Presentation is loading. Please wait.

Presentation is loading. Please wait.

SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls."— Presentation transcript:

1 SecPath Firewall Architecture

2 Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls Become familiar with the service features of SecPath series firewalls Understand typical applications of SecPath series firewalls

3 3Com Confidential. 3 Contents SecPath Firewall Family Members SecPath Firewall Service Features SecPath Firewall Typical Applications

4 Firewall Family Members ISP / Data Cernter Medium Enterprise Small Enterprise Large Enterprise SecPath F1000-A SecPath F1000-S SecBlade II F100-A F1000-E F5000-A

5 SecPath F1000-E CF card slot HIM interface card slot 1 HIM interface card slot 2 Available for Oversea Market Specification  Throughput : 6Gbps  Concurrent connections : 2,000,000  New connections per second : 60,000  4 fixed combo GE ports (electrical/optical)  2 HIM card slots  Supported HIM card type : 4GBE/4GFE/8GBE AUX port Console port USB 0 USB 1 GE optical port 10/100/1000M electrical port GE optical port 10/100/1000M electrical port Combo port Comware V5 Platform Inside

6 SecPath F1000-A GE electrical port GE optical port GE electrical port GE optical port Console port AUX port Combo port 1 MIM interface card slot Available for Oversea Market Specification  Throughput : 1.5Gbps  Concurrent connections : 1,000,000  New connections per second : 20,000  2 fixed combo GE ports (electrical/optical)  1 MIM card slots  Supported MIM card type : 1FE/2FE/4FE/1GBE/1GEF/2GBE/2GEF

7 SecPath F1000-S GE electrical port 1/0 GE combo port 0/0 Console port AUX portGE electrical port 1/1 GE combo port 0/1 MIM interface card slot 0 MIM interface card slot 1 Available for Oversea Market Specification  Throughput : 1Gbps  Concurrent connections : 1,000,000  New connections per second : 10,000  2 fixed combo GE ports (electrical/optical)  2 fixed electrical GE port  2 MIM card slots  Supported MIM card type : 1FE/2FE/4FE/1GBE/1GEF/2GBE/2GEF

8 SecPath SecBlade FW GE combo port 0/3 USB 1 GE electrical port 0/1 Console port GE combo port 0/4 GE electrical port 0/2 USB 0 CF card slot Available for Oversea Market Specification  Management interface : 2 fixed combo GE ports (electrical/optical) 2 fixed electrical GE port  Inter-connection interface with chassis 1 10GE interface Support device  S7500E series switches  S9500 series switches  SR8800 series routers  SR6600 series routers

9 SecPath F100-A 1 MIM interface card slot 10/100M WAN port 0/0 10/100M WAN port 0/1 10/100M WAN port 0/2 4 * 10/100M LAN port AUX port Console port Available for Oversea Market Specification  Throughput : 200Mbps  Concurrent connections : 500,000  New connections per second : 3,000  3 fixed FE WAN ports  4 fixed FE LAN ports  1 MIM card slots  Supported MIM card type : 1FE/2FE/4FE/IPSec Encryption/Decryption card

10 3Com Confidential. 10 Contents SecPath Firewall Family Members SecPath Firewall Service Features SecPath Firewall Typical Applications

11 SecPath Firewall Service Features ASPF ASPF Diversified attack defending means Diversified attack defending means Rich VPN services Rich VPN services Intelligent analysis and management means Intelligent analysis and management means Content filter & Email filter Content filter & Email filter Network protocol accumulation Network protocol accumulation Security authentication Security authentication Network isolation & access control Network isolation & access control NAT NAT

12 SecPath Firewall Service Features Packet filter Application layer status detection Diversified attack defending means NAT Firewall Trusted Zone Untrusted Zone DoS attack Hacker Normal user Prevent

13 Normal website Harmful website Internet Harmful contents Healthy contents Content filter Email filter SecPath Firewall Service Features Email Server Email detection

