Tính năng Firewall Sangfor Network Secure

Mô tả tính năng Firewall Sangfor Network Secure

Tính năng Firewall Sangfor Network Secure (trước đây gọi là Sangfor NGAF) là tường lửa thế hệ tiếp theo đầu tiên trên thế giới kết hợp Công nghệ AI mới nhất, Cloud Threat Intelligence, NG-WAF, IoT Security và SoC Lite.

Key Scenarios:

Firewall Sangfor Thế Hệ Tiếp Theo Sangfor Network Secure (sao Chép)

Các Tính năng Firewall Sangfor Network Secure:

Tính năng Firewall Sangfor Networking & Deployment

Các tính năng Firewall Sangfor Networking & Deployment

  • Deployment Modes: Routed Mode (Layer 3), Transparent/Bridge Mode
  • (Layer 2), Virtual Wire Mode, Bypass Mode, Hybrid Mode
  • IPv6-Ready: IPv4, IPv6, or IPv4/IPv6 dual-stack deployment
  • Interfaces: Physical, VLAN (802.1Q tagging & trunking), Sub-interface,
  • Loopback
  • PPPoE Support: Physical interfaces and sub-interfaces
  • Interface Definition: Define interfaces as WAN, LAN, DMZ without
  • hardware constraints
  • Supports GRE and GRE tunneling
  • Interface Aggregation: LACP Mode and Static Mode (Round Robin, Hash,
  • and Active-Standby)
  • Link Health Detection: ARP, DNS, Ping, BFD
  • Jumbo Frame: Supported on physical interfaces
  • Customizable network and security zones
  • DHCP Features: DHCP, DHCPv6, DHCP & DHCPv6 relay, IP reservation
  • (IPv4 & IPv6)
  • DNS Capabilities: DNS proxy, DNS transparent proxy, DNS64
  • ARP Proxy
  • Static routing, policy-based routing, multicast routes, reverse path
  • forwarding, ECMP
  • Policy Routing: By source/destination IP, ISP, country/region service,
  • application type
  • Link Load Balancing: Round robin, bandwidth ratio, weighted least trac,
  • priority link
  • Protocols: RIPv1/v2, RIPNG, OSPFv2/v3, BGP/BGP4+
  • Supports Route redistribution
  • OSPF supports access list and route maps, graceful restart
  • Supports route testing to verify the routing result
  • Displays routing table on GUI
  • NAT Features: SNAT, DNAT, Bidirectional NAT/PAT (Modes 1:1, 1:N, N:1,
  • M:N), NAT64, NAT46, NAT66, DNS-mapping
  • Application Layer Gateways (ALG): FTP, RTSP, SQLNET, PPTP, TFTP,
  • H.323, SIP
  • Availability Features: Active-Active, Active-Standby, Hardware Bypass

Tính năng Firewall Sangfor IPsec VPN

  • Supports: Sangfor VPN, IPsec VPN
  • Site-to-site IPsec VPN (static IP, dynamic IP, dynamic domain)
  • IKEv1 and IKEv2
  • Works in tunnel mode
  • IPsec protocols: AH and ESP
  • Supports main mode and aggressive mode
  • Authentication methods: pre-shared key and certificate
  • Local & peer ID: IP address, Domain String(FQDN), User String(USER_FQDN)
  • DH Group & Perfect Forward Secrecy: group1(MODP1024), group2(-
  • MODP768), group5(MODP1536), group14(MODP2048), group15(MODP3072),
  • group16(MODP4096), group17(MODP6144), group18(MODP8192),
  • group19(ECP256), group20(ECP384), group21(ECP512), group22(-
  • MODP1024_160), group23(MODP2048_224), group24(MODP2048_256),
  • group25(ECP192), group26(ECP224), group27(ECP224_BP),
  • group28(ECP256_BP), group29(ECP384_BP), group30(ECP512_BP).
  • IPsec encryption algorithms: DES, 3DES, AES/AES128, AES192, AES256,
  • Sangfor_DES
  • IPsec authentication algorithms: MD5, SHA1, SHA256, SHA384, SHA512
  • NAT-T, DPD
  • Supports setup expiration time of IPsec VPN tunnels
  • Supports VPN tunnel auto rebuild during heartbeat failure or HA failover
  • VPN tunnel status monitoring, including trac, latency, packet loss, etc.
  • Configuration wizard for Sangfor VPN or IPsec VPN

Tính năng Firewall Sangfor SSL Decryption

  • SSL/TLS inspection: Outbound trac to the Internet and inbound trac
  • to application servers
  • TLS 1.3 decryption


