سرویس‌های شبکه


	Dynamic routing (OSPF, BGP, RIPv2)		Static and policy routing
	Route controlled by application		Built-in DHCP, NTP, DNS server and DNS proxy
	Tap mode—connect to SPAN port		Interface modes: sniffer, port aggregated, loopback, VLANS (802.1Q and trunking)
	L2/L3 switching & routing		Virtual wire (Layer 1) transparent inline deployment

فایروال


	Operating modes: NAT/route, transparent (bridge), and mixed mode		Policy objects: predefined, custom, and object grouping
	Security policy based on application, role and geo-location		Application Level Gateways and session support: MSRCP, PPTP, RAS, RSH, SIP, FTP, TFTP, HTTP, dcerpc, dns-tcp, dns-udp, H.245 0, H.245 1, H.323
	NAT and ALG support: NAT46, NAT64, NAT444, SNAT, DNAT, PAT, Full Cone NAT, STUN		NAT configuration: per policy and central NAT table
	VoIP: SIP/H.323/SCCP NAT traversal, RTP pin holing		Global policy management view
	Security policy redundancy inspection		Schedules: one-time and recurring

IPS


	Up to 8,000+ signatures, protocol anomaly detection, rate-based detection, custom signatures, manual, automatic push or pull signature updates, integrated threat encyclopedia		IPS Actions: default, monitor, block, reset (attackers IP or victim IP, incoming interface) with expiry time
	Packet logging option		Filter Based Selection: severity, target, OS, application or protocol
	IP exemption from specific IPS signatures		IDS sniffer mode
	IPv4 and IPv6 rate based DoS protection with threshold settings against TCP Syn flood, TCP/UDP/SCTP port scan, ICMP sweep, TCP/UDP/SCIP/ICMP session flooding (source/destination)		Active bypass with bypass interfaces
	Predefined prevention configuration

آنتی‌ویروس


	4 million Antivirus signatures, manual, automatic push or pull signature updates		Flow-based Antivirus: protocols include HTTP, SMTP, POP3, IMAP, FTP/SFTP
	Compressed file virus scanning

مقابله با حملات


	Abnormal protocol attack defense		Anti-DoS/DDoS, including SYN Flood, DNS Query Flood defense
	ARP attack defense

URL Filtering


	Flow-based web filtering inspection		Manually defined web filtering based on URL, web content and MIME header
	Dynamic web filtering with cloud-based real-time categorization database: over 140 million URLs with 64 categories (8 of which are security related)		Web filtering profile override: allows administrator to temporarily assign different profiles to user/group/IP
	Additional web filtering features:Filter Java Applet, ActiveX and/or cookie - Block HTTP Post - Log search keywords - Exempt scanning encrypted connections on certain categories for privacy		Web filter local categories and category rating override

Cloud-Sandbox


	Upload malicious files to cloud sandbox for analysis		Support protocols including HTTP/HTTPS, POP3, IMAP, SMTP and FTP
	Support file types including PE,ZIP, RAR, Office, PDF, APK, JAR and SWF		File transfer direction and file size control
	Provide complete behavior analysis report for malicious files		Global threat intelligence sharing, real-time threat blocking

SSL Decryption


	Application identification for SSL encrypted traffic		IPS enablement for SSL encrypted traffic
	AV enablement for SSL encrypted traffic		URL filter for SSL encrypted traffic
	SSL Encrypted traffic whitelist		SSL proxy offload mode

Data Security


	File transfer control based on file type		File protocol identification, including HTTP, FTP, SMTP and POP3
	File signature and suffix identification for over 100 file types		Content filtering for HTTP-GET, HTTP-POST, FTP and SMTP protocols
	IM identification and network behavior audit

Application control


	Over 3,000 applications that can be filtered by name, category, subcategory, technology and risk		Each application contains a description, risk factors, dependencies, typical ports used, and URLs for additional reference
	Actions: block, reset session, monitor, traffic shaping		Identify and control applications in the cloud
	Provide multi-dimensional monitoring and statistics for applications running in the cloud, including risk category and characteristics

Quality of Service (QoS)


	Max/guaranteed bandwidth tunnels or IP/user basis		Tunnel allocation based on security domain, interface, address, user/user group, server/server group, application/app group, TOS, VLAN
	Bandwidth allocated by time, priority, or equal bandwidth sharing		Type of Service (TOS) and Differentiated Services (DiffServ) support
	Prioritized allocation of remaining bandwidth		Maximum concurrent connections per IP
	Bandwidth allocation based on URL category

Server Load balancing


	Weighted hashing, weighted least-connection, and weighted round-robin		Session protection, session persistence and session status monitoring
	Server health check, session monitoring and session protection

Link Load balancing


	Bidirectional link load balancing		Outbound link load balancing includes policy based routing, ECMP and weighted, embedded ISP routing and dynamic detection
	Inbound link load balancing supports SmartDNS and dynamic detection		Automatic link switching based on bandwidth, latency, jitter, connectivity, application etc.
	Link health inspection with ARP, PING, and DNS

