H3C SecPath F100-C-A3 NGFW

Item

F100-C-A3

Dimensions (W × D × H)

330mm*230mm*43.6mm

USB

2

Power Supply

2 AC fixed

Ports

1 × console port (CON)

8 × Gigabit Ethernet fiber ports

Temperature

Operating: 0°C to 45°C

Storage: –30°C to +70°C

Operation modes

Route, transparent, and hybrid

AAA

Local authentication

RADIUS authentication, support PAP and CHAP authentication

HWTACACS certification

AD / LDAP authentication

PKI certificate authentication

Firewall

SOP virtual firewall technology, which supports full virtualization of hardware resources, including CPU, memories, and storage

Security zone allocation

Protection against malicious attacks, such as land, smurf, fraggle, ping of death, teardrop, IP spoofing, IP fragmentation, ARP spoofing, reverse ARP lookup, invalid TCP flag, large ICMP packet, address/port scanning, SYN flood, ICMP flood, UDP flood, and DNS query flood

Basic and advanced ACLs

Time range-based ACL

User-based and application-based access control

ASPF application layer packet filtering

Static and dynamic blacklist function

MAC-IP binding

MAC-based ACL

802.1Q VLAN transparent transmission

Antivirus

Signature-based virus detection

Manual and automatic upgrade for the signature database

Stream-based processing

Virus detection based on HTTP, FTP, SMTP, and POP3

Virus types include Backdoor, Email-Worm, IM-Worm, P2P-Worm, Trojan, AdWare, and Virus

Virus logs and reports

Deep intrusion prevention

Prevention against common attacks such as hacker, worm/virus, Trojan, malicious code, spyware/adware, DoS/DDoS, buffer overflow, SQL injection, and IDS/IPS bypass

Attack signature categories (based on attack types and target systems) and severity levels (including high, medium, low, and notification)

Manual and automatic upgrade for the attack signature database (TFTP and HTTP).

P2P/IM traffic identification and control

Email/webpage/application layer filtering

Email filtering

SMTP email address filtering

Email subject/content/attachment filtering

Webpage filtering

HTTP URL/content filtering

Java blocking

ActiveX blocking

SQL injection attack prevention

NAT

Many-to-one NAT, which maps multiple internal addresses to one public address

Many-to-many NAT, which maps multiple internal addresses to multiple public addresses

One-to-one NAT, which maps one internal address to one public address

NAT of both source address and destination address

External hosts access to internal servers

Internal address to public interface address mapping

NAT support for DNS

Setting effective period for NAT

NAT ALGs for NAT ALG, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP, and SIP

VPN

L2TP VPN

IPSec VPN

GRE VPN

SSL VPN

IPv6

IPv6 status firewall

IPv6 attack protection

IPv6 forwarding

IPv6 protocols such as ICMPv6, PMTU, Ping6, DNS6, TraceRT6, Telnet6, DHCPv6 Client, and DHCPv6 Relay

IPv6 routing: RIPng, OSPFv3, BGP4+, static routing, policy-based routing

IPv6 multicast: PIM-SM, and PIM-DM

IPv6 transition techniques: NAT-PT, IPv6 tunneling, NAT64 (DNS64), and DS-LITE

IPv6 security: NAT-PT, IPv6 tunnel, IPv6 packet filter, RADIUS, IPv6 zone pair policies, IPv6 connection limit

High availability

SCF 2:1 virtualization

Active/active and active/standby stateful failover

Configuration synchronization of two firewalls

IKE state synchronization in IPsec VPN

VRRP

Configuration management

Configuration management at the CLI

Remote management through Web

Device management through H3C IMC SSM

SNMPv3, compatible with SNMPv2 and SNMPv1

Intelligent security policy

Environmental protection

EU RoHS compliance