Hybrid Deployment Architecture
H3C SecBlade IV NGFW modules can adapt to different scenario requirements. Whether the enterprise environment is complex and changeable or pursuing high-efficiency and agility, they can fit perfectly.
All NGFW modules share a unified operating system Comware, ensuring operational consistency and convenience, and greatly reducing operation and maintenance costs. With this innovative design, H3C NGFW modules build an all-round, reliable, and user-friendly network security protection system for customers, fully safeguarding enterprise network security.
Also, H3C SecBlade IV NGFW can be managed by H3C management platform, enabling consistent distribution, detailed management and dynamic adjustment of policies based on risk levels across hardware, virtualized, cloud-native, and containerized firewalls. The firewalls also feedback the networking changes, security logs and attack findings back to the platform, helping constructing the security situation. In this regard the firewalls and platform work as a whole.
Comware: One Core, Every Defense
Comware is a unified network security operating system designed based on the TCP/IP architecture. H3C SecBlade IV NGFW module, hardware firewall, virtualized firewall, cloud firewall, and containerized firewall all run on this operating system. It supports comprehensive networking and security functions and has high scalability. At the same time, it provides high visibility to simplify operation and maintenance procedures. Sharing this common core system, H3C SecBlade IV NGFW module provide every defense in all types of scenarios.
Comware has a modularized designs presenting abundant features while keeping high reliability. It also quickly reacts to changing technology and realizes rapid delivery.
The comprehensive TCP/IP protocol stack functionality allows the firewall to participate in network deployments with any topology, ensuring seamless integration. Comware supports multi-CPU, multi-core and multi-processing, enhancing data forwarding and processing efficiency.
Carrier-level high availability
H3C excels in hardware design. Its elite R&D team meticulously designs from chip to system level, using advanced tech for innovative architecture optimization, ensuring high performance.
Notably, H3C SecBlade IV NGFW modules are highly reliable. They endure rigorous tests. With redundant designs for key components, failure risks are minimized, firmly supporting digital transformation across industries.
Meanwhile, the Comware operating system offers a variety of selectable reliability technologies to ensure high-reliability at the network level.
Supports the RBM (Remote Backup Mechanism) technology, enabling real-time backup of business data and meeting the requirements of active-active and active-standby networking.
Integrated, Flexible and Advanced Protection
H3C SecBlade IV NGFW modules boast outstanding security capabilities, integrating functions such as intrusion detection, virus protection, and URL filtering. They can accurately identify and block various malicious traffic, preventing the invasion of viruses and Trojans. The powerful application identification technology can manage a vast number of network applications. Meanwhile, intelligent security policies help flexibly address complex threats. From the network perimeter to the interior, it builds a comprehensive security defense line, safeguarding the security of enterprise information assets.
Intrusion prevention system (IPS)
Supports real-time active interception of DOS, brute force disassembly, port scanning, sniffing, worms and other network attacks or malicious traffic protecting internal network information from infringement.
Application layer traffic identification and management
Uses the state machine and traffic exchange inspection technologies to detect traffic of P2P, IM, network game, stock, network video, and network multi-media applications, such as Facebook, X(twitter), Youtube, Thunder, BitTorrent, eMule, eDonkey, WeChat, Weibo, QQ and MSN. H3C firewalls use the deep inspection technology to identify P2P traffic precisely and provides multiple policies to control and manage the P2P traffic flexibly. Also, H3C SecBlade IV NGFW modules support over 7,000 protocols and over 10,000 applications, which are updated every 2 weeks.
Categorized filtering of massive URLs
Uses the local+cloud mode to provide 143 categorized and 130 million URL rules*, providing basic URL filtering blacklist and whitelist and allows you to query the URL category filtering server on line.
Web Application Firewall (WAF)
Deep web security protection. Supports web application protection. For the most CC attacks, SQL injection, HTTP slow attacks, cross-site-scripts and other common attacks, content detection and verification of various requests from web application clients are carried out to ensure their security and legitimacy, and illegal requests are blocked in real time, So as to effectively protect all kinds of websites.
Data leakage prevention (DLP)
Supports email filtering by SMTP mail address, subject, attachment, and content, HTTP URL and content filtering, FTP file filtering, and application layer filtering (including Java/ActiveX blocking and SQL injection attack prevention).
Unknown threat prevention
Uses the situation awareness platform to quickly detect and locate threats. This ensures that the firewall can take global security measures as soon as a single point is under attack. The firewalls support an enhanced AI feature, which enables a more professional AI-based detection capability for unknown threats. The firewalls can also send the unidentified files to sandbox(H3C SecCenter CSAP-ATD).
Flood Attack protection
Detects and prevents various attacks, including Land, Smurf, Fraggle, ping of death, Tear Drop, IP spoofing, IP fragment, ARP spoofing, reverse ARP lookup, invalid TCP flag, large ICMP packet, IP/port scanning, and common DDoS attacks such as SYN flood, UDP flood, DNS flood, and ICMP flood.
Complete and updated security signature database
H3C has a senior signature database team and professional attack protection labs that can provide a precise and up-to-date signature database.
Security zone
Allows you to configure security zones based on interfaces and VLANs.
Packet filtering
Allows you to apply standard or advanced ACLs between security zones to filter packets based on information contained in the packets, such as UDP and TCP port numbers. You can also configure time ranges during which packet filtering will be performed.
Access control
Supports access control based on users and applications and integrates deep intrusion prevention with access control.
ASPF
Dynamically determines whether to forward or drop a packet by checking its application layer protocol information and state. ASPF supports inspecting FTP, HTTP, SMTP, RTSP, and other TCP/UDP-based application layer protocols.
Blacklist
Supports static blacklist and dynamic blacklist.
- * URL libraries in cloud can be extended to 500 million
Intelligent Management
H3C SecCenter CSAP-SMP
SMP platform helps customers to manage the firewalls. SMP mainly focuses on local management installed in customer's own environment.
Web GUI and CLI
Web-based management, with simple, user-friendly GUI and integrated CLI-based configuration and management.
Intelligent security policy management
Detects duplicate, redundant or conflicting policies, optimizes policy configurations, detects and proposes security policies dynamically generated in the internal network.
Abundant reports
Include application-based reports and stream-based analysis reports. The reports can be customized covering different contents.
Security logs
H3C SecBlade IV NGFW modules support various logs including operation logs, security policy logs, threat logs, URL filtering logs, traffic logs and NAT logs.
Login
Products and Solutions
Security protection and access control based on users, applications, time, five tuples, and content security. Typical security protection features include IPS, AV, and URL filtering.
Technical Documents
Software Download