1 / 22

SecPath Firewall Architecture

SecPath Firewall Architecture. Objectives. Understand the architecture of SecPath series firewalls Become familiar with the service features of SecPath series firewalls Understand typical applications of SecPath series firewalls. Upon completion of this course, you will be able to: .

sol
Télécharger la présentation

SecPath Firewall Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SecPath Firewall Architecture

  2. Objectives • Understand the architecture of SecPath series firewalls • Become familiar with the service features of SecPath series firewalls • Understand typical applications of SecPath series firewalls Upon completion of this course, you will be able to:

  3. Contents SecPath Firewall Family Members SecPath Firewall Service Features SecPath Firewall Typical Applications 3Com Confidential.

  4. Firewall Family Members ISP / Data Cernter F5000-A F1000-E Large Enterprise SecPath F1000-A SecBlade II Medium Enterprise SecPath F1000-S Small Enterprise F100-A

  5. HIM interface card slot 1 CF card slot HIM interface card slot 2 AUX port GE optical port Combo port Console port 10/100/1000M electrical port USB 0 GE optical port Combo port USB 1 10/100/1000M electrical port Comware V5 Platform Inside SecPath F1000-E Available for Oversea Market • Specification • Throughput : 6Gbps • Concurrent connections : 2,000,000 • New connections per second : 60,000 • 4 fixed combo GE ports (electrical/optical) • 2 HIM card slots • Supported HIM card type : 4GBE/4GFE/8GBE

  6. 1 MIM interface card slot GE electrical port Console port Combo port GE optical port AUX port GE electrical port Combo port GE optical port SecPath F1000-A Available for Oversea Market • Specification • Throughput : 1.5Gbps • Concurrent connections : 1,000,000 • New connections per second : 20,000 • 2 fixed combo GE ports (electrical/optical) • 1 MIM card slots • Supported MIM card type : 1FE/2FE/4FE/1GBE/1GEF/2GBE/2GEF

  7. MIM interface card slot 0 MIM interface card slot 1 GE electrical port 1/0 Console port GE electrical port 1/1 AUX port GE combo port 0/0 GE combo port 0/1 SecPath F1000-S Available for Oversea Market • Specification • Throughput : 1Gbps • Concurrent connections : 1,000,000 • New connections per second : 10,000 • 2 fixed combo GE ports (electrical/optical) • 2 fixed electrical GE port • 2 MIM card slots • Supported MIM card type : 1FE/2FE/4FE/1GBE/1GEF/2GBE/2GEF

  8. GE combo port 0/3 GE electrical port 0/1 USB 1 Console port CF card slot USB 0 GE electrical port 0/2 GE combo port 0/4 SecPath SecBlade FW Available for Oversea Market • Specification • Management interface : 2 fixed combo GE ports (electrical/optical)2 fixed electrical GE port • Inter-connection interface with chassis1 10GE interface • Support device • S7500E series switches • S9500 series switches • SR8800 series routers • SR6600 series routers

  9. 10/100M WAN port 0/0 10/100M WAN port 0/1 10/100M WAN port 0/2 4 * 10/100M LAN port 1 MIM interface card slot AUX port Console port SecPath F100-A Available for Oversea Market • Specification • Throughput : 200Mbps • Concurrent connections : 500,000 • New connections per second : 3,000 • 3 fixed FE WAN ports • 4 fixed FE LAN ports • 1 MIM card slots • Supported MIM card type : 1FE/2FE/4FE/IPSec Encryption/Decryption card

  10. Contents SecPath Firewall Family Members SecPath Firewall Service Features SecPath Firewall Typical Applications 3Com Confidential.

  11. SecPath Firewall Service Features Network isolation & access control Diversified attack defending means ASPF Content filter & Email filter Intelligent analysis and management means NAT Security authentication Network protocol accumulation Rich VPN services

  12. SecPath Firewall Service Features Hacker Prevent DoS attack Firewall Trusted Zone Untrusted Zone Normal user Packet filter Application layer status detection Diversified attack defending means NAT

  13. SecPath Firewall Service Features Normal website Healthy contents Harmful website • Internet Harmful contents Email detection Content filter Email filter Email Server

  14. Log center Intranet service layer Intranet access layer External network /Internet SecPath Firewall Service Features Email notification A B C Report logs SecPath Firewall Attack packets are found. Attack packets are rejected.

  15. SecPath Firewall Service Features

  16. Contents SecPath Firewall Family Members SecPath Firewall Service Features SecPath Firewall Typical Applications 3Com Confidential.

  17. Leased line branch External server Internal network DMZ Internet Untrusted Zone Trusted Zone SecPath Firewall Typical Applications (1) Firewall application at the enterprise egress H3C SecPath series firewalls provide powerful filtering and perfect management functions. They are deployed at the internal network egress to defend all attacks from the external network.

  18. SecPath Firewall Typical Applications (2) Firewall + VPN application for small-/medium-sized enterprises Voice device Application server group Enterprise headquarters MCU User dynamic authentication server SecPath F1000-S VPN tunnel IP network Authentication tunnel Dynamic password key disk Voice SecPath 100F Video Data Remote office by using the VPN client Enterprise branch H3C SecPath F1000-S firewall can provide both powerful filtering and VPN functions. It can protect security of the internal network and meet the demand of branches and mobile offices for accessing the headquarters resources.

  19. SecPath Firewall Typical Applications (3) Firewall + VPN application for SOHO users Remote office by using the VPN client SOHO internal network Internet Untrusted Zone Trusted Zone With the powerful VPN function, the H3C SecPath F100-C firewall can meet the demand of branches and mobile offices for accessing the headquarters resources, applicable to SOHO family or office networks. In addition, the SecPath F100-C firewall can provide powerful filtering and perfect management functions. It can be deployed at the internal network egress to defend all attacks from the external network.

  20. SecPath Firewall Typical Applications (4) VPN + firewall backup application for branches Voice device Application server group Enterprise headquarters MCU SecPath firewall SecPath firewall IPSEC tunnel IPSEC tunnel Internet Backup IPSEC tunnel SecPath F100-A Voice Voice SecPath F100-A Video Video Branches… Data Data Branch Branch Besides VPN applications, the SecPath firewall can provide device backup and load sharing. When branches access the enterprise headquarters through the IPSec VPN, two SecPath firewalls that are deployed at the headquarters can be used to guarantee the privacy, integrality, reality, and anti-replay of data transmission on the network. The enterprise headquarters adopts two firewalls to implement load sharing and device backup in case on device fails.

  21. Summary • Understand the architecture of SecPath series firewalls • Become familiar with the service features of SecPath series firewalls • Understand typical applications of SecPath series firewalls

  22. Thank you

More Related