14 Intranet service layer Log center Intranet access layer External network /Internet Attack packets are found. A B C Report logs Attack packets are rejected. SecPath Firewall SecPath Firewall Service Features Email notification

15 SecPath Firewall Service Features

16 3Com Confidential. 16 Contents SecPath Firewall Family Members SecPath Firewall Service Features SecPath Firewall Typical Applications

17 SecPath Firewall Typical Applications (1) Internet External server Untrusted Zone Trusted Zone Leased line branch Internal network DMZ Firewall application at the enterprise egress H3C SecPath series firewalls provide powerful filtering and perfect management functions. They are deployed at the internal network egress to defend all attacks from the external network.

18 SecPath Firewall Typical Applications (2) Firewall + VPN application for small-/medium-sized enterprises H3C SecPath F1000-S firewall can provide both powerful filtering and VPN functions. It can protect security of the internal network and meet the demand of branches and mobile offices for accessing the headquarters resources. IP network Remote office by using the VPN client Enterprise headquarters Enterprise branch SecPath100F SecPathF1000-S MCU Application server group Voice device Voice Video Data VPN tunnel User dynamic authentication server Authentication tunnel Dynamic password key disk

19 SecPath Firewall Typical Applications (3) With the powerful VPN function, the H3C SecPath F100-C firewall can meet the demand of branches and mobile offices for accessing the headquarters resources, applicable to SOHO family or office networks. In addition, the SecPath F100-C firewall can provide powerful filtering and perfect management functions. It can be deployed at the internal network egress to defend all attacks from the external network. Firewall + VPN application for SOHO users Internet Untrusted Zone Trusted Zone SOHO internal network Remote office by using the VPN client

20 SecPath Firewall Typical Applications (4) Besides VPN applications, the SecPath firewall can provide device backup and load sharing. When branches access the enterprise headquarters through the IPSec VPN, two SecPath firewalls that are deployed at the headquarters can be used to guarantee the privacy, integrality, reality, and anti-replay of data transmission on the network. The enterprise headquarters adopts two firewalls to implement load sharing and device backup in case on device fails. VPN + firewall backup application for branches Internet Enterprise headquarters Branch SecPath firewall MCU Application server group Voice device Voice Video Data Voice Video Data SecPathF100-A SecPath firewall SecPathF100-A Branch IPSEC tunnel Backup IPSEC tunnel Branches…

21 Summary Understand the architecture of SecPath series firewalls Become familiar with the service features of SecPath series firewalls Understand typical applications of SecPath series firewalls

22 Thank you

Download ppt "SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls."

Similar presentations

SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G www.smc.com.

SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G
Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.

Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.
Agenda Product Overview Hardware Interfaces Software Features

Agenda Product Overview Hardware Interfaces Software Features
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, 26.4.2012 Jan Křístek Tomáš Chott.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, Jan Křístek Tomáš Chott.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.

Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.

Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
© 2003 Cisco Systems, Inc. All Rights Reserved. WWW.LINKSYS.COM Cisco Confidential Non-Disclosure Agreement Required WRT54G3G Linksys 3G Broadband Router.

© 2003 Cisco Systems, Inc. All Rights Reserved. Cisco Confidential Non-Disclosure Agreement Required WRT54G3G Linksys 3G Broadband Router.
Broadband Communication Solution

Broadband Communication Solution
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
D-Link Confidential Sales guide for 3G wireless router DWR-113 D-Link Confidential WRPD, Amy Wang, 16 th Sep., 2010.

D-Link Confidential Sales guide for 3G wireless router DWR-113 D-Link Confidential WRPD, Amy Wang, 16 th Sep., 2010.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
CPE5021 Advanced Network Security ---Network Security and Performance--- Lecture 9 CPE5021 Advanced Network Security ---Network Security and Performance---

CPE5021 Advanced Network Security ---Network Security and Performance--- Lecture 9 CPE5021 Advanced Network Security ---Network Security and Performance---

Similar presentations

Ads by Google