|
Product features and technical advantages
Researched and developed strictly according to the IPSec and IKE standards and can be intercommunicated with the main stream VPN facilities.
Support the full dynamic IP VPN interconnected solution and fit the interconnected characteristics of the government and enterprise.
Support IPSec-NAT(NATT) and fit China broadband metropolitan area network ( adopting the non-real IP address to access the internet).
Support completely transparent network bridge mode and mixed mode and build the VPN tunnel under the network bridge mode, applicable for the bank, securities, electrical power, and petrochemical special networks; and can be deployed flexibly with various firewalls, gateways by utilizing this feature.
Whole State Inspection Firewall module, self-contained NAT/NAPT function and IDS microengine resist the common network layer intrusion and can interact with the main IDS facilities in China.
Support VLAN Trunk and can build the VPN connection under the VLAN environment.
With many kinds of mobile clients, it can be used flexibly and support the domestic encryption card approved by the National Commercial Cipher Bureau together with the VPN gateway.
Support operation mode based on “digital certificate”, suitable for the large scale VPN networks.
Support Qos,DHCP and static router, and PPPoE dial.
Original line fault detection and VPN link switch technologies assure the construction of the VPN backup line efficiently and reliably.
Support the policy-routing and the multi-lined VPN tunnel access. Support balance internet, unified bandwidth program and the load balancing of multipoint VPN access and the advanced function of dual module hot spare;
Perfect safety gateway centralized management platform supports native machine/remote log storage.
Excellent function: The encryption speed rate of 100M VPN 3DES+SHA can be up to 100Mbps and the encryption speed rate of gigabit VPN 3DES+SHA can be up to 500Mbps.
VPN product features and technical advantages
Be designed completely according to the IPSec and IKE. Support transfer and channel mode.
Support two certificate modes based on the digital certificate and preshared key.
Support cryptographic algorithms such as DES、3DES、SHA、DH、RSA and the cryptographic algorithm controlled specially by the state and meet the management standards of the Commercial Cipher Products of the State.
Support NAT-T and can realize the two-way NAT-T interlinked with VPN.
Support the single arm connection technology, i.e. treating the safety gateway as one server or host machine connecting only one interface into the switch and specially handling the encrypt and decrypt of VPN messages without having to modify the physical topology of the user network;
It is the dynamic SA management based on the dual elements of time and flow rate. Support manual adding /removing static SA;
Support the safety access of mobile customer using the safety customer software (can also be used together with the encrypt card made domestically);
Support the hardware binding of the VPN client of the safety gateway. The bound USB KEY can only be used in this host machine under centralized control in the gateway.
Support the VPN safety interconnection among the dynamic IP addresses through DDNS or special address server.
Unique “Keeping Tunnel Alive” technology can assure the constant interconnection between the encryption tunnels among the devices.
Can detect the status of each VPN encryption tunnel and allocate the bandwidth independently, assuring high security and flexibility.
Support VLAN Trunk and support the VPN interconnection of VLAN sub-networks on multi switches in the case of the VLAN partition;
Support PPPoE protocol and various accesses such as ADSL, Cable Modem, ISDN, FTTB and DDN etc.
Firewall function
IP packet filtering function based on six-tuple
State inspection of firewall function can realize the connection, and tracking and inspecting the state of the access control policy of each firewall independently;
Bidirectional network address mapping function supports the NAT, NAPT and address pool flexibly;
Support the IP and MAC address binding and the user authentication based on the HTTP session hijack;
Support user access authentication that has seamless integration with IE;
Counter various attacks of DoS,DdoS;
The fast forwarding function based on the Hash table significantly improves the throughput rate of firewall;
Powerful management function
Original network management based on digital certificate integrates seamlessly with gateway management and monitoring platform;
Use centralized management software to manage all types of NS-VPN series safety gateway, and realize simultaneously the configuration of several safety gateways;
Provide software based on the GUI configuration and realize the local and remote management through the serial port and network interface;
Administrator can select the on-line and off-line configuration conveniently;
The ID authentication of the network administrator and encryption of the management instruction based on pre-shared encryption and digital certificate secure the completely security of data transmission of the remote management;
Support the servers of the local log and remote log, E-mail alarm, and export of the log;
Support remote monitoring platform.
Other functions
Support hot standby and synchronous configuration function;
Support Qos of eight levels and can allocate bandwidth for each access control policy independently;
Support the strict locking and dynamic balance mode of the bandwidth;
Support PPPoEand DHCP(Server and Client)protocols and the access modes of ADSL, Cable Modem, ISDN, FTTB, DDN, CDMA, and GPRS;
Support the static router and multicast forwarding;
Support ARP table emptying, send ARP broadcast for free, and execute the Ping command and remote reset;
Support the manual setting of the operation mode of the network interface and adaptive pattern;
Support one physical interface binding several IP addresses;
Support online code upgrading and code upgrading signature, preventing unauthorized tampering of the device codes;
|
Product Introduction
