Ports

5 × GE + 2 × SFP

(MTU: 1500 defaultly)

10 × GE + 2 × SFP

Storage media

TF card with a maximum size of 500 GB

Ambient temperature

Operating: 0°C to 45°C (32°F to 113°F)

Storage: –40°C to +70°C (–40°F to +158°F)

Operating mode

Route, transparent, or hybrid

AAA

Portal authentication

RADIUS authentication

HWTACACS authentication

PKI/CA (X.509 format) authentication

Domain authentication

CHAP authentication

PAP authentication

Firewall

SOP virtual firewall technology, which supports full virtualization of hardware resources, including CPU, memories, and storage

Security zone

Attack protection against malicious attacks, such as land, smurf, fraggle, ping of death, teardrop, IP spoofing, IP fragmentation, ARP spoofing, reverse ARP lookup, invalid TCP flag, large ICMP packet, address/port scanning, SYN flood, ICMP flood, UDP flood, and DNS query flood

Basic and advanced ACLs

Time range-based ACL

User-based and application-based access control

ASPF application layer packet filtering

Static and dynamic blacklist function

MAC-IP binding

MAC-based ACL

802.1Q VLAN transparent transmission

Sub-Interface VLAN

Antivirus

Signature-based virus detection

Manual and automatic upgrade for the signature database

Stream-based processing

Virus detection based on HTTP, FTP, SMTP, and POP3

Virus types include Backdoor, Email-Worm, IM-Worm, P2P-Worm, Trojan, AdWare, and Virus

Virus logs and reports

Deep intrusion prevention

Prevention against common attacks such as hacker, worm/virus, Trojan, malicious code, spyware/adware, DoS/DDoS, buffer overflow, SQL injection, and IDS/IPS bypass

Attack signature categories (based on attack types and target systems) and severity levels (including high, medium, low, and notification)

Manual and automatic upgrade for the attack signature database (TFTP and HTTP).

P2P/IM traffic identification and control

Email/webpage/ application layer filtering

Email filtering

SMTP email address filtering

Email subject/content/attachment filtering

Webpage filtering

HTTP URL/content filtering

Java blocking

ActiveX blocking

SQL injection attack prevention

NAT

Many-to-one NAT, which maps multiple internal addresses to one public address

Many-to-many NAT, which maps multiple internal addresses to multiple public addresses

One-to-one NAT, which maps one internal address to one public address

NAT of both source address and destination address

External hosts access to internal servers

Internal address to public interface address mapping

NAT support for DNS

Setting effective period for NAT

NAT ALGs for NAT ALG, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP, and SIP

VPN

L2TP VPN

IPSec VPN

GRE VPN

SSL VPN

IP Services

IP Forwarding

ICMP, Tracert, ping, Telnet, DHCP Server, DCHP Relay, and DHCP Client

Routing: Static, RIP, OSPF, BGP

Multicast: IGMP, PIM-SM and PIM-DM

IPv6 status firewall

IPv6 attack protection

IPv6 forwarding

IPv6 protocols such as ICMPv6, PMTU, Ping6, DNS6, TraceRT6, Telnet6, DHCPv6 Client, and DHCPv6 Relay

IPv6 routing: RIPng, OSPFv3, BGP4+, static routing, policy-based routing

IPv6 multicast: PIM-SM, and PIM-DM

IPv6 transition techniques: NAT-PT, IPv6 tunneling, NAT64 (DNS64), and DS-LITE

IPv6 security: NAT-PT, IPv6 tunnel, IPv6 packet filter, RADIUS, IPv6 zone pair policies, IPv6 connection limit

Encryption algorithm

MD5/SHA1/SHA256/SHA384/SHA512/SM3/3DES-CBC/AES-CBC-128/ AES-CBC-192/ AES-CBC-256/DES-CBC/SM1-CBC-128/SM4-CBC

High availability

Active/active and active/standby RBM stateful failover

Configuration synchronization of two firewalls

IKE state synchronization in IPsec VPN

VRRP

Configuration management

CLI Configuration management via console port

Remote management through Web, SSH

Device management through H3C IMC SSM

SNMPv3, compatible with SNMPv2 and SNMPv1

Intelligent security policy

Environmental protection

EU RoHS compliance