| NGFW 4000-UF/NGFW4000/NGFW ARES Series
After more than 10 years¡¯ development of security products, TOPSEC upgraded the NetGuard fireWall series in 2005. The new generation NetGuard fireWall series are constructed upon the lasted secure operating system ¡ªTopsec Operating System (TOS) and various high-performance hardware platforms¡£
The TOS, which is the result of 10 years solid research experiences in the security field, is proposed by TOPSEC in 2005. The development of TOS secure model adopts the formal design approach to make the system stable, secure, educible and validateble. Furthermore, TOS is designed with the lasted multi-layer concept. The hardware-abstract layer between the hardware and the OS kernel layer enables TOS adapt to various hardware platforms and, therefore, fully utilize the calculation resource of those platforms. TOS includes OS layer, foundation layer, service layer and secure engine layer. The modules of foundation layer and service layer are built into the steady, reliable and secure OS kernel to provide the support of constructing powerful equipment system. The Secure Engine (SE) can be installed upon the service layer to provide various secure services. Thus, TOS can be the secure and uniform platform for firewall and all the other kinds of security products¡£
System Features£º
 Constructed on the TOPSEC Operating System (TOS). The TOS is designed with concepts of modularization and mid-layer to reduce the dependence on the hardware and achieve the characteristics of security, openness, extensibility, modularization, normalization and transplantation. The different Secure Engines, such as firewall, IPS, VPN and AV, etc., can be easily implemented according to users¡¯ requirements¡£
Integrating various powerful hardware platforms. So far, TOS can run on ASIC architecture, ASIC+NPU architecture, IA, PowerPC and ARM hardware platforms smoothly. The high-end telecom level firewall adapts the copyright independent ASIC+NPU architecture to provide wire-speed forwarding ability. The mid-end firewall series adapt the copyright independent ASIC architecture to achieve the security and controllability¡£
The firewall SE adapts the original kernel detection technology. The advaned kernel detection technology can perform the access control to the application-layer in the OS kernel. This technology not only realized the fine granularity control on application-layer but also ensured the high performance of firewall¡£
Supporting the Trusted Network Architecture (TNA) system. The new NetGuard fireWall series with the build-in Gateway Trusted Agent (GTA) module, together with the Trusted Security Management (TSM) and Point Trusted Agent (PTA) can build a TNA security system. This system ensues the predictability and controllability of network action
Function
| System Features |
Constructed on the stable, secure, efficient, expandable and hardware platform independent TOS system¡£ |
The Firewall Security Engine £¨FW_SE£© adapts the advanced kernel detection technology¡£ |
Implementing the transparent application proxy for HTTP, FTP, TELNET, SMTP, POP3, and NNTP protocol. |
Content filtering: URL, Active X, Java applet, Java script, key words (including regular expression). |
Constructed on the stable, secure, efficient, expandable and hardware platform independent TOS system. |
Supporting two-way Net Address Translation, including SNAT, DNAT, and Cone NAT modes. |
Routing based on source/destination address; supporting route balancing. |
Supporting the binding of IP and MAC address; supporting the filtering based on source MAC address. |
| Efficient Intrusion Detection Protection |
Supporting the binding of IP and MAC address; supporting the filtering based on source MAC address. |
Integrated IDS module for the protection from TCP/UDP Port Scanning, IP source Route Attack, IP fragments attack, DNS/RIP/ICMP attack, Syn Flood, DoS attack, DDoS attack , etc.. |
Supporting three operating modes: Transparent, Route, and Mixing mode models (the combination of route and transparent mode). |
Supporting multilevel bandwidth management (QoS). |
Supporting the load balancing of multiple servers and can probe servers working status. |
Supporting Security Server Network (SSN). |
Supporting ADSL access. |
| Real-time Monitoring |
Supporting Real-time monitoring to the firewall working status, such as the memory usage and the network link state. |
Supporting L2 protocol control; the content security filtering in the applications layer by Deep Packet Inspection (DPI) rule. |
Supporting the Server/Client/Relay mode of DHCP. |
Supporting various network communication and application protocols, such as DHCP, VLAN, ADSL, IPX, RIP, ISL, 802.1Q, Spanning tree, DECnet, NETBEUI, IPSEC, PPPOE, MMS, RTSP, SQLNET, SUNRPC, MS RPC, H.323, BOOTP, etc.. |
Flexible VPN Function£º
Supporting standard IPSEC and IKE.
Supporting nation authorized algorithm.
Providing perfect VPN solution between SCM, VPN Gateway or remote VPN client. |
| Management |
Can be Managed via GUI, Command Line, Telnet, or SSH mode. |
Rich management modes, including local, remote, and centralized management; Supporting the SNMP management and monitoring. |
Sending alarm through sound, winpop, Netbios, mail, or SNMP TRAP. |
| Log Analysis |
The audit log can be divided into several levels and can be exported or analyzed automatically. |
Supporting different log format: Syslog, Webtrends, or TopSEC log format. |
Advanced log analysis system: providing log analysis of firewall log, route log, operating system log and other application system log. |
| High Availability |
Supporting Firewall hot-redundancy, Active-Active working mode and link layer backup. |
| High Reliability |
Supporting packets debug. |
Providing running black box and the healthy record can be checked out when needed. |
| High Expansibility |
Hot-plugging slots on the front board. |
For further information about NetGuard series, please refer to the website: http://www.topsec.com.cn
Product Qualification:
¡¤ Sale Permit of Computer Information System Security Product, issued by the Ministry Of Public Security PR China.
¡¤ Certification of China Information Technology Security Product, issued by CNITSEC (China Information Technology Security Certification Center).
¡¤ Testing and Evaluation Certification of Information System Security Product£¬issued by Information System Security Testing And Evaluation Center Of State Secrecy Administration.
¡¤ Certification of Military Information Technology Security Product, issued by Information Technology Security Certification Center of The Chinese PLA (People's Liberation Army).
¡¤ China Information Technology Security Product Certification (level EAL3), issued by CNITSEC (China Information Technology Security Certification Center). |
