address a variety of challenges of next-generation networks and adapt to complex networking environments.
In addition to access control, NAT and VPN, the DPtech FW1000 Series products represent a comprehensive integration of Antivirus protection, URL filtering, intrusion prevention, link load balancing and other features. An all-in-one device catering to the majority of construction requirements, it simplifies the network structure and reduces the construction costs of security projects.
The DPtech FW1000 Series products perform fast and accurate troubleshooting by saving the configurations in case of failures for investigation and leveraging the built-in professional tool for data stream analysis.
With a large number of virtual machines and tenants, cloud data centers have raised higher requirements for the allocation of security resources. The original N:M virtualization technology from DPTech can realize virtualization by integrating multiple devices into a single one, and vice versa, so as to pool application protection resources and make on-demand scheduling.
DPtech FW1000 Series products are built upon its original high-performance hardware architecture platform, providing a maximum protection capacity of 3.84Tbps. Besides, the products are provided with a state-based dual system hot standby feature, which ensures uninterrupted connection in case of a device failure. Truly seamless switching is thus enabled to guarantee a highly reliable carrier-grade network.
Product Functions | Function Descriptions |
---|---|
Flexible Deployment | Available in routing mode, transparent mode and hybrid mode |
User-specific Access Control | User-specific access control can be conducted based on time, protocol, service, etc. |
Comprehensive Network Features | Support IPv4/IPv6, NAT66, NAT64 and NAT46. Support multiple routing protocols including static routing, policy-go-together, RIP v1/2, OSPF and BGP; support MPLS VPN and multicast protocol |
Virtualization | The original N:M virtualization technology can realize virtualization by integrating N devices into a resource pool, which is then divided into M logical devices as needed to achieve dynamic scheduling of resource pools in a cloud computing environment. |
High Performance | Maximum performance of a single device can reach 3.84 Tbps, and performance aggregation and multiplication is available through N:M virtualization |
Stable and Reliable | Hot standby, silent dual system, VRRP multi-master and other modes, key component redundancy and hot-plug, support N + 1 service board redundancy and original application of Bypass technology truly carrier-grade reliability |
Rich NAT Capabilities | Support NAT modes such as one-to-one and address pool; compatible with multiple protocols such as FTP, H.323, RAS, RTSP, SIP, ICMP, DNS and PPTP-ALG; support multicast NAT |
Deep Security Protection | Offer professional intrusion prevent, Antivirus protection and URL filtering to perform in-depth application protection; a professional vulnerability library team provides attack signature libraries flexible to upgrade on a real time basis |
Fully built-in VPN | Support IPSec VPN, L2TP VPN, GRE VPN, and SSL VPN and reduce construction costs of security projects by using fully built-in hardware encryption chips |
Device Management | An user friendly graphical management interface, which supports Web GUI, SSH and serial console; centralized management through UMC network management; compatible with NTP protocols and can serve as NTP server or Client |
These specifications apply only to DPtech products available on the international market.
Product Functions | Function Descriptions |
---|---|
Flexible Deployment | Available in routing mode, transparent mode and hybrid mode |
User-specific Access Control | User-specific access control can be conducted based on time, protocol, service, etc. |
Comprehensive Network Features | Support IPv4/IPv6, NAT66, NAT64 and NAT46. Support multiple routing protocols including static routing, policy-go-together, RIP v1/2, OSPF and BGP; support MPLS VPN and multicast protocol |
Virtualization | The original N:M virtualization technology can realize virtualization by integrating N devices into a resource pool, which is then divided into M logical devices as needed to achieve dynamic scheduling of resource pools in a cloud computing environment. |
High Performance | Maximum performance of a single device can reach 3.84 Tbps, and performance aggregation and multiplication is available through N:M virtualization |
Stable and Reliable | Hot standby, silent dual system, VRRP multi-master and other modes, key component redundancy and hot-plug, support N + 1 service board redundancy and original application of Bypass technology truly carrier-grade reliability |
Rich NAT Capabilities | Support NAT modes such as one-to-one and address pool; compatible with multiple protocols such as FTP, H.323, RAS, RTSP, SIP, ICMP, DNS and PPTP-ALG; support multicast NAT |
Deep Security Protection | Offer professional intrusion prevent, Antivirus protection and URL filtering to perform in-depth application protection; a professional vulnerability library team provides attack signature libraries flexible to upgrade on a real time basis |
Fully built-in VPN | Support IPSec VPN, L2TP VPN, GRE VPN, and SSL VPN and reduce construction costs of security projects by using fully built-in hardware encryption chips |
Device Management | An user friendly graphical management interface, which supports Web GUI, SSH and serial console; centralized management through UMC network management; compatible with NTP protocols and can serve as NTP server or Client |
These specifications apply only to DPtech products available on the international market.