H3C SecPath NGFW series firewall is the latest incarnation of high performance security gateway. The series is developed with the advent of Web 2.0 era, integrating the latest security trends and network deep inspection technologies and is designed for SMEs, campus network egress and WAN branches.
H3C SecPath NGFW series provides multi-dimension security protection in a box such as: protects multiple vectors including user, application, time and network quintuple, to implement secure access control with IPS, AV and DLP scans that lead to guaranteed network security. NGFW also supports multiple VPN solutions, such as L2TP VPN, GRE VPN, IPSec VPN and SSL VPN to implement mobile office with smart devices. It is also built with rich routing capabilities with RIP/OSPF/BGP routing strategies and routing policies based on applications and URLs, supports IPv4/IPv6, and protects users from attacks crafted for IPV6.
H3C SecPath NGFW series consist of F10X0 (F1020/F1050/F1080) and F5020, F10X0 series firewall employs redundant 1+1 power supply and supports dual-device SCF (Security Cluster Framework) virtualization technology to satisfy the reliability requirements for high performance network. F10X0 comes in 1U dimension with at least 24 GE ports and 2 fixed 10GE ports. F5020 firewall is equipped with 1+1 redundant power supply modules, hot-swappable AC or DC power modules as well as session based active standby mode which is most suitable when reliability is concerned. F5020 also comes in 2U dimension with a maximum of 48 GE ports and 10 10GE ports.
The following contents are relatively complicated, please use PC for browsing.
Pls enter c.h3c.com.cn in the PC browser and follow the instruction from the page, you will continue to sync to PC.
Continue mobile phone browsing.
H3C SecPath NGFW series is equipped with the latest 64-bit multi-core processor and high speed storage.
H3C patented and self-developed software and hardware platform have adopted and trusted by customers ranging from SMEs to telecommunication carriers.
H3C SCF virtualization combines multiple physical devices as a single logical device, which can be managed as a single network node. Resource could be managed as a whole, application backup could be completed in batch and overall system performance is doubled.
Protection from a wide range of attacks including but not limited to: Land, Smurf, Fraggle, Ping of Death, Tear Drop, IP Spoofing, IP fragment packets, ARP spoofing, reverse ARP lookup, TCP packet illegal flag bit attack defense, oversized ICMP packets, address/port scanning, detection and protection against common DDoS attacks such as SYN Flood, UPD Flood, ICMP Flood and DNS Flood.
SOP (Security One Platform) 1:N complete virtualization added. Container based virtualization makes logical device configuration consistent with its physical counterpart. One might create multiple virtual firewalls in an H3C SecPath F10X0 device and can configure throughput, concurrent session, policy and more based on virtual system.
Security zone let you configure security zones based on interfaces and VLANs.
Packet filtering allows you to apply standard or advanced ACLs between security zones to filter packets based on information contained in the packets, such as UDP and TCP port numbers. Configuration of time range based ACL is also allowed.
Support application and user based ACL combined with in-depth protection to implement the next generation access control functions。
ASPF (Application specific Packet Filter) dynamically determines whether to forward or drop a packet by checking its application layer protocol information and state (such as FTP, HTTP, SMPT, RTSP and other application layer protocols based on TCP/UDP).
Supports AAA,including authentication based on RADIUS/HWTACACS+, CHAP,PAP and more.
Supports static and dynamic blacklist.
NAT and multiple NAT instances.
VPN—Supports L2TP, IPsec/IKE, GRE, and SSL VPNs, and implements smart terminal connection.
Supports rich routing protocol, including static routing, policy based routing, and dynamic routing protocols such as RIP and OSPF.
Traffic monitoring, statistics, and management
Integrated security application processing platform is fully coupled with essential security protection.
Comprehensive application layer traffic identification and management: with H3C’s longtime expertise in stateful inspection and traffic cross-checking technology, NGFW can accurately detect P2P/IM/online game/equity trading/video stream/multimedia applications such as Thunder/Web Thunder, BitTorrent, eMule, eDonkey, QQ, MSN, PPLive; supports P2P throttle through deep packet inspection which matches network packets with P2P packet characteristics. This effectively detects P2P traffic, achieves necessary P2P traffic management and provides different control strategies to flexibly limit P2P traffic.