  • Supports SSL VPN in CS (client-server) mode
  • Hash Algorithms: MD5, SHA1, SHA256, SHA384, SHA512
  • Encryption algorithms: DES, 3DES, AES/AES128, AES192, AES256,
  • Sangfor_DES.
  • Protocols: TCP, UDP, ICMP
  • Browser Compatibility: IE, Edge, Firefox, Chrome, etc.
  • OS Compatibility: Windows, Android, iOS, macOS, Ubuntu, etc.
  • Authentication: Primary authentication (local/LDAP), secondary
  • authentication (hardware ID, TOTP with Google/Microsoft authenticators)

Tính năng Firewall Sangfor SD-WAN & Central Management

  • Dynamic Path Selection: Based on custom SLAs (jitter, latency, packet loss),
  • bandwidth, application type
  • Application categorization by type to meet dierent SLA requirements
  • SOFAST Engine: Link optimization in high packet loss environments
  • SD-WAN tunnel failover and link failover
  • Zero-touch provisioning via email template
  • Map view of device location
  • Centralized management with Sangfor Central Manager
  • Centralized monitoring of device status, CPU/RAM/disk usage, trac
  • Centralized remote control of devices
  • Centralized security policy distribution
  • Centralized VPN deployment and configuration

Tính năng Firewall Sangfor Bandwidth Management

  • Manage bandwidth by application, user/group, IP address, schedule,
  • country/region, sub-interface, VLAN interface
  • Bandwidth Control: Bandwidth guarantee, bandwidth limit, upload &
  • download speed, speed for single IPs

Tính năng Firewall Sangfor Access Control & Authentication

  • Stateful Packet Inspection (Stateful Firewall)
  • Deep Packet Inspection (DPI): Identifies applications to allow/deny access
  • Built-in Application Signature Database: Over 6,000 signatures, including
  • P2P, IM, gaming, video streaming, email, proxy apps
  • “From top to bottom, first match basis” method
  • Access control based on source/destination IP, source/destination zone,
  • source port, FQDN, MAC, User, service, applications, schedule, etc.
  • Supports persistent connections
  • Supports matching count for access control policies
  • Policy optimizer: One-click to identify abnormalities in access control policies,
  • including redundancy, duplication, and conflicts
  • Automatically records the access control policy lifecycle
  • Geolocation blocking: Allow/deny access from certain countries/regions
  • Connection control based on source IP, destination IP, bidirectional IP
  • User authentication: Captive portal, MAC/IP address binding, or Single
  • Sign-On (SSO)
  • Authentication with LDAP, RADIUS, POP3. Supports user imports via CSV file
  • Single-Sign-On (SSO) with Microsoft AD, RADIUS, Web, etc.
  • HTML-based customizable captive portal

Tính năng Firewall Sangfor ARP, DoS/DDoS Attack Protection

  • DoS/DDoS attack protection for both the network and the device itself
  • SYN flood, ICMP flood, ICMPv6 flood, UDP flood, DNS flood, ARP flood
  • prevention
  • IP scan and port scan prevention
  • Packet-based attack prevention, e.g., TearDrop Attack, IP fragment, LAND
  • attack, WinNuke attack, Smurf attack, Ping of Death, Unknown protocol
  • Bad IP option, Bad TCP option prevention
  • ARP Spoofing Protection

Tính năng Firewall Sangfor Content Security

  • URL filtering with a built-in URL signature database
  • Supports customized URL signatures
  • File filtering in both upload and download directions. Supported file types
  • include pictures, text files, compressed files, and executables
  • Gateway malware inspection: Cloud-based Sangfor Neural-X (threat
  • intelligence, sandbox) and on-premises Sangfor Engine Zero (AI malware
  • inspection engine). Able to prevent known and unknown threats
  • Malware inspection supports protocols like HTTP, HTTPS, FTP, SMB, SMTP,
  • POP3, IMAP
  • Malware inspection supports file types including movies, music, image, text,
  • compressed files (up to 16 layers), executables, documents, scripts
  • Remove malware from detected malicious files
  • Whitelist based on MD5 and URL
  • In-depth inspection of email body and attachments
  • Inserts warning messages into email subjects to caution users against
  • opening malicious emails

Tính năng Firewall Sangfor Web Application Firewall (WAF)

