Product features and technical advantages

    Hybrid firewall with high performance

    Inspur VTInfo NS110 firewall synthetically uses all kinds of advanced safety techniques including packet filtration, application proxy, state test, etc. It is a typical hybrid firewall with high performance.

    The safe and special operation system, the resistant-attack capability is strong

    The system core is specially designed for the firewall, so the system performance is highly advanced; the core modules are all analyzed carefully and optimized comprehensively by assembly language. In the various tests of system performance, the system performance is higher than other system performances of the same kind.

     Filtration technique based on state detection

    The traditional packet-filtering firewall tests only the information on IP packet header to determine the pass or reject of data stream, but the state test technique adopts the state test system based on connection, in which all-round information and state of network communications can be read, analyzed and utilized. The system sees all packets of the same connection as an integrated data stream,, forms the connection state list, identifies the connection status factors through the combination of the rule list and state list.

    The management interface of network topology map is safe and convenient to manage

    The configuration rule can be realized simply by connecting wires, which makes the usage convenient for users. In addition, the topology structures of all rules and networks can be displayed through interface, and thus the complete graphic configuration management is realized. The interface of graphic configuration interface is as follows:

Supporting various working modes

Supporting NAT mode (a.k.a. routing mode), net bridge mode (a.k.a. transparent mode) and mixed mode. All working modes can shift automatically, fit for the connection of complicated network structure and application.

The LAN interface supports the VLAN area division

A physical interface of firewall is used to support multiple VLAN, and logically divide the intranet into different subnets, and for each subnet, the firewall can form a virtual gateway to realize the mutual routing between different subnets.

Flaw control and bandwidth management of fine grit

Flow control and bandwidth management completely virtualized the actual environment of bandwidth application, and can realize the bandwidth management mode of multi-layer arrangement. In addition, it can realize the managements of bandwidth layering, bandwidth classification, bandwidth distribution and bandwidth optimization, optimize the application of network resources, ensure the running of key operations, and lift the application efficiency of network resource application.

Supporting load balance and dual hot-backup

Supporting policy routing

Inspur VTInfo firewall adopts the policy routing technique, and fits the environment of multiple network exits. The routing based on policy will supply the administrator with a stronger control ability of message transfer and storage than traditional routings.

Detailed flow statistic

Real time network monitor

    The connecting condition through firewall of intranet can be displayed in real time, and so can the information including the source IP, source MAC, address, source port, target IP and target port of the connecting. The firewall system is monitored in real time.

    System monitoring

    It can monitor the system running information such as the hardware working condition and safety strategy parameters of firewall in real time.

     No user limit

  Product functions:

  Network address conversion

    The static, dynamic and bidirectional address conversions are accessible. not only can the intranet address information be concealed, thus the outside are not able to visit the intranet equipment directly, ,meanwhile, it also helps the network exceed the address limit, and reasonably arrange the use of public Internet addresses and private IP addresses.

    Port mapping

    The mapping function makes your service safe, for it can establish the static mapping for inner server for the convenience of outside users visiting the server, while some ports such as 80 and 21 can be mapped to any port of the server to enhance safety.

    URL filtration

    The administrator can mask off or filter some URL such as pornographic and reactionary sites according to the necessity of preventing internal users visiting illegal sites.

    Content filtration

The content filtration is mainly the filtering of contents in the visited pages according to the key words set by users. The filtration of application layers is realized dynamically.

Techniques

Ip and MAC address binding

In order to avoid IP cheat and address camouflage, bind the IP address with the hardware address of network card.

Flow control

Qos set can be set according to appointed policies. The flow control can ensure the normal running of key operations and prevent network abuse.

Flow statistics

The real time flaw of any IP address of the intranet can be accurately calculated, and so can be the real time flow of each interface of the firewall, and the flaw statistic result in one recent week can be saved. The sorting can be realized by such kinds as IP sorting, sorting according to flaw and according to protocol. In addition, the detailed net surfing condition of the 10 IP addresses with the largest flow can be displayed in real time in a convenient diagram.

Real time network monitor

System monitoring

It can monitor the system running information such as the hardware working condition and safety strategy parameters of firewall in real time.

Visit control based on time

System backup and recovery

The delivery default setting recovery

The delivery default setting of firewall can be recovered under any condition.

Long-distance centralized management

Classification management

Log safety audit

The independent log management system can manage the firewall log under centralization. During the setting management, log can be wrote with pertinence and classified through different search means.

Compulsory visit control for common application programs (BT, Emule, QQ, MSN, etc.)

Through the control guidance of program control, it can control compulsorily for the visit to common application programs (BT, Emule, QQ, MSN, etc.) can be done; in addition, the widgets such as Java Applet and ActiveX as well as Script can be prohibited.

Transparent proxy

The firewall adopts transparent proxy technique. The proxy service is transparent for users, and the users are not aware of the firewall, so the internal and external network communication can be finished. The service ports of firewall can not be detected, so the firewall can not be attached, so the safety and attack-resist of firewall can be greatly enhanced.

Transparent mode

The firewall under the transparent mode is like a network bridge (the non-transparent firewall is like a router) .The network equipment (including main machine, router and workstation) and all computer settings (including IP address and gateway) need not change. At the same time all data through it are analyzed, which increases the network safety and reduces the complication degree of user management.

Mixed mode

According to the user’s network setting, the firewall can freely set the routing mode or transparent mode. Owning the advantages of both modes and together with the filtration technique of active firewall, the arability, safety and performance of firewall are highly advanced.

Supporting various identity authentication

Various identity authentications are supported, such as command mode, digital certificate, RADIUS and usage license, so it can better realize user identity and visit control.

Supporting DHCP server

Supporting the DHCP address distribution and DMZ zone in intranet

Integrating VPN modules

The integrated VPN modules, approved by the National Code Office, comply with the standard IPSec protocol, and are available to cooperate with NAT. The VPN modules support two working types: Gateway VPN and VPN client.

Supporting policy routing

IDS Linkage

IDS detector monitors real-time network activities. When capturing the suspicious network attacking activity, it will send a message to firewall according to the nature of the intrusion or suspicious activities. Then firewall will stop the connection with net address related. The rule, combining real-time reaction capacity of the intrusion detection and the static access controllability of firewall, realizes a security defense strategy based on dynamic change of network activity, and improves network security greatly. Now the Inspur VTInfo Firewall can cooperate with Inspur VTInfo IDS and Venustech VFPR IDS.    

Support SNMP Management

Simple Network Management Protocol (SNMP) is a management standard widely used in TCP/IP network. SNMP finishes management service by distributed management system and proxy system architecture. Inspur VTInfo Firewal can provide supports for all editions of standard SNMP. It is compatible with the commonly used network management platforms such as HP Openview, Cisco works, etc.

Flexible and powerful log audit

Provide abundant log information. Users can select the log option (including no-log, general log, application layer protocol log and application context log) according to their specific needs, and take detailed audit and set log filer, in order to analyze and trace the intrusion activities.

Email Alarm