H3C SecPath U200-CS (the U200-CS) is a new generation of United Threat Management (UTM) device designed for small- and medium-sized enterprises and branches. It uses the multi-core processor and multi-thread technology to construct a high-performance platform. Besides the legacy firewall and VPN functions, the product provides more security services such as anti-virus, URL filtering, mail filtering, P2P/IM application flow control, and user behavior auditing. The design allows the product to provide all security features without affecting the system performance, and thus makes it a cost-effective product.
The U200-CS not only protects the network effectively, but also supports management through SNMP and TR-069. This greatly reduces the operation cost and complexity.
The following contents are relatively complicated, please use PC for browsing.
Pls enter c.h3c.com.cn in the PC browser and follow the instruction from the page, you will continue to sync to PC.
Continue mobile phone browsing.
u Enhanced firewall functions: The U200-CS provides such basic functions as security zone configuration, static/dynamic blacklist, MAC-IP binding, ACL application, and instruction prevention. In addition, it offers enhanced functions like status-based filtering, virtual firewall, and transportation of 802.1Q-tagged packets. It protects the network against attacks of ARP spoofing, invalid TCP flag, large ICMP packets, Challenge Collapsar (CC), SYN flooding, address/port scanning.
u Abundant VPN features: The U200-CS supports access through L2TP VPN, GRE VPN, and IPsec VPN. The integrated hardware encryption engine implements VPN handling of high performance.
u Realtime anti virus: The U200-CS adopts Kaspersky's anti-virus engine to detect and remove codes of malicious attacks in time.
u Realtime spam filtering: The U200-CS filters spam in real time, which purifies your mail system.
u URL filtering: The U200-CS implements user-based URL access control to deny access to unauthorized Websites, such as the phishing websites.
u Traffic management: The U200-CS detects P2P and IM applications of BitTorrent, Thunder, QQ, and so on. It supports alarms, rate limiting, and interruption to ensure the operation of core services.
u Behavior auditing: The U200-CS audits the applications of P2P, instant message, Web game, mails, and data transmission, and generates logs to implement behavior auditing in granularity.
u Full support of NAT applications: The U200-CS supports NAT applications including many-to-one, many-to-many, static NAT, dual translation, easy IP and DNS mapping. It supports NAT traversal with multiple protocols, and delivers NAT ALG functions such as DNS, FTP, H.323, and NBT.
The U200-CS provides the following features to achieve high reliability:
u Software and hardware platform developed by H3C. The product is applicable to carriers and small- and medium-sized enterprises, meeting the marketing requirements so long.
u Stateful failover, which supports the modes of active/active and active/passive, implementing load balancing and service backup.
u An MTBF of 36 years
u Easy-to-use Web-based management system
u Management based on SNMP and TR-069
u Unified management through H3C UTM
u Unified management through H3C SecCenter
H3C SecPath U200-CS Overseas Version
One console port (CON)
Five Gigabit Ethernet interfaces
One mini slot that can be expanded for network interface
An optional external CF card that can be expanded
Physical dimensions (H × W × D)
100 VAC to 240 VAC, 47/63 Hz
Max input current
Max power consumption
0°C to 45°C (32°F to 113°F)
10% to 95%
2.5 kg (5.51 lb)
H3C SecPath U200-CS Overseas Version
PKI/CA (x.509 format) authentication
Security zone configuration
Defense against attacks of ARP spoofing, invalid TCP flag, large ICMP packets, SYN flooding, address/port scanning.
Basic and extended ACLs
Interface-based access control
Time range-based access control
Dynamic packet filtering
ASPF packet filtering
Static and dynamic blacklists
MAC-based access control
Transportation of 802.1Q-tagged packets
Virus definition-based detection
Library upgrading manually and automatically
Flow handing mode
Supporting protocols of HTTP, FTP, SMTP, and POP3.
Preventing virus types of Backdoor, Email-Worm, IM-Worm, P2P-Worm, Trojan, AdWare, Virus
Supporting virus logs and reports
Custom-defined URL filtering library
Supporting Java Blocking and ActiveX Blocking
Blacklist of IP addresses
Matching keywords of the mail address, attachment name, content, sender, and receiver
Depth security protection
Preventing hiker attacks, worms, and Trojans.
Supporting to identify P2P and IM applications like BT
Security logs and statistics
User behavior flow logs
NAT translation logs
Real time logs of attacks
Address binding log
Traffic alarm logs
Traffic statistics and analysis
Global/security zone-based connection rate monitoring
Global/security zone-based protocol packet rate monitoring
E-mail notification of real-time alarms
Information distribution through E-mail
Translation of source address and destination address
Accessing internal network from an external host
NAT aging time
NAT ALG for multiple application protocols, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP, SIP
Initiating tunneling requests to specific LNS for users with fully qualified name or the domain name
Address allocation of VPN users
LCP re-negotiation and mandatory CHAP authentication
Manual SA setup or through IKE
ESP supports encryption algorithms of DES, 3DES, AES
Algorithms of MD5 and SHA-1
IKE main mode and aggressive mode
Link layer protocol
Domain name resolution
Stateful failover in two modes: Active/Active and Active/Passive, implementing load balancing and service backup
Support of VRRP
Local configuration through console port
Local or remote configuration through Telnet or SSH
Authorization of commands by user levels, so that unauthorized users cannot log in to the device
Detailed debugging information for troubleshooting
Login and management through Telnet
FTP Server/Client for downloading and uploading configuration files and application programs
Configuration of user interface to configure authentication modes and authorize functions to users
Supporting SNMPv3, and is compatible with SNMPv2c and SNMPv1
Supporting time synchronization through NTP
Supporting Web-based management
Supporting SNMP and TR-069
Supporting management through H3C SecCenter
u The device integrates multiple functions to provide application layer security protection of the entire network.
u The multi-core and multi-thread hardware platform provides powerful processing capability.
u The professional anti-virus function that integrates Kaspersky virus definition files blocks viruses coming in from external networks.
u The professional IPS protects the DMZ and internal servers from being attacked.
u The traffic control function implements rate limiting to flows such as Thunder, Web Thunder and BT.
u The online behavior audit function complies with the rule of Article 82 of the Ministry of Public Security.
u The professional anti-spam function preserves the integrity of the mail system.
u The advanced URL filtering function prevents security threats from being brought into the network by the browsing of malicious or unauthorized websites (such as phishing websites).
u The unified Web interface makes the management less complicated.