HP JG372A Scheda Tecnica
2
Data sheet | HP 10500/11900/7500 20Gbps
VPN Firewall Module
VPN Firewall Module
Features and benefits
Firewall
•
•
High performance: 20 Gbps throughput helps secure traffic without compromising network
performance. Support for four million concurrent connections and 150,000 new connections
per second enables high-volume networks to remain secure under peak traffic.
performance. Support for four million concurrent connections and 150,000 new connections
per second enables high-volume networks to remain secure under peak traffic.
•
ASPF: Dynamically determines whether to forward or drop a packet by checking its application
layer protocol information (such as FTP, HTTP, Simple Mail Transfer Protocol [SMTP], Real Time
Streaming Protocol [RTSP], and other application layer protocols based on Transition Control
Protocol [TCP] or User Datagram Protocol [UDP]) and monitoring the connection-based
application layer protocol status.
layer protocol information (such as FTP, HTTP, Simple Mail Transfer Protocol [SMTP], Real Time
Streaming Protocol [RTSP], and other application layer protocols based on Transition Control
Protocol [TCP] or User Datagram Protocol [UDP]) and monitoring the connection-based
application layer protocol status.
•
Virtualization: Multi-core architecture enables both multiple zones and multiple separate
firewall instances to be created on the same device. Support for 1024 security zones,
256 virtual firewalls, and 4,094 virtual LANs (VLANs) offers robust protection to all corners
of your network. Centralized deployment of a single device offering multiple virtual firewalls
lowers total cost of ownership through streamlined training, simplified deployment and
management, and reduced power consumption.
firewall instances to be created on the same device. Support for 1024 security zones,
256 virtual firewalls, and 4,094 virtual LANs (VLANs) offers robust protection to all corners
of your network. Centralized deployment of a single device offering multiple virtual firewalls
lowers total cost of ownership through streamlined training, simplified deployment and
management, and reduced power consumption.
•
Zone-based access policies: Groups VLANs logically into zones that share common
security policies; allows both unicast and multicast policy settings by zones instead of by
individual VLANs.
security policies; allows both unicast and multicast policy settings by zones instead of by
individual VLANs.
•
Application-level gateway (ALG): Discovers the IP address and service port information
embedded in the application data using deep packet inspection in the firewall; the firewall then
dynamically opens appropriate connections for specific applications.
embedded in the application data using deep packet inspection in the firewall; the firewall then
dynamically opens appropriate connections for specific applications.
•
NAT: Full support of NAT applications including many-to-one, many-to-many, static NAT,
dual translation, easy IP, and DNS mapping. It supports NAT traversal with multiple protocols,
and delivers NAT ALG functions such as DNS, FTP, H.323, and NetBIOS over TCP/IP (NBT).
dual translation, easy IP, and DNS mapping. It supports NAT traversal with multiple protocols,
and delivers NAT ALG functions such as DNS, FTP, H.323, and NetBIOS over TCP/IP (NBT).
Virtual private network
•
•
Internet Protocol Security (IPSec): Provides secure tunneling over an untrusted network
such as the Internet or a wireless network; offers data confidentiality, authenticity, and
integrity between two network endpoints.
such as the Internet or a wireless network; offers data confidentiality, authenticity, and
integrity between two network endpoints.
•
Layer 2 Tunneling Protocol (L2TP): An industry standard-based traffic encapsulation
mechanism supported by many common operating systems such as Windows
mechanism supported by many common operating systems such as Windows
®
XP and
Windows Vista
®
; can tunnel the Point-to-Point Protocol (PPP) traffic over the IP and non-IP
networks; may use the IP/UDP transport mechanism in IP networks.
•
Generic Routing Encapsulation (GRE): Transports Layer 2 connectivity over a Layer 3 path in
a secured way; enables the segregation of traffic from site to site.
a secured way; enables the segregation of traffic from site to site.
•
Manual or automatic Internet Key Exchange (IKE): Provides either manual or automatic key
exchange required for the algorithms used in encryption or authentication; auto-IKE allows
automated management of the public key exchange, providing the highest levels of encryption.
exchange required for the algorithms used in encryption or authentication; auto-IKE allows
automated management of the public key exchange, providing the highest levels of encryption.
Management
•
•
Secure Web GUI: Provides a secure, easy-to-use graphical interface for configuring the
module via HTTPS.
module via HTTPS.
•
Command-line interface (CLI): Provides a secure, easy-to-use CLI for configuring the module
via secure shell (SSH) or a switch console; provides direct real-time session visibility.
via secure shell (SSH) or a switch console; provides direct real-time session visibility.
•
SNMPv1, v2c, and v3: Facilitate centralized discovery, monitoring, and secure management of
networking devices.
networking devices.
•
Complete session logging: Provides detailed information for problem identification
and resolution.
and resolution.
•
Manager and operator privilege levels: Provides read-only (operator) and read/write
(manager) access on CLI and Web browser management interfaces.
(manager) access on CLI and Web browser management interfaces.