SANGFOR NEXT GENERATION FIREWALL
Next-Generation Security For Your Business
SANGFOR Next-Generation Firewall designed with application control, intrusion prevention and web security in mind, to deliver excellent visibility over users, applications and contents. SANGFOR NGFW ensures the entire security from layer 2 to layer 7 at multi-gigabit speeds and distinguishes from the traditional firewall to be an ideal choice for customers.
As attacks get more sophisticated, the traditional firewall are not effective with current and emerging threats. SANGFOR NGFW, an ideal choice to upgrade or replace the traditional security devices, can provide precise and full stack visibility and defend the security threats in the whole network from layer 2 to layer 7,both inbound and outbound.
As a platform for the enforcement of network security policy, SANGFOR NGFW formulates the bi-directional secure policy based on users, applications, URL, data and contents. Compared with the traditional port/protocol based methods, SANGFOR NGFW is more relevant and effective to meet the current and coming generation of network security threats, and to identify and block the misuse of applications.
SANGFOR NGFW designed with the concern to defend the attacks from layer 2 to layer 7, especial emphasized on the application layer attacks which is more various and sophisticated with a higher risk to cause serious leakage or damages.
Meanwhile, by adopting the innovative and leading software and hardware architecture, SANGFOR NGFW ensure the high performance at the application layer. Benefit from the single-pass analysis algorithm and multi-core parallel processing, the throughput can reach up to 10G and more with μs latency under multifunction protection function mode.
SANGFOR Next-Generation Firewall designed with application control, intrusion prevention and web security in mind, to deliver excellent visibility over users, applications and contents. SANGFOR NGFW ensures the entire security from layer 2 to layer 7 at multi-gigabit speeds and distinguishes from the traditional firewall to be an ideal choice for customers.
As attacks get more sophisticated, the traditional firewall are not effective with current and emerging threats. SANGFOR NGFW, an ideal choice to upgrade or replace the traditional security devices, can provide precise and full stack visibility and defend the security threats in the whole network from layer 2 to layer 7,both inbound and outbound.
As a platform for the enforcement of network security policy, SANGFOR NGFW formulates the bi-directional secure policy based on users, applications, URL, data and contents. Compared with the traditional port/protocol based methods, SANGFOR NGFW is more relevant and effective to meet the current and coming generation of network security threats, and to identify and block the misuse of applications.
SANGFOR NGFW designed with the concern to defend the attacks from layer 2 to layer 7, especial emphasized on the application layer attacks which is more various and sophisticated with a higher risk to cause serious leakage or damages.
Meanwhile, by adopting the innovative and leading software and hardware architecture, SANGFOR NGFW ensure the high performance at the application layer. Benefit from the single-pass analysis algorithm and multi-core parallel processing, the throughput can reach up to 10G and more with μs latency under multifunction protection function mode.
ENTIRE SECURITY
Firewall
Static and dynamic package filtering.
Inspection on well-known protocols of FTP, HTTP, SMTP, RTSP, H.323 (Q.931, H.245, RTP/RTCP), SQLNET, NMS, PPTP, TCP, UDP…
Protection against attacks of Land, Smurf, Fraggle, WinNuke, Ping of Death, Tear Drop, IP spoofing, SYN/ICMP/UDP flood, HTTP GET flood, DNS query flood, ARP cheating, ICMP redirection, static and dynamic black list, etc.
Intrusion Prevention
Scanning based on signature, protocol or applications. Intelligent analysis of unknown threats with correlation analysis.
Up-to-date CVE Compatibility certificated IPS database of 3000+ signatures.
Server and terminal group signature database flexible for policy deployment.
Policy based IPS protection on source/destination IP and subnet.
Block worms, Trojans, spyware, scanning, DoS, DDoS, vulnerability exploits, buffer overflow attacks, abnormal protocol and attacks with evasive tactic employed.
Detailed log message and in-cloud threats analysis.
Anti-Virus
Stream-based anti-virus for HTTP, FTP, SMTP and POP3 protocols, etc.
Up-to-date anti-virus database with 300,000+ signatures updated manually or automatically.
Build-in SOPHOS anti-virus database and engine.
Web Application Security
Up-to-date application signature database of 2000+ web application threats.
Black list and exclusion list of URL.
Weak password protection for ftp and telnet, etc.
Protect web application against the top ten threats defined by OWASP, including SQL injection, XSS attack and CRSF, etc.
Server information invisibility for web server and ftp server, etc.
File uploading scanning and filtering based on signatures.
DLP
Build-in sensitive information signature database and support user-defined sensitive information, such as username, password, mailbox, IDand MD5keys.
Prevent information leakage through HTTP connections.
Ensure high security for sensitive information of the database against leakage.
Risk Access
Port and service scanning for certain IP and assess the security risk for the server or terminal.
Support weak password for FTP, MYSQL, ORACLE, MSSQL,SSH, RDP, NetBIOS and VNC services, etc.
Automatically generate the cross-module security policy for FW, IPS and WAF module to ensure the entire security.
AUTHENTICATION & ACCESSIBILITY
User Authentication
Mapping by IP, MAC, IP/MAC binding, hostname and USB-Key. User account import from CSV file and LDAP Server. Seamless integration with AD and LDAP.
Policy based SSO integration with AD domain, proxy, POP3 and WEB.
Application Control
Identify applications based on application signatures database.
Support application based control policy.
URL Filter
On-disk URL database,Anti-proxy technology.
Support URL category and group based policy.
HW & SW Visibility
Real-time monitor on CPU,memory,disk,session,online users and network interface information.
BM Visibility
Bandwidth usage ranking by IPs, applications and users.
Security Visibility
Detailed real-time information on security issues for servers or terminals, including source/destination IP, attack category and URL,etc.
NETWORKING AND OPTIMIZATION
Deployment
Gateway,Bridge,Bypass mode,virtual wire and mix mode.
Networking
Support ARP, DNS, IP UNNUMBERED.
Support policy routing,static routing, RIP v1/2 and OSPF.
Support application policy-based forwarding.
NAT
1:1 NAT, n:n NAT, m:n NAT, time based NAT policy.
Support NAT ALG, including DNS, FTP, H.323 and SIP, etc.
Built-In IPsec VPN
Built-in route-based IPsecVPN for secure,fast and cost-effective deployment of remote office network.
Bandwidth Management
Support multiplexing and intelligent routing. Advanced P2P control.
Qos policy based on users, applications, IPs, file types, website types and schedules, etc.
MANAGEMENT
Management
Support Web GUI with SSL encryption; Support SNMP
Alarm
Support E-mail, MSM alarms on sign-in, virus, IPS, web attack and hardware issues. Support graphical tools for trouble shooting.
Configuration
Support template configuration for easier maintenance.
REPORTING
Risk Report
Support security risk report based on port, service, vulnerability and weak password providing guideline for IT administrator.
Security Logs
Detailed loges for security events as DOS attack, web attack, IPS, viruses, website access, application control, user login and OS configuration.
Trend Report
Support schedule based trend report.
Statistics Report
Support user defined statistics report based on IP, group, users, application in flexible report schedule
Report Format
Support XML, PDF format and automatically send to specified
email list.
Internet Access Zone
- Entire security for Internet access.
DMZ Zone
- Website one-stop security protection.
- Webpage anti-defacement protection.
- Business sensitive information leakage protection.
Data Center Security Zone
- Entire security for internet access.
- Security reinforcement for core business system.
- Business sensitive information leakage protection.
WAN Edge Security Zone
- WAN dataflow filtering.
- WAN edge security protection.