VPN


	SSL VPN realm support: allows multiple custom SSL VPN logins associated with user groups (URL paths, design)		IPSEC VPN configuration options: route-based or policy based
	IPSEC VPN deployment modes: gateway-to-gateway, full mesh, hub-and-spoke, redundant tunnel, VPN termination in transparent mode		One time login prevents concurrent logins with the same username
	SSL portal concurrent users limiting		SSL VPN port forwarding module encrypts client data and sends the data to the application server
	Supports clients that run iOS,Android,and Windows XP/Vista including 64-bit Windows OS		Host integrity checking and OS checking prior to SSL tunnel connections
	MAC host check per portal		Cache cleaning option prior to ending SSL VPN session
	L2TP client and server mode, L2TP over IPSEC, and GRE over IPSEC		View and manage IPSEC and SSL VPN connections
	PnPVPN		IPSec VPN: IPSEC Phase 1 mode: aggressive and main ID protection mode - Peer acceptance options: any ID, specific ID, ID in dialup user group - Supports IKEv1 and IKEv2 (RFC 4306) - Authentication method: certificate and pre-shared key - IKE mode configuration support (as server or client) - DHCP over IPSEC - Configurable IKE encryption key expiry, NAT traversal keep alive frequency - Phase 1/Phase 2 Proposal encryption: DES, 3DES, AES128, AES192, AES256 - Phase 1/Phase 2 Proposal authentication: MD5, SHA1, SHA256, SHA384, SHA512 - Phase 1/Phase 2 Diffie-Hellman support: 1,2,5 - XAuth as server mode and for dialup users - Dead peer detection - Replay detection - Autokey keep-alive for Phase 2 SA

IPv6


	Management over IPv6, IPv6 logging and HA		IPv6 routing protocols, static routing, policy routing, ISIS, RIPng, OSPFv3 and BGP4+
	IPv6 tunneling, DNS64/NAT64 etc.		IPS, Application identification, URL filtering, Anti-Virus, Access control, ND attack defense

VSYS


	System resource allocation to each VSYS		CPU virtualization
	Non-root VSYS support firewall, IPSec VPN, SSL VPN, IPS, URL filtering		VSYS monitoring and statistic
	Not supported on E1600, E1100W and E1100W3Gw

High availability


	Redundant heartbeat interfaces		Active/Active and Active/Passive
	Standalone session synchronization		HA reserved management interface
	Failover: Port, local & remote link monitoring - Stateful failover - Sub-second failover - Failure notification		Deployment options: HA with link aggregation - Full mesh HA - Geographically dispersed HA

تشخیص کاربر و ابزار


	Local user database		Remote user authentication: TACACS+, LDAP, Radius, Active
	Single-sign-on: Windows AD		2-factor authentication: 3rd party support, integrated token server with physical and SMS
	User and device-based policies		User group synchronization based on AD and LDAP
	Support for 802.1X, SSO Proxy		WebAuth page customization
	Interface based Authentication		Agentless ADSSO (AD Polling)
	Use authentication synchronization based on SSO-monitor

مدیریت


	Management access: HTTP/HTTPS, SSH, telnet, console		Central management: Hillstone Security Manager (HSM), web service APIs
	System integration: SNMP, syslog, alliance partnerships		Rapid deployment: USB auto-install, local and remote script execution
	Dynamic real-time dashboard status and drill-in monitoring widgets		Language support: English

لاگ و گزارشگیری


	Logging facilities: local memory and storage (if available), multiple syslog servers and multiple Hillstone Security Audit (HSA) platforms		Encrypted logging and log integrity with HSA scheduled batch log uploading
	Reliable logging using TCP option (RFC 3195)		Detailed traffic logs: forwarded, violated sessions, local traffic, invalid packets
	Comprehensive event logs: system and administrative activity audits, routing & networking, VPN, user authentications, WiFi related events		IP and service port name resolution option
	Brief traffic log format option		Three predefined reports: Security, Flow and network reports
	User defined reporting		Reports can be exported in PDF via Email and FTP

سایر


	Botnet server IP blocking with global IP reputation database		Support to identify endpoint IP, endpoint quantity, on-line time, off-line time, and on-line duration
	Support 10 operation systems		Support query based on IP and endpoint quantity
	Multi-SSID and wireless traffic control (only on E1100W and E1100WG3w)		Wire link and WCDMA link back up (Only on E1100WG3w)
	WCDMA IPSec VPN (Only on E1100WG3w)

فایروال‌های سری E هیلستون

امنیت جامع شبکه به همراه ویژگی‌های پیشرفته

فایروال‌های رده Enterprise

کنترل قسمت به قسمت نرم‌افزارها‌

تشخیص و کنترل جامع تهدیدات

دانلود کلاینت وی‌پی‌ان

بروشورها

سرویس‌های شبکه

فایروال

IPS

آنتی‌ویروس

مقابله با حملات

URL Filtering

Cloud-Sandbox

SSL Decryption

Data Security

Application control

Quality of Service (QoS)

Server Load balancing

Link Load balancing

VPN

IPv6

VSYS

High availability

تشخیص کاربر و ابزار

مدیریت

لاگ و گزارشگیری

سایر

نحوه ارتباط با ما

لینکدین

تلفن

ایمیل

تلگرام

لینک‌ها

صفحه اصلی

آیس‌وارپ

لینک نمایندگی آیس وارپ

آدرس

آدرس ما