SecPath Firewall Architecture

uptightexampleNetworking and Communications

Oct 24, 2013 (3 years and 7 months ago)

94 views

SecPath Firewall Architecture

Objectives

Upon completion of this course, you will be able to:


Understand the architecture of
SecPath series firewalls


Become familiar with the service
features of SecPath series firewalls


Understand typical applications of
SecPath series firewalls


3Com Confidential.


3

Contents



SecPath Firewall Family Members



SecPath Firewall Service Features



SecPath Firewall Typical Applications

Firewall Family Members

ISP / Data Cernter

Medium Enterprise

Small Enterprise

Large Enterprise

SecPath F1000
-
A

SecPath F1000
-
S

SecBlade II

F100
-
A

F1000
-
E

F5000
-
A

SecPath F1000
-
E

CF card slot

HIM interface card
slot 1

HIM interface card
slot 2

Available for

Oversea Market


Specification


Throughput : 6Gbps


Concurrent connections : 2,000,000


New connections per second : 60,000


4 fixed combo GE ports (electrical/optical)


2 HIM card slots


Supported HIM card type : 4GBE/4GFE/8GBE

AUX port

Console port

USB 0

USB 1

GE optical port

10/100/1000M electrical port

GE optical port

10/100/1000M electrical port

Combo port

Combo port

SecPath F1000
-
A

GE electrical port

GE optical port

GE electrical port

GE optical port

Console port

AUX port

Combo port

Combo port

1 MIM interface card slot

Available for

Oversea Market


Specification


Throughput : 1.5Gbps


Concurrent connections : 1,000,000


New connections per second : 20,000


2 fixed combo GE ports (electrical/optical)


1 MIM card slots


Supported MIM card type : 1FE/2FE/4FE/1GBE/1GEF/2GBE/2GEF

SecPath F1000
-
S

GE electrical port 1/0

GE combo port 0/0

Console port

AUX port

GE electrical port 1/1

GE combo port 0/1

MIM interface card slot 0

MIM interface card slot 1

Available for

Oversea Market


Specification


Throughput : 1Gbps


Concurrent connections : 1,000,000


New connections per second : 10,000


2 fixed combo GE ports (electrical/optical)


2 fixed electrical GE port


2 MIM card slots


Supported MIM card type : 1FE/2FE/4FE/1GBE/1GEF/2GBE/2GEF

SecPath SecBlade FW

GE combo port 0/3

USB 1

GE electrical port 0/1

Console port

GE combo port 0/4

GE electrical port 0/2

USB 0

CF card slot

Available for

Oversea Market


Specification


Management interface :

2 fixed combo GE ports (electrical/optical)

2 fixed electrical GE port


Inter
-
connection interface with chassis

1 10GE interface


Support device


S7500E series switches


S9500 series switches


SR8800 series routers


SR6600 series routers


SecPath F100
-
A

1 MIM interface card slot

10/100M WAN port 0/0

10/100M WAN port 0/1

10/100M WAN port 0/2

4 * 10/100M LAN port

AUX port

Console port

Available for

Oversea Market


Specification


Throughput : 200Mbps


Concurrent connections : 500,000


New connections per second : 3,000


3 fixed FE WAN ports


4 fixed FE LAN ports


1 MIM card slots


Supported MIM card type : 1FE/2FE/4FE/IPSec Encryption/Decryption card


3Com Confidential.


10

Contents



SecPath Firewall Family Members



SecPath Firewall Service Features



SecPath Firewall Typical Applications

SecPath Firewall Service Features


ASPF


Diversified

attack

defending

means


Rich

VPN

services


Intelligent

analysis

and

management

means


Content

filter

&

Email

filter


Network

protocol

accumulation


Security

authentication


Network

isolation

&

access

control


NAT

SecPath Firewall Service Features


Packet filter


Application layer status detection


Diversified attack defending means


NAT

Firewall

Trusted
Zone

Untrusted
Zone

DoS attack

Hacker

Normal user

Prevent

Normal

website


Harmful

website



Internet

Harmful

contents


Healthy

contents




Content filter


Email filter

SecPath Firewall Service Features


Email

Server

Email

detection

Intranet service layer

Log center

Intranet access layer

External network

/Internet

Attack packets are found.

A

B

C

Report logs

Attack packets
are rejected.

SecPath Firewall

SecPath Firewall Service Features

Email

notification

SecPath Firewall Service Features


3Com Confidential.


16

Contents



SecPath Firewall Family Members



SecPath Firewall Service Features



SecPath Firewall Typical Applications

SecPath Firewall Typical Applications (1)

Internet

External

server

Untrusted

Zone


Trusted Zone

Leased line
branch

Internal

network

DMZ



Firewall application at the enterprise egress

H3C SecPath series firewalls provide powerful filtering and perfect
management functions. They are deployed at the internal network egress
to defend all attacks from the external network.

SecPath Firewall Typical Applications (2)



Firewall + VPN application for small
-
/medium
-
sized enterprises

H3C SecPath F1000
-
S firewall can provide both powerful filtering and VPN
functions. It can protect security of the internal network and meet the demand
of branches and mobile offices for accessing the headquarters resources.

IP

network

Remote

office

by

using

the

VPN

client

Enterprise

headquarters

Enterprise

branch

SecPath

100
F


SecPath

F
1000
-
S

MCU

Application

server

group

Voice

device

Voice

Video

Data

VPN

tunnel

User

dynamic

authentication

server

Authentication

tunnel

Dynamic

password

key

disk

SecPath Firewall Typical Applications (3)

With the powerful VPN function, the H3C SecPath F100
-
C firewall can
meet the demand of branches and mobile offices for accessing the
headquarters resources, applicable to SOHO family or office networks. In
addition, the SecPath F100
-
C firewall can provide powerful filtering and
perfect management functions. It can be deployed at the internal network
egress to defend all attacks from the external network.



Firewall + VPN application for SOHO users



Internet



Untrusted

Zone

Trusted

Zone

SOHO

internal

network



Remote

office

by

using

the

VPN

client



SecPath Firewall Typical Applications

(4)

Besides VPN applications, the SecPath firewall can provide device backup and load sharing. When
branches access the enterprise headquarters through the IPSec VPN, two SecPath firewalls that are
deployed at the headquarters can be used to guarantee the privacy, integrality, reality, and anti
-
replay
of data transmission on the network. The enterprise headquarters adopts two firewalls to implement
load sharing and device backup in case on device fails.



VPN + firewall backup application for branches

Internet

Enterprise

headquarters

Branch

SecPath

firewall

MCU

Application

server

group

Voice

device

Voice

Video

Data

Voice

Video

Data

SecPath

F
100
-
A

SecPath

firewall

SecPath

F
100
-
A

Branch

IPSEC

tunnel


IPSEC

tunnel

Backup

IPSEC

tunnel

Branches


Summary


Understand the architecture of SecPath
series firewalls


Become familiar with the service features
of SecPath series firewalls


Understand typical applications of
SecPath series firewalls

Thank you