Ports

10 × GE + 2 × SFP (MTU: 1500 defaultly)

Storage media

TF card with a maximum size of 500 GB

Ambient temperature

- Operating: 0°C - 45°C (32°F - 113°F)
- Storage: –40°C - +70°C (–40°F - 158°F)

Operating mode

Route, transparent, or hybrid

AAA

- Portal authentication
- RADIUS authentication
- HWTACACS authentication
- PKI/CA (X.509 format) authentication
- Domain authentication
- CHAP authentication
- PAP authentication

Firewall

- SOP virtual firewall technology, which supports full virtualization of hardware resources, including CPU, memories, and storage

- Security zone

- Attack protection against malicious attacks, such as land, smurf, fraggle, ping of death, teardrop, IP spoofing, IP fragmentation, ARP spoofing, reverse ARP lookup, invalid TCP flag, large ICMP packet, address/port scanning, SYN flood, ICMP flood, UDP flood, and DNS query flood

- Basic and advanced ACLs

- Time range-based ACL
- User-based and application-based access control
- ASPF application layer packet filtering
- Static and dynamic blacklist function
- MAC-IP binding
- MAC-based ACL
- 802.1Q VLAN transparent transmission
- Sub-Interface VLAN

Antivirus

- Signature-based virus detection

- Manual and automatic upgrade for the signature database

- Stream-based processing

- Virus detection based on HTTP, FTP, SMTP, and POP3

- Virus types include Backdoor, Email-Worm, IM-Worm, P2P-Worm, Trojan, AdWare, and Virus

- Virus logs and reports

Deep intrusion prevention

- Prevention against common attacks such as hacker, worm/virus, Trojan, malicious code, spyware/adware, DoS/DDoS, buffer overflow, SQL injection, and IDS/IPS bypass

- Attack signature categories (based on attack types and target systems) and severity levels (including high, medium, low, and notification)

- Manual and automatic upgrade for the attack signature database (TFTP and HTTP).

- P2P/IM traffic identification and control

Email/webpage/ application layer filtering

- Email filtering

- SMTP email address filtering

- Email subject/content/attachment filtering

- Webpage filtering

- HTTP URL/content filtering

- Java blocking

- ActiveX blocking

- SQL injection attack prevention

NAT

- Many-to-one NAT, which maps multiple internal addresses to one public address

- Many-to-many NAT, which maps multiple internal addresses to multiple public addresses

- One-to-one NAT, which maps one internal address to one public address

- NAT of both source address and destination address

- External hosts access to internal servers

- Internal address to public interface address mapping

- NAT support for DNS

- Setting effective period for NAT

- NAT ALGs for NAT ALG, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP, and SIP

VPN

- L2TP VPN

- IPSec VPN

- GRE VPN

- SSL VPN

IP Services

- IP Forwarding

- ICMP, Tracert, ping, Telnet, DHCP Server, DCHP Relay, and DHCP Client

- Routing: Static, RIP, OSPF, BGP

- Multicast: IGMP, PIM-SM and PIM-DM

- IPv6 status firewall

- IPv6 attack protection

- IPv6 forwarding

- IPv6 protocols such as ICMPv6, PMTU, Ping6, DNS6, TraceRT6, Telnet6, DHCPv6 Client, and DHCPv6 Relay

- IPv6 routing: RIPng, OSPFv3, BGP4+, static routing, policy-based routing

- IPv6 multicast: PIM-SM, and PIM-DM

- IPv6 transition techniques: NAT-PT, IPv6 tunneling, NAT64 (DNS64), and DS-LITE

- IPv6 security: NAT-PT, IPv6 tunnel, IPv6 packet filter, RADIUS, IPv6 zone pair policies, IPv6 connection limit

Encryption algorithm

MD5/SHA1/SHA256/SHA384/SHA512/SM3/3DES-CBC/AES-CBC-128/ AES-CBC-192/ AES-CBC256/DES-CBC/SM1-CBC-128/SM4-CBC

High availability

- Active/active and active/standby RBM stateful failover

- Configuration synchronization of two firewalls

- IKE state synchronization in IPsec VPN

- VRRP

Configuration management

- CLI Configuration management via console port

- Remote management through Web, SSH

- Device management through H3C IMC SSM

- SNMPv3, compatible with SNMPv2 and SNMPv1

- Intelligent security policy

Environmental protection

EU RoHS compliance