<< Назад на страницу выбора модели

 

 

Throughput Up to 120 Gbps
Throughput/slot Up to 120 Gbps
Mitigation rate/slot Up to 60 Mpps
Latency 80 μs
Expansion slot 3
Expansion interface board FW-LPUF-120, with two sub-slots
Expansion card • 24 × GE (SFP)
• 5 × 10 GE (SFP+)
• 6 × 10 GE (SFP+)
• 12 × 10 GE (SFP+)
• 1 × 40 GE (CFP)
• 1 × 100 GE (CFP)
• 3 × 40 GE (QSPF+)
Dimensions (W × D × H) DC: 442mm × 650mm × 175mm (4U)
AC: 442mm × 650mm × 220mm (5U)
Weight DC: 15 kg (empty) or 30.7 kg (fully configured)
AC: 25 kg (empty) or 40.7 kg (fully configured)
Power supply Rated input voltage:
DC: -48 V
AC: 175 V to 264 V; 50/60 Hz
Maximum input voltage range:
DC: -72 V to -38 V
AC: 90 V to 264 V; 50/60 Hz
Power consumption 1 × FW-LPUF-120 + 2 × ADS-SPUC-B + 2 × ADSSPC-80-01:
DC: 1066 W (avg), 1272 W (max)
AC: 1185 W (avg), 1414 W (max)
Power redundancy DC: Double hotswappable power modules
AC: Double hotswappable power modules
Security certifications Electromagnetic compatibility (EMC)
CB, RoHS, FCC, MET, C-Tick, and VCCI

 

Function Description
Defense against the following protocol anomaly attacks: Land, Fraggle, Smurf, WinNuke, Ping of Death, Teardrop, and TCP error flag attacks
DNS application protection against the following attacks: DNS query flood, DNS reply flood, and DNS spoofing
Source rate limiting and domain name rate limiting
Defense against the following network attacks: SYN flood, ACK flood, FIN flood, RST flood, TCP fragment flood, UDP flood, UDP fragment flood, IP flood, ICMP flood, TCP connection flood, sockstress, TCP retransmission, and TCP empty connection attacks
SIP application protection against the following attacks: SIP flood and SIP method flood attacks, including register flood, deregistration flood, authentication flood, and call flood attacks
Source rate limiting
Defense against the following UDP-based reflection and amplification attacks: NTP, DNS, SSDP, Chargen, TFTP, SNMP, NetBIOS, QOTD, Quake Network Protocol, Portmapper, Microsoft SQL Resolution Service, RIPv1, and Steam Protocol reflection and amplification attacks
Filters: IP, TCP, UDP, ICMP, DNS, SIP, and HTTP packet filters
Attack signature databases: RUDY, slowhttptest, slowloris, LOIC, AnonCannon, RefRef, ApacheKill, and ApacheBench attack signature databases, which are updated automatically each week
Location-based filtering: Traffic is blocked or limited based on the location of the source IP address.
Web application protection against the following attacks: • HTTP Get flood, HTTP Post flood, HTTP slow header, HTTP slow post, HTTPS flood, SSL (renegotiation) DoS/DDoS, WordPress amplification, RUDY, and LOIC attacks
• Packet validity check
IP reputation: • Most active zombies are tracked, and the IP reputation database is updated automatically on a daily basis to block attacks fast.
• Local reputation records are automatically learned.
• The learning of local access IP reputations creates dynamic IP reputation records based on local service sessions, helping to forward service access traffic quickly and enhance user experience.
Management functions: • Account management and permission allocation
• Defense policy configuration and reports based on Zones (tenants), at a scale of up to 100,000 Zones
• Device performance monitoring
• Source tracing and fingerprint extraction by capturing packets
• Email, short message, and audio alarms
• Log dumping
• Dynamic baseline learning
• Policy interworking and log interworking APIs
Report functions: • Traffic comparison before and after cleaning
• Top N traffic statistics
• Application-layer traffic comparison and distribution
• Protocol distribution
• Traffic statistics based on the source location
• Attack event details
• Top N attack events (by duration or number of packets)
• Distribution of attacks by category
• Attack traffic trends
• DNS resolution success ratio
• Top N traffic statistics for the application layer (by source IP address, HTTP URI, HTTP HOST, and domain name)
• Downloading of reports in HTML, PDF, or Excel format
• Report pushing via email
• Generation of daily, weekly, monthly, and yearly reports
• Self-service portal for tenants
• Creation, deletion, updating, and viewing of Zones, and addition and deletion of protected IP addresses
• Creation and deletion of traffic diversion policies
• Creation and deletion of blackhole routes
• Traffic and attack logs for each IP address
• Sending of logs in syslog format
Traffic diversion: Manual traffic diversion and automatic PBR- or BGP-based traffic diversion
Traffic injection: Static route, MPLS VPN, MPLS LSP, GRE tunnel, Layer 2, and PBR-based injection