Advanced network security platform
Using a dedicated 64-bit multi-core high-performance processor and high-speed memory, it can provide 100M secure business processing performance below 1G.
The CPU + Switch architecture is adopted, in which the CPU performs security service processing, and the switch implements the expansion of multi-service ports.
Comprehensive network security protection capabilities
The rich feature library can complete the detection of popular viruses. It supports anti-virus to botnets, Trojans, and worms, and can prevent more than 100 million viruses. It can identify 6000+ high-profile applications, supports security zone management, and can divide security domains based on interface, VLAN, IP, and VM names.
With rich attack prevention technology, it can support both IPv4 and IPv6. In addition to providing ordinary state firewall security isolation technology, it can provide effective protection against the following attacks:
1) Abnormal packet attacks (such as Land, smurf, Fraggle, WinNuke, Ping of Death, Tear Drop, illegal TCP packet flags, etc.);
2) Address spoofing attacks (such as IP spoofing, scanning attacks such as IP address attacks, port attacks, etc.);
3) Abnormal traffic attacks (such as Ack Flood, DNS Flood, Fin Flood, HTTP Flood, ICMP Flood, ICMPV6 Flood, Reset Flood, SYNACK Flood, SYN Flood, UDP Flood, etc.);
Rich VPN Applications
The CPU is embedded with a high-performance encryption engine to ensure that the complex encryption and decryption operations will not affect the CPU's processing of other firewall services, while ensuring the VPN's processing performance.
Support GRE VPN, L2TP VPN, IPsec VPN, DVPN, SSL VPN and a combination of multiple VPN technologies.
Support IPv6 IPsec vpn, IPv6 GRE VPN.
Support the combination of multiple VPN technologies using IPsec Over GRE, L2TP over IPsec, etc.
Comprehensive monitoring methods
Supports various ways to manage equipment through Web-GUI, CLI, SSH and other means.
Provide role-based function authorization mechanism, which can realize the permission control to function, command line and menu level.
Provide a unified SSM management platform, which can implement device configuration management, performance monitoring, and log auditing.
Provides rich MIB nodes to facilitate performance monitoring of external devices.
Open API
Open interface: Comware V7 uses the general Linux operating system to provide an open standard programming interface for users to use the basic functions provided by Comware V7 to implement their own dedicated functions. Currently, it is mainly based on the Netconf interface.
TCL script: Comware V7 has a built-in TCL script execution function. Users can use the TCL scripting language to directly write scripts, use the command line provided by Comware V7, SNMP Get, SET operations, and the programming interface exposed by Comware V7 to achieve the required functions.
EAA: Pre-defined actions can be performed when the system changes. It meets some personalized needs of users. while improving the maintainability of the system,
Carrier-grade reliability
Support hot backup of firewall, NAT, attack and VPN services.
Fault isolation: Software modularization technology enables each part of the software to achieve fault isolation. The modular design of Comware V7 ensures that the abnormality of one process will not affect the normal operation of other processes and the kernel. Software failures can also be recovered by themselves without affecting the operation of the hardware
Process-level GR: With perfect process-level GR technology, the system can recover quickly after a failure without affecting system services.