Description

High performance

High performance:up to 40 Gbps throughput secures traffic without compromising network performance; a maximum of 4 million concurrent connections and 180,000 connections per second enables high-volume networks to remain secure under peak traffic.

Application Specific Packet Filter (ASPF)

Application Specific Packet Filter (ASPF):dynamically determines whether to forward or drop a packet by checking its application layer protocol information, and other application layer protocols.

Zone-based access policies

Zone-based access policies:logically groups virtual LANs (VLANs) into zones that share common security policies; allows both unicast and multicast policy settings by zones instead of by individual VLANs.

Virtualization

Virtualization:multi-core architecture enables both multiple zones and multiple separate firewall instances to be created on the same device, centralized deployment of a single device offering multiple virtual firewalls lowers total cost of ownership through streamlined training, simplified deployment and management, and reduced power consumption.

Application-level gateway (ALG)

Application-level gateway (ALG):deep packet inspection in the firewall discovers the IP address and service port information embedded in the application data; the firewall then dynamically opens appropriate connections for specific applications.

IPsec

IPsec provides secure tunneling over an untrusted network such as the Internet or a wireless network; offers data confidentiality, authenticity, and integrity between two endpoints of the network.

Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP):an industry standard-based traffic encapsulation mechanism supported by many common operating systems, will tunnel the Point-to-Point Protocol (PPP) traffic over the IP and non-IP networks; may use the IP/UDP transport mechanism in IP networks.

Complete session logging

Complete session logging provides detailed information for problem identification and resolution.

Manager and operator privilege levels

Manager and operator privilege levels:enable read-only (operator) and read-write (manager) access on CLI and Web browser management interfaces.

Command-line interface (CLI)

Command-line interface (CLI) provides a secure, easy-to-use command-line interface for configuring the module via SSH or a switch console; provides direct real-time session visibility.

Remote monitoring (RMON)

Remote monitoring (RMON):uses standard SNMP to monitor essential network functions; supports events, alarm, history, and statistics group plus a private alarm extension group.

FTP, TFTP, and SFTP support

FTP, TFTP, and SFTP support:FTP allows bidirectional transfers over a TCP/IP network and is used for configuration updates; Trivial FTP is a simpler method using User Datagram Protocol (UDP).

Border Gateway Protocol 4 (BGP-4)

Border Gateway Protocol 4 (BGP-4):Exterior Gateway Protocol (EGP) with path vector protocol uses TCP for enhanced reliability for the route discovery process reduces bandwidth consumption by advertising only incremental updates.

Dual IP stack

Dual IP stack:maintains separate stacks for IPv4 and IPv6 to ease transition from an IPv4-only network to an IPv6-only network design.

Policy routing

Policy routing:allows custom filters for increased performance and security; supports ACLs, IP prefix, AS paths, community lists, and aggregate policies.

Defense against attacks

Defense against attacks:a firewall series provides defense against various attacks, and supports binding of MAC address and IP addresses, as well as intelligent defense of worm viruses.

Application layer content filtering

Application layer content filtering:a firewall series supports mail filtering, based on SMTP mail address, titles, attachments, and content; supports Web page filtering.