  • Dedicated web application protection with a semantic detection engine,
  • not with IPS
  • Supports custom WAF rules
  • Detects and protects against 13 major types of attacks, including SQL
  • injection, XSS, web shells, CSRF, system command injection
  • Protection against the OWASP Top 10 web application security risks
  • Defense against buer overflow attacks, including URL length overflow,
  • HTTP header overflow, POST entity overflow
  • CC (Challenge Collapsar) attack prevention
  • XXE (XML External Entity) attack prevention
  • Detect HTTP request anomalies
  • Prevent cookie-based attacks
  • Cloud Intelligence: for the latest IP reputation and IP blacklist data
  • Real-time Web Vulnerability Scanner: Analyzes web application
  • vulnerabilities in passive mode and generates reports in HTML format
  • Application Hiding: Prevent targeted attacks with the feedback
  • information from the applications
  • Weak password detection and brute-force attack prevention
  • Restrict upload of blacklisted file types
  • Specify access privileges for sensitive URLs such as the admin page

Tính năng Firewall Sangfor APT Protection & Intrusion Prevention System (IPS)

  • Malicious Domain & URL Detection
  • Remote Access Trojan (RAT) Detection
  • Suspicious Trac Detection: Discover abnormal behavior on standard ports
  • Vulnerability Exploit Protection: Protect against vulnerability exploits targeting
  • systems, applications, middleware, databases, explorer, Telnet, DNS, and more
  • Brute-Force Attacks: Protection profiles for SSH, Telnet, RDP, NTLM, FTP, etc.
  • Botnet Detection: Detect botnet client communication, include DNS tunneling,
  • ICMP tunneling, HTTP tunneling etc.
  • Correlate with Sangfor Endpoint Secure to detect hidden botnet activity
  • Cloud-based analysis engine for enhanced detect
  • Dedicated protection profiles for client & server scenarios
  • Supports custom IPS rules

Tính năng Firewall Sangfor IoT Security

  • Detect IoT devices across the network through proactive scans and trac
  • learning
  • Detected IoT devices are presented as an asset list
  • OT protocol behavior auditing: Supported protocols include OPCDA,
  • S7/S7-plus, IEC104, MODBUS, DNP3
  • Dedicate loT IPS signature database

Tính năng Firewall Sangfor SoC Lite

  • Proactive asset detection and guidance for fixing potential risks
  • Business System & Client Threats Dashboard: Monitor and manage threats
  • to business systems and clients, including severity levels, threat types,
  • kill-chain steps, top security events
  • Ransomware Protection Dashboard: Detect and manage ransomware-related risks such as weak passwords, risky ports, etc. Helps administrators create
  • ransomware protection policies
  • Account Security Dashboard: Detect account-related threats, including weak
  • passwords, abnormal login activity, brute-force attacks, compromised
  • accounts
  • Whitelist & Blacklist
  • Cloud Deception: Utilize cloud resources to deploy decoys to confuse
  • attackers, track malicious behaviors, locate and block the source of the threat

Tính năng Firewall Sangfor Certifications

  • CE, FCC, RoHS
  • ICSA Firewall, Gartner Magic Quadrant, CyberRatings

Tính năng Firewall Sangfor Logging & Reporting

  • Built-in log and report center available by default for all hardware
  • models
  • Records logs to local disk including access control logs, session logs,
  • trac audit logs, user authentication logs admin operation logs, SSL
  • VPN logs, local ACL logs.
  • Trac/session monitoring by device, application, IP, interface
  • Displays trac rankings by user/IP, group, application type &
  • application category.
  • Options for daily, weekly, or monthly security report subscriptions
  • Supports security reports in PDF format
  • Supports syslog in Common Event Format
  • Supports sending syslog to multiple target servers

Tính năng Firewall Sangfor Management

  • Support manage via WebUI, SSH, CLI, serial port etc.
  • WebUI supports TLS1.0, TLS1.1, TLS1.2, TLS1.3
  • Supports role-based authorization for admin users. Default roles include
  • security admin, system admin, and audit admin
  • Admin user supports local password, TACAS server, and RADIUS server
  • Automatic or manual configurations backup
  • Backup configuration file to FTP, TFTP & SFTP by schedule
  • Out-of-Band Management (OOBM)
  • Time setting supports synchronization with local PC and NTP servers
  • Firmware version rollback
  • SNMP v1/v2c/v3, SNMP trap
  • Email alerts for hardware abnormality, resource usage, security event, HA
  • status, etc.
  • Troubleshooting via WebUI; Identify packet drop reasons by policy,
  • interface, etc.

Tính năng Firewall Sangfor Integration

  • Sangfor Neural-X: Latest threat intelligence, cloud-based URL/App
  • classifications, etc.
  • Sangfor Endpoint Secure: Share intelligence and locate and mitigate
  • malicious processes with quick/full scan and one-click kill
  • Sangfor Cyber Command: Security log analysis
  • Sangfor Platform-X: Centralized management
  • Restful APIs available to integrate with third-party SIEM, SoC, etc.

