NGFW (Next Generation Firewall)

Supports three working modes: transparent, routing, and hybrid, as well as link aggregation

Supports Source NAT, Destination NAT, Port NAT, and Static NAT

Supports VLAN and VRF

Supports WLAN and 3G wireless access

Supports DHCP server and DHCP Relay, DNS server, and static DNS

Supports static routing, PBR, ISP routing, and source interface routing

Supports application-based routing

Supports dynamic routing protocols such as OSPF, RIP, and OSPFv3

Supports route detection function

Supports IPv6 static routing, route advertisements, and tunnel translation

Supports octuple policies based on user, application, source and destination interfaces, source and destination IP, service, and time

Supports object-oriented addressing, services, scheduling, applications, and user resources

Supports policy-based persistent connections

Supports policy hit counts statistics and reset

Supports policy priority adjustment

Supports IPv6 security policies

Supports session statistics, monitoring, temporary blocking, and global session restrictions

Supports IP-MAC binding, ARP spoofing protection, and ARP Flood attack prevention

Supports IPv4 abnormal packet attack protection, including Ping of Death, Land-Base, Tear Drop, TCP Flag Winnuke, Smurf, Jolt2, and others

Supports protection against port scanning and IP scanning

Supports SYN Flood, UDP Flood, ICMP Flood, and DNS Flood attack protection based on interface and IP

Supports a blacklist for manual and automatic attack protection

Supports IPv6 abnormal packet attack protection against threats such as Winnuke, Land-Base, TCP Flag, Fraggle, and IP Spoof

Supports standard IPSec VPN protocols and deployment methods

Supports policy-based and route-based IPsec VPN

Supports CA centers and X.509 format certificates

Supports VPN Track

Supports SSL VPN tunnel mode

Supports GRE VPN

Supports security protection and bandwidth management under VPN tunnels

Supports virus filtering based on HTTP, FTP, SMTP, POP3, IMAP protocols

Supports blocking specific file types from passing through

Supports virus scanning for up to 20 layers of compressed files

Supports manual and automatic updates of the virus database

Supports malicious URL filtering

Supports automatic protocol recognition

Supports over 3000 predefined attack signatures

Supports automatic and manual updates of the signature database

Provides security protection against worms, Trojan backdoors, phishing, and other threats

Supports control over logging in and messaging in IM software

Supports control over software such as P2P and streaming media

Supports control over online gaming

Supports control over stock market information and trading activities

Supports control over sending and receiving emails, including attachment size filtering

Supports URL category filtering 

Supports local user authentication for the firewall

Supports standard third-party user authentication such as Radius, LDAP, etc.

Supports WeChat user authentication and SMS gateway

Supports Web user authentication

Supports online user monitoring and timeout management

Supports centralized user policy management

Supports multi-level nested bandwidth management based on channels, interfaces, users, and applications

Supports bandwidth priority management

Supports maximum and minimum bandwidth limitation, and elastic bandwidth

Supports rate limiting per IP

Supports policy troubleshooting

Supports real-time statistics of CPU, memory, and interface traffic

Supports traffic statistics of users and applications via pie charts, bar graphs, and trend graphs

Supports real-time display of user and application rankings

Supports real-time alerts for system events and security risks

Supports system administrators and read-only administrators

Supports administrator privacy check and timeout management

Supports manual system time setting and NTP synchronization

Supports dual system configuration file backup

Supports manual system file upgrades

Supports SNMPv1/v2/v3

Supports hot standby in active-standby and active-active modes

Supports interface status synchronization and status detection

Supports system diagnostics via PING, TRACERT, TCPSYN methods

Supports periodic collection of system information