secpath firewall architecture. objectives upon completion of this course, you will be able to:...
Post on 22-Dec-2015
213 views
TRANSCRIPT
SecPath Firewall Architecture
ObjectivesUpon completion of this course, you will be able to:
Understand the architecture of
SecPath series firewalls
Become familiar with the service
features of SecPath series firewalls
Understand typical applications of
SecPath series firewalls
3Com Confidential. 3
Contents
SecPath Firewall Family Members
SecPath Firewall Service Features
SecPath Firewall Typical Applications
Firewall Family Members
ISP / Data Cernter
Medium Enterprise
Small Enterprise
Large Enterprise
SecPath F1000-A
SecPath F1000-S
SecBlade II
F100-A
F1000-EF5000-A
SecPath F1000-E
CF card slotHIM interface card slot 1HIM interface card slot 2
Available for Oversea Market
Specification Throughput : 6Gbps Concurrent connections : 2,000,000 New connections per second : 60,000 4 fixed combo GE ports (electrical/optical) 2 HIM card slots Supported HIM card type : 4GBE/4GFE/8GBE
AUX portConsole portUSB 0USB 1
GE optical port10/100/1000M electrical portGE optical port10/100/1000M electrical port
Combo port
Combo port
Comware V5
Platform Inside
SecPath F1000-A
GE electrical portGE optical portGE electrical portGE optical port
Console portAUX port
Combo port
Combo port
1 MIM interface card slotAvailable for Oversea Market
Specification Throughput : 1.5Gbps Concurrent connections : 1,000,000 New connections per second : 20,000 2 fixed combo GE ports (electrical/optical) 1 MIM card slots Supported MIM card type : 1FE/2FE/4FE/1GBE/1GEF/2GBE/2GEF
SecPath F1000-S
GE electrical port 1/0
GE combo port 0/0
Console portAUX portGE electrical port 1/1
GE combo port 0/1
MIM interface card slot 0
MIM interface card slot 1Available for
Oversea Market
Specification Throughput : 1Gbps Concurrent connections : 1,000,000 New connections per second : 10,000 2 fixed combo GE ports (electrical/optical) 2 fixed electrical GE port 2 MIM card slots Supported MIM card type : 1FE/2FE/4FE/1GBE/1GEF/2GBE/2GEF
SecPath SecBlade FW
GE combo port 0/3
USB 1GE electrical port 0/1
Console port
GE combo port 0/4
GE electrical port 0/2USB 0
CF card slot
Available for Oversea Market
Specification Management interface :
2 fixed combo GE ports (electrical/optical)2 fixed electrical GE port
Inter-connection interface with chassis1 10GE interface
Support device S7500E series switches S9500 series switches SR8800 series routers SR6600 series routers
SecPath F100-A
1 MIM interface card slot
10/100M WAN port 0/010/100M WAN port 0/110/100M WAN port 0/2
4 * 10/100M LAN port
AUX port
Console port
Available for Oversea Market
Specification Throughput : 200Mbps Concurrent connections : 500,000 New connections per second : 3,000 3 fixed FE WAN ports 4 fixed FE LAN ports 1 MIM card slots Supported MIM card type : 1FE/2FE/4FE/IPSec Encryption/Decryption card
3Com Confidential. 10
Contents
SecPath Firewall Family Members
SecPath Firewall Service Features
SecPath Firewall Typical Applications
SecPath Firewall Service Features
ASPF
Diversified attack
defending means
Rich VPN services
Intelligent analysis and
management means
Content filter
& Email filter
Network protocol
accumulation
Security authentication
Network isolation
& access control
NAT
SecPath Firewall Service Features
Packet filterApplication layer status detectionDiversified attack defending meansNAT
FirewallTrusted
Zone Untrusted Zone
DoS attack
Hacker
Normal user
Prevent
Normal website
Harmful website• Internet
Harmful contents
Healthy contents
Content filterEmail filter
SecPath Firewall Service Features
Email Server
Email detection
Intranet service layer
Log center
Intranet access layer
External network/Internet
Attack packets are found.
A B C
Report logs
Attack packets are rejected.
SecPath Firewall
SecPath Firewall Service Features
Email notification
SecPath Firewall Service Features
3Com Confidential. 16
Contents
SecPath Firewall Family Members
SecPath Firewall Service Features
SecPath Firewall Typical Applications
SecPath Firewall Typical Applications (1)
Internet
External server
Untrusted Zone
Trusted Zone
Leased line branch
Internal network
DMZ
Firewall application at the enterprise egress
H3C SecPath series firewalls provide powerful filtering and perfect management functions. They are deployed at the internal network egress to defend all attacks from the external network.
SecPath Firewall Typical Applications (2)
Firewall + VPN application for small-/medium-sized enterprises
H3C SecPath F1000-S firewall can provide both powerful filtering and VPN functions. It can protect security of the internal network and meet the demand of branches and mobile offices for accessing the headquarters resources.
IP network
Remote office by using the VPN client
Enterprise headquarters
Enterprise branch
SecPath 100F
SecPath F1000-S
MCU
Application server groupVoice device
Voice
Video
Data
VPN tunnel
User dynamic authentication server
Authentication tunnel
Dynamic password key disk
SecPath Firewall Typical Applications (3)
With the powerful VPN function, the H3C SecPath F100-C firewall can meet the demand of branches and mobile offices for accessing the headquarters resources, applicable to SOHO family or office networks. In addition, the SecPath F100-C firewall can provide powerful filtering and perfect management functions. It can be deployed at the internal network egress to defend all attacks from the external network.
Firewall + VPN application for SOHO users
Internet Untrusted Zone
Trusted Zone
SOHO internal network
Remote office by using the VPN client
SecPath Firewall Typical Applications (4)
Besides VPN applications, the SecPath firewall can provide device backup and load sharing. When branches access the enterprise headquarters through the IPSec VPN, two SecPath firewalls that are deployed at the headquarters can be used to guarantee the privacy, integrality, reality, and anti-replay of data transmission on the network. The enterprise headquarters adopts two firewalls to implement load sharing and device backup in case on device fails.
VPN + firewall backup application for branches
Internet
Enterprise headquarters
Branch
SecPath firewall
MCU
Application server groupVoice device
Voice
Video
Data
Voice
Video
Data
SecPath F100-A
SecPath firewall
SecPath F100-A
Branch
IPSEC tunnel IPSEC tunnel
Backup IPSEC tunnel
Branches…
Summary
Understand the architecture of SecPath
series firewalls
Become familiar with the service features
of SecPath series firewalls
Understand typical applications of
SecPath series firewalls
Thank you