Bảng thông số kỹ thuật Firewall Sangfor network secure

MODELS NSF-1050A-I NSF-1100A-I NSF-3100A-I NSF-7100A-I
 Firewall Throughput 10Gbps 20 Gbps 30Gbps 70Gbps
 Application Control Throughput 6 Gbps 12Gbps 20 Gbps 40Gbps
 NGFW throughput 1,5Gbps 3 Gbps 7 Gbps 25 Gbps
Threat Prevention Throughput  820Mbps 1,5Gbps 3,6Gbps 15Gbps
Web Application Protect Throughput  950Mbps 2,3 Gbps 3,2Gbps 20 Gbps
 IPsec VPN Throughput  600Mbps 1,5Gbps 3,5Gbps 10Gbps
 Max IPsec VPN Tunnels 100 1.000 4.000 20.000
 Concurrent Connections 800.000 2.000.000 4.000.000 25.000.000
 New Connections 20.000 90.000 180.000 600.000
 Virtual Domains (Recommended/Max) 1/6 6/3 5/10 24/48
Hardware Specification
Form Factor Desktop 1U 1U 2U
Storage 128GB SSD 128G SSD 256G SSD 128G + 960G SSD
Power Supply Type Single AC Dual AC Dual AC Dual AC
Power Consumption(Max) 24W 40W 150W 300W
Operation Temperature 0°C – 45°C
Humidity 5% – 90% non-condensing
System Weight 3.08kg 7.96kg 8.78kg 21kg
Length x Width x Height (mm) 175 x 275 x 44.5 400 x 430 x 44.5 450 x 440 x 44.5 600 x 440 x 89
Hardware Bypass(Copper) N/A 2 4 2
10/100/1000 Base-T 8 8 16 4
1G SFP 2 N/A N/A 4
10G SFP+ N/A 2 6 8
Network Slots(In Use/Total) N/A 0/1 0/2 0/4
Management Interface 1 1 1 1
Serial Port 1 x RJ45 1 x RJ45 1 x RJ45 1 x RJ45
USB Port 2 2 2 2 2
Certificates CE, FCC, ROHS

Lưu ý: tất cả dữ liệu hiệu suất thông lượng được đo trong phòng thí nghiệm. Hiệu suất có thể thay đổi tùy thuộc vào cấu hình thực tế và môi trường mạng.

Trên đây là giới thiệu về Tính năng Firewall Sangfor Network Secure. Nếu có thắc mắc và muốn tìm hiểu kỹ hơn về sản phẩm, Quý khách vui lòng liên hệ bộ phận kỹ thuật để được tư vấn, hỗ trợ và giải đáp một cách tốt nhất.

Thuận Phong Innotel – Nhà phân phối lắp đặt hệ thống bảo mật tường lửa (an ninh mạng) Sangfor tại Việt Nam và có đầy đủ giấy tờ CO CQ từ hãng. Đồng thời là một trong những công ty chuyên thiết kế, tư vấn, lắp đặt hệ thống mạng với gần 20 năm kinh nghiệm trong nghề, cùng với đội ngũ kỹ sư là chuyên gia trong các lĩnh vực CNTT, Innotel tự tin đem đến cho quý khách hàng những dịch vụ, giải pháp tối ưu và toàn diện nhất.

INNOTEL không ngừng tìm kiếm các nhà cung cấp nổi tiếng trên thế giới có sản phẩm chất lượng, giải pháp chuyên nghiệp để áp dụng và triển khai cho khách hàng. Chính vì thế, chúng tôi đã và đang trở thành đối tác chiến lược của các hãng nổi tiếng như: CISCO, HPE, IBM, FORTINET, SOPHOS, Sangfor …

Innotel nhà phân phối ủy quyền, đối tác chiến lược của hãng: Sangfor, Cisco, HPE, Elfiq, Peplink, Fortinet, Sophos, Paloalto, Check Point, Dell, IBM, Lenovo, Sonic Wall, Jupiner, Synology, WatchGuard, Cisco Meraki, Aruba, Delta, APC, Hanwha, RLE, AVTECH, Imperva.

Hiện tại Innotel đang tuyển Đại Lý ở các tỉnh thành trong khắp cả nước. Chúng tôi cam kết mức giá tốt, với chiết khấu hấp dẫn cho Đại Lý, Đối Tác và bảo vệ các Dự Án lớn nhỏ trên toàn quốc.

Ở đâu giá rẻ chiết khấu cao - Innotel giá rẻ hơn, chiết khấu cao hơn đồng thời support dự án ngày đêm, bất chấp khó khăn cực khổ!

Cập nhật thông tin mới nhất và các chương trình khuyến mãi tại: Fanpage Innotel

5/5 - (1 bình chọn)

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Call Now