<< Назад на страницу выбора модели

 

 

ThroughputUp to 960 Gbps
Throughput/slotUp to 240 Gbps
Mitigation rate/slotUp to 60 Mpps
Latency80 μs
Expansion slot8
Expansion interface boardFW-LPUF-120, with two sub-slots
FW-LPUF-240, with two sub-slots
Expansion card• 24 × GE (SFP)
• 5 × 10 GE (SFP+)
• 6 × 10 GE (SFP+)
• 12 × 10 GE (SFP+)
• 1 × 40 GE (CFP)
• 1 × 100 GE (CFP)
• 3 × 40 GE (QSPF+)
Dimensions (W × D × H)442mm × 650mm × 620mm (14U)
Weight43.2 kg (empty) or 112.9 kg (fully configured)
Power supplyRated input voltage:
DC: -48 V
AC: 175 V to 264 V; 50/60 Hz
Maximum input voltage range:
DC: -72 V to -38 V
AC: 90 V to 264 V; 50/60 Hz
Power consumption3 × FW-LPUF-240 + 5 × ADS-SPUD-B + 10 × ADS-SPC-80-01:
DC: 4025 W (avg), 4823 W (max)
AC: 4282 W (avg), 5132 W (max)
Power redundancyDC: 4 hot-swappable PEM modules
AC: 4 PEM modules+1 external AC power chassis
Security certificationsElectromagnetic compatibility (EMC)
CB, RoHS, FCC, MET, C-Tick, and VCCI

 

FunctionDescription
Defense against the following protocol anomaly attacks:Land, Fraggle, Smurf, WinNuke, Ping of Death, Teardrop, and TCP error flag attacks
DNS application protection against the following attacks:DNS query flood, DNS reply flood, and DNS spoofing
Source rate limiting and domain name rate limiting
Defense against the following network attacks:SYN flood, ACK flood, FIN flood, RST flood, TCP fragment flood, UDP flood, UDP fragment flood, IP flood, ICMP flood, TCP connection flood, sockstress, TCP retransmission, and TCP empty connection attacks
SIP application protection against the following attacks:SIP flood and SIP method flood attacks, including register flood, deregistration flood, authentication flood, and call flood attacks
Source rate limiting
Defense against the following UDP-based reflection and amplification attacks:NTP, DNS, SSDP, Chargen, TFTP, SNMP, NetBIOS, QOTD, Quake Network Protocol, Portmapper, Microsoft SQL Resolution Service, RIPv1, and Steam Protocol reflection and amplification attacks
Filters:IP, TCP, UDP, ICMP, DNS, SIP, and HTTP packet filters
Attack signature databases:RUDY, slowhttptest, slowloris, LOIC, AnonCannon, RefRef, ApacheKill, and ApacheBench attack signature databases, which are updated automatically each week
Location-based filtering:Traffic is blocked or limited based on the location of the source IP address.
Web application protection against the following attacks:• HTTP Get flood, HTTP Post flood, HTTP slow header, HTTP slow post, HTTPS flood, SSL (renegotiation) DoS/DDoS, WordPress amplification, RUDY, and LOIC attacks
• Packet validity check
IP reputation:• Most active zombies are tracked, and the IP reputation database is updated automatically on a daily basis to block attacks fast.
• Local reputation records are automatically learned.
• The learning of local access IP reputations creates dynamic IP reputation records based on local service sessions, helping to forward service access traffic quickly and enhance user experience.
Management functions:• Account management and permission allocation
• Defense policy configuration and reports based on Zones (tenants), at a scale of up to 100,000 Zones
• Device performance monitoring
• Source tracing and fingerprint extraction by capturing packets
• Email, short message, and audio alarms
• Log dumping
• Dynamic baseline learning
• Policy interworking and log interworking APIs
Report functions:• Traffic comparison before and after cleaning
• Top N traffic statistics
• Application-layer traffic comparison and distribution
• Protocol distribution
• Traffic statistics based on the source location
• Attack event details
• Top N attack events (by duration or number of packets)
• Distribution of attacks by category
• Attack traffic trends
• DNS resolution success ratio
• Top N traffic statistics for the application layer (by source IP address, HTTP URI, HTTP HOST, and domain name)
• Downloading of reports in HTML, PDF, or Excel format
• Report pushing via email
• Generation of daily, weekly, monthly, and yearly reports
• Self-service portal for tenants
• Creation, deletion, updating, and viewing of Zones, and addition and deletion of protected IP addresses
• Creation and deletion of traffic diversion policies
• Creation and deletion of blackhole routes
• Traffic and attack logs for each IP address
• Sending of logs in syslog format
Traffic diversion:Manual traffic diversion and automatic PBR- or BGP-based traffic diversion
Traffic injection:Static route, MPLS VPN, MPLS LSP, GRE tunnel, Layer 2, and PBR-based injection