Highly precise and efficient intrusion detection engine using H3C patented and self-developed FIRST (Full Inspection with Rigorous State Test). FIRST engine consolidates multiple detection technologies to realize comprehensive inspection based on status with highly accurate intrusion detection.FIRST also uses parallel inspection technology that can be flexibly deployed with software and hardware to increase the detection efficiency.
Fast URL filtering: Apart from basic URL blacklist and white list filtering, URL lookup server can be set for online query.
Comprehensive and up-to-date security signature database. With years of operation and experience, H3C hires the best team in identifying attack signatures, set up professional defense lab that keeps the team at the forefront of network security, and ensures timely update of signature database.
IPv6 stateful inspection truly implements IPv6 firewall, and completes IPv6 protection against attacks.
Supports IPv4/IPv6 dual protocol stacks and supports IPv6 packet forwarding, static routing, dynamic routing and multicast routing.
IPv6 transition technologies consist of NAT-PT, IPv6 over IPv4 GRE tunnel, manual tunnel, 6to4 tunnel, automatic IPv4-compatible IPv6 tunnel, ISATAP tunnel, NAT444, and DS-Lite.
Supports IPv6 ACL and Radius.
Load Balancing: Implement auto switch and auto load-balancing of enterprise Internet egress through links status check and links busy status protection.
SSL VPN: Integrated SSL VPN fulfils the secure remote access needs for mobile office and roaming employees. Additional authentication factor can be implemented with USB-Key or mobile SMS, and integrates with existing enterprise authentication system to create a fully integrated access authentication system.
Basic support for DLP (Data Leak Prevention) includes E-mail filtering, SMTP E-mail address, subject and attachment filtering, Web page filtering, HTTP URL and content filtering, files filtering based on network transportation protocol, application layer filtering such as Java/ActiveX blocking and SQL injection attack blocking.
Intelligent security policy: policy redundancy check, policy mapping optimization advice, dynamic internal network application check and appropriate policy creations and recommendations.
Supports SNMPv3 and compatible with SNMPv1 and SNMPv2.
Graphical interface with simple and easy to use Web based management.
CLI-based device management and firewall configuration that fulfils the professional management and batch deployment requirements.
Security Service Manager (SSM) is an iMC component for centralized network security management. SSM monitors firewall devices on the network in real time, collects and analyzes security events and logs and feedback in a single console. It breaks the silos between network security devices, provides an intuitive interface for network security, gives real time feedback to security events and pinpoints the exact location of network outage. It frees IT and security administrators from the chore of management, significantly improves their productivity and let them focus on core business instead.
Centralized log management functions based on advanced data drill-down and analysis technology. It can request and receive information to generate logs, compile different types of logs (such as syslogs and binary stream logs) in the same format, and compress and store large amounts of logs. You can encrypt and export saved logs to external storage devices such as DAS, NAS, and SAN to avoid loss of important security logs.
Choices of reports:, application-based reports and stream-based analysis reports.
Export of reports in different formats, such as PDF, HTML, Microsoft Word, and txt.
Report customization through the Web interface. Customizable contents include time range, data source device, generation period, and export format.
1 console port
Device comes with 8 optical GE ports+16 electric GE ports
1 console port
Device comes with 8 optical GE ports+16 electric GE ports+2 optical 10GE ports
1 console port
Device comes with 12 optical GE ports+12 electric GE ports+4 optical 10GE ports
2 (F1020 comes with one expansion slot)
4 GE PFC interface module
12 optical GE ports+12 electrical GE ports+6 10 ports
Operating: 0°C to 45°C (32°F to 113°F)
Non operating: –40°C to +70°C (–40°F to +158°F)
Router, transparent and hybrid
Authentication: Portal, RADIUS, HWTACACS, PKI /CA (X.509) , domain, CHAP, PAP
SOP virtualized firewall platform supports complete virtualization and hardware resource allocation of CPU, RAM and storage
Security zones allocation
Protection against malicious attacks, such as Land, Smurf, Fraggle, Ping of Death, Tear Drop, IP spoofing, IP fragmentation, ARP spoofing, reverse ARP lookup, invalid TCP flag, oversized ICMP packet, address/port scanning, SYN flood, ICMP flood, UDP flood, and DNS query flood.
Basic and extended ACL
Time range-based ACL.
User/application based ACL
MAC based ACL
ASPF application layer packet filtering.
Static and dynamic blacklist
802.1Q VLAN transparent transmission
Malware signature based inspection
Automatic and manual update of virus database
Packet stream processing mode
HTTP, FTP, SMTP and POP3 protocol
Malware detection: Backdoor, Email-Worm, IM-Worm, P2P-Worm, Trojan, AdWare and virus
Virus log and report
Protection against hacker’s common attacks such as worm/virus, Trojan, malicious code, spyware/adware and DoS/DDoS.
Protection against buffer overflow, SQL injection and IDS/IPS escape
Attack classification based on signature (attack type, target system) and grading of severity (high, middle, low and alert)
Automatic and manual upgrade of attack signature through TFTP and HTTP
Identification and control of P2P/IM protocols such as BT
E-mail/Web page/application layer filtering
SMTP e-mail address filtering
E-mail header filtering
E-mail content filtering
E-mail attachment filtering
Web page filtering
HTTP URL filtering
HTTP content filtering
Application layer filtering
SQL injection attack prevention
Many-to-one NAT—Maps multiple internal addresses to one public address
Many-to-many NAT—Maps multiple internal addresses to multiple public addresses
One-to-one NAT—Maps one internal address to one public address
NAT of both source address and destination address
External hosts access to internal servers
Internal address to public interface address mapping
NAT support for DNS
Setting effective period for NAT
NAT ALGs for NAT ALG, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP, and SIP
L2TP VPN, IPSec VPN, GRE VPN, SSL VPN
IPv6 based stateful protocol inspection firewall and intrusion prevention
IPv6 protocols: IPv6 forwarding, ICMPv6, PMTU, Ping6, DNS6, TraceRT6, Telnet6, DHCPv6 Client, DHCPv6 Relay and etc.
IPv6 routing: RIPng, OSPFv3, BGP4+, static routing, strategic routing, PIM-SM, PIM-DM and so on
IPv6 security: NAT-PT, IPv6 Tunnel, IPv6 packet filter, Radius, IPv6 inter-domain security, IPv6 session number limit
SCF 2:1 virtualization support
Dual-device stateful failover (active/active and active/standby configurations)
Configuration synchronization across dual-device setup
IPSec VPN IKE status synchronization
Ease of maintenance
CLI based configuration management
Web based remote management
Device management through H3C Security Service Manager (SSM)
SNMPv3, compatible with SNMPv2c and SNMPv1
Intelligent security policy
Compliant with Restriction of Hazardous Substances (RoHS) Directive
Campus network security solution
Fully virtualization security solution with SCF 2:1 for highly reliable network design and SOP 1:N to separate different application zones.
Rich routing protocols support.
Strong VPN encryption power.
Comprehensive security functions that fends off malware attack, scans and filters e-mails, Web pages and attachments.
Cloud based comprehensive security solution
In latest cloud solution, such as Virtual Private Cloud (VPC), security control and tenant separation are very crucial for network design. Together with H3C comprehensive total cloud and virtualization components, including VXLAN hardware infrastructure, H3C CAS (Cloud Automation System), VCF (Virtual Converged Framework) controller and CSM (Cloud Service Manager). F5020 hardware based firewall provides strong security control for all south to north traffic, it can support up to 128 virtual firewall, which is perfect for large cloud solution with many tenants. With the help of SOP, F5020 realizes process based separation, high performance virtual firewall and virtual firewall